| Work | Security threat | Detection method | Validation dataset | Attack-type detection | Device-type detection | Lightweight |
| Zhang et al. [8] | DoS, R2L, U2R, and PROBE | Deep learning | KDD Cup 1999 Data | Yes | No | — | Wang and Stolfo [9] | 58 attack types with 1999 DARPA dataset CUCS dataset (Code Red II, Buffer overflow) | 1-gram models | 1999 DARPA IDS Dataset CUCS Dataset | Yes | No | — | Xie et al. [10] | — | Machine learning | Real WSN data sets | — | No | Yes | Mirsky et al. [11] | Recon., MITM, DoS, Botnet | Autoencoder | Real-testbed | Yes | No | Yes | Ince [12] | DoS, probe, R2L, U2R | Deep learning | NSL-KDD | Yes | No | — | Kumar et al. [13] | Dos, exploit, probe, generic | Hybrid | UNSW-NB15 | Yes | No | — | Anthi et al. [14] | Attack reconnaissances, DoS attacks, man-in-the-middle attacks, replay attacks, DNS spoofing | Machine learning | Real-testbed | Yes | Yes | — | Koroniotis et al. [15] | DoS/DDoS attacks, keylogging, data theft | Deep learning | BOT-IoT Dataset | Yes | No | — | Liu et al. [16] | Vulnerability scanners, ARP spoofing, DoS attacks, Mirai Botnet | Machine learning | IOTID-20 Dataset | No | No | Yes | Proposed System | Scanning methods (Host Discovery, Port scanning, OS/Version Detection) ARP Spoofing, SYN Flooding, Host Discovery, Telnet Bruce-force, UDP/ACK/HTTP Flooding | Machine learning | IOTID-20, CICIDS-2017, BOT-IoT Dataset | Yes | Yes | Yes |
|
|