Decentralized anomaly detection and data privacy preservation for IoT networks using blockchain and homomorphic encryption

Abstract

The rapid increase in IoT networks has led to tremendous growth while introducing considerable challenges related to security and privacy issues. Traditional IDS are not fully equipped to mitigate the complexities developed by the extensive volumes of data and resource constraints inherent in an IoT environment. The system proposed here presents a decentralized one that brings blockchain technology with homomorphic encryption and more sophisticated machine learning models like ConvLSTM and GRU to enhance anomaly detection and data privacy for IoT systems. Edge preprocessing, SHA-256 hashing, and digital signatures are applied as components in the framework used respectively for secure integrity and authenticity of verification and security before storing in the blockchain. It thus ensures that all changes to the data are traced and noticed. L-Diversity is implemented to better protect users’ privacy so that anonymous data cannot be re-identified. Finally, with blockchain integration, scalability is enhanced in the system due to its maintenance of a decentralized ledger for the transparent recording of actions. The results of this experiment show an incredible accuracy of 99.90%, which indicates the superiority of this proposed method over existing solutions in terms of anomaly detection, energy efficiency, privacy preservation, and system stability.

Keywords

Anomaly detection l-Diversity data privacy internet of things homomorphic encryption convolutional LSTM (ConvLSTM)secure hash algorithm 256-bit (SHA-256)blockchain gated recurrent unit

Introduction

IoT applications are increasing widely today. It enhances the efficiency of smart cities, healthcare, and industrial automation and raises data privacy and security challenges through this development. Decentralized intrusion detection systems are becoming inapplicable for traditional centralized intrusion detection systems with a very high volume of data and resource constraints in IoT. Researchers have addressed decentralized anomaly detection frameworks integrating state-of-the-art technologies like blockchain and homomorphic encryption. This ensures integrity in data, privacy, and quick anomaly detection without decrypting secret information, providing increased security.

The most important contribution is that of Liu et al.¹, which used blockchain-enabled federated learning to optimize anomaly detection for IoT systems. Their framework addressed efficiency, robustness, and security issues created by classical methods. However, with advanced deep learning algorithms integrated into these systems, detecting and thwarting such threats in real time has improved. Acharya et al.² recently proposed a hybrid framework combining blockchain technology with machine learning techniques, ResCapsNet.

One of the recent advances in the application of blockchain with machine learning models, particularly within decentralized frameworks, has allowed IoT security to leverage real-time detection of anomalies within vulnerabilities. This innovation has managed to overcome such issues of data privacy, security, and scalability, which are critical for IoT devices. Based on those previous works, this research integrated homomorphic encryption and blockchain technology with deep learning models to establish a more robust and secure framework for anomaly detection that preserves privacy over IoT networks. The current paper extends the methodology involved with the combined framework compared to the previous approach.

This paper proposes a decentralized anomaly detection framework developed on blockchain technology, advanced homomorphic encryption, and sophisticated machine learning models, including ConvLSTM and GRU. Blockchain technology supports data integrity, security, and scalability, which improves anomaly detection in large-scale IoT systems when paired with deep learning models like ConvLSTM and GRU. A decentralized, impenetrable ledger is provided by blockchain, while ConvLSTM and GRU effectively detect anomalies in spatiotemporal data. This integration uses homomorphic encryption to protect privacy, facilitates real-time detection, and guarantees scalability for IoT networks with limited resources. This framework ensures safe data through encryption but high performance for anomaly detection and scale accuracy. Using lightweight consensus mechanisms in combination with edge preprocessing reduces energy consumption while improving scalability in large-scale IoT environments. Lightweight consensus algorithms in blockchain-based IoT frameworks save energy by reducing computational overhead, making them perfect for IoT devices with limited resources. These protocols provide scalability by efficiently managing huge volumes of transactions without sacrificing speed or energy economy. Despite their modest resource requirements, they maintain critical blockchain security characteristics, including immutability, transparency, and decentralized verification to ensure data integrity and security.

In conclusion, lightweight consensus algorithms provide an energy-efficient and secure way to scale blockchain in IoT contexts. Our model focuses on the most critical issues in IoT security, privacy, and performance, making it highly resilient and capable of being applied extensively in real-world applications. Lightweight consensus algorithms in large-scale IoT networks increase performance and security by lowering computational demands, improving scalability, and maintaining energy economy. They enable real-time data processing and anomaly detection while ensuring safe blockchain transactions. Balancing energy efficiency and security is critical for avoiding vulnerabilities, making these methods suitable for secure and scalable IoT solutions.

This integrated approach combines decentralized technologies with privacy-preserving encryption techniques and sophisticated machine learning in contributions towards this novel line of ongoing research towards safe IoT networks. Combining machine learning with blockchain and encryption technologies, such as homomorphic encryption, presents issues such as increased processing load, energy consumption, and delay. These challenges are especially severe for IoT devices that have limited resources. Scalability becomes a challenge as IoT networks expand, resulting in performance bottlenecks. Furthermore, safeguarding data privacy while retaining the performance of machine learning models is problematic since encryption approaches can limit the processes required for accurate anomaly detection. Decentralized attack detection techniques are superior to centralized IoT security solutions in several ways. Protect sensitive data by processing encrypted data without decryption through blockchain and homomorphic encryption. Because these systems spread processing across several nodes, they are more scalable and increase the effectiveness of big IoT networks. Blockchain protects data from illegal changes by ensuring openness and integrity.

