2.1. Review of Similar Works
Security in IoT systems and anomaly detection in similar environments have been critical research topics in the last decade. Numerous works and projects have been developed in this context to shed light on the challenges and solutions in these crucial areas [
11]. One of the fundamental aspects of security in IoT systems is protecting data and devices against cyber threats. Previous research, such as the study by [
12], has highlighted the importance of device authentication and data encryption in IoT environments to guaranteeing the confidentiality and integrity of the information transmitted. These approaches are based on the premise that security starts at the most basic level of the IoT infrastructure, and that any vulnerability could put the entire system at risk.
Another critical aspect is the detection of anomalies in real time in IoT environments. The study [
13] addressed failure detection in industrial machinery by analyzing time series of sensor data. This research showed how machine learning algorithms, such as recurrent neural networks, can identify unnatural patterns in the operation of industrial machinery and prevent unplanned downtime. Furthermore, the study by [
14] focused on intrusion detection in IoT systems through an abnormal behavior analysis-based approach. This approach makes it possible to identify unauthorized or unusual activities in the IoT network, which is crucial to ensuring device security and data integrity [
15].
Despite the advances outlined above, there is a substantial gap in research in terms of the context of a specialized smart manufacturing plant for industrial machinery. This gap lies in the lack of solutions and approaches that are optimally suited to the unique characteristics of this highly technical environment [
16]. Most previous work has addressed general IoT applications or focused on specific domains like healthcare or home security. The lack of thorough research on smart manufacturing plants operating industrial machinery has left a gap in terms of understanding the challenges of and optimal solutions for this context [
17,
18].
This research gap highlights the critical need for this case study. The smart manufacturing plant addressed here represents a highly specialized and challenging scenario where safety and efficiency are paramount [
19]. Previous works on IoT security and anomaly detection laid the theoretical and methodological foundations. Thus, this case study dives into the concrete application of these solutions in a real industrial context, addressing the specific challenges faced by this smart manufacturing plant [
20].
2.3. Plant Description
The smart manufacturing facility specializes in producing high-quality industrial machinery, construction equipment, and industrial tools. Located in a highly automated environment, this plant is a leading example of smart manufacturing, where efficiency and quality are paramount. The industrial machinery produced covers a wide range of equipment, with output ranging from heavy machinery used in construction to precision tools used in the manufacturing industry. The plant operates 24/7, running production across multiple assembly lines and manufacturing processes. This highly specialized environment presents unique challenges related to security and efficiency.
Every machine and device in the plant is equipped with sensors that collect real-time data on parameters such as temperature, pressure, speed, and other aspects crucial to the performance and quality of the final product. The IoT infrastructure in the plant is an essential component of its operation. It includes a wide variety of sensors and devices that continuously collect data. Sensors embedded in machinery and equipment capture detailed information about their operation, while IoT devices on the network manage data transmission and secure storage [
24]. Data communication takes place over a secure IoT network using encrypted communication protocols. Sensor data are transmitted in real time to a central platform responsible for storing, processing, and analyzing the information. This platform is the system’s core and is where the machine learning algorithms for anomaly detection are applied.
The selection of machine learning algorithms is based on the need to detect anomalies in real time in the data generated by the plant’s sensors. A combination of algorithms, including convolutional neural networks (CNN) and hidden Markov models (HMM), is chosen due to their ability to capture complex patterns and subtle changes in sensor data. CNN models are used to analyze data from sensors that represent thermal and visual images of industrial machinery [
25]. This allows for the detection of optical and thermal anomalies in the operation of machines. HMMs are applied to time series data recording the performance of devices over time. This combination of algorithms enables accurate, multidimensional anomaly detection.
