Anomaly detection of cyber threats in industrial IoT networks via hybrid digital twins and continual learning

The rapid expansion of Internet of Things (IoT) and Industrial Internet of Things (IIoT) networks has significantly increased the vulnerabilities of critical infrastructures to cyberattacks, posing substantial risks to both security and operational integrity. As these networks continue to grow, traditional intrusion detection systems (IDS) often fail to handle the massive volume, diversity, and sophistication of emerging threats, necessitating the development of more advanced solutions. This study introduces TACNet, a novel deep learning framework designed to enhance intrusion detection in IoT and IIoT environments. The primary objective of this work is to develop a robust model that not only detects a wide range of cyber threats but also adapts to the dynamic nature of these networks. The proposed TACNet architecture combines multi-scale Convolutional Neural Networks (CNN) for feature extraction at various granularities, Long Short-Term Memory (LSTM) networks to capture temporal dependencies in sequential network traffic, and temporal attention mechanisms to focus the model’s learning on the most informative time steps and features. This hybrid approach effectively addresses the challenges of both spatial and temporal data in network traffic, significantly improving model accuracy and interpretability. Experimental results demonstrate the effectiveness of TACNet, achieving accuracy rates from 98.56% to 99.98% on diverse datasets, including CICIDS 2018, DNN-EdgeIIoT, CIC IoT-DIAD 2024, TabularIoTAttack-2024, and N-BaIoT. These findings highlight superior performance of TACNet compared to traditional machine learning-based models, positioning it as a powerful solution for real-time intrusion detection in IoT and IIoT networks.

The rapid expansion of the Industrial Internet of Things (IIoT) has revolutionized industrial automation and introduced significant cybersecurity challenges, particularly for supervisory control and data acquisition (SCADA) systems. Traditional intrusion detection systems (IDSs) often struggle to effectively identify and mitigate complex cyberthreats, such as denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. This study proposes an advanced IDS framework integrating machine learning, deep learning, and hybrid models to enhance cybersecurity in IIoT environments. Using the WUSTL-IIoT-2021 dataset, multiple classification models—including decision tree, random forest, multilayer perceptron (MLP), convolutional neural networks (CNNs), and hybrid deep learning architectures—were systematically evaluated based on key performance metrics, including accuracy, precision, recall, and F1 score. This research introduces several key innovations. First, it presents a comparative analysis of machine learning, deep learning, and hybrid models within a unified experimental framework, offering a comprehensive evaluation of various approaches. Second, while existing studies frequently favor hybrid models, findings from this study reveal that the standalone MLP model outperforms other architectures, achieving the highest detection accuracy of 99.99%. This outcome highlights the critical role of dataset-specific feature distributions in determining model effectiveness and calls for a more nuanced approach when selecting detection models for IIoT cybersecurity applications. Additionally, the study explores a broad range of hyperparameter configurations, optimizing model effectiveness for IIoT-specific intrusion detection. These contributions provide valuable insights for developing more efficient and adaptable IDS solutions in IIoT networks.

Blockchain and federated learning-based intrusion detection approaches for edge-enabled industrial IoT networks: a survey

Intrusion detection is crucial for securing Industrial Internet of Things (IIoT) networks, especially within edge computing environments. Traditional Intrusion Detection Systems (IDSs) struggle with the complexity and dynamic nature of IIoT networks, where increasing intrusion classes make classification tasks more challenging. While the Asynchronous Advantage Actor-Critic (A3C) algorithm has shown promise in reinforcement learning-based IDSs, previous A3C implementations suffer from slow convergence, high variance, unstable gradient updates, and inefficient parameter synchronization. These issues limit their ability to accurately classify diverse attack patterns, particularly underrepresented intrusion types. To address these challenges, this research introduces an Enhanced A3C (EA3C) using an enhanced convolutional neural network (CNN) structure to significantly improve feature representation compared to traditional fully connected networks from the dataset before passing them to the policy and value networks. Additionally, gradient clipping will be applied to prevent exploding gradients, and bootstrapping-based reward handling will be used to enhance policy and value estimation for better long-term learning and improved intrusion detection performance. The proposed approach is evaluated using the X-IIoTID dataset, which is a comprehensive benchmark that is effective in detecting a wide range of cyber threats in IIoT environments. Experimental results indicate that the EA3C algorithm significantly outperforms Decision Tree (DT), Adversarial Environment Reinforcement Learning (AERL), Double Deep Q-Network (DDQN), and traditional A3C algorithms, particularly in identifying underrepresented attack classes. The results of EA3C show that its weighted Accuracy, Precision, Recall, and F1-score exceeded 0.98, making it suitable for practical use with the increasing number of labeled classes of cyber-attacks. Although these results are promising, this algorithm needs further improvement, especially for attacks with very small samples or attacks that occur for the first time, such as zero-day attacks.

