TY - GEN
T1 - Robust Anomaly Detection via Radio Fingerprinting in LoRa-Enabled IIoT
AU - Halder, Subir
AU - Newe, Thomas
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Long Range (LoRa) communications are gaining popularity in the Industrial Internet of Things (IIoT) domain due to their large coverage and high energy efficiency. However, LoRa-enabled IIoT networks are susceptible to cyberattacks mainly due to their wide transmission window and freely operated frequency band. This has led to several categories of cyberattacks. However, existing intrusion detection systems are inefficient in detecting compromised device due to the dense deployment and heterogeneous devices. This work introduces Hawk, a distributed anomaly detection system for detecting compromised devices in LoRa-enabled IIoT. Hawk first measures a device-type specific physical layer feature, Carrier Frequency Offset (CFO) and then leverages the CFO for fingerprinting the device and consequently detecting anomalous deviations in the CFO behavior, potentially caused by adversaries. To aggregate the device-type specific CFO behavior profile efficiently, Hawk uses federated learning. To the best of our knowledge, Hawk is the first to use a federated learning method for anomaly-based intrusion detection in LoRa-enabled IIoT. We perform extensive experiments on a real-world dataset collected using 60 LoRa devices, primarily to assess the effectiveness of Hawk against passive attacks. The results show that Hawk improves the detection accuracy by 8% and reduces the storage overhead by 40% than the state-of-the-art solutions.
AB - Long Range (LoRa) communications are gaining popularity in the Industrial Internet of Things (IIoT) domain due to their large coverage and high energy efficiency. However, LoRa-enabled IIoT networks are susceptible to cyberattacks mainly due to their wide transmission window and freely operated frequency band. This has led to several categories of cyberattacks. However, existing intrusion detection systems are inefficient in detecting compromised device due to the dense deployment and heterogeneous devices. This work introduces Hawk, a distributed anomaly detection system for detecting compromised devices in LoRa-enabled IIoT. Hawk first measures a device-type specific physical layer feature, Carrier Frequency Offset (CFO) and then leverages the CFO for fingerprinting the device and consequently detecting anomalous deviations in the CFO behavior, potentially caused by adversaries. To aggregate the device-type specific CFO behavior profile efficiently, Hawk uses federated learning. To the best of our knowledge, Hawk is the first to use a federated learning method for anomaly-based intrusion detection in LoRa-enabled IIoT. We perform extensive experiments on a real-world dataset collected using 60 LoRa devices, primarily to assess the effectiveness of Hawk against passive attacks. The results show that Hawk improves the detection accuracy by 8% and reduces the storage overhead by 40% than the state-of-the-art solutions.
KW - Anomaly detection
KW - Carrier frequency offset
KW - Federated learning
KW - Industrial IoT
KW - LoRa communication
UR - http://www.scopus.com/inward/record.url?scp=85145203498&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-21280-2_9
DO - 10.1007/978-3-031-21280-2_9
M3 - Conference contribution
AN - SCOPUS:85145203498
SN - 9783031212796
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 161
EP - 178
BT - Information Security Practice and Experience - 17th International Conference, ISPEC 2022, Proceedings
A2 - Su, Chunhua
A2 - Gritzalis, Dimitris
A2 - Piuri, Vincenzo
PB - Springer Science and Business Media Deutschland GmbH
T2 - 17th International Conference on Information Security Practice and Experience, ISPEC 2022
Y2 - 23 November 2022 through 25 November 2022
ER -