A historical data set collected over a significant period at the plant is used to train the machine learning models. These data include detailed operating logs and sensor measurements. Cases of known anomalies in the data are tagged for use in the supervised training of the models [
26]. The models are carefully adjusted to fit the plant environment and to minimize false positives and negatives. This involves parameter optimization and cross-validation to ensure the accuracy and reliability of real-time anomaly detections. Machine learning implementation is rigorously carried out, and the trained models are integrated into the plant’s IoT infrastructure, enabling continuous anomaly detection in the production of industrial machinery, construction equipment, and industrial tools.
2.4. Method Design
The method design addresses safety and efficiency challenges in a highly specialized smart manufacturing facility for producing industrial machinery and other construction equipment. The primary purpose of this process is to strengthen the security in IoT systems that support the operation of the plant, identifying and mitigating possible cyber threats and guaranteeing the integrity of the data [
27]. In addition, it seeks to improve the plant’s efficiency by implementing anomaly detection solutions based on automatic learning algorithms.
The research follows a methodological approach, combining qualitative and quantitative analysis elements [
28]. This choice is based on the need to address both technical and quantifiable aspects related to security and efficiency in IoT systems and the qualitative factors that can influence the implementation of solutions in a specialized manufacturing environment.
Figure 1 shows the general flow of the methodology used.
In the first phase, the analysis of the existing IoT infrastructure in the smart manufacturing plant is carried out. This includes identifying sensors, devices, and communication protocols used in data collection. Subsequently, historical data covering a significant period are collected [
29]. These data are used to train and validate the machine learning models used in anomaly detection. Implementing security solutions in IoT systems is performed in parallel with data collection, focusing on IoT network protection, device authentication, and data encryption. Once the keys are implemented, they are evaluated to ensure their effectiveness in detecting anomalies and improving plant safety. The results are analyzed, and the solutions are adjusted as necessary.
2.4.1. IoT Infrastructure Analysis
IoT infrastructure in the smart manufacturing floor is a critical component of the process, enabling real-time data collection and informed decision making. This infrastructure is meticulously reviewed to address the plant’s specific needs and ensure efficiency in production and security in IoT systems. In this way, it can be identified that each machine and piece of equipment in the plant is equipped with telemetry sensors that monitor critical parameters [
30]. These sensors include temperature gauges, pressure, accelerometers, and flow sensors. The data collected by these sensors provide real-time information on the performance and condition of the machines.
For visual monitoring, IoT cameras are installed in critical areas of the plant. These cameras capture high-resolution images that can be used to detect visual abnormalities and assess the quality of manufactured products. In addition to monitoring sensors, the plant has IoT control devices that allow for two-way communication with the machines. This facilitates the ability to remotely adjust the settings and operation of machines.
The message queuing telemetry transport (MQTT) protocol efficiently transmits real-time data from IoT sensors and devices. This protocol is highly efficient regarding bandwidth and adapts well to resource-constrained environments. The constrained application protocol (CoAP) is used for communication between IoT devices and the central management platform [
31]. CoAP is a lightweight protocol designed specifically for devices with limited resources. Hypertext transfer protocol secure (HTTPS) is implemented in all data transmissions to ensure communication security. This provides end-to-end authentication and encryption. A custom-access control protocol has been implemented to ensure only authorized devices can communicate with critical plant systems.
2.4.2. Historical Data Collection and Data Balancing
Historical data collection provides the basis for training and validating anomaly detection models in the smart manufacturing plant. In this environment, historical data were generated using sensors and IoT devices, allowing us to build a representative and realistic data set for our research. Historical data were collected from telemetry sensors that monitor various parameters, including temperature, pressure, acceleration, and flow rates. These data were collected regularly, typically every second, over several months. We also used IoT cameras to generate historical visual data, capturing images at scheduled intervals and labeling them in order to identify typical situations and possible anomalies in the plant. In addition to monitoring sensor readings, IoT control data were recorded to document the actions taken on machines and equipment.