Furthermore, because decentralized models reduce latency, energy consumption, and single-point failures, they are more resilient and suitable for IoT scenarios with constrained resources. Decentralised systems perform better than centralised ones in performance, scalability, and security. When taken as an integrated system, we may present an even more efficient, scalable, and much more secure anomaly detection method combined with privacy in an IoT setting as a motivation that could further propel future work toward implementing the presented technology into the real world. Using Transformer, ConvLSTM, and GRU models for anomaly detection improves the proposed system's robustness. Because of its capacity to focus on contextual links, the Transformer model excels at pattern recognition, detecting complex anomalies even in encrypted data.ConvLSTM captures spatiotemporal dependencies in IoT data, making it perfect for detecting sensor readings and network traffic anomalies as they evolve across time and space.GRU is more computationally efficient than LSTM and finds sequential anomalies by focusing on the order of events in time-series data. The combination of these models improves the overall performance of the anomaly detection system, providing high accuracy, scalability, and efficiency, especially in resource-constrained IoT contexts.

Problem statement

Applying decentralized anomaly detection in IoT networks with privacy-preserving technologies like blockchain and homomorphic encryption is challenging and multi-dimensional. Computationally demanding applications often require performance at real-time levels, potentially creating significant overheads in these systems and a substantial drop in efficiency. Protection of integrity concerning various attack vectors and preservation of user privacy during data acquisition and transmission is likely to become a critical concern. Energy consumption and latency induced by blockchain implementation and scalability issues in an IoT network are significant barriers to the practical realization of secure systems. Furthermore, due to the restrictions of homomorphic encryption methods and noise in sensor data, real-time anomaly detection becomes very challenging. This makes it very challenging and needs innovative solutions to guarantee data confidentiality, enhance the scalability of proposed methods within a resource-limited IoT environment, and, more importantly, improve the efficiency of anomaly detection.

Objectives

To balance blockchain and homomorphic encryption overhead with real-time anomaly detection.

To ensure data privacy and integrity during collection, transfer, and processing.

To address scalability in large IoT networks with efficient blockchain-encryption cooperation.

To minimize energy consumption and latency for constrained IoT devices.

To enable secure and real-time blockchain transactions across the IoT network.

Literature survey

Sathishkumar et al.³ discuss a new approach to enhancing the privacy of IoT healthcare data by combining blockchain technology with homomorphic encryption, such that computations can be performed directly on the encrypted data without any decryption. Using smart contracts assures the secure and confidential management of sensitive health data by authorized entities through imposed access control and data-sharing policies. Panalkar et al.⁴ have proposed a homomorphic encryption model based on blockchain for multimedia data auditing in IoT environments, wherein the data integrity and confidentiality are improved. Clients provide public audits only after there is a failure of private auditing. Here, cloud service providers offer automatic compensation related to data manipulation and prevent fraudulent claims.

Mondal et al.⁵ proposed a privacy-preserving scheme for cross-edge blockchain networks that use completely homomorphic encryption to ensure the safety of on-chain data breaches. The research thus institutes a distributed private key sharing scheme and a model for cross-edge blockchain which is useful for the data's privacy in an “available and invisible” sense. Simulations confirm this scheme is practical and secure, designed via the CKKS algorithm. Anitha et al.⁶ propose a blockchain-based framework to improve the data privacy of IoT systems by replacing centralized storage using a distributed ledger. The framework effectively mitigates privacy threats by classifying participants as either trusted data proprietors or untrusted entities, utilizing two blockchain networks: a main chain for data storage and a secondary chain for access policy transactions.

Liu et al.¹ present a blockchain-enabled, decentralized, federated learning framework to improve the anomaly detection of IoT systems, where efficiency, robustness, and security issues can be better addressed. Enhanced differentially private federated learning in combination with generative adversarial networks resulted in a more robust model, which was more accurate and had better convergence and high privacy and security standards. This innovation boosts the ability to detect highly, guarantees data integrity, and reduces risks associated with single-point failure, making it the pioneering anomaly detection solution in IoT systems.

Hangan et al.⁷ proposed integrating Blockchain with machine learning for intrusion-based threat detection and mitigation in IIoT networks. A decentralized ledger allows secure, transparent, and immutable transactions and communications. It observes attacks through anomaly detection models that inspect previous data and track real-time aggressive activity. It also provides decentralized identity management where the IoT network access is restricted only to authenticated and approved devices. So, it enhances the security and privacy of data. The research in an artificial IoT environment demonstrated security improvements by reducing FPR and FNR. These studies indicate Blockchain and ML can be useful in solving these emerging cyber threats on IoT networks.

Acharya et al.² designed a blockchain-based, bi-level intrusion detection and graph-based mitigation system named HybridChain-IDS to advance security in IoT. Combines all the framework items: The NIK-512 hashing algorithm, which is bi-level intrusion detection incorporated with some strategies that are graph-based, consisting of time-based authentications for authenticating all people who want access to such computers, as it schedules and creates a timetable from the utilization through COA on the particular access. An extended k-nearest neighbor-based method for a two-level approach. HybridChain-IDS utilizes blockchain and TEE for security purposes and user authentication through smart contracts based on trust and permission levels. The network simulator NS-3.26 checks the framework for mitigating IoT cyberattacks.

Valivarthi et al.⁸ highlighted that the HRM solutions can be extended to IoT networks, as both encounter issues managing large, sparse, and incomplete datasets. Blockchain is crucial in ensuring security and decentralization in HRM and IoT, safeguarding data integrity. AI-driven predictive analytics, which enhances decision-making in HRM, can similarly be applied for anomaly detection in IoT networks. Furthermore, Sparse Matrix Decomposition aids in handling incomplete data in both areas, providing an effective means of managing fragmented information. These approaches collectively offer a strong framework for improving IoT network security, scalability, and decision-making.

