{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T03:50:02Z","timestamp":1770954602771,"version":"3.50.1"},"reference-count":19,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T00:00:00Z","timestamp":1769472000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026,1,27]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>This paper investigates the application of machine learning methods for anomaly detection of both physical and cyber threats in Industrial Internet of Things (IIoT) environments, with a novel method of separating different threat classes, performing delegation of computationally inexpensive threshold-based metrics to a simple rules-based alerting system, while performing anomaly detection of the more complex behavioural-based metrics in a machine learning model. This hybrid approach of separating threshold-based and behaviour-based detection methods is validated on the Edge-IIoTset2023 and CICIoT2023 public research datasets. As a new contribution, this hybrid methodology is validated against both tree-based classifiers and artificial neural network (ANN) classifiers. Experimental results indicate that while ANNs can be very effective, marginally higher accuracy (~3%) and significantly faster predictions can be achieved with less computationally expensive tree-based algorithms such as Decision Trees and Random Forests, thereby optimizing the price-performance trade-off for the operators of IIoT environments.<\/jats:p>","DOI":"10.1093\/jigpal\/jzaf017","type":"journal-article","created":{"date-parts":[[2025,4,24]],"date-time":"2025-04-24T06:42:53Z","timestamp":1745476973000},"source":"Crossref","is-referenced-by-count":0,"title":["Comparing deep neural networks to tree-based machine learning methods for anomaly detection in IIoT"],"prefix":"10.1093","volume":"34","author":[{"given":"Nicholas","family":"Jeffrey","sequence":"first","affiliation":[{"name":"Computer Science Department, University of Oviedo , 33003 Oviedo ,","place":["Spain"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qing","family":"Tan","sequence":"additional","affiliation":[{"name":"Faculty of Science and Technology, Athabasca University , Athabasca, AB, T9S3A3 ,","place":["Canada"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jos\u00e9 R","family":"Villar","sequence":"additional","affiliation":[{"name":"Computer Science Department, University of Oviedo , 33003 Oviedo ,","place":["Spain"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2026,2,13]]},"reference":[{"key":"2026021221581734900_ref1","first-page":"1","volume-title":"2021 3rd International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), Ankara, Turkey: IEEE","author":"Altunay","year":"2021"},{"key":"2026021221581734900_ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cie.2020.106948","article-title":"The experimental application of popular machine learning algorithms on predictive maintenance and the design of IIoT based condition monitoring system","volume":"151","author":"Cakir","year":"2021","journal-title":"Comput Ind Eng"},{"key":"2026021221581734900_ref3","doi-asserted-by":"publisher","first-page":"26","DOI":"10.3390\/sci4030026","article-title":"Ten years of Industrie 4.0","volume":"4","author":"Kagermann","year":"2022","journal-title":"Sci"},{"key":"2026021221581734900_ref4","doi-asserted-by":"publisher","first-page":"7856","DOI":"10.3390\/s23187856","article-title":"HIDM: hybrid intrusion detection model for industry 4.0 networks using an optimized CNN-LSTM with transfer learning","volume":"23","author":"Lilhore","year":"2023","journal-title":"Sensors"},{"key":"2026021221581734900_ref5","doi-asserted-by":"publisher","first-page":"3307","DOI":"10.1109\/TVCG.2020.3045560","article-title":"Task-based visual interactive modeling: decision trees and rule-based classifiers","volume":"28","author":"Streeb","year":"2022","journal-title":"IEEE Trans Vis Comput Graph"},{"key":"2026021221581734900_ref6","first-page":"37","volume-title":"Proceedings of the International Joint Conference 16th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2023) 14th International Conference on EUropean Transnational Education (ICEUTE 2023), Salamanca, Spain, 5\u20137 September 2023; Volume 748","author":"Jeffrey"},{"key":"2026021221581734900_ref7","doi-asserted-by":"publisher","first-page":"3283","DOI":"10.3390\/electronics12153283","article-title":"A review of anomaly detection