Regarding data balance, it is essential to highlight that techniques were implemented to ensure that the data set used for training machine learning models was balanced in terms of standard and abnormal data. This was essential to avoid bias in the anomaly detection models. During the historical data collection process, we ensured that both regular events and anomalies were captured and appropriately labeled. Additionally, in order to effectively manage the massive volume of data, a scalable and redundant storage system was implemented, thus ensuring the integrity and continuous availability of the data. Data compression techniques were also applied to optimize the use of storage resources without compromising data quality. These strategies ensured the quality and balance of the data used in our study, which in turn contributed to the effectiveness of our anomaly detection models and the robustness of our results.
The total volume of historical data collected was significant. Regarding the telemetry sensors, approximately 15 terabytes of data were generated over six months. The images captured using the IoT cameras represented around 50,000 high-resolution images. Data were collected and stored with a high degree of integrity and accuracy. Quality control measures were implemented to identify and correct possible errors in data collection. Properly and accurately labeled data enabled the practical training of machine learning models. The collection of historical data provided a solid information base for research, allowing us to advance the implementation of anomaly detection solutions based on machine learning algorithms and strengthen security in IoT systems on the intelligent manufacturing floor.
To effectively manage the 15 terabytes of data, a scalable and redundant storage system was implemented to ensure the integrity and continuous availability of the data. Additionally, data compression techniques were applied to optimize the use of storage resources without compromising data quality.
Image data captured by IoT cameras were instrumental in our approach to IoT security. These images were used for both the real-time diagnosis and training of ML models. In real time, image analysis algorithms visually processed and evaluated situations on the manufacturing floor, allowing for more accurate and faster anomaly detection. Images were also integrated into ML models, significantly improving the algorithms’ ability to understand and evaluate complex situations.
Image data are justified by the need for a richer and more detailed understanding of situations on the manufacturing floor. These images provide visual information that complements the numerical data collected using telemetry sensors. Visual information not only helps to detect anomalies but also contributes to developing a better understanding and evaluation of critical situations. In IoT security applications, visual information can be essential to making informed decisions and responding effectively to unusual events.
Table 1 presents the summary of the values considered in the data collection.
2.4.3. Training Machine Learning Models
The machine learning model training process was based on extensive historical data collected in the smart manufacturing plant. The data were carefully divided into training and test sets to ensure an accurate evaluation of the models. A training data set consisting of approximately 80% of the total volume of historical data was used. This represented a data volume of 12 terabytes (sensors) and 40,000 images (cameras). The test data set comprised 20% of the historical data, resulting in a data volume of 3 terabytes (sensors) and 10,000 images (cameras). Training and test data sets were split temporarily to ensure that models were trained on earlier data and evaluated on later data. This ensured that the models were capable of detecting anomalies in future situations.
Data augmentation was applied to the camera images in order to improve the robustness of the models and ensure that they were capable of handling diverse situations. This included the use of random rotations, displacements, and scaling to generate a more varied training data set. Regarding camera images, variables related to visual characteristics, such as textures, colors, and patterns, were considered [
32]. The data from telemetry sensors included variables related to temperature, pressure, acceleration, and flow rates.
Parameters such as kernel size, learning rate, and number of convolutional layers were adjusted for the CNN. In the support vector machines (SVM) algorithm with the RBF kernel, the C and gamma parameters of the RBF kernel were adjusted. For the variational autoencoders (VAE), the number of units in the latent layers and the learning rate were adjusted.
Since sensor data anomalies were relatively rare compared to everyday situations, class balancing techniques were used during training. This technique ensures that the model is not biased towards classifying everyday situations to the detriment of abnormalities. The training process was carried out in a high-performance computing environment to handle the large volume of data and the complexity of machine learning models [
33]. Detailed model evaluation results are presented in the results section of the article, along with specific performance metrics.
Data augmentation to camera images is carried out through several techniques, such as:
Random rotation: Random rotations were applied to the images to different orientations and perspectives. This helped the models recognize anomalies from multiple angles.
Random shift: Images were randomly shifted in different directions in response to variations in the location of objects. This improved the model’s ability to detect anomalies at various positions.