The rise of Industry 4.0 has led to the widespread adoption of Industrial Internet of Things (IIoT) devices, enhancing manufacturing efficiency while introducing significant cybersecurity risks. IIoT environments are highly susceptible to cyber threats such as Denial-of-Service (DoS), SQL injection, and ransomware, which can lead to production downtime and data breaches. Traditional intrusion detection systems (IDS) often fail to detect evolving threats, resulting in high false negative rates. This research proposes an advanced IDS integrating Convolutional Neural Networks (CNN) with Long Short-Term Memory (LSTM) to enhance IIoT security. By leveraging both spatial and temporal feature extraction, the proposed model effectively identifies network anomalies in real-time industrial environments. This study contributes to IIoT cybersecurity by developing an IDS capable of improving threat detection through the integration of CNN and LSTM architectures. The approach enhances pattern recognition and sequential dependency modeling, making it more adaptive to dynamic cyber threats. The model is trained and evaluated on a large-scale IIoT dataset, achieving a binary classification accuracy of 71%, outperforming several state-of-the-art models. The CNN-LSTM IDS demonstrates a strong ability to recognize normal traffic, with a recall of 99%, significantly reducing false alarms. In multi-class classification, the model successfully identifies certain high-volume attack types, such as DDoS. These findings underscore both the strengths and limitations of deep learning-based intrusion detection in IIoT environments. While the proposed model offers significant improvements, further research is needed to address the detection of low-frequency attacks and optimize classification performance.

A hybrid CNN+LSTM-based intrusion detection system for industrial IoT networks

In recent years, the Industrial Internet of things (IIoT) is a fastest advancing innovative technology with a poten-tial to digitize and interconnect many industries for huge business opportunities and development of global GDP. IIoT is used in diverse range of industries such as manufacturing, logistics, transportation, oil and gas, mining and metals, energy utilities and aviation. Although IIoT provides promising opportunities for the development of different industrial applications, they are prone to cyberattacks and demands for higher security require-ments. The enormous number of sensors present in the IIoT network generates a large amount of data and has attracted the attention of cybercriminals across globe. The intrusion detection system (IDS) that monitors the network traffic and detects the behaviour of the network is considered as one of the key security solution for securing IIoT application from attacks. Recently, the application of machine and deep learning techniques have proved to mitigate multiple security threats and enhance the performance of intrusion detection. In this paper, we present a survey of deep learning-based IDS technique for IIoT. The main objective of this research is to provide the various deep learning-based IDS detection methods, datasets and comwparative analysis. Finally, this research aims to identify the limitations and challenges of existing studies, solutions and future directions.

The rapid expansion of the Industrial Internet of Things (IIoT) necessitates the digitization of industrial processes in order to increase network efficiency. The integration of Digital Twin (DT) with IIoT digitizes physical objects into virtual representations to improve data analytics performance. Nevertheless, DT empowered IIoT generates a massive amount of data that is mostly sent to the cloud or edge servers for real-time analysis. However, unreliable public communication channels and lack of trust among participating entities causes various types of threats and attacks on the ongoing communication. Motivated from the aforementioned discussion, we present a blockchain and Deep Learning (DL) integrated framework for delivering decentralized data processing and learning in IIoT network. The framework first present a new DT model that facilitates construction of a virtual environment to simulate and replicate security-critical processes of IIoT. Second, we propose a blockchain-based data transmission scheme that uses smart contracts to ensure integrity and authenticity of data. Finally, the DL scheme is designed to apply the Intrusion Detection System (IDS) against valid data retrieved from blockchain. In DL scheme, a Long Short Term Memory-Sparse AutoEncoder (LSTMSAE) technique is proposed to learn the spatial-temporal representation. The extracted characteristics are further used by the proposed Multi-Head Self-Attention (MHSA)-based Bidirectional Gated Recurrent Unit (BiGRU) algorithm to learn long-distance features and accurately detect attacks. The practical implementation of our proposed framework proves considerable enhancement of communication security and data privacy in DT empowered IIoT network.

