Hybrid models for detecting shadowburst anomaly in industrial IoT traffic

Authors

DOI:

https://doi.org/10.18372/2073-4751.81.20120

Keywords:

Industrial IoT (IIoT), trafic anomaly, anomaly detection, Kalman filter, Isolation Forest, hybrid models, Industry 4.0, time-series analysis, smart manufacturing

Abstract

The increasing deployment of Industrial Internet of Things (IIoT) systems within Industry 4.0 environments has introduced new cyber-physical vulnerabilities, particularly in the form of stealthy and short-lived anomalies that evade traditional detection mechanisms. This paper introduces and formalizes a novel anomaly type, referred to as ShadowBurst, which consists of protocol-conformant, high-frequency microbursts embedded in otherwise stable traffic streams. We propose a hybrid detection architecture that integrates Kalman filtering for temporal state estimation with machine learning techniques, specifically Isolation Forest, for residual-based outlier detection. The detection function is further enhanced by incorporating statistical scoring and behavioral profiling to improve anomaly visibility. Simulation results confirm that this hybrid Kalman–ML approach enables effective identification of ShadowBurst anomalies in time-sensitive IIoT traffic, addressing gaps left by signature-based and purely statistical models. The proposed model demonstrates high responsiveness to low-duration, protocol-mimicking threats and supports real-time deployment in smart manufacturing environments.

References

Santiago C. J. S., Abbas H., Thangamani P. An automated workflow for condition monitoring of centrifugal compressors using a combined data-driven and physics-based approach. SPE Annual Technical Conference and Exhibition : proceedings, New Orleans, LA, USA, September 2024 / 2024. P. 414–415. URL: https://onepetro.org/SPEATCE/proceedings-abstract/24ATCE/24ATCE/563693.

Shahin M., Chen F. F., Hosseinzadeh A. A deep hybrid learning model for detection of cyber attacks in industrial IoT devices. The International Journal of Advanced Manufacturing Technology. 2022. Vol. 121. P. 1597–1614. DOI: 10.1007/s00170-022-10329-6.

Hao W., Yang T., Yang Q. Hybrid statistical–machine learning for real-time anomaly detection in industrial cyber–physical systems. IEEE Transactions on Automation Science and Engineering. 2021. Vol. 18, no. 3. P. 1234–1247. DOI: 10.1109/TASE.2021.3066927.

Yang T., Hao W., Wang W. Cloud-edge coordinated traffic anomaly detection for industrial cyber-physical systems. Expert Systems with Applications. 2023. Vol. 213. 119193. DOI: 10.1016/j.eswa.2022.119193.

Al-Zaidawi M.Q.J., Çevik M. Advanced deep learning models for improved IoT network monitoring using hybrid optimization and MCDM techniques. Symmetry. 2025. Vol. 17, no. 3. 388. DOI: 10.3390/sym17030388.

Srivastav S. et al. HYRIDE: Hybrid and robust intrusion detection approach for enhancing cybersecurity in Industry 4.0. Internet of Things. 2025. Vol. 22. 100840. DOI: 10.1016/j.iot.2024.100840.

Francis G. T., Souri A., İnanç N. A hybrid intrusion detection approach based on message queuing telemetry transport (MQTT) protocol in industrial internet of things. Transactions on Emerging Telecommunications Technologies. 2024. Vol. 35, iss. 9. 15 p. DOI: 10.1002/ett.5030.

Ali R. M., Baheti M. R. Enhancing IoT security: a study on hybrid intrusion detection methods. 2024 IEEE 3rd World Conference on Applied Intelligence and Computing (AIC) : proceedings, Gwalior, India, 27–28 July 2024 / IEEE. 2024. P. 1373–1380. DOI: 10.1109/AIC61668.2024.10731133.

Babbar H., Rani S., Boulila W. Fortifying the connection: cybersecurity tactics for WSN-driven smart manufacturing in the era of Industry 5.0. IEEE Open Journal of the Computer Society. 2024. Vol. 5. P. 112–125. DOI: 10.1109/OJCS.2024.10599217.

Touileb L. et al. A hybrid LSTM-autoencoder based approach for network anomaly detection system in IoT environments. 2024 IEEE International Mediterranean Conference on Communications and Networking (MeditCom) : proceedings, Madrid, Spain, 08–11 July 2024 / IEEE. 2024. P. 125–130. DOI: 10.1109/MeditCom61057.2024.10621202.

Sangeetha V., Naidu R. C. A., Bhat A. Integrating deep learning with ensemble approach for anomaly detection in network traffic. 2024 4th International Conference on Mobile Networks and Wireless Communications (ICMNWC) : proceedings, Tumkuru, India, 04–05 December 2024 / IEEE. 2024. P. 1–5. DOI: 10.1109/ICMNWC63764.2024.10872226.

Downloads

Published

2025-06-12

How to Cite

Alkema, V., & Huzii, M. (2025). Hybrid models for detecting shadowburst anomaly in industrial IoT traffic. Problems of Informatization and Management, 1(81). https://doi.org/10.18372/2073-4751.81.20120

Issue

Vol. 1 No. 81 (2025)

Section

Статті

License

The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.