Random rescaling: Random rescaling was performed on the images, allowing the model to identify anomalies in both large and small objects, regardless of their relative size in the picture.
Horizontal mirroring: By applying horizontal mirroring, mirror versions of the images were created, helping models to recognize mirror anomalies or object inversions.
Noise addition: Random noise was added to images of varying lighting and visibility conditions in the manufacturing plant environment.
In addition to these techniques, other data augmentation methods were used to diversify the training set. These data augmentation strategies ensured that the model was trained in various situations and conditions, improving its ability to detect anomalies in the smart manufacturing plant environment.
2.4.4. Implementation of Security Solutions in IoT
The implementation of security solutions in the IoT environment of the intelligent manufacturing plant is carried out in order to strengthen protection against threats and ensure the safe and reliable operation of the system [
34]. This implementation is based on pre-trained machine-learning models used for anomaly detection.
Figure 2 outlines the critical steps in the implementation process for IoT security solutions.
The first stage involves integrating the previously trained anomaly detection models into the plant’s IoT infrastructure. This is possible when deploying a machine learning model inference server that is an intermediary between the IoT devices and the models. For this, a GPU-equipped high-performance server ensures efficient real-time inference. Once the models are online, a continuous monitoring system is established to monitor all incoming data from IoT sensors and cameras [
35]. This system is based on a real-time data processing architecture that allows for the ingestion and analysis of data as they are generated. Technologies such as Apache Kafka and Apache Flink are used for development to facilitate the transmission and processing of data in real time.
Anomaly detection is performed by constantly evaluating the data received by machine learning models. These models are designed to identify patterns and abnormal behaviors in data from sensors and cameras. If an anomaly is specified, the system automatically proceeds to generate alerts. The system creates automatic alerts when an abnormality or unusual behavior is detected [
36]. Signals are generated in real time and contain precise details about the monster’s nature and exact plant location. These alerts are sent to plant managers and security personnel through secure communication channels.
The incident response protocol is activated as soon as alerts are received. Security personnel have access to a centralized dashboard that provides detailed information about the anomaly, including relevant data logs and root-cause analysis. This allows for a quick and accurate assessment of the situation and the implementation of corrective measures as necessary. A continuous updating and improvement strategy was implemented to maintain the anomaly detection models’ effectiveness [
37]. New data are collected and labeled in order to train the models regularly. In addition, the hyperparameters of the models are reviewed and adjusted to adapt them to the changing conditions of the plant environment. In the last stage, an exhaustive evaluation of the impact of the implemented security solutions is carried out. Results regarding reduced security incidents, improved response times, and increased overall system reliability are measured.
Implementing real-time security solutions is crucial in smart manufacturing environments. In this study, real-time anomaly detection was achieved through continuously monitoring and analyzing data from telemetry sensors, IoT cameras, and control devices in the manufacturing plant. The data were transmitted and processed in real time using the message queuing telemetry transport (MQTT) protocol, which is widely recognized for its efficiency and speed in smart industry applications.
MQTT has become an efficient and reliable communication protocol in the smart industry due to its ability to handle real-time data transmission effectively. It allows for the publication and transmission of messages between IoT devices and monitoring systems, facilitating the transmission of critical data quickly and reliably. In the context of this research, MQTT enabled agile communication between the telemetry sensors, IoT cameras, and the machine learning-based anomaly detection system. This ensured data were analyzed in real time, leading to rapid responses to unusual events on the manufacturing floor.
The efficiency of MQTT played a critical role in the anomaly detection system’s ability to operate in real time, enabling faster and more effective responses to strange events in the smart manufacturing plant environment. This technology is an essential component in the IoT communication infrastructure, supporting efficiency and security in the smart industry.
2.4.5. Continuous Assessment
Continuous evaluation enables the constant improvement of security solutions implemented in an IoT-enabled smart manufacturing plant environment. To carry out ongoing evaluation, a systematic data collection process is established. Data were collected on incidents, alerts generated, responses to incidents, and any corrective action taken. These data were recorded and stored in a centralized database [
38]. Specific performance metrics were then defined, which served as critical indicators for evaluating the effectiveness of security solutions.
