{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T13:56:42Z","timestamp":1774965402624,"version":"3.50.1"},"reference-count":40,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2024,6,7]],"date-time":"2024-06-07T00:00:00Z","timestamp":1717718400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Cybersecurity has become a major concern in the modern world due to our heavy reliance on cyber systems. Advanced automated systems utilize many sensors for intelligent decision-making, and any malicious activity of these sensors could potentially lead to a system-wide collapse. To ensure safety and security, it is essential to have a reliable system that can automatically detect and prevent any malicious activity, and modern detection systems are created based on machine learning (ML) models. Most often, the dataset generated from the sensor node for detecting malicious activity is highly imbalanced because the Malicious class is significantly fewer than the Non-Malicious class. To address these issues, we proposed a hybrid data balancing technique in combination with a Cluster-based Under Sampling and Synthetic Minority Oversampling Technique (SMOTE). We have also proposed an ensemble machine learning model that outperforms other standard ML models, achieving 99.7% accuracy. Additionally, we have identified the critical features that pose security risks to the sensor nodes with extensive explainability analysis of our proposed machine learning model. In brief, we have explored a hybrid data balancing method, developed a robust ensemble machine learning model for detecting malicious sensor nodes, and conducted a thorough analysis of the model\u2019s explainability.<\/jats:p>","DOI":"10.3390\/s24123712","type":"journal-article","created":{"date-parts":[[2024,6,7]],"date-time":"2024-06-07T10:43:42Z","timestamp":1717757022000},"page":"3712","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Automated Sensor Node Malicious Activity Detection with Explainability Analysis"],"prefix":"10.3390","volume":"24","author":[{"given":"Md","family":"Zubair","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, Chittagong University of Engineering and Technology, Chittagong 4349, Bangladesh"}]},{"given":"Helge","family":"Janicke","sequence":"additional","affiliation":[{"name":"Centre for Securing Digital Futures, Edith Cowan University, Perth, WA 6027, Australia"}]},{"given":"Ahmad","family":"Mohsin","sequence":"additional","affiliation":[{"name":"Centre for Securing Digital Futures, Edith Cowan University, Perth, WA 6027, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5360-9782","authenticated-orcid":false,"given":"Leandros","family":"Maglaras","sequence":"additional","affiliation":[{"name":"School of Computing, Edinburgh Napier University, Edinburgh EH14 1DJ, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1740-5517","authenticated-orcid":false,"given":"Iqbal H.","family":"Sarker","sequence":"additional","affiliation":[{"name":"Centre for Securing Digital Futures, Edith Cowan University, Perth, WA 6027, Australia"}]}],"member":"1968","published-online":{"date-parts":[[2024,6,7]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1109\/MIE.2017.2648857","article-title":"Industrial cyberphysical systems: A backbone of the fourth industrial revolution","volume":"11","author":"Colombo","year":"2017","journal-title":"IEEE Ind. Electron. Mag."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3510410","article-title":"Cybersecurity of industrial cyber-physical systems: A review","volume":"54","author":"Kayan","year":"2022","journal-title":"ACM Comput. Surv."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"100121","DOI":"10.1016\/j.sintl.2021.100121","article-title":"Sensors for daily life: A review","volume":"2","author":"Javaid","year":"2021","journal-title":"Sens. Int."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1007\/s11277-020-07213-5","article-title":"Cybersecurity issues in wireless sensor networks: Current challenges and solutions","volume":"117","author":"Boubiche","year":"2021","journal-title":"Wirel. Pers. Commun."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Duobiene, S., Ratautas, K., Trusovas, R., Ragulis, P., \u0160lekas, G., Simni\u0161kis, R., and Ra\u010diukaitis, G. (2022). Development of wireless sensor network for environment monitoring and its implementation using SSAIL technology. Sensors, 22.","DOI":"10.3390\/s22145343"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3545574","article-title":"The role of machine learning in cybersecurity","volume":"4","author":"Apruzzese","year":"2023","journal-title":"Digit. Threat. Res. Pract."