TY - GEN
T1 - Dynamic Anomaly Threshold based Malicious Behavior Detection in LoRa-Assisted Industrial IoT
AU - Halder, Subir
AU - Ghosal, Amrita
AU - Newe, Thomas
AU - Das, Sajal K.
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Smart manufacturing, powered by Long Range (LoRa) communication-assisted Industrial Internet of Things (IIoT), offers significant benefits but also incurs security concerns due to device compromise. In addition, various application scenarios and inherent heterogeneity of IIoT devices induce significant challenges for reliable behavior detection of compromised devices. While existing work is mostly on detecting compromised devices and there exists limited work on modeling system behavior, an open question is how to model the per-device behavior in an IIoT deployment and how behavioral changes can be automatically adapted in different scenarios. This paper proposes Misbehav, a novel self-learning device behavior anomaly detection system to detect sophisticated and stealthy attacks. First, Misbehav builds the behavior model per device using events and actions, which enables us to define acceptable and permissible actions. We use an autoencoder based unsupervised approach to train the per-device behavior model and detect malicious actions. This approach guarantees that Misbehav not only detects known attacks, but is equally capable of detecting zero-day attacks. We evaluated Misbehav on a data set collected from standard heterogeneous LoRa devices. Our results show that Misbehav exhibits a significant improvement in robustness, accuracy, and latency. In particular, Misbehav improves the detection accuracy by over 88.25% under different evasion attacks and reduces the detection latency by 11.94% than the state-of-the-art solutions.
AB - Smart manufacturing, powered by Long Range (LoRa) communication-assisted Industrial Internet of Things (IIoT), offers significant benefits but also incurs security concerns due to device compromise. In addition, various application scenarios and inherent heterogeneity of IIoT devices induce significant challenges for reliable behavior detection of compromised devices. While existing work is mostly on detecting compromised devices and there exists limited work on modeling system behavior, an open question is how to model the per-device behavior in an IIoT deployment and how behavioral changes can be automatically adapted in different scenarios. This paper proposes Misbehav, a novel self-learning device behavior anomaly detection system to detect sophisticated and stealthy attacks. First, Misbehav builds the behavior model per device using events and actions, which enables us to define acceptable and permissible actions. We use an autoencoder based unsupervised approach to train the per-device behavior model and detect malicious actions. This approach guarantees that Misbehav not only detects known attacks, but is equally capable of detecting zero-day attacks. We evaluated Misbehav on a data set collected from standard heterogeneous LoRa devices. Our results show that Misbehav exhibits a significant improvement in robustness, accuracy, and latency. In particular, Misbehav improves the detection accuracy by over 88.25% under different evasion attacks and reduces the detection latency by 11.94% than the state-of-the-art solutions.
KW - Anomaly Detection
KW - Behavior Modeling
KW - LoRa Communications
KW - Machine Learning
KW - Malicious Traffic Detection
UR - https://www.scopus.com/pages/publications/105009229855
U2 - 10.1109/WoWMoM65615.2025.00023
DO - 10.1109/WoWMoM65615.2025.00023
M3 - Conference contribution
AN - SCOPUS:105009229855
T3 - Proceedings - 2025 IEEE 26th International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2025
SP - 82
EP - 91
BT - Proceedings - 2025 IEEE 26th International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 26th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2025
Y2 - 27 May 2025 through 30 May 2025
ER -