Anomaly detection rate: The proportion of correctly detected anomalies compared to the total number of abnormalities in the system.
False positive rate: The proportion of alerts generated that turned out to be false alarms compared to the total signals generated.
Average response time: The average time from detecting an anomaly to implementing corrective measures.
Incident reduction: The quantitative decrease in security incidents in the plant environment compared to periods before the implementation of security solutions.
Resource efficiency: The efficiency in using resources, including hardware resources and security personnel.
A regular analysis cycle and periodic reports were established to evaluate the performance metrics and results obtained. The collected data were used to generate detailed reports in order to provide a complete overview of the security system’s performance.
Based on the results of the periodic reports, iterative adjustments and improvements were made to the security solutions. These adjustments included the optimization of detection algorithms, modifications to the alert configuration, or updates to security policies. Continuous evaluation also addressed the scalability of security solutions and the ability of solutions to adapt to an increase in the number of IoT devices and data without compromising their performance.
A regular update strategy was implemented in order to maintain the anomaly detection models’ effectiveness. The models were retrained using new data to ensure that they kept up with the latest trends in the plant environment. The continuous improvement process ensured that high security and reliability were always maintained.
2.4.6. Results and Analysis
This section outlines the results of implementing machine learning-based security solutions in the IoT-enabled smart manufacturing plant environment. Additionally, the methods used to obtain the results and the ways in which they are analyzed to assess the effectiveness of the answers are described.
The overall results address security solutions’ impact in reducing incidents and improving response times, indicating their overall effectiveness in detecting anomalies. The results are obtained through data collection in real time. This is performed a significant period after the implementation of the security solutions. Data on incidents, generated alerts, response times, and other relevant indicators are recorded for this purpose. These data are analyzed using statistical analysis and data visualization techniques.
The analysis of results should focus on evaluating the performance metrics defined in the model design. Researchers should calculate anomaly detection rates and false favorability rates, study trends over time, and compare the results with the reference data in order to assess the impact of security before the implementation of solutions should be considered.
In addition to performance metrics, it is necessary to collect specific examples of incidents detected and resolved thanks to security solutions. These examples illustrate real situations where the solutions proved their value and contributed to safety in the plant. The results should support the effectiveness of machine learning-based security solution implementation in the IoT-enabled smart manufacturing plant environment. The reduction in incidents, the improvement in response times, and the high efficiency in detecting anomalies indicate these solutions’ positive impacts on plant safety.
2.4.7. Adjustments and Optimization
The tuning and optimization section describes the technical and continuous process of improving and optimizing the security solutions implemented in the IoT-based intelligent manufacturing plant environment. This process is based on real-time data collection, performance monitoring, and the constant evaluation of critical metrics.
Figure 3 shows the stages considered for adjustment and optimization.
A constant data collection process is established in real time by implementing security solutions. This process allows for the continuous acquisition of information about incidents, generated alerts, responses to incidents, and any changes in system configuration. It is essential to implement a performance monitoring system in real time. This system actively monitors the behavior of the security system and generates performance data in real time. Specific performance metrics such as anomaly detection rate, false positive rate, and other vital indicators were defined for the process. These metrics are constantly evaluated over time to measure the security system’s performance.
One of the critical approaches to optimization is tuning the hyperparameters of anomaly detection models. Systematic experiments are usually carried out to find the optimal combination of hyperparameters for maximizing detection precision and minimizing false positives. A periodic update strategy is implemented to ensure that anomaly detection models are kept up to date. The models are retrained with new data collected from the plant environment to ensure they are aware of the latest trends in abnormal behavior. The adjustment and optimization process must be carried out continuously to maintain high effectiveness and efficiency in IoT security solutions. These actions allowed us to proactively address challenges that arose over time and ensured that the security system remained adapted to the changing conditions of the plant environment.