{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T01:30:08Z","timestamp":1774056608245,"version":"3.50.1"},"reference-count":33,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2024,12,4]],"date-time":"2024-12-04T00:00:00Z","timestamp":1733270400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"FEDER\u2014A\u00e7ores2020, within the project Toursignal","award":["ACORES-01-0247-FEDER-000028"],"award-info":[{"award-number":["ACORES-01-0247-FEDER-000028"]}]},{"name":"FEDER\u2014A\u00e7ores2020, within the project Toursignal","award":["UIDB\/00408\/2020"],"award-info":[{"award-number":["UIDB\/00408\/2020"]}]},{"name":"FEDER\u2014A\u00e7ores2020, within the project Toursignal","award":["UIDP\/00408\/2020"],"award-info":[{"award-number":["UIDP\/00408\/2020"]}]},{"name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia through LASIGE","award":["ACORES-01-0247-FEDER-000028"],"award-info":[{"award-number":["ACORES-01-0247-FEDER-000028"]}]},{"name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia through LASIGE","award":["UIDB\/00408\/2020"],"award-info":[{"award-number":["UIDB\/00408\/2020"]}]},{"name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia through LASIGE","award":["UIDP\/00408\/2020"],"award-info":[{"award-number":["UIDP\/00408\/2020"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IoT"],"abstract":"Internet of Things (IoT) devices are ubiquitous in various applications, such as smart homes, asset and people tracking, and city management systems. However, their deployment in adverse conditions, including unstable internet connectivity and power sources, present new cybersecurity challenges through new attack vectors. The LoRaWAN protocol, with its open and distributed network architecture, has gained prominence as a leading LPWAN solution, presenting novel security challenges. This paper proposes the implementation of machine learning algorithms, specifically the K-Nearest Neighbours (KNN) algorithm, within an Intrusion Detection System (IDS) for LoRaWAN networks. Through behavioural analysis based on previously observed packet patterns, the system can detect potential intrusions that may disrupt critical tracking services. Initial simulated packet classification attained over 90% accuracy. By integrating the Suricata IDS and extending it through a custom toolset, sophisticated rule sets are incorporated to generate confidence metrics to classify packets as either presenting an abnormal or normal behaviour. The current work uses third-party multi-vendor sensor data obtained in the city of Lisbon for training and validating the models. The results show the efficacy of the proposed technique in evaluating received packets, logging relevant parameters in the database, and accurately identifying intrusions or expected device behaviours. We considered two use cases for evaluating our work: one with a more traditional approach where the devices and network are static, and another where we assume that both the devices and the network are mobile; for example, when we need to report data back from sensors on a rail infrastructure to a mobile LoRaWAN gateway onboard a train.<\/jats:p>","DOI":"10.3390\/iot5040040","type":"journal-article","created":{"date-parts":[[2024,12,5]],"date-time":"2024-12-05T08:33:51Z","timestamp":1733387631000},"page":"871-900","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Long-Range Wide Area Network Intrusion Detection at the Edge"],"prefix":"10.3390","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8595-9226","authenticated-orcid":false,"given":"Gon\u00e7alo","family":"Esteves","sequence":"first","affiliation":[{"name":"Future Internet Technologies\u2014FIT, Instituto Superior de Engenharia de Lisboa, Instituto Polit\u00e9cnico de Lisboa, 1500-335 Lisbon, Portugal"}]},{"given":"Filipe","family":"Fidalgo","sequence":"additional","affiliation":[{"name":"Future Internet Technologies\u2014FIT, Instituto Superior de Engenharia de Lisboa, Instituto Polit\u00e9cnico de Lisboa, 1500-335 Lisbon, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8570-8670","authenticated-orcid":false,"given":"Nuno","family":"Cruz","sequence":"additional","affiliation":[{"name":"Future Internet Technologies\u2014FIT, Instituto Superior de Engenharia de Lisboa, Instituto Polit\u00e9cnico de Lisboa, 1500-335 Lisbon, Portugal"},{"name":"LASIGE, Faculdade de Ci\u00eancias, Universidade de Lisboa, 1749-016 Lisboa, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6564-593X","authenticated-orcid":false,"given":"Jos\u00e9","family":"Sim\u00e3o","sequence":"additional","affiliation":[{"name":"Future Internet Technologies\u2014FIT, Instituto Superior de Engenharia de Lisboa, Instituto Polit\u00e9cnico de Lisboa, 1500-335 Lisbon, Portugal"},{"name":"INESC-ID Lisboa, 1000-029 Lisboa, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2024,12,4]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.icte.2017.12.005","article-title":"A comparative study of LPWAN technologies for large-scale IoT deployment","volume":"5","author":"Mekki","year":"2019","journal-title":"ICT Express"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"231","DOI":"10.37394\/23204.2020.19.27","article-title":"An Overview of LoRaWAN","volume":"19","author":"Paul","year":"2021","journal-title":"Wseas Trans. Commun."