Modern IoT (Internet of Things) environments with thousands of low-end and diverse IoT nodes with complex interactions among them and often deployed in remote and/or wild locations present some unique challenges that make traditional node compromise detection services less effective. This paper presents the design, implementation and evaluation of a fog-based architecture that utilizes the concept of a digital-twin to detect compromised IoT nodes exhibiting malicious behaviors by either producing erroneous data and/or being used to launch network intrusion attacks to hijack other nodes eventually causing service disruption. By defining a digital twin of an IoT infrastructure at a fog server, the architecture is focused on monitoring relevant information to save energy and storage space. The paper presents a prototype implementation for the architecture utilizing malicious behavior datasets to perform misbehaving node classification. An extensive accuracy and system performance evaluation was conducted based on this prototype. Results show good accuracy and negligible overhead especially when employing deep learning techniques such as MLP (multilayer perceptron).

翻译：现代物联网环境包含数千个低端且多样化的物联网节点，这些节点之间存在复杂的交互，且通常部署在偏远和/或野外场所。这带来了独特的挑战，使得传统的节点受陷检测服务效果不佳。本文提出了一种基于雾计算的架构的设计、实现与评估，该架构利用数字孪生概念检测表现出恶意行为的受陷物联网节点。这些节点可能产生错误数据，或被用于发起网络入侵攻击以劫持其他节点，最终导致服务中断。通过在雾服务器上定义物联网基础设施的数字孪生，该架构专注于监控相关信息以节省能源和存储空间。本文展示了基于该架构的原型实现，并利用恶意行为数据集进行异常节点分类。基于该原型进行了广泛的准确性和系统性能评估。结果表明，该方法具有良好的准确性且开销极小，尤其在采用多层感知机等深度学习技术时表现突出。