Modern IoT (Internet of Things) environments with thousands of low-end and
diverse IoT nodes with complex interactions among them and often deployed in
remote and/or wild locations present some unique challenges that make
traditional node compromise detection services less effective. This paper
presents the design, implementation and evaluation of a fog-based architecture
that utilizes the concept of a digital-twin to detect compromised IoT nodes
exhibiting malicious behaviors by either producing erroneous data and/or being
used to launch network intrusion attacks to hijack other nodes eventually
causing service disruption. By defining a digital twin of an IoT infrastructure
at a fog server, the architecture is focused on monitoring relevant information
to save energy and storage space. The paper presents a prototype implementation
for the architecture utilizing malicious behavior datasets to perform
misbehaving node classification. An extensive accuracy and system performance
evaluation was conducted based on this prototype. Results show good accuracy
and negligible overhead especially when employing deep learning techniques such
as MLP (multilayer perceptron).Comment: This work has been submitted to the IEEE for possible publicatio