Background: The accelerating deployment of Internet of Things (IoT) devices has enlarged the cyber-attack surface of contemporary networks, while the resource-constrained nature of typical IoT endpoints precludes the use of conventional, signature-based defences. Anomaly-based Intrusion Detection Systems (IDS) powered by deep learning offer a promising alternative, but high-dimensional traffic data and class imbalance continue to limit their accuracy and inference speed in production environments.

Objective: This study designs, implements and evaluates an anomaly-based Network IDS for IoT environments that combines Recursive Feature Elimination (RFE) for dimensionality reduction with a stacked Long Short-Term Memory (LSTM) classifier. The work investigates whether feature selection prior to LSTM training can preserve detection performance while reducing computational cost, and whether the resulting pipeline generalises across heterogeneous IoT traffic captures.

Methods: We evaluated the proposed pipeline on two publicly available benchmarks (IoTID20 and TON-IoT) covering both binary (attack vs. normal) and multi-class classification of intrusion categories. After data cleaning, normalisation and label encoding, RFE with a Decision Tree estimator selected 23 features for binary tasks and 32 features for multi-class tasks. A two-layer LSTM (108 and 64 units) with dropout regularisation was trained for five epochs using the Adam optimiser, with Model Checkpoint and Early Stopping callbacks. Performance was measured with precision, recall, F1-score and accuracy, supported by confusion-matrix analysis.

Results: On both datasets the model achieved 100% accuracy in binary classification, with only nine and thirty-nine misclassifications across IoTID20 (51,780 test instances) and TON-IoT (87,162 test instances), respectively. For multi-class detection the overall accuracy reached 97% on both datasets, with per-class F1-scores ranging from 0.80 to 1.00. The proposed RFE+LSTM model matched or exceeded comparable deep-learning baselines reported in the literature while operating on substantially fewer features.

Conclusion: Coupling RFE-based feature selection with an LSTM classifier yields a lightweight yet highly accurate anomaly-based IDS that generalises across two structurally different IoT datasets. Future work will address adversarial robustness, real-time deployment and adaptation to streaming, concept-drifting traffic.