Dissemination control in dynamic data clustering for dense IIoT against false data injection attack

Summary The Internet of Things (IoT) has made possible the development of increasingly driven services, like industrial Industrial Internet of Things (IIoT) services, that often deal with massive amounts of data. Meantime, as IIoT networks grow, the threats are even greater, and false data injection (FDI) attacks stand out as being one of the most aggressive. The majority of current solutions to handle this attack do not take into account the data validation, especially on the data clustering service. Aiming to advance on the issue, this work introduces CON sensus Based Data FI lteri N g for I I o T (CONFINIT), an intrusion detection system for mitigating FDI attacks on the data dissemination service performing in dense IIoT networks. CONFINIT combines watchdog surveillance and collaborative consensus strategies for assertively excluding various FDI attacks. The simulations showed that CONFINIT compared with Dynamic Data‐aware Firefly‐based Clustering (DDFC) increased by up to 35%–40% the number of clusters without attackers in a gas pressure IIoT environment. CONFINIT achieved attack detection rates (DRs) of 99%, accuracy of 90, and F1 score of 0.81 in multiple IIoT scenarios, with only up to 3.2% and 3.6% of false negatives and positives rates, respectively. Moreover, under two variants of FDI attacks, called Churn and Sensitive attacks, CONFINIT achieved DRs of 100%, accuracy of 99, and F1 of 0.93 with less than 2% of false positives and negatives rates.