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Bouziani, O., Benaboud, H., Chamkar, A.S., and Lazaar, S. (2019, January 27\u201329). A Comparative Study of Open Source IDSs According to Their Ability to Detect Attacks. Proceedings of the 2nd International Conference on Networking, Information Systems & Security, Rabat, Morocco.","DOI":"10.1145\/3320326.3320383"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1186\/s42400-021-00077-7","article-title":"A critical review of intrusion detection systems in the internet of things: Techniques, deployment strategy, validation strategy, attacks, public datasets and challenges","volume":"4","author":"Khraisat","year":"2021","journal-title":"Cybersecurity"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Cuomo, F., Garlisi, D., Martino, A., and Martino, A. (2020). Predicting LoRaWAN Behavior: How Machine Learning Can Help. Computers, 9.","DOI":"10.3390\/computers9030060"},{"key":"ref_6","first-page":"975","article-title":"A Comprehensive Analyses of Intrusion Detection System for IoT Environment","volume":"16","author":"Sicato","year":"2020","journal-title":"J. Inf. Process. Syst."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Abdaljabar, Z.H., Ucan, O.N., and Ali Alheeti, K.M. (2021, January 4\u20136). An Intrusion Detection System for IoT Using KNN and Decision-Tree Based Classification. Proceedings of the 2021 International Conference of Modern Trends in Information and Communication Technology Industry (MTICTI), Sana\u2019a, Yemen.","DOI":"10.1109\/MTICTI53925.2021.9664772"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1145\/3382159","article-title":"Edge-Based Intrusion Detection for IoT Devices","volume":"11","author":"Mudgerikar","year":"2020","journal-title":"ACM Trans. Manage. Inf. Syst."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Albulayhi, K., Smadi, A.A., Sheldon, F.T., and Abercrombie, R.K. (2021). IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses. Sensors, 21.","DOI":"10.3390\/s21196432"},{"key":"ref_10","unstructured":"Goutte, C., and Zhu, X. A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks. Proceedings of the Advances in Artificial Intelligence."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"779","DOI":"10.1016\/j.future.2019.05.041","article-title":"Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset","volume":"100","author":"Koroniotis","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"23615","DOI":"10.1007\/s11042-023-14795-2","article-title":"An efficient network intrusion detection model for IoT security using K-NN classifier and feature selection","volume":"82","author":"Guezzaz","year":"2023","journal-title":"Multimed. Tools Appl."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Baz, M. (2022). SEHIDS: Self Evolving Host-Based Intrusion Detection System for IoT Networks. Sensors, 22.","DOI":"10.3390\/s22176505"},{"key":"ref_14","unstructured":"Spadaccino, P., and Cuomo, F. (2022). Intrusion Detection Systems for IoT: Opportunities and challenges offered by Edge Computing and Machine Learning. arXiv."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"103107","DOI":"10.1016\/j.cose.2023.103107","article-title":"Which algorithm can detect unknown attacks? Comparison of supervised, unsupervised and meta-learning algorithms for intrusion detection","volume":"127","author":"Zoppi","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Mohamed, A., Wang, F., Butun, I., Qadir, J., Lagerstr\u00f6m, R., Gastaldo, P., and Caviglia, D.D. (2022). Enhancing Cyber Security of LoRaWAN Gateways under Adversarial Attacks. Sensors, 22.","DOI":"10.3390\/s22093498"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Danish, S.M., Nasir, A., Qureshi, H.K., Ashfaq, A.B., Mumtaz, S., and Rodriguez, J. (2018, January 20\u201324). Network Intrusion Detection System for Jamming Attack in LoRaWAN Join Procedure. Proceedings of the 2018 IEEE International Conference on Communications (ICC), Kansas City, MO, USA.","DOI":"10.1109\/ICC.2018.8422721"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"439","DOI":"10.1016\/S0167-4048(02)00514-X","article-title":"Use of K-Nearest Neighbor classifier for intrusion detection11An earlier version of this paper is to appear in the Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, August 2002","volume":"21","author":"Liao","year":"2002","journal-title":"Comput. Secur."