Vol. 7 No. 1 (2026)

Standard Journal Issues

A Novel Architecture and Methodology to Detect Intrusions Against Edge-Based IIoT Using Machine Learning

Published 2026-02-09

  • Sahar L. Qaddoori
    • ,
  • Qutaiba I. Ali

Sahar L. Qaddoori
Electronic Department, Electronics Engineering College, Ninevah University, Mosul, Iraq

Qutaiba I. Ali
Computer Engineering Department, Engineering College, University of Mosul, Mosul, Iraq

Abstract

The increasing demand for the Industrial Internet of Things (IIoT), with billions of connected things and the decentralization of data exchange, is gaining momentum, making conventional threat detection and analysis challenging in such distributed environments. In this paper, a security framework for edge nodes, called the Intrusion Detection, Prevention, and Response System (IDPRS), is proposed. It aims to detect MQTT (Message Queuing Telemetry Transport)-based threats using Machine Learning (ML) algorithms. However, ML models cannot be trained on resource-constrained devices; therefore, the approach trains the model on a high-performance platform, which will later serve as the detection engine on an edge node. The edge node can be hosted on low-cost single-board computers (SBCs), such as the Raspberry Pi. The detection model is further monitored and updated using an upgrade algorithm to make it adaptive to emerging threats. The evaluation results demonstrate high detection accuracy and reasonable resource and network overhead.

Keywords

Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewall, Intrusion Response System (IRS), Fog Node, MQTTset dataset

