Resource-constrained IoT devices are highly vulnerable to attacks (e.g., DoS) due to difficulties in applying security patches, and existing machine learning–based intrusion detection systems (IDS) neglect energy consumption—critical for battery-operated edge devices. Method: We propose a green, lightweight IDS comprising: (i) privacy-preserving network flow statistical features; (ii) a multi-objective hyperparameter optimization framework jointly minimizing energy consumption (in watt-hours) and maximizing the Matthews Correlation Coefficient—marking the first explicit incorporation of power consumption into tree-based models (decision trees, random forests, Extra-Trees); and (iii) an energy-aware lightweight IDS architecture. Contribution/Results: Experiments demonstrate that our approach maintains high detection accuracy while significantly reducing inference energy consumption. It validates the feasibility and effectiveness of green AI for edge-security deployment and establishes a novel paradigm for sustainable IDS in resource-constrained environments.

Nowadays, the Internet of Things (IoT) is widely employed, and its usage is growing exponentially because it facilitates remote monitoring, predictive maintenance, and data-driven decision making, especially in the healthcare and industrial sectors. However, IoT devices remain vulnerable due to their resource constraints and difficulty in applying security patches. Consequently, various cybersecurity attacks are reported daily, such as Denial of Service, particularly in IoT-driven solutions. Most attack detection methodologies are based on Machine Learning (ML) techniques, which can detect attack patterns. However, the focus is more on identification rather than considering the impact of ML algorithms on computational resources. This paper proposes a green methodology to identify IoT malware networking attacks based on flow privacy-preserving statistical features. In particular, the hyperparameters of three tree-based models -- Decision Trees, Random Forest and Extra-Trees -- are optimized based on energy consumption and test-time performance in terms of Matthew's Correlation Coefficient. Our results show that models maintain high performance and detection accuracy while consistently reducing power usage in terms of watt-hours (Wh). This suggests that on-premise ML-based Intrusion Detection Systems are suitable for IoT and other resource-constrained devices.