strategies to detect threats to cyber-physical systems","volume":"12","author":"Jeffrey","year":"2023","journal-title":"Electronics"},{"key":"2026021221581734900_ref8","doi-asserted-by":"publisher","first-page":"127068","DOI":"10.1016\/j.neucom.2023.127068","article-title":"A hybrid methodology for anomaly detection in cyber\u2013physical systems","volume":"568","author":"Jeffrey","year":"2024","journal-title":"Neurocomputing"},{"key":"2026021221581734900_ref9","doi-asserted-by":"publisher","first-page":"1391","DOI":"10.3390\/electronics13071391","article-title":"Using ensemble learning for anomaly detection in cyber\u2013physical systems","volume":"13","author":"Jeffrey","year":"2024","journal-title":"Electronics (Basel)"},{"key":"2026021221581734900_ref10","doi-asserted-by":"publisher","first-page":"972","DOI":"10.3390\/s21030972","article-title":"A deep learning model for predictive maintenance in cyber-physical production systems using LSTM autoencoders","volume":"21","author":"Bampoula","year":"2021","journal-title":"Sensors"},{"key":"2026021221581734900_ref11","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.721","article-title":"IoT-based intrusion detection system using convolution neural networks","volume":"7","author":"Aljumah","year":"2021","journal-title":"PeerJ Comput Sci"},{"key":"2026021221581734900_ref12","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107784","article-title":"Toward a deep learning-driven intrusion detection approach for internet of things","volume":"186","author":"Ge","year":"2021","journal-title":"Comput Netw"},{"key":"2026021221581734900_ref13","doi-asserted-by":"publisher","first-page":"0562","DOI":"10.1109\/CCWC47524.2020.9031206","author":"Roopak","year":"2020"},{"key":"2026021221581734900_ref14","doi-asserted-by":"publisher","first-page":"8229","DOI":"10.1109\/JIOT.2022.3150363","article-title":"Recent advances on federated learning for cybersecurity and cybersecurity for federated learning for internet of things","volume":"9","author":"Ghimire","year":"2022","journal-title":"IEEE Internet Things J"},{"key":"2026021221581734900_ref15","doi-asserted-by":"publisher","first-page":"8707","DOI":"10.3390\/su14148707","article-title":"XGBoost for imbalanced multiclass classification-based Industrial Internet of Things intrusion detection systems","volume":"14","author":"Le","year":"2022","journal-title":"Sustainability"},{"key":"2026021221581734900_ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2020.100357","article-title":"Ensemble learning for intrusion detection systems: a systematic mapping study and cross-benchmark evaluation","volume":"39","author":"Tama","year":"2021","journal-title":"Comput Sci Rev"},{"key":"2026021221581734900_ref17","doi-asserted-by":"publisher","first-page":"2825","DOI":"10.5555\/1953048.2078195","article-title":"Scikit-learn: machine learning in Python","volume":"12","author":"Pedregosa","year":"2011","journal-title":"J Mach Learn Res"},{"key":"2026021221581734900_ref18","doi-asserted-by":"publisher","first-page":"40281","DOI":"10.1109\/ACCESS.2022.3165809","article-title":"Edge-IIoTset: a new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning","volume":"10","author":"Ferrag","year":"2022","journal-title":"IEEE Access"},{"key":"2026021221581734900_ref19","doi-asserted-by":"publisher","first-page":"5941","DOI":"10.3390\/s23135941","article-title":"CICIoT2023: a real-time dataset and benchmark for large-scale attacks in IoT environment","volume":"23","author":"Neto","year":"2023","journal-title":"Sensors"}],"container-title":["Logic Journal of the IGPL"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/34\/1\/jzaf017\/66867422\/jzaf017.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/34\/1\/jzaf017\/66867422\/jzaf017.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T02:58:23Z","timestamp":1770951503000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jigpal\/article\/doi\/10.1093\/jigpal\/jzaf017\/8475642"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,27]]},"references-count":19,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,1,27]]}},"URL":"https:\/\/doi.org\/10.1093\/jigpal\/jzaf017","relation":{},"ISSN":["1367-0751","1368-9894"],"issn-type":[{"value":"1367-0751","type":"print"},{"value":"1368-9894","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2026,2]]},"published":{"date-parts":[[2026,1,27]]},"article-number":"jzaf017"}}