Rguibi et al.⁹ propose a blockchain-enabled Cycle-Consistent Generative Adversarial Network method with a three-level privacy model for intrusion detection in IoT networks, handling all kinds of challenges like centralism, security, transparency, scalability, and adaptability in smart cities and demonstrating improved accuracy and recall compared to traditional methods such as optimized gradient tree boosting and deep gated recurrent neural networks. Aissaoura et al.¹⁰ suggest a blockchain-enabled collaborative intrusion detection system for software-defined networks to overcome challenges in secure real-time data interchange and trust management among SDN controllers. The approach leverages blockchain to establish trust, protect detection signature integrity, and guarantee trustworthy signature delivery. Observational results from an Ethereum-based prototype demonstrate efficient real-time sharing and distribution of detection signatures within a trustworthy, distributed platform.

Methodologies

Blockchain technology, homomorphic encryption, powerful deep learning models, and decentralized IoT networks are used to guarantee anomaly detection and privacy. The model substitutes centralized structure with decentralized, tamper-proof, immutable data storage using blockchain. The data is encrypted using homomorphic encryption without any data loss. Before storing the data securely on the blockchain, DSA verifies data authenticity and SHA-256 hashing integrity. SHA-256 hashing ensures data integrity in IoT networks by creating a unique hash for encrypted data. This hash ensures that the data is legitimate throughout transmission and storage. The data's integrity is certified if the hash matches when it arrives. Blockchain further secures the data by identifying each entry with its hash, rendering it tamper-proof and ensuring that the data remains unchanged along its path. The study uses cryptographic techniques such as blockchain, digital signatures, SHA-256 hashing, and homomorphic encryption to protect data integrity and eliminate hostile interference in IoT anomaly detection. These methods provide a strong foundation for safe and trustworthy anomaly detection in IoT networks, preserving data privacy, confirming authenticity, and safely storing data in a tamper-proof ledger. Lightweight consensus mechanisms and enhanced cryptographic procedures enable large-scale IoT setups. Transformer and ConvLSTM deep learning models identify real-time anomalies even on encrypted data.

L-diversity anonymizes data to avoid re-identification, meeting privacy regulations. L-diversity is a sophisticated privacy-preserving strategy that improves on more conventional anonymization techniques like k-anonymity. While L-diversity requires that each set of indistinguishable records have at least “L” distinct values for sensitive attributes, k-anonymity guarantees that each record is indistinguishable from others depending on specific attributes. Even with prior information, attackers find it more difficult to re-identify victims due to this increased diversity. L-diversity offers improved protection against re-identification threats by guaranteeing that anonymised data stays private while enabling insightful analysis. The system equalizes computational costs and performance with energy economy to handle IoT devices. Automated real-time response techniques find abnormalities quickly, improving security. Scalability, low latency, and high anomaly detection accuracy provide a complete IoT network security solution. Federated learning (FL) enhances anomaly detection in IoT networks by enabling devices to train local models on encrypted data and exchange only model updates. This decentralized technique protects privacy while improving accuracy. The central server collects updates to form a global model, which is iteratively refined for improved anomaly identification. FL uses powerful deep learning models like ConvLSTM and GRU to use data from multiple devices, increasing detection accuracy and assuring model convergence while respecting privacy. Figure 1 shows the architectural diagram for anomaly detection.

Figure 1.

Architectural diagram for anomaly detection.

Data collection and preprocessing

Data collection involves collecting raw sensor data from various IoT devices. Each data point is a vector depicting the features measured at a particular time. Preprocessing includes data cleaning to remove any noise and feature normalization. Normalization standardizes every feature by subtracting the mean and dividing by the standard deviation so all features are at the same scale for effective analysis.

Let $X = x_{1}, x_{2}, \dots, x_{n}$ be the raw sensor data collected from $n$ IoT devices, where each $x_{i} \in R^{m}$ is a vector of $m$ features measured by an IoT device at a given time.

Preprocessing

Preprocessing includes data cleaning and feature normalization:

X_{p r e p r o c e s s e d} = Normalize (X)

(1)

Normalization can be defined as:

x_{i j} = \frac{x_{i j} - μ_{j}}{σ_{j}}

(2)

Where $μ_{j}$ and $σ_{j}$ are the mean and standard deviation of the $j$ -th feature across all data points.

Encryption using homomorphic encryption

Homomorphic encryption is a procedure that allows computation to be carried out on the data without decryption. Using this technique, an encryption function, HomEnc is applied to preprocess information to safely carry out correct operations. The paper employs fully homomorphic encryption (FHE) to discover anomalies in encrypted IoT data while maintaining privacy and security. FHE permits computations on encrypted data without decryption, ensuring data secrecy while allowing for real-time anomaly discovery.

Fundamentally, fully homomorphic encryption provides a function, such as addition or multiplication, that directly operates on the ciphertexts while ensuring privacy and the integrity of the data as it is during processing.

X_{ec} = HomEnc (X_{p r e p r o c e s s e d})

(3)

where the encryption function

HomEnc (.)

applies homomorphic encryption, such that computations performed on encrypted data do not require decrypting that data. A scheme is fully homomorphic if, for any two ciphertexts

C_{1}

and

C_{2}

HomEnc (f (x_{1}, x_{2})) = f (HomEnc (x_{1}), HomEnc (x_{2}))

(4)

for a function

f

(e.g., addition, multiplication) applied to encrypted values.

