Long-Range Wide Area Network Intrusion Detection at the Edge
Internet of Things (IoT) devices are ubiquitous in various applications, such as smart homes, asset and people tracking, and city management systems. However, their deployment in adverse conditions, including unstable internet connectivity and power sources, present new cybersecurity challenges thro...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-12-01
|
| Series: | IoT |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2624-831X/5/4/40 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850241039598616576 |
|---|---|
| author | Gonçalo Esteves Filipe Fidalgo Nuno Cruz José Simão |
| author_facet | Gonçalo Esteves Filipe Fidalgo Nuno Cruz José Simão |
| author_sort | Gonçalo Esteves |
| collection | DOAJ |
| description | Internet of Things (IoT) devices are ubiquitous in various applications, such as smart homes, asset and people tracking, and city management systems. However, their deployment in adverse conditions, including unstable internet connectivity and power sources, present new cybersecurity challenges through new attack vectors. The LoRaWAN protocol, with its open and distributed network architecture, has gained prominence as a leading LPWAN solution, presenting novel security challenges. This paper proposes the implementation of machine learning algorithms, specifically the K-Nearest Neighbours (KNN) algorithm, within an Intrusion Detection System (IDS) for LoRaWAN networks. Through behavioural analysis based on previously observed packet patterns, the system can detect potential intrusions that may disrupt critical tracking services. Initial simulated packet classification attained over 90% accuracy. By integrating the Suricata IDS and extending it through a custom toolset, sophisticated rule sets are incorporated to generate confidence metrics to classify packets as either presenting an abnormal or normal behaviour. The current work uses third-party multi-vendor sensor data obtained in the city of Lisbon for training and validating the models. The results show the efficacy of the proposed technique in evaluating received packets, logging relevant parameters in the database, and accurately identifying intrusions or expected device behaviours. We considered two use cases for evaluating our work: one with a more traditional approach where the devices and network are static, and another where we assume that both the devices and the network are mobile; for example, when we need to report data back from sensors on a rail infrastructure to a mobile LoRaWAN gateway onboard a train. |
| format | Article |
| id | doaj-art-aef7d64d4be9429e81e3d60db15dac30 |
| institution | OA Journals |
| issn | 2624-831X |
| language | English |
| publishDate | 2024-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | IoT |
| spelling | doaj-art-aef7d64d4be9429e81e3d60db15dac302025-08-20T02:00:42ZengMDPI AGIoT2624-831X2024-12-015487190010.3390/iot5040040Long-Range Wide Area Network Intrusion Detection at the EdgeGonçalo Esteves0Filipe Fidalgo1Nuno Cruz2José Simão3Future Internet Technologies—FIT, Instituto Superior de Engenharia de Lisboa, Instituto Politécnico de Lisboa, 1500-335 Lisbon, PortugalFuture Internet Technologies—FIT, Instituto Superior de Engenharia de Lisboa, Instituto Politécnico de Lisboa, 1500-335 Lisbon, PortugalFuture Internet Technologies—FIT, Instituto Superior de Engenharia de Lisboa, Instituto Politécnico de Lisboa, 1500-335 Lisbon, PortugalFuture Internet Technologies—FIT, Instituto Superior de Engenharia de Lisboa, Instituto Politécnico de Lisboa, 1500-335 Lisbon, PortugalInternet of Things (IoT) devices are ubiquitous in various applications, such as smart homes, asset and people tracking, and city management systems. However, their deployment in adverse conditions, including unstable internet connectivity and power sources, present new cybersecurity challenges through new attack vectors. The LoRaWAN protocol, with its open and distributed network architecture, has gained prominence as a leading LPWAN solution, presenting novel security challenges. This paper proposes the implementation of machine learning algorithms, specifically the K-Nearest Neighbours (KNN) algorithm, within an Intrusion Detection System (IDS) for LoRaWAN networks. Through behavioural analysis based on previously observed packet patterns, the system can detect potential intrusions that may disrupt critical tracking services. Initial simulated packet classification attained over 90% accuracy. By integrating the Suricata IDS and extending it through a custom toolset, sophisticated rule sets are incorporated to generate confidence metrics to classify packets as either presenting an abnormal or normal behaviour. The current work uses third-party multi-vendor sensor data obtained in the city of Lisbon for training and validating the models. The results show the efficacy of the proposed technique in evaluating received packets, logging relevant parameters in the database, and accurately identifying intrusions or expected device behaviours. We considered two use cases for evaluating our work: one with a more traditional approach where the devices and network are static, and another where we assume that both the devices and the network are mobile; for example, when we need to report data back from sensors on a rail infrastructure to a mobile LoRaWAN gateway onboard a train.https://www.mdpi.com/2624-831X/5/4/40IoTLoRaWANintrusion detection systemmachine learning |
| spellingShingle | Gonçalo Esteves Filipe Fidalgo Nuno Cruz José Simão Long-Range Wide Area Network Intrusion Detection at the Edge IoT IoT LoRaWAN intrusion detection system machine learning |
| title | Long-Range Wide Area Network Intrusion Detection at the Edge |
| title_full | Long-Range Wide Area Network Intrusion Detection at the Edge |
| title_fullStr | Long-Range Wide Area Network Intrusion Detection at the Edge |
| title_full_unstemmed | Long-Range Wide Area Network Intrusion Detection at the Edge |
| title_short | Long-Range Wide Area Network Intrusion Detection at the Edge |
| title_sort | long range wide area network intrusion detection at the edge |
| topic | IoT LoRaWAN intrusion detection system machine learning |
| url | https://www.mdpi.com/2624-831X/5/4/40 |
| work_keys_str_mv | AT goncaloesteves longrangewideareanetworkintrusiondetectionattheedge AT filipefidalgo longrangewideareanetworkintrusiondetectionattheedge AT nunocruz longrangewideareanetworkintrusiondetectionattheedge AT josesimao longrangewideareanetworkintrusiondetectionattheedge |