},{"key":"ref_7","unstructured":"Raghunath, K.M.K., and Arvind, K.S. (2023). SensorNetGuard: A Dataset for Identifying Malicious Sensor Nodes. IEEEDataPort."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Sarker, I.H. (2024). AI-Driven Cybersecurity and Threat Intelligence: Cyber Automation, Intelligent Decision-Making and Explainability, Springer Nature.","DOI":"10.1007\/978-3-031-54497-2"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Mokhtar, R., and Rohaizat, A. (2024). Cybercrimes and cyber security trends in the new normal. The New Normal and Its Impact on Society: Perspectives from ASEAN and the European Union, Springer.","DOI":"10.1007\/978-981-97-0527-6_4"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"e295","DOI":"10.1002\/spy2.295","article-title":"Multi-aspects AI-based modeling and adversarial learning for cybersecurity intelligence and robustness: A comprehensive overview","volume":"6","author":"Sarker","year":"2023","journal-title":"Secur. Priv."},{"key":"ref_11","unstructured":"Makanju, A., LaRoche, P., and Zincir-Heywood, A.N. (2024). A Comparison between Signature and Machine Learning Based Detectors, Dalhousie University."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Tan, X., Su, S., Huang, Z., Guo, X., Zuo, Z., Sun, X., and Li, L. (2019). Wireless sensor networks intrusion detection based on SMOTE and the Random Forest algorithm. Sensors, 19.","DOI":"10.3390\/s19010203"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"25170","DOI":"10.1109\/ACCESS.2020.2970973","article-title":"Generalized intrusion detection mechanism for empowered intruders in wireless sensor networks","volume":"8","author":"Wang","year":"2020","journal-title":"IEEE Access"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Whelan, J., Sangarapillai, T., Minawi, O., Almehmadi, A., and El-Khatib, K. (2020, January 16\u201320). Novelty-based intrusion detection of sensor attacks on unmanned aerial vehicles. Proceedings of the 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Alicante, Spain.","DOI":"10.1145\/3416013.3426446"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"240","DOI":"10.1016\/j.future.2022.01.026","article-title":"Imbalanced data classification: A KNN and generative adversarial networks-based hybrid approach for intrusion detection","volume":"131","author":"Ding","year":"2022","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Fu, Y., Du, Y., Cao, Z., Li, Q., and Xiang, W. (2022). A deep learning model for network intrusion detection with imbalanced data. Electronics, 11.","DOI":"10.3390\/electronics11060898"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"104888","DOI":"10.1016\/j.micpro.2023.104888","article-title":"Malicious attack detection based on continuous Hidden Markov Models in Wireless sensor networks","volume":"101","author":"Moundounga","year":"2023","journal-title":"Microprocess. Microsyst."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"3825","DOI":"10.1109\/ACCESS.2023.3349248","article-title":"Stochastic Gradient Descent Intrusions Detection for Wireless Sensor Network Attack Detection System Using Machine Learning","volume":"12","author":"Saleh","year":"2024","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1186\/s40537-023-00692-w","article-title":"Performance evaluation of deep learning techniques for DoS attacks detection in wireless sensor network","volume":"10","author":"Salmi","year":"2023","journal-title":"J. Big Data"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"4731953","DOI":"10.1155\/2016\/4731953","article-title":"WSN-DS: A dataset for intrusion detection systems in wireless sensor networks","volume":"2016","author":"Almomani","year":"2016","journal-title":"J. Sens."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Taher, M.A., Iqbal, H., Tariq, M., and Sarwat, A.I. (2024, January 12\u201313). Recurrent neural network\u2014Based sensor data attacks identification in distributed renewable energy\u2014Based DC microgrid. Proceedings of the 2024 IEEE Texas Power and Energy Conference (TPEC), College Station, TX, USA.","DOI":"10.1109\/TPEC60005.2024.10472171"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"6106","DOI":"10.1109\/ACCESS.2023.3236983","article-title":"Malicious node detection using machine learning and distributed data storage using blockchain in WSNs","volume":"11","author":"Nouman","year":"2023","journal-title":"IEEE Access"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Hasan, M., Rahman, M.S., Janicke, H., and Sarker, I.H. (2024). Detecting Anomalies in Blockchain Transactions using Machine Learning Classifiers and Explainability Analysis. arXiv.","DOI":"10.1016\/j.bcra.2024.100207"},{"key":"ref_24","first-page":"183335831877435","article-title":"Data quality: Garbage in\u2013garbage out","volume":"47","author":"Kilkenny","year":"2018","journal-title":"Health Inf. Manag. J. Health Inf. Manag. Assoc. Aust."