Homomorphic encryption offers secure anomaly detection in IoT networks by allowing operations on encrypted data while protecting privacy. Despite the computational challenges, the proposed system reduces overhead using lightweight consensus procedures, edge preprocessing, and efficient deep learning models such as ConvLSTM and GRU. This technique offers great performance, scalability, and privacy preservation, making it suitable for real-world IoT use cases.

Data integrity using SHA-256 hashing

The secure integrity of data is an important factor in ensuring the correctness and reliability of information in secure systems. SHA-256 hashing is applied, producing a secured hash of encrypted data. If any change occurs in the data, the hash value changes, thus ensuring the integrity of the data by not allowing any authorized change in the data. This supports the data being authentic and intact in its form throughout the transmission and storage process.

Data integrity is ensured by generating a secure hash of the encrypted data. The hash $H$ of the encrypted data $X_{e n c}$ is given by

H = SHA - 256 (X_{enc})

(5)

This ensures data integrity by assuring that any changes made to the data will produce a different hash value

Digital signature for authentication

A digital signature, therefore, is a type of cryptographic mechanism devised to authenticate the source and integrity of encrypted data. The usage of RSA and ECDSA for digital signatures in blockchain-based Internet of Things systems is highlighted in the article. ECDSA provides comparable security with lower, more effective key sizes, making it perfect for IoT devices with limited resources. In contrast, RSA is secure but computationally costly. Combining blockchain, homomorphic encryption, and digital signatures in IoT networks guarantees safe and effective anomaly detection and privacy protection. A unique signature thus originates from applying a private key on the hash of the data, assuring that such data emanates from a trusted source and will not be altered. There is, therefore, verifiable proof from the digital signature towards the authenticity and integrity of the data.

Let $S$ be the digital signature of encrypted data. The hash $H$ of the data and private key $X_{p r i v}$ are used to create a signature $S$ .

S = Sign (H, k_{priv})

(6)

This shows that the data is attained from a trusted source.

Blockchain storage and integrity

In the blockchain, data is safe and assured of integrity and authenticity due to secure storage within the ledger of signature, hash, and encrypted data. Because this system has entries in the blockchain that are constantly integrated with previous records, it becomes tamper-proof. Such a decentralized structure guarantees the stored data remains unchanged and verifiable, providing a reliable data integrity and authentication system.

The Signature, Hash H and the encrypted data $X_{e n c}$ are stored in the blockchain $B$

B = {(X_{enc} S, H}_{ledger}

(7)

Every input in the blockchain ensures that the data is unalterable and authentic. However, the overhead from homomorphic encryption and blockchain's decentralized structure challenge scalability in blockchain storage for encrypted IoT data. To address this, the proposed system uses lightweight consensus mechanisms and edge preprocessing to reduce energy consumption and improve scalability. Advanced machine learning models help detect real-time anomalies while maintaining privacy and security.

Anomaly detection using deep learning models

The proposed framework uses advanced deep-learning models to detect anomalies. Each model has been created specifically to address different types of anomalies in IoT systems. The detection process operates directly on the encrypted data, sustaining secrecy at every step. Distributed nodes use collaborative training methods for the models to ensure that raw data remains private and enhance security overall. The contribution of each model to the detection process is as follows.

Pattern recognition

Recognition by pattern using a transformer model helps to analyze even the most complicated datasets, encrypted or not. By processing an encrypted feature set, the transformer can identify when a pattern was learned and the degree of departure from that. This ability of the transformer model to focus attention on contextual relations in the data helps it catch anomalous patterns. It is extremely powerful for anomaly detection in secure settings where data privacy is paramount. The use of a transformer model for anomaly detection in encrypted data—which is crucial for maintaining privacy—is described in the study. Computations can be carried out without decryption thanks to the model's operation on homomorphically encrypted data. This guarantees the protection of sensitive data at every stage. The transformer model finds anomalous patterns by analysing encrypted features and assigning anomaly scores based on departures from learnt patterns. This technique works well for real-time anomaly detection in IoT networks since it preserves anonymity while achieving excellent detection accuracy. The transformer model excels at identifying patterns in complex datasets, even when the data is encrypted. Represented mathematically as:

T (X_{e n c}) \to A nomaly Scor

(8)

$T$ is the transformer function, and $X_{e n c}$ represents the encrypted input data. The transformer analyses encrypted features to assign an anomaly score based on deviations from learned patterns. Its ability to focus on contextual relationships within the data makes it effective for identifying anomalous patterns. The framework's anomaly score threshold is dynamically modified using deep learning models such as ConvLSTM and GRU, which look for deviations from typical behaviour in encrypted IoT data. The threshold adjusts to changing network conditions, ensuring the system detects new threats. When paired with blockchain and homomorphic encryption, this method ensures real-time anomaly detection and data privacy in IoT networks.

Spatio-temporal anomaly detection

ConvLSTM is created specially to address the type of data created by IoT that displays spatial and temporal correlation, such as sensor readings and network traffic patterns. The convolutional layers used extract spatial features while the LSTM layers are in place to pick up the time dependency; this makes it better at anomaly detection with time and space correlations. ConvLSTM captures temporal and geographical connections to identify anomalies in IoT data. It blends LSTM layers, which control time-based dependencies, with convolutional layers, which deal with spatial correlations. This hybrid structure allows ConvLSTM to recognize uncommon patterns in IoT data that span space (e.g., data from multiple sensors or devices) and time (e.g., trends over time). ConvLSTM enhances anomaly detection accuracy by doing this kind of data analysis, which makes it particularly helpful in dynamic and intricate IoT situations.

