Digital Communications and Networks (Oct 2023)

Accurate threat hunting in industrial internet of things edge devices

  • Abbas Yazdinejad,
  • Behrouz Zolfaghari,
  • Ali Dehghantanha,
  • Hadis Karimipour,
  • Gautam Srivastava,
  • Reza M. Parizi

Journal volume & issue
Vol. 9, no. 5
pp. 1123 – 1130

Abstract

Read online

Industrial Internet of Things (IIoT) systems depend on a growing number of edge devices such as sensors, controllers, and robots for data collection, transmission, storage, and processing. Any kind of malicious or abnormal function by each of these devices can jeopardize the security of the entire IIoT. Moreover, they can allow malicious software installed on end nodes to penetrate the network. This paper presents a parallel ensemble model for threat hunting based on anomalies in the behavior of IIoT edge devices. The proposed model is flexible enough to use several state-of-the-art classifiers as the basic learner and efficiently classifies multi-class anomalies using the Multi-class AdaBoost and majority voting. Experimental evaluations using a dataset consisting of multi-source normal records and multi-class anomalies demonstrate that our model outperforms existing approaches in terms of accuracy, F1 score, recall, and precision.

Keywords