SafeNode deploys parallel LightGBM models on a Raspberry Pi edge node and a ResNet-style deep learning model on a cloud VM — fusing decisions in real-time to detect Replay, Botnet, Spoofing, DDoS, and Mirai attacks across IoT networks, with a live SOC-style dashboard.
The proliferation of IoT devices across critical infrastructure has introduced severe and largely unmitigated attack surfaces. Resource-constrained endpoints cannot run traditional intrusion detection systems, while cloud-only solutions introduce latency and bandwidth costs incompatible with real-time response.
This research presents SafeNode, a multi-layer intrusion detection system that deploys four parallel LightGBM models on a Raspberry Pi edge node and a ResNet-style deep learning model on a cloud VM. A winner-takes-all confidence fusion engine combines verdicts in real-time to detect Replay, Botnet, Spoofing, DDoS, and Mirai attacks across live MQTT IoT traffic, surfaced through a SOC-style dashboard with per-flow verdict badges.