Event progress uses the temporal data of the IoT network that works with ConvLSTM. It finds unusual patterns and sensitive data and safeguards the data by analyzing the IoT stream.

ConvLSTM (X_{enc}) \to Spatio - Temporal Anomaly Score

(9)

where Xenc represents the encrypted input data.

ConvLSTM (Convolutional Long Short-Term Memory) combines spatial and temporal dependencies in IoT data. Its unique architecture merges convolutional layers for spatial feature extraction and LSTM layers for temporal dynamics capture. It begins by applying convolutional operations to input data at each time step, denoted as Z_t = Conv (X_t, W_c) + b_c, where X_t is the sensor input, W_c is the filter, and b_c is the bias. LSTM gates—forget, input, and output—manage information flow, with the forget gate defined as f_t = σ (W_f . [Z_t, h_t−1] + b_f). The new cell state C_t is determined using forget and input gates, leading to an updated hidden state h_t as h_t = o_t * tanh (C_t).

Figure 2 shows the architecture of ConvLSTM, emphasizing its integration of convolutional and LSTM layers to effectively process spatial and temporal dependencies.

Figure 2.

ConvLSTM structure.

Sequential anomaly detection

GRU is an efficient RNN version that was developed to detect anomalies in IoT networks. Its efficient design means it has minimum computational requirements compared to conventional LSTM, which is perfect for devices with limited resources in IoT settings. GRU focuses on the sequential structure of data points to determine anomalies in time series data, such as unusual device behaviours or unexpected network activities.

GRU's lower computational overhead than LSTM increases anomaly detection efficiency in resource-constrained IoT networks. GRU's simplified structure uses less computational power and energy, making it perfect for IoT devices with restricted resources. The study used a combination of GRU and ConvLSTM to reach 99.90% accuracy in anomaly detection, demonstrating its usefulness in balancing high performance with resource efficiency in IoT applications.

The GRU has a strong capacity to handle sequential data, focusing on the event order. The analysis is done on encrypted sequential data to find patterns or behaviours that vary from the usual patterns. It is represented as

GRU (X_{ec}) \to Sequential Anomaly Score

(10)

The privacy is preserved by training the model using FL by encrypted data. Federated Learning (FL) and homomorphic encryption are used in the suggested approach to guarantee model accuracy on encrypted data. FL protects privacy by keeping data local and sharing only encrypted model updates. Model training is made possible via homomorphic encryption, which preserves confidentiality by permitting computations on encrypted data without decryption. Even when dealing with encrypted data, anomaly detection accuracy is improved by using sophisticated deep-learning models such as ConvLSTM and GRU. Furthermore, by avoiding re-identification, L-diversity protects data privacy and makes it possible to discover anomalies securely, accurately, and effectively without having direct access to raw characteristics.

Anomaly detection output

Anomaly detection involves the calculation of anomaly scores for data points. Each score will then be compared to a predefined threshold. Upon exceeding this threshold, an anomaly is flagged, which initiates an alert or response action. Such a process detects unusual, illegal activities in datasets; therefore, intervention occurs promptly, and the system's security is maintained by automatically flagging inconsistencies from normal behaviour.

Let the anomaly score for the i -th data point be $A_{\dot{ı}}$ . The anomaly detection process will output a vector of anomaly scores $A = {A_{1}, A_{2}, \dots, A_{n}}$ .

Every anomaly score $A_{\dot{ı}}$ is compared to a predefined threshold $θ$ :

A_{\dot{ı}} > θ \Rightarrow Anomaly Detected

(11)

An alert or response action is triggered whenever the anomaly score exceeds the threshold value $θ$ . The system's predefined threshold is dynamically changed in response to data distribution in various IoT scenarios. This adaptation ensures precise anomaly detection by fine-tuning the threshold based on real-time data features. It improves performance, scalability, and efficiency, especially in resource-constrained or large-scale IoT scenarios.

Anomaly response

Anomaly response entails automated activities undertaken by the system when it detects an anomaly or malicious act. These measures can include issuing an alert signal, isolating the affected machine, or recovering a system, reducing the likelihood of damage due to the rapid resolution of deviated behaviour within a system.

Let R is the response actions, which is automated based on the detected anomalies:

R = {Alert, Isolate Device, Trigger Recovery}

(12)

If anomalies or malicious activity occur, some action can be taken, like disconnecting the affected IoT device or notifying the user.

Privacy preservation using L-diversity

L-Diversity is a preservation technique of privacy, used in preventing re-identification of people from an anonymized data set. Applying L-Diversity onto encrypted data transforms the dataset to a form that maintains privacy but allows meaningful analysis. This approach ensures that each data group contains at least “L” distinct values to avoid the risk of identifying individuals from anonymized information. L-Diversity is used to ensure that data cannot be re-identified. Let $D_{\dot{ı}}$ represent the dataset after applying L-Diversity to anonymize the data.

D_{\dot{ı}} = L - Diversity X_{enc}

(13)

This ensures that the anonymized data $D_{i}$ prevents re-identification. The proposed approach ensures privacy, high anomaly detection accuracy (99.90%), and scalability in IoT networks by combining blockchain, homomorphic encryption, and advanced machine learning (ConvLSTM and GRU). It facilitates safe, encrypted computations, boosts productivity with edge preprocessing and lightweight consensus, and easily manages extensive IoT settings. Although obfuscation can make data analysis more difficult, L-Diversity improves privacy by limiting re-identification in anonymised datasets. It strikes a compromise between data utility and privacy protection, necessitating sophisticated models for efficient anomaly detection.