PDF

References

  1. Z. E. Huma, S. Latif, J. Ahmad, Z. Idrees, A. Ibrar, Z. Zou, et al., "A Hybrid Deep Random Neural Network for Cyberattack Detection in the Industrial Internet of Things," IEEE Access, vol. 9, pp. 55595-55605, 2021. https://doi.org/10.1109/2021/3071766.
  2. T. Vaiyapuri, Z. Sbai, H. Alaskar, and N. A. Alaseem, "Deep Learning Approaches for Intrusion Detection in IIoT Networks–Opportunities and Future Directions," International Journal of Advanced Computer Science and Applications (IJACSA), vol. 12, pp. 86-92, 2021. https://doi.org/10.14569/IJACSA.2021.0120411
  3. G. E. I. Selim, E. Hemdan, A. M. Shehata, and N. A. El-Fishawy, "Anomaly events classification and detection system in critical industrial internet of things infrastructure using machine learning algorithms," Multimedia Tools and Applications, vol. 80, pp. 12619-12640, 2021. https://doi.org/10.1007/s11042-020-10354-1
  4. Q. Ibrahim and S. Lazim, "An insight review of internet of Things (IoT) protocols, standards, platforms, applications and security issues," International Journal of Sensors Wireless Communications and Control, vol. 11, pp. 627-648, 2021. https://doi.org/10.2174/2210327910999201102194157
  5. M. Zolanvari, M. A. Teixeira, and R. Jain, "Effect of imbalanced datasets on security of industrial IoT using machine learning," in 2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018, pp. 112-117. https://doi.org/10.1109/ISI.2018.8587389.
  6. S. Lazim Qaddoori and Q. I. Ali, "An embedded and intelligent anomaly power consumption detection system based on smart metering," IET Wireless Sensor Systems, vol. 13, pp. 75-90, 2023. https://doi.org/10.1049/wss2.12054
  7. H. Qiao, J. O. Blech, and H. Chen, "A Machine learning based intrusion detection approach for industrial networks," in 2020 IEEE International Conference on Industrial Technology (ICIT), 2020, pp. 265-270. https://doi.org/10.1109/ICIT45562.2020.9067253
  8. H. Alaiz-Moreton, J. Aveleira-Mata, J. Ondicol-Garcia, A. L. Muñoz-Castañeda, I. García, and C. Benavides, "Multiclass classification procedure for detecting attacks on MQTT-IoT protocol," Complexity, vol. 2019, pp. 1-11, 2019. https://doi.org/10.1155/2019/6516253
  9. S. Madhawa, P. Balakrishnan, and U. Arumugam, "Roll forward validation based decision tree classification for detecting data integrity attacks in industrial internet of things," Journal of Intelligent & Fuzzy Systems, vol. 36, pp. 2355-2366, 2019. https://doi.org/10.3233/JIFS-169946
  10. H. Yao, P. Gao, P. Zhang, J. Wang, C. Jiang, and L. Lu, "Hybrid intrusion detection system for edge-based IIoT relying on machine-learning-aided detection," IEEE Network, vol. 33, pp. 75-81, 2019.
  11. S. L. Qaddoori and Q. I. Ali, "An embedded intrusion detection and prevention system for home area networks in advanced metering infrastructure," IET Information Security, vol. 17, pp. 315-334, 2023. https://doi.org/10.1049/ise2.12097.
  12. M. A. Khan, M. A. Khan, S. U. Jan, J. Ahmad, S. S. Jamal, A. A. Shah, et al., "A Deep Learning-Based Intrusion Detection System for MQTT Enabled IoT," Sensors, vol. 21, pp. 7016-7040, 2021. https://doi.org/10.3390/s21217016
  13. A. Derhab, M. Guerroumi, A. Gumaei, L. Maglaras, M. A. Ferrag, M. Mukherjee, et al., "Blockchain and random subspace learning-based IDS for SDN-enabled industrial IoT security," Sensors, vol. 19, pp. 3119-3142, 2019. https://doi.org/10.3390/s19143119.
  14. E. Aydogan, S. Yilmaz, S. Sen, I. Butun, S. Forsstrom, and M. Gidlund, "A central intrusion detection system for rpl-based industrial internet of things," in 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS), 2019, pp. 1-5. https://doi.org/10.1109/WFCS.2019.8758024.
  15. A. Shalaginov, O. Semeniuta, and M. Alazab, "MEML: Resource-aware MQTT-based machine learning for network attacks detection on IoT edge devices," in Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing Companion, 2019, pp. 123-128. https://doi.org/10.1145/3368235.3368876
  16. S. Latif, Z. Zou, Z. Idrees, and J. Ahmad, "A Novel Attack Detection Scheme for the Industrial Internet of Things Using a Lightweight Random Neural Network," IEEE Access, vol. 8, pp. 89337-89350, 2020. https://doi.org/10.1109/2020.2994079.
  17. M. P. Maharani, P. T. Daely, J. M. Lee, and D.-S. Kim, "Attack detection in fog layer for iiot based on machine learning approach," in 2020 International Conference on Information and Communication Technology Convergence (ICTC), 2020, pp. 1880-1882. https://doi.org/ 10.1109/ICTC49870.2020.9289380.
  18. M. Eskandari, Z. H. Janjua, M. Vecchio, and F. Antonelli, "Passban IDS: An intelligent anomaly-based intrusion detection system for IoT edge devices," IEEE Internet of Things Journal, vol. 7, pp. 6882-6897, 2020.
  19. J. B. Awotunde, C. Chakraborty, and A. E. Adeniyi, "Intrusion detection in industrial internet of things network-based on deep learning model with rule-based feature selection," Wireless communications and mobile computing, vol. 2021, pp. 1-17, 2021. https://doi.org/10.1155/2021/7154587
  20. K. Raja, K. Karthikeyan, B. Abilash, K. Dev, and G. Raja, "Deep Learning Based Attack Detection in IIoT using Two-Level Intrusion Detection System," Soft computing, Springer, Research Square, vol. 2021, pp. 1-32, 2021. https://doi.org/10.21203/rs.3.rs-997888/v1.
  21. X.-H. Nguyen, X.-D. Nguyen, H.-H. Huynh, and K.-H. Le, "Realguard: A Lightweight Network Intrusion Detection System for IoT Gateways," Sensors, vol. 22, pp. 432-449, 2022. https://doi.org/10.3390/s22020432
  22. A. Awajan, "A novel deep learning-based intrusion detection system for IOT networks," Computers, vol. 12, p. 34, 2023.https://doi.org/10.3390/computers12020034
  23. G. T. Francis, A. Souri, and N. Inanç, "A hybrid intrusion detection approach based on message queuing telemetry transport (MQTT) protocol in industrial internet of things," Transactions on Emerging Telecommunications Technologies, vol. 35, p. e5030, 2024. https://doi.org/10.1002/ett.5030
  24. T. Zhukabayeva, Z. Ahmad, A. Adamova, N. Karabayev, and A. Abdildayeva, "An Edge-Computing-Based Integrated Framework for Network Traffic Analysis and Intrusion Detection to Enhance Cyber–Physical System Security in Industrial IoT," Sensors, vol. 25, p. 2395, 2025. https://doi.org/10.3390/s25082395
  25. L. Zhang, S. Jiang, X. Shen, B. B. Gupta, and Z. Tian, "PWG-IDS: An Intrusion Detection Model for Solving Class Imbalance in IIoT Networks Using Generative Adversarial Networks," arXiv preprint arXiv:2110.03445, 2021. https://doi.org/10.48550/arXiv.2110.03445
  26. M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, "Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning," IEEE Access, vol. 10, pp. 40281-40306, 2022. https://doi.org/10.1109/2022/3165809
  27. A. Samy, H. Yu, and H. Zhang, "Fog-based attack detection framework for internet of things using deep learning," IEEE Access, vol. 8, pp. 74571-74585, 2020. https://doi.org/10.1109/2020/2988854
  28. I. Butun, M. Almgren, V. Gulisano, and M. Papatriantafilou, "Intrusion Detection in Industrial Networks via Data Streaming," in Industrial IoT, ed: Springer, 2020, pp. 213-238.https://doi.org/10.1007/978-3-030-42500-5_6
  29. R. Colelli, S. Panzieri, and F. Pascucci, "Securing connection between IT and OT: the Fog Intrusion Detection System prospective," in 2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4. 0&IoT), 2019, pp. 444-448. MQTTset Dataset [Online]. Available: https: //www.kaggle.com/cnrieiit/mqttset
  30. I. Vaccari, G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso, "MQTTset, a new dataset for machine learning techniques on MQTT," Sensors, vol. 20, pp. 6578-6595, 2020. https://doi.org/10.3390/s20226578
  31. E. Aslan, Y. Ozupak, F. Alpsalaz, and Z. M. Elbarbary, "A Hybrid Machine Learning Approach for Predicting Power Transformer Failures Using Internet of Things Based Monitoring and Explainable Artificial Intelligence," IEEE Access, 2025. https://doi.org/ 10.1109/2025/3583773

Downloads

Download data is not yet available.

Similar Articles

61-70 of 80

You may also start an advanced similarity search for this article.