Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Physical tells digital threats: supervised ML-IDS for multimodal IoT telemetry in smart buildings

Briliyant, Obrina, Javed, Amir ORCID: https://orcid.org/0000-0001-9761-0945 and Cherdantseva, Yulia ORCID: https://orcid.org/0000-0002-3527-1121 2025. Physical tells digital threats: supervised ML-IDS for multimodal IoT telemetry in smart buildings. Presented at: International Conference on Cryptography, Informatics, and Cybersecurity 2025, Depok, Indonesia, 22-23 October, 2025. Proceeding of the 2nd International Conference on Cryptography, Informatics and Cybersecurity (ICoCICs 2025).
Item availability restricted.

[thumbnail of accepted not published yet] PDF (accepted not published yet) - Accepted Post-Print Version
Restricted to Repository staff only
Download (1MB)
[thumbnail of Provisional File This article is currently in press.pdf] PDF - Accepted Post-Print Version
Download (17kB)

Abstract

Traditional machine learning-based intrusion detection systems (ML-IDS) in smart building environments face critical limitations, including heavy reliance on network traffic analysis, high computational overhead, and inability to detect insider threats. The solution lies in recognizing that cyber attacks in smart buildings inevitably manifest as anomalies in physical device behaviors, such as temperature fluctuations, unexpected door activations, and abnormal HVAC operations, which traditional network-based IDS systems completely overlook. This paper presents a novel supervised ML-IDS that leverages multimodal IoT telemetry data, combining physical sensor readings with device operational states to detect cyber attacks. Using a dataset with 221,859 telemetry records from smart building infrastructure, we demonstrate that physical sensor data (temperature, motion, door states) combined with Modbus protocol communications provide superior attack detection capabilities. Our multimodal telemetry-based ML-IDS achieves 84.47% accuracy and 90.76% AUC for binary attack detection, significantly outperforming conventional IoT security approaches while operating with minimal computational requirements suitable for edge deployment. The system successfully detects seven distinct types of attack: backdoor, DDoS, injection, password, ransomware, scanning, and XSS attacks. selective classification detectors demonstrate exceptional performance for specific attacks, such as scanning (85.66% AUC) and DDoS (84.01% AUC). Our findings suggest that multimodal IoT telemetry data, particularly combined physical readings and device status indicators, provide sufficient discriminative features for effective cyber attack detection, including zero-day exploits and insider threat.

Item Type: Conference or Workshop Item (Paper)
Status: Unpublished
Schools: Schools > Computer Science & Informatics
Funders: lpdp
Date of First Compliant Deposit: 29 September 2025
Last Modified: 08 Oct 2025 13:46
URI: https://orca.cardiff.ac.uk/id/eprint/181391

Actions (repository staff only)

Edit Item Edit Item
Download Statistics

Downloads

Downloads per month over past year

View more statistics

CORE (COnnecting REpositories)


Maintained by Cardiff University IT