L-Diversity is a privacy technique that ensures anonymized datasets contain at least “L” distinct values for sensitive attributes to prevent re-identification. The value of “L” depends on factors such as data sensitivity, dataset complexity, the risk of re-identification, and dataset size. Higher “L” values are needed for sensitive data and complex datasets to ensure privacy, while larger datasets offer more flexibility in adjusting “L” without compromising data utility.

Evaluation and performance metrics

To evaluate the system's performance, the following metrics were considered:

Anomaly Detection Accuracy: Accuracy $A_{acc}$ is calculated as:

A_{acc} = \frac{True Positives}{True Positives + False Positives}

(14)

Precision, Recall, F1-Score: These metrics assess the anomaly detection quality. Let $T P, F P$ , and

$F N$ represent true positives, false positives, and false negatives :

Precision = \frac{T P}{T P + F P}, Recall = \frac{T P}{T P + F N}, F 1 = 2 \cdot \frac{Precision \cdot Recall}{Precision + Recall}

(15)

Energy Consumption and Latency: Energy consumption E and latency L are measured as:

These metrics help evaluate the efficiency of the system in resource-constrained IoT environments. The system is assessed in its performance through several key metrics:

E = \sum_{i = 1}^{n} Energ y_{i}, L = \frac{Total Time}{Number of Transactions}

(16)

Anomaly Detection Accuracy measures the ratio of true positives to the overall detected anomalies. Precision, Recall, and F1-Score are used to evaluate the detection quality. Precision, recall, and F1-score all contribute to the reliability of deep learning models for IoT-based `anomaly detection. Precision reduces false alarms; recall ensures the discovery of actual abnormalities, and the F1-score balances these parameters. Maintaining both security and efficiency in real-time systems requires a high F1 score. The suggested ConvLSTM and GRU models performed admirably, with precision, recall, and F1-scores of 99.80%, making them suitable for anomaly detection in resource-constrained IoT contexts. The term “latency” in anomaly detection describes the time it takes to find an abnormality, which might affect how well IoT security systems work. For real-time detection in extensive IoT deployments, low latency is essential. “Adopting lightweight consensus processes, effective cryptographic techniques like SHA-256, and edge computing—where data is processed close to its source to avoid network delays—are some strategies to reduce latency.

Furthermore, deep learning models like ConvLSTM and GRU detect abnormalities with the least computational resources. This ensures quick performance while preserving data security using techniques like homomorphic encryption. Energy Consumption and Latency measure the efficiency of a system in resource-constrained environments by energy consumption, which sums up individual device usage and total time per transaction in latency, ensuring the utmost performance in IoT systems. The severity of the anomaly, the device's criticality in the network, data integrity and confidentiality, the device's resource limitations, and the possible effect on network performance are all important considerations when choosing whether to isolate an IoT device after discovering an anomaly. These factors guarantee that the choice to isolate efficiently reduces systemic disturbances.

The proposed IoT anomaly detection system uses deep learning models such as ConvLSTM and GRU, homomorphic encryption, and blockchain technology to achieve high accuracy while minimizing false positives. Processing encrypted data protects privacy and decreases disruptions, while lightweight consensus techniques and edge preprocessing improve scalability and energy economy, ensuring dependable performance in resource-constrained IoT scenarios.

Results and discussions

Dataset description

The NSL-KDD data set addresses some of the issues with the KDD'99 data collection. New and typical KDD genre. While McHugh's data set may not fully represent real networks, it remains a useful standard for comparing intrusion detection methods due to the lack of public data sets for network-based IDSs. Additionally, the NSL-KDD train and test sets have substantial records. The dataset's affordability allows for tests to be conducted on the entire collection rather than a random selection. Improving the KDD'99 Data Set to the NSL Data Set offers the following advantages over the original KDD data set: since the train set does not contain redundancy or duplicates, the classifiers will not be biased towards more frequent records; the suggested test sets avoid record duplication, ensuring learners’ performance is not influenced by approaches with higher detection rates on frequent records; record selection from each tough level group is inversely proportionate to the percentage of original KDD data set records; and the reasonable amount of records in the train and test sets enables tests to be conducted on the entire set without random selection.

Performance analysis of the proposed work

The proposed method performed much better than previously reported studies; its accuracy, precision, recall, and F1 score reached much higher values. The experiment showed how well the idea of combining ConvLSTM and GRU models can be implemented for anomaly detection in IoT networks. These models perform better than BiLSTM and MLP, providing a more secure and scalable solution for real-time anomaly detection. The combination of ConvLSTM and GRU has numerous significant advantages over BiLSTM and MLP for detecting anomalies in IoT networks. ConvLSTM accurately captures geographical and temporal connections in IoT data, critical for sensor readings and network traffic. GRU is more computationally efficient than LSTM, making it more suitable for resource-constrained IoT devices. ConvLSTM and GRU improve scalability, energy efficiency, and real-time performance, making them perfect for large-scale IoT scenarios. This combination surpasses BiLSTM and MLP in accuracy, precision, recall, and F1 score, resulting in a reliable, scalable, and efficient solution for detecting anomalies in IoT systems. Combining the strengths of ConvLSTM and GRU ensures that such an approach supports enhanced detection capabilities, which suits resource-constrained IoT environments highly in terms of efficiency and accuracy in anomaly detection for furthering security and privacy at its best. In deep learning-based anomaly detection frameworks for IoT networks, the trade-off between accuracy and computational efficiency requires balancing resource needs and high accuracy. Even though models like ConvLSTM and GRU have high accuracy, they demand a lot of processing power. While blockchain and homomorphic encryption boost security and privacy, they also increase processing costs. The suggested system uses edge preprocessing and lightweight blockchain protocols to improve efficiency and scalability. Future developments might strengthen encryption methods and model efficiency, as striking the right balance between accuracy and computational economy is still difficult.