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Mari, A.G., Zinca, D., and Dobrota, V. (2023). Development of a Machine-Learning Intrusion Detection System and Testing of Its Performance Using a Generative Adversarial Network. Sensors, 23.","DOI":"10.3390\/s23031315"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Maglaras, L., Ahmim, A., Derdour, M., and Janicke, H. (2020). RDTIDS: Rules and Decision Tree-Based Intrusion Detection System for Internet-of-Things Networks. Future Internet, 12.","DOI":"10.3390\/fi12030044"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Shah, R.A., Qian, Y., Kumar, D., Ali, M., and Alvi, M.B. (2017). Network Intrusion Detection through Discriminative Feature Selection by Using Sparse Logistic Regression. Future Internet, 9.","DOI":"10.3390\/fi9040081"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Syamsuddin, I., and Barukab, O.M. (2022). SUKRY: Suricata IDS with Enhanced kNN Algorithm on Raspberry Pi for Classifying IoT Botnet Attacks. Electronics, 11.","DOI":"10.3390\/electronics11050737"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Gyamfi, E., and Jurcut, A. (2022). Intrusion Detection in Internet of Things Systems: A Review on Design Approaches Leveraging Multi-Access Edge Computing, Machine Learning, and Datasets. Sensors, 22.","DOI":"10.3390\/s22103744"},{"key":"ref_24","unstructured":"Zao, J., Byers, C., Murphy, B., AbiEzzi, S., Banks, D., An, K., Michaud, F., and Bartfai-Walcott, K. (2020). The Industrial Internet of Things Distributed Computing in the Edge, Industrial Internet Consortium. Technical Report."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Alsubhi, K. (2024). A Secured Intrusion Detection System for Mobile Edge Computing. Appl. Sci., 14.","DOI":"10.2139\/ssrn.4699806"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Stan\u010din, I., and Jovi\u0107, A. (2019, January 20\u201324). An overview and comparison of free Python libraries for data mining and big data analysis. Proceedings of the 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia.","DOI":"10.23919\/MIPRO.2019.8757088"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"107043","DOI":"10.1016\/j.csda.2020.107043","article-title":"A new correlation coefficient between categorical, ordinal and interval variables with Pearson characteristics","volume":"152","author":"Baak","year":"2020","journal-title":"Comput. Stat. Data Anal."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"109116","DOI":"10.1016\/j.comnet.2022.109116","article-title":"Which open-source IDS? Snort, Suricata or Zeek","volume":"213","author":"Waleed","year":"2022","journal-title":"Comput. Netw."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Albin, E., and Rowe, N.C. (2012, January 26\u201329). A Realistic Experimental Comparison of the Suricata and Snort Intrusion-Detection Systems. Proceedings of the 2012 26th International Conference on Advanced Information Networking and Applications Workshops, Fukuoka, Japan.","DOI":"10.1109\/WAINA.2012.29"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Pritz, S., Zeinzinger, M., Praschl, C., Krauss, O., and Harrer, M. (2023, January 19\u201321). Performance Impact of Parallel Access of Time Series in the Context of Relational, NoSQL and NewSQL Database Management Systems. Proceedings of the 2023 3rd International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME), Tenerife, Canary Islands, Spain.","DOI":"10.1109\/ICECCME57830.2023.10253446"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Kramer, O. (2016). Scikit-Learn. Machine Learning for Evolution Strategies, Springer International Publishing.","DOI":"10.1007\/978-3-319-33383-0_5"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Imam, F., Musilek, P., and Reformat, M.Z. (2024). Parametric and Nonparametric Machine Learning Techniques for Increasing Power System Reliability: A Review. Information, 15.","DOI":"10.3390\/info15010037"},{"key":"ref_33","first-page":"128","article-title":"k-Nearest Neighbour Classifiers\u2014A Tutorial","volume":"54","author":"Cunningham","year":"2021","journal-title":"ACM Comput. Surv."}],"container-title":["IoT"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-831X\/5\/4\/40\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:46:32Z","timestamp":1760114792000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-831X\/5\/4\/40"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,4]]},"references-count":33,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["iot5040040"],"URL":"https:\/\/doi.org\/10.3390\/iot5040040","relation":{},"ISSN":["2624-831X"],"issn-type":[{"value":"2624-831X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,4]]}}}