Hybrid Model of Isolation Forest and Long Short-Term Memory Autoencoder for Digital Forensic Anomaly Detection in Manufacturing IoT Networks
Abstract
The development of Internet of Things (IoT) technology in the manufacturing sector creates opportunities for efficiency while also increasing vulnerability to sabotage threats that are difficult to detect manually. This study aims to design and evaluate an artificial intelligence-based hybrid model that combines Isolation Forest and Long Short-Term Memory Autoencoder to detect anomalies in the context of digital forensics in manufacturing industrial IoT networks. The research design uses an experimental approach with a simulated dataset representing 35 working days of smart factory operations, covering 127 sabotage scenarios distributed across six types of logs. The methodology applied is a two-layer cascade architecture, where Isolation Forest serves as a statistical anomaly detector in the first layer, followed by Long Short-Term Memory Autoencoder as a time-series pattern validator in the second layer. The evaluation results show that Isolation Forest independently achieved an F1-score of 0.84, Long Short-Term Memory Autoencoder achieved 0.87, while the hybrid model produced an F1-score of 0.93 with a precision of 0.91 and a recall of 0.95. These findings confirm that the hybrid cascade approach significantly outperforms each individual method. This study concludes that the integration of both methods provides a more accurate and efficient digital forensic solution for detecting sabotage incidents in industrial IoT environments.
Downloads
References
T. J. Silva, E. OliveiraJr, M. E. Pereira, and A. F. Zorzo, “A review study of digital forensics in IoT: Process models, phases, architectures, and ontologies,” Forensic Sci. Int. Digit. Investig., vol. 53, no. February, p. 301912, 2025, doi: 10.1016/j.fsidi.2025.301912.
L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” Comput. Networks, vol. 54, no. 15, pp. 2787–2805, 2010, doi: 10.1016/j.comnet.2010.05.010.
B. M. Alshammari, “A Machine Learning-Based Framework for Measuring Attack Surfaces of IoT Systems,” IEEE Access, vol. 13, no. August, pp. 134297–134311, 2025, doi: 10.1109/ACCESS.2025.3593516.
S. Teixeira, R. Arrais, R. Dias, and G. Veiga, “On the development and deployment of an IIoT Infrastructure for the Fish Canning Industry,” Procedia Comput. Sci., vol. 217, no. 2022, pp. 1095–1105, 2022, doi: 10.1016/j.procs.2022.12.308.
N. Kolokotronis, M. Dareioti, S. Shiaeles, and E. Bellini, “An Intelligent Platform for Threat Assessment and Cyber-Attack Mitigation in IoMT Ecosystems,” 2022 IEEE GLOBECOM Work. GC Wkshps 2022 - Proc., pp. 541–546, 2022, doi: 10.1109/GCWkshps56602.2022.10008548.
I. V. Kotenko, I. B. Saenko, and A. G. Kushnerevich, “Architecture of the parallel big data processing system for security monitoring of internet of things networks,” SPIIRAS Proc., vol. 4, no. 59, pp. 5–30, 2018, doi: 10.15622/sp.59.1.
F. T. Liu, K. M. Ting, and Z. H. Zhou, “Isolation forest,” Proc. - IEEE Int. Conf. Data Mining, ICDM, pp. 413–422, 2008, doi: 10.1109/ICDM.2008.17.
Y. F. Tan, G. Z. Zhao, C. P. Ooi, and W. H. Tan, “Leveraging Interquartile Range and Isolation Forest for Abnormal Power Consumption Prediction,” IMCEC 2024 - IEEE 6th Adv. Inf. Manag. Commun. Electron. Autom. Control Conf., vol. 6, pp. 815–819, 2024, doi: 10.1109/IMCEC59810.2024.10575711.
A. Ghubaish, Z. Yang, A. Erbad, and R. Jain, “LEMDA: A Novel Feature Engineering Method for Intrusion Detection in IoT Systems,” IEEE Internet Things J., vol. 11, no. 8, pp. 13247–13256, 2024, doi: 10.1109/JIOT.2023.3328795.
R. B. Anaraki, R. Palaniappan, U. Häger, and C. Rehtanz, “Anomaly Detection in Low-Voltage Grids with LSTM Autoencoders: A Study on Future Scenario Impacts,” IEEE PES Innov. Smart Grid Technol. Eur. ISGT Eur. 2024, pp. 0–4, 2024, doi: 10.1109/ISGTEUROPE62998.2024.10863300.
P. Malviya and A. K. Jhapate, “Spam Detection using LSTM Deep Learning Model for Smart Home Device Environment,” Proc. - 2025 5th Int. Conf. Internet Things Smart Innov. Usage, IoT-SIU 2025, pp. 1–5, 2025, doi: 10.1109/IOT-SIU65919.2025.11402855.
E. Gures, Z. Becvar, and P. Mach, “Cascade Fuzzy Logic for Handover Optimization in Mobile Networks,” 2024 IEEE Int. Mediterr. Conf. Commun. Networking, MeditCom 2024, pp. 293–298, 2024, doi: 10.1109/MeditCom61057.2024.10621353.
X. Wei, C. A. Sun, X. Zhang, and D. Towey, “MulAD: A log-based anomaly detection approach for distributed systems using multi-pattern and multi-model fusion,” Sci. Comput. Program., vol. 251, no. December 2025, p. 103433, 2026, doi: 10.1016/j.scico.2025.103433.
Z. Liu and J. Hui, “Advancing predictive maintenance: a deep learning approach to sensor and event-log data fusion,” Sens. Rev., vol. 44, no. 5, pp. 563–574, 2024, doi: 10.1108/SR-03-2024-0183.