},{"key":"ref_25","first-page":"2579","article-title":"Visualizing data using t-SNE","volume":"9","author":"Hinton","year":"2008","journal-title":"J. Mach. Learn. Res."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"625","DOI":"10.19026\/rjaset.7.299","article-title":"A novel feature selection based on one-way anova f-test for e-mail spam classification","volume":"7","author":"Elssied","year":"2014","journal-title":"Res. J. Appl. Sci. Eng. Technol."},{"key":"ref_27","unstructured":"Humaira, H., and Rasyidah, R. (2018, January 24\u201325). Determining the appropiate cluster number using elbow method for k-means algorithm. Proceedings of the 2nd Workshop on Multidisciplinary and Applications (WMA), Padang, Indonesia."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Zubair, M., Iqbal, M.A., Shil, A., Chowdhury, M., Moni, M.A., and Sarker, I.H. (2022). An improved K-means clustering algorithm towards an efficient data-driven modeling. Ann. Data Sci.","DOI":"10.1007\/s40745-022-00428-2"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1613\/jair.953","article-title":"SMOTE: Synthetic minority over-sampling technique","volume":"16","author":"Chawla","year":"2002","journal-title":"J. Artif. Intell. Res."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Hosmer, D.W., Lemeshow, S., and Sturdivant, R.X. (2013). Applied Logistic Regression, John Wiley & Sons.","DOI":"10.1002\/9781118548387"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Reddy, E.M.K., Gurrala, A., Hasitha, V.B., and Kumar, K.V.R. (2022). Introduction to Naive Bayes and a review on its subtypes with applications. Bayesian Reasoning and Gaussian Processes for Machine Learning Applications, Chapman and Hall\/CRC.","DOI":"10.1201\/9781003164265-1"},{"key":"ref_32","unstructured":"G\u00e9ron, A. (2022). Hands-on Machine Learning with Scikit-Learn, Keras, and TensorFlow, O\u2019Reilly Media, Inc."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1109\/5254.708428","article-title":"Support vector machines","volume":"13","author":"Hearst","year":"1998","journal-title":"IEEE Intell. Syst. Their Appl."},{"key":"ref_34","first-page":"130","article-title":"Decision tree methods: Applications for classification and prediction","volume":"27","author":"Song","year":"2015","journal-title":"Shanghai Arch. Psychiatry"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Sarker, I.H., Janicke, H., Mohsin, A., Gill, A., and Maglaras, L. (2024). Explainable AI for cybersecurity automation, intelligence and trustworthiness in digital twin: Methods, taxonomy, challenges and prospects. ICT Express.","DOI":"10.1016\/j.icte.2024.05.007"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Linardatos, P., Papastefanopoulos, V., and Kotsiantis, S. (2020). Explainable ai: A review of machine learning interpretability methods. Entropy, 23.","DOI":"10.3390\/e23010018"},{"key":"ref_37","unstructured":"Lundberg, S.M., and Lee, S.I. (2024, January 4\u20139). A unified approach to interpreting model predictions. Proceedings of the Advances in Neural Information Processing Systems 30 (NIPS 2017): 31st Annual Conference on Neural Information Processing Systems, Long Beach, CA, USA."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Hu, S., Liang, Y., Ma, L., and He, Y. (2009, January 28\u201330). MSMOTE: Improving classification performance when training data is imbalanced. Proceedings of the IEEE 2009 s International Workshop on Computer Science and Engineering, Qingdao, China.","DOI":"10.1109\/WCSE.2009.756"},{"key":"ref_39","unstructured":"He, H., Bai, Y., Garcia, E.A., and Li, S. (2008, January 1\u20138). ADASYN: Adaptive synthetic sampling approach for imbalanced learning. Proceedings of the 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), Hong Kong, China."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"1145","DOI":"10.1016\/S0031-3203(96)00142-2","article-title":"The use of the area under the ROC curve in the evaluation of machine learning algorithms","volume":"30","author":"Bradley","year":"1997","journal-title":"Pattern Recognit."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/12\/3712\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:55:24Z","timestamp":1760108124000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/24\/12\/3712"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,7]]},"references-count":40,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2024,6]]}},"alternative-id":["s24123712"],"URL":"https:\/\/doi.org\/10.3390\/s24123712","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,7]]}}}