Accurate threat hunting in industrial internet of things edge devices

Industrial Internet of Things(IIoT) systems depend on a growing number of edge devices such as sensors, controllers, and robots for data collection, transmission, storage, and processing. Any kind of malicious or abnormal function by each of these devices can jeopardize the security of the entire IIoT. Moreover, they can allow malicious software installed on end nodes to penetrate the network. This paper presents a parallel ensemble model for threat hunting based on anomalies in the behavior of IIoT edge devices. The proposed model is flexible enough to use several state-of-the-art classifiers as the basic learner and efficiently classifies multi-class anomalies using the Multi-class AdaBoost and majority voting. Experimental evaluations using a dataset consisting of multi-source normal records and multi-class anomalies demonstrate that our model outperforms existing approaches in terms of accuracy, F1 score, recall, and precision.