Dynamic Anomaly Threshold Based Malicious Behavior Detection in LoRa-Assisted Industrial IoT

Author

Subir Halder
Amrita Ghosal
Thomas Newe
Sajal K. Das, Missouri University of Science and TechnologyFollow

Abstract

Smart manufacturing, powered by Long Range (LoRa) communication-assisted Industrial Internet of Things (IIoT), offers significant benefits but also incurs security concerns due to device compromise. In addition, various application scenarios and inherent heterogeneity of IIoT devices induce significant challenges for reliable behavior detection of compromised devices. While existing work is mostly on detecting compromised devices and there exists limited work on modeling system behavior, an open question is how to model the per-device behavior in an IIoT deployment and how behavioral changes can be automatically adapted in different scenarios. This paper proposes Misbehav, a novel self-learning device behavior anomaly detection system to detect sophisticated and stealthy attacks. First, Misbehav builds the behavior model per device using events and actions, which enables us to define acceptable and permissible actions. We use an autoencoder based unsupervised approach to train the per-device behavior model and detect malicious actions. This approach guarantees that Misbehav not only detects known attacks but is equally capable of detecting zero-day attacks. We evaluated Misbehav on a data set collected from standard heterogeneous LoRa devices. Our results show that Misbehav exhibits a significant improvement in robustness, accuracy, and latency. In particular, Misbehav improves the detection accuracy by over 88.25% under different evasion attacks and reduces the detection latency by 11.94% than the state-of-the-art solutions.

Recommended Citation

S. Halder et al., "Dynamic Anomaly Threshold Based Malicious Behavior Detection in LoRa-Assisted Industrial IoT," Proceedings 2025 IEEE 26th International Symposium on A World of Wireless Mobile and Multimedia Networks Wowmom 2025, pp. 82 - 91, Institute of Electrical and Electronics Engineers, Jan 2025.

The definitive version is available at https://doi.org/10.1109/WoWMoM65615.2025.00023

Department(s)

Computer Science

Comments

Higher Education Authority, Grant SATC-2030624

Keywords and Phrases

Anomaly Detection; Behavior Modeling; LoRa Communications; Machine Learning; Malicious Traffic Detection

Document Type

Article - Conference proceedings

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2025 Institute of Electrical and Electronics Engineers, All rights reserved.

Publication Date

01 Jan 2025