Robust Anomaly Detection via Radio Fingerprinting in LoRa-Enabled IIoT

Abstract

AbstractLong Range (LoRa) communications are gaining popularity in the Industrial Internet of Things (IIoT) domain due to their large coverage and high energy efficiency. However, LoRa-enabled IIoT networks are susceptible to cyberattacks mainly due to their wide transmission window and freely operated frequency band. This has led to several categories of cyberattacks. However, existing intrusion detection systems are inefficient in detecting compromised device due to the dense deployment and heterogeneous devices. This work introduces \(\textsf{Hawk}\), a distributed anomaly detection system for detecting compromised devices in LoRa-enabled IIoT. \(\textsf{Hawk}\) first measures a device-type specific physical layer feature, Carrier Frequency Offset (CFO) and then leverages the CFO for fingerprinting the device and consequently detecting anomalous deviations in the CFO behavior, potentially caused by adversaries. To aggregate the device-type specific CFO behavior profile efficiently, \(\textsf{Hawk}\) uses federated learning. To the best of our knowledge, \(\textsf{Hawk}\) is the first to use a federated learning method for anomaly-based intrusion detection in LoRa-enabled IIoT. We perform extensive experiments on a real-world dataset collected using 60 LoRa devices, primarily to assess the effectiveness of \(\textsf{Hawk}\) against passive attacks. The results show that \(\textsf{Hawk}\) improves the detection accuracy by 8% and reduces the storage overhead by 40% than the state-of-the-art solutions.KeywordsAnomaly detectionCarrier frequency offsetFederated learningIndustrial IoTLoRa communication