This paper investigates the application of machine learning methods for anomaly detection of both physical and cyber threats in Industrial Internet of Things (IIoT) environments, with a novel method of separating different threat classes, performing delegation of computationally inexpensive threshold-based metrics to a simple rules-based alerting system, while performing anomaly detection of the more complex behavioural-based metrics in a machine learning model. This hybrid approach of separatin…
Read moreThis paper investigates the application of machine learning methods for anomaly detection of both physical and cyber threats in Industrial Internet of Things (IIoT) environments, with a novel method of separating different threat classes, performing delegation of computationally inexpensive threshold-based metrics to a simple rules-based alerting system, while performing anomaly detection of the more complex behavioural-based metrics in a machine learning model. This hybrid approach of separating threshold-based and behaviour-based detection methods is validated on the Edge-IIoTset2023 and CICIoT2023 public research datasets. As a new contribution, this hybrid methodology is validated against both tree-based classifiers and artificial neural network (ANN) classifiers. Experimental results indicate that while ANNs can be very effective, marginally higher accuracy (~3%) and significantly faster predictions can be achieved with less computationally expensive tree-based algorithms such as Decision Trees and Random Forests, thereby optimizing the price-performance trade-off for the operators of IIoT environments.