The performance of deep learning methods for predicting anomaly detection is shown in Table 1. With a high accuracy of 99.90%, the Proposed Method that uses a grouping of ConvLSTM and GRU also indicates a precision of 99.80%, recall of 99.85%, and F1 score of 99.80%. BiLSTM use by Rahmadika et al.¹¹ also indicates unresolved results since 99.83% of F1 score an accuracy of 99.74%, a precision of 99.72%, and a recall of 99.93%. Astillo et al.¹² gave slightly less but still impressive results when using FL-CNN, with an accuracy of 99.17%, precision of 99.07%, recall of 99.24%, and a 99.16% F1 score. Equally, Mishra and Chaurasiya¹³ obtained a low accuracy of 97.00% while the LSTM-SVM approach achieved high precision (98.00%) and recall (99.75%); however, the F1 score decreased to 91.00%. Compared to hybrid models, deep learning techniques like ConvLSTM + GRU and BiLSTM show better and more balanced performance metrics, indicating their effectiveness in achieving high accuracy and dependability in prediction tasks.

Table 1.

Performance metrics comparison with existing techniques.

Study	Techniques Used	Accuracy (%)	Precision (%)	Recall (%)	F1 Score (%)
Proposed Method	ConvLSTM + GRU	99.90%	99.80%	99.85%	99.80%
Mishra, S., & Chaurasiya, V. K.¹³	LSTM-SVM	97.00%	98.00%	99.75%	91.00%
Astillo et al.¹²	FL-CNN	99.17%	99.07%	99.24%	99.16%
Rahmadika et al.¹¹	BiLSTM	99.74%	99.72%	99.93%	99.83%

The paper's suggested ConvLSTM + GRU model is very accurate and efficient for extensive, resource-constrained IoT installations. With 99.85% recall, 99.80% accuracy, 99.80% precision, and 99.80% F1 score, the model is useful for identifying irregularities in the Internet of Things networks. It guarantees good performance without consuming excessive resources by integrating ConvLSTM for spatial-temporal anomaly detection with GRU for sequential anomaly detection. It is perfect for resource-constrained IoT environments because it incorporates edge preprocessing and lightweight consensus techniques, which lower latency and energy usage. Additionally, the approach is appropriate for secure, large-scale IoT deployments since privacy-preserving methods like blockchain and homomorphic encryption improve data security while keeping system performance.

Figure 3 shows the proposed deep learning and existing methods based on performance metrics like accuracy, precision, recall, and F1 Score. It compares the proposed method, ConvLSTM + GRU, with LSTM-SVM Mishra, S., & Chaurasiya, V. K.¹³, FL-CNN Astillo et al.¹², and BiLSTM Rahmadika et al.¹¹. The proposed method using ConvLSTM + GRU continuously beats 99.80 of all the measures. Still, LSTM-SVM has outstanding precision and recall but has a huge drop in accuracy of 91%. FL-CNN and BiLSTM display good performance and report results at approximately 99%. While LSTM-SVM shows a visible drop in accuracy, ConvLSTM + GRU performs better on all the metrics.

Figure 3.

Performance metrics of anomaly detection.

Table 2 discusses the hash generation time comparison, comparing different cryptographic hashing algorithms, including the proposed SHA-256, against alternatives such as GXNOR-BLAKE512, BLAKE512, Tiger, and MD5. It can be seen that the SHA-256 generates hashes the fastest, at a speed of 1267 ms. GXNOR-BLAKE512 and BLAKE512 have more processing times at 1756 ms and 1988 ms, respectively. This presents greater computational complexity than SHA-256. The Tiger algorithm depicts a moderate performance time of 2478 ms. MD5, however, showed the slowest performance at 3365 ms due to its outdated design and lesser optimization for current cryptographic requirements. The NSL-KDD dataset improves upon the KDD'99 dataset by reducing bias through the elimination of redundancy in the training set and avoiding record duplication in the test set, ensuring more accurate model evaluations.

Table 2.

Hashcode generation time validation.

Techniques	HashCode Generation Time (ms)
Proposed SHA-256	1267
GXNOR-BLAKE512	1756
BLAKE512	1988
Tiger	2478
MD5	3365

The proposed method using ConvLSTM and GRU models significantly outperforms previous approaches, achieving an impressive accuracy of 99.90%. Regarding cryptographic hashing, SHA-256 outperforms alternatives like GXNOR-BLAKE512, BLAKE512, Tiger, and MD5 in speed, with the fastest hash generation time of 1267 ms. Its fast processing and strong security make SHA-256 the ideal choice for IoT networks, where quick performance and robust security are essential. The high efficiency of SHA-256 would be why it would be the most apt choice for IoT networks, with processing needing to happen instantaneously and latency being minimal. The proposed framework enables scalability in large-scale IoT networks by incorporating lightweight blockchain consensus methods, edge preprocessing, homomorphic encryption for encrypted data computation, and deep learning models such as ConvLSTM and GRU for real-time anomaly detection. These solutions reduce latency, optimize energy consumption, and promote efficient performance, allowing the system to scale successfully while protecting data privacy and security. SHA-256 provides good protection and resilience against threats in cryptography. Therefore, it is a better option than the slow algorithms of IoT security and anomaly detection. SHA-256 is a secure and efficient cryptographic hashing algorithm that helps detect anomalies in IoT networks. It maintains data integrity by generating a single hash for the encrypted data, thus not allowing anyone to alter it without authorization. With a hash generation time of 1267 ms, it can perform real-time anomaly detection in IoT devices with minimal power consumption. In addition, homomorphic encryption can identify anomalies in the encrypted data without necessarily exposing the data. In conclusion, SHA-256 is a secure, efficient, and low-latency method of identifying anomalies in IoT systems.

