A Comparative Analysis of Telemetry-Driven Anomaly DetectionApproaches for Dual-Purpose Operational and SecurityOptimization in Edge Computing Infrastructure

Abstract

The proliferation of edge computing nodes in enterprise infrastructure has intensified the demand for anomaly detection methods capable of addressing both operational reliability and cybersecurity resilience within resource-constrained environments. This paper presents a comparative evaluation of six lightweight anomaly detection algorithms—Isolation Forest, One-Class SVM, LSTM-Autoencoder, K-Nearest Neighbors, Random Forest, and lightweight 1D-CNN—assessed across a dual-purpose framework that encompasses operational health monitoring and security threat detection. Experiments are conducted on six publicly available benchmark datasets: NASA C-MAPSS and Microsoft Azure Predictive Maintenance for degradation analysis, alongside Edge-IIoTset, UNSW-NB15, CIC-IDS2017, and TON_IoT for cybersecurity evaluation. Performance is measured through accuracy, F1-score, inference latency, and a proposed Dual-Purpose Efficiency Index under both high-performance server and resource-constrained ARM-based edge configurations. Results indicate that tree-based methods achieve the most favorable accuracy-to-latency ratio for edge deployment, while the LSTM-Autoencoder attains the highest detection quality at substantially greater computational cost. Cross-dataset generalization experiments reveal persistent domain shift challenges, particularly for low-frequency attack categories. These findings provide practical algorithm selection guidance for enterprise edge infrastructure scenarios where operational monitoring and security detection must coexist within constrained computational budgets.