More data and information is being captured from systems, machines, and devices and made available to industrial information technology (IT) systems. The information is processed on-the-fly, enabling IT-based management systems to generate updated information for real-time control of the manufacturing processes. This data capturing and collection for IT systems is often referred to as the Internet of Things (IoT). When adopted to the industrial requirements, such as robustness, reliability, timeliness, and security, it is often termed as the industrial IoT (IIoT) [A1]. IIoT has attracted the attention of both the industry and academia since it is expected to enhance day-to-day activities, create new business models, products, and services, and as a broad source of research topics and ideas. Meanwhile, it is envisioned that the fifth-generation (5G) networks will be a cornerstone in future wireless industrial connectivity, and currently, there are multitude of ongoing research efforts in their design and optimization. Future industries willembrace use cases with numerous wireless-connected sensors and devices, and judging by the demand, massive machine-type communication and ultra-reliable low-latency communication (URLLC) in the literature and standardization activities, have been identified as two of the three main communication scenarios for 5G. These scenarios demand intelligent, scalable, and robust radio access techniques, network architectures, and deployment options to meet industrial demands [A2]. Therefore, more in-depth research is needed for IIoT and sensor networks in 5G-and-beyond wireless communication systems to address various challenges, including the following. 1)Transmit power control policy should be judiciously designed to improve both the spectrum efficiency and energy efficiency effectively; higher transmit powers can improve reliability but increase the interference and battery consumption. 2)Low-latency communication and computing is one of the significant challenges in 5G-and-beyond IIoT; uploading the device data to the cloud computing centers has high latency and resources waste issues in sensor networks. 3)Addressing privacy and security problems [A3] in the 5G-IIoT is fundamental to the further development and spread of 5G-IIoT. 4)Reliability and latency requirements of URLLC services, requiring less than 1-ms user plane latency and higher than 99.999% reliability, are demanding to meet, especially in time-varying industrial wireless channels. 5)Radio resource allocation, sharing, and isolation with performance guarantees under dynamic traffic conditions are critical issues for emerging IIoT applications requiring real-time support of massive connected devices. 6)5G-and-beyond IIoT networks must satisfy industrial-grade coverage, capacity, time-sensitive networking, and over-the-air time synchronization requirements [A4].

With the fast-growing interconnection of smart technologies, the Industrial Internet of Things (IIoT) has revolutionized how industries work by connecting devices and sensors and automating regular operations via the Internet of Things (IoTs). IoT devices provide seamless diversity and connectivity in different application domains. This system and its transmission channels are subjected to targeted cyberattacks due to their round-the-clock connectivity. Accordingly, a multilevel security solution is needed to safeguard the industrial system. By analyzing the data packet, the Intrusion Detection System (IDS) counteracts the cyberattack for the targeted attack in the IIoT platform. Various research has been undertaken to address the concerns of cyberattacks on IIoT networks using machine learning (ML) and deep learning (DL) approaches. This study introduces a new Bayesian Machine Learning with the Sparrow Search Algorithm for Cyberattack Detection (BMLSSA-CAD) technique in the IIoT networks. The proposed BMLSSA-CAD technique aims to enhance security in IIoT networks by detecting cyberattacks. In the BMLSSA-CAD technique, the min-max scaler normalizes the input dataset. Additionally, the method utilizes the Chameleon Optimization Algorithm (COA)-based feature selection (FS) approach to identify the optimal feature set. The BMLSSA-CAD technique uses the Bayesian Belief Network (BBN) model for cyberattack detection. The hyperparameter tuning process employs the sparrow search algorithm (SSA) model to enhance the BBN model performance. The performance of the BMLSSA-CAD method is examined using UNSWNB51 and UCI SECOM datasets. The experimental validation of the BMLSSA-CAD method highlighted superior accuracy outcomes of 97.84% and 98.93% compared to recent techniques on the IIoT platform.

In the context of Industry 4.0, safeguarding Industrial IoT (IIoT) networks against increasingly sophisticated cyber threats remains a critical challenge, as traditional Intrusion Detection Systems (IDSs) often struggle with scalability, adaptability, and data privacy concerns. This study addresses these limitations by introducing a novel hybrid deep learning architecture for anomaly-based intrusion detection in IIoT environments. The proposed model combines TabTransformer for contextual feature extraction, Temporal Convolutional Networks (TCN) and Bi-directional GRU (BiGRU) for temporal sequence modeling, and an attention mechanism to enhance focus on subtle attack patterns. Using the IoTID20 dataset, the model was first evaluated in centralized training, where it outperformed baseline models (LSTM, CNN, CNN-BiGRU, BiGRU) with an F1-score of 99.8%, accuracy of 99.6%, and an AUC of 0.999. To ensure privacy-preserving and communication-efficient deployment, the model was further implemented in a Federated Learning (FL) setting using Flower, enabling collaborative training across distributed clients without sharing raw data, and significantly reducing bandwidth consumption by exchanging only model parameters. Overall, the proposed approach contributes a scalable, accurate, and privacy-aware intrusion detection framework, positioning hybrid transformer-temporal architectures as promising solutions for secure and intelligent IIoT systems.