Conclusions

This study proposes integrating blockchain technology, homomorphic encryption, and advanced machine learning models such as ConvLSTM and GRU; the research proposes a decentralized, robust framework for data privacy preservation and detection of anomalies in IoT networks. It is observed that the proposed method outperformed existing techniques, including LSTM-SVM, MLP, and BiLSTM, and obtained excellent performance metrics such as high accuracy, precision, recall, and F1 scores. With real-time anomaly detection capabilities preserved and user data confidentiality being ensured through integration with privacy-preserving technologies like L-Diversity, this framework can be used with resource-constrained IoT devices because lightweight blockchain protocols along with edge preprocessing resolve energy consumption and scalability issues. The proposed framework would effectively address some of the most significant challenges concerning data privacy, anomaly detection, and IoT security. Hence, it contributes a substantial share to the secure deployment of IoT.

Future recommendation

The future research intent should actualization real-life implementations and extensive tests across varying IoT contexts towards improving the framed model. Energy-enhancing in different consensus methods and hybrid blockchain architectures is required. Homomorphic encryption systems need to be optimized for computation efficiency and scalability. Federated learning has the potential to improve cooperation among IoT nodes; however, modification of the system to current network conditions and newly detected attacks explains that it has to follow international privacy regulations, including the use of explainable AI, which may enhance its trustworthiness and usefulness.

Footnotes

ORCID iDs

Bhavya Kadiyala

Chaitanya Vasamsetty

Subramanyam Boyapati

Sunil Kumar Alavilli

Rajani Priya Nippatla

Authors’ contributions

All authors have made equal contributions to this article.

Funding

The authors received no financial support for the research, authorship, and/or publication of this article.

Declaration of conflicting interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Data availability

No datasets were generated or analyzed during the current study

Permission to reproduce material from other sources

Yes, you can reproduce.

Clinical trial registration

We have not harmed any human person with our research data collection, which was gathered from an already-published article

References

Liu

Sun

, et al. Blockchain-based privacy-preserving data service provisioning for internet of things. In: 2024 IEEE International Conference on Web Services (ICWS), 2024, July, pp.524–534: IEEE.

Acharya

Shrivastava

Padhi

. A decentralized blockchain-based IoT system for privacy-preserving data sharing. In: 2023 IEEE International Conference on Blockchain and Distributed Systems Security (ICBDS), 2023, October, pp.1–5. IEEE.

Sathishkumar

Raghavendran

. Securing IoT healthcare data: the power of blockchain and homomorphic encryption. In: 2024 2nd International Conference on Sustainable Computing and Smart Systems (ICSCSS), 2024, July, pp.309–314: IEEE.

Panalkar

Bhardwaj

. Protecting the multimedia using privacy preserving homomorphic encryption based blockchain model in IoT. In: 2023 International Conference on Evolutionary Algorithms and Soft Computing Techniques (EASCT), 2023, October, pp.1–5. IEEE.

Mondal

Arif

Barua

, et al. Data security in IoT devices and sensor networks for robust threat detection and privacy protection. Acad J Innovation Eng Emerging Technol 2024; 1: 19–35.

Anitha

Murugan

. Privacy-preserving collaboration in blockchain-enabled IoT: the synergy of modified homomorphic encryption and federated learning. Int J Commun Syst 2024; 37: e5955.

Hangan

Lazea

Cioara

. Privacy-Preserving Anomaly Detection on Homomorphic Encrypted Data from IoT Sensors. arXiv preprint arXiv:2403.09322. 2024.

Valivarthi

. Blockchain-Powered AI-based secure HRM data management: machine learning-driven predictive control and sparse matrix decomposition techniques. Int J Mod Electron Commun Eng 2020; 8: 1–5.

Rguibi

Younes

Ahmed

, et al. Privacy-Preserving anomaly detection for IoT: leveraging federated and split learning. In: 2024 International Conference on Circuit, Systems and Communication (ICCSC), 2024, June, pp.1–6. IEEE.

10.

Aissaoua

Laouid

Kara

, et al. Integrating homomorphic encryption in IoT healthcare blockchain systems. Ingénierie des Systèmes d’Information 2024; 29: 1667–1677.

11.

Rahmadika

Astillo

Choudhary

, et al. Blockchain-based privacy preservation scheme for misbehaviour detection in lightweight IoMT devices. IEEE J Biomed Health Inform 2022; 27: 710–721.

12.

Astillo

Duguma

Park

, et al. Federated intelligence of anomaly detection agent in IoTMD-enabled diabetes management control system. Future Gener Comput Syst 2022; 128: 395–405.

13.

Mishra

Chaurasiya

. Hybrid deep learning algorithm for smart cities security enhancement through blockchain and the internet of things. Multimed Tools Appl 2024; 83: 22609–22637.