X. Wan et al., “A Processing Method of Missing Value for Industrial Big Data Based on Improved Neural Network Algorithm,” Proc. - 2023 5th Int. Conf. Appl. Mach. Learn. ICAML 2023, pp. 148–152, 2023, doi: 10.1109/ICAML60083.2023.00037.
M. Y. Dong, H. L. Wu, T. Wang, K. Huang, H. Ren, and R. Q. Yu, “PARAFACM: A second-order calibration algorithm for handling data with missing values,” Chemom. Intell. Lab. Syst., vol. 244, no. November 2023, p. 105030, 2024, doi: 10.1016/j.chemolab.2023.105030.
J. Ma, J. Cui, and D. Zirui, “Ship Collision Avoidance Path based on Hermit Crab Optimizer with Multiple-Objective Evolutionary Algorithm,” 2024 1st Int. Conf. Software, Syst. Inf. Technol. SSITCON 2024, pp. 1–5, 2024, doi: 10.1109/SSITCON62437.2024.10796697.
T. M. Alam et al., “An investigation of credit card default prediction in the imbalanced datasets,” IEEE Access, vol. 8, pp. 201173–201198, 2020, doi: 10.1109/ACCESS.2020.3033784.
H. Taherdoost, N. Mohamed, and Y. Farhaoui, “Evaluating IoT Data Security Metrics and Emerging Trends,” Int. J. Serv. Sci. Manag. Eng. Technol., vol. 16, no. 1, pp. 1–23, 2025, doi: 10.4018/IJSSMET.388708.
Happy, R. Chhikara, and N. Kashyap, “IoT Devices Attack Vectors and Its AI/ML Solutions,” IEEE Int. Conf. Next Gener. Inf. Syst. Eng. NGISE 2025, vol. 1, pp. 1–6, 2025, doi: 10.1109/NGISE64126.2025.11085282.
İ. Üstek, M. Arana-Catania, A. Farr, and I. Petrunin, “Deep Autoencoders for Unsupervised Anomaly Detection in Wildfire Prediction,” Earth Sp. Sci., vol. 11, no. 11, 2024, doi: 10.1029/2024EA003997.
V. Harit, R. Dahiya, and U. Garg, “An Efficient Hybrid Autoencoder -LSTM Based Deep Learning Framework for Intrusion Detection in IoT Networks,” 2025 2nd Int. Conf. Adv. Comput. Emerg. Technol. ACET 2025, no. iii, pp. 1–6, 2025, doi: 10.1109/ACET67282.2025.11430228.
E. D. Aved’yan, G. V. Barkan, and I. K. Levin, “Synthesis of multi-layer neural networks architecture (For the case of cascaded NNs),” Proc. Int. Jt. Conf. Neural Networks, vol. 1, pp. 379–382, 1999, doi: 10.1109/ijcnn.1999.831523.
Y. Salem, M. Owda, and A. Y. Owda, “A Comprehensive Review of Digital Forensics Frameworks for Internet of Things (IoT) Devices,” 2023 Int. Conf. Inf. Technol. Cybersecurity Challenges Sustain. Cities, ICIT 2023 - Proceeding, pp. 89–96, 2023, doi: 10.1109/ICIT58056.2023.10226145.
M. Muammar, I. Riadi, and R. Umar, “Mobile Forensics in Human Trafficking Investigation Services Using Mobile Laboratory,” JUITA J. Inform., vol. 13, no. 1, pp. 1–10, 2025, doi: 10.30595/juita.v13i1.24060.
K. Patel, C. Mistry, R. Gupta, S. Tanwar, and N. Kumar, “A systematic review on performance evaluation metric selection method for IoT-based applications,” Microprocess. Microsyst., vol. 101, no. March 2021, p. 104894, 2023, doi: 10.1016/j.micpro.2023.104894.
A. Mahanipour and H. Khamfroush, “Enhancing IoT Security: A Novel Feature Engineering Approach for ML-Based Intrusion Detection Systems,” Proc. - 2024 20th Int. Conf. Distrib. Comput. Smart Syst. Internet Things, DCOSS-IoT 2024, pp. 548–555, 2024, doi: 10.1109/DCOSS-IoT61029.2024.00086.
A. Chouhan, N. Shahriar, and J. T. Yao, “HCL: A Hybrid CNN-LSTM Framework for Intrusion Detection in SDN-IoT Networks,” 2025 Int. Conf. Comput. Netw. Commun. ICNC 2025, pp. 254–258, 2025, doi: 10.1109/ICNC64010.2025.10994022.
R. Y. Prasongko, A. Yudhana, and I. Riadi, “Analisis Penggunaan Metode ACPO (Association of Chief Police Officer) pada Forensik WhatsApp,” J. Sains Komput. Inform., vol. 6, no. 2, pp. 1112–1120, 2022, doi: http://dx.doi.org/10.30645/j-sakti.v6i2.520.
M. Williams, I. Emeteveke, O. J. Adeyeye, and O. Emehin, “Enhancing Data Forensics through Edge Computing in IoT Environments,” Int. J. Res. Publ. Rev., vol. 5, no. 10, pp. 2970–2985, 2024, doi: 10.55248/gengpi.5.1024.2903.
Copyright (c) 2026 Muammar, Sandhy Fernandez, Arif Riyandi, Sena Wijayanto
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
This is an open-access article distributed under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License which permits unrestricted use, distribution, and reproduction in any medium. Users are allowed to read, download, copy, distribute, search, or link to full-text articles in this journal without asking by giving appropriate credit, provide a link to the license, and indicate if changes were made. All of the remix, transform, or build upon the material must distribute the contributions under the same license as the original.