In earth exploration and coastal monitoring, salt-spray prediction (SSP) plays a pivotal role in assessing corrosion risks and evaluating environmental impacts on infrastructure and ecosystems. In industrial Internet of Things (IIoT) networks, SSP relies on geographically distributed sensing devices to collect and process large volumes of environmental data. However, conventional centralized SSP solutions are difficult to deploy over wide-area IIoT infrastructures and often incur substantial communication delays, limiting their real-time applicability. To address these challenges, this paper investigates latency-constrained optimization in federated learning (FL) for SSP within IIoT networks, aiming to enhance communication efficiency while minimizing overall model training latency. We propose two adaptive wireless bandwidth allocation strategies: one based on instantaneous channel state information (I-CSI) and the other on statistical channel state information (S-CSI). The I-CSI-based method dynamically allocates bandwidth according to real-time channel conditions, enabling rapid convergence and high predictive accuracy in relatively stable IIoT wireless links. In contrast, the S-CSI-based method leverages long-term channel statistics to provide robust performance in fast-varying or unpredictable IIoT environments. Extensive simulation results demonstrate that both strategies significantly reduce system latency, increase the number of active participating clients, and effectively balance convergence speed, accuracy, and bandwidth utilization. Notably, the I-CSI approach achieves faster convergence and higher accuracy under stable conditions, while the S-CSI approach offers steady improvements in highly dynamic IIoT scenarios. These findings underscore the critical role of intelligent bandwidth allocation in FL-enabled SSP systems and provide practical insights for optimizing communication resources in real-world IIoT deployments.

In the Industrial Internet of Things (IIoT) context, heterogeneous IIoT nodes need diverse performance requirements, including throughput and quality of service (QoS). These IIoT nodes transmit data over a common shared communication medium. The existing critical challenge arises in efficiently scheduling access to this shared medium among a large number of connected IIoT nodes. To address the challenge of random access in IIoT networks, the power of the entanglement‐assisted (EA) protocol was exploited to expand the capacity region boundaries of the shared communication medium, thereby enhancing the throughput and quality‐of‐service (QoS) requirements of the heterogeneous IIoT network. In the literature, IIoT networks are mainly categorised into two types: centralised and distributed. In this paper, we proposed two distinct models: (1) a centralised multi‐class IIoT network based on EA protocol and (2) a distributed multi‐class IIoT network based on EA protocol. Next, the authors analytically demonstrated that integrating the EA protocol into both proposed types of multi‐class IIoT networks significantly increases the capacity region boundaries compared to the classical reference model, namely slotted ALOHA (SA). Finally, the network performance boundaries were evaluated by analysing the throughput values for different network classes and varying numbers of IIoT nodes. The results demonstrate that, for both proposed models (1) and (2), the transmitted load generated by the IIoT nodes over the shared medium achieves dramatically higher throughput compared to the reference IIoT network based on SA.

Intrusion Detection in the Industrial Internet of Things (IIoT) concentrations on the security and safety of critical structures and industrial developments. IIoT extends IoT principles to industrial environments, but linked sensors and devices can be deployed for monitoring, automation, and control of manufacturing, energy, and other critical systems. Intrusion detection systems (IDS) in IoT drive to monitor network traffic, device behavior, and system anomalies for detecting and responding to security breaches. These IDS solutions exploit a range of systems comprising signature-based detection, anomaly detection, machine learning (ML), and behavioral analysis, for identifying suspicious actions like device tampering, unauthorized access, data exfiltration, and denial-of-service (DoS) attacks. This study presents an Improving Intrusion Detection using Satin Bowerbird Optimization with Deep Learning (IID-SBODL) model for IIoT Environment. The IID-SBODL technique initially preprocesses the input data for compatibility. Next, the IID-SBODL technique applies Echo State Network (ESN) model for effectual recognition and classification of the intrusions. Finally, the SBO algorithm optimizes the configuration of the ESN, boosting its capability for precise identification of anomalies and significant security breaches within IIoT networks. By widespread simulation evaluation, the experimental results pointed out that the IID-SBODL technique reaches maximum detection rate and improves the security of the IIoT environment. Through comprehensive experimentation on both UNSW-NB15 and UCI SECOM datasets, the model exhibited exceptional performance, achieving an average accuracy of 99.55% and 98.87%, precision of 98.90% and 98.93%, recall of 98.87% and 98.80%, and F-score of 98.88% and 98.87% for the respective datasets. The IID-SBODL model contributes to the development of robust intrusion detection mechanisms for safeguarding critical industrial processes in the era of interconnected and smart IIoT environments.

Enhancing IIoT networks protection: A robust security model for attack detection in Internet Industrial Control Systems