MAS-LSTM: A Multi-Agent LSTM-Based Approach for Scalable Anomaly Detection in IIoT Networks

The increasing complexity of interconnected systems in the Internet of Things (IoT) demands advanced methodologies for real-time security and management. This study presents MAS-LSTM, an anomaly-detection framework that combines multi-agent systems (MASs) with long short-term memory (LSTM) networks. By training agents on IoT traffic datasets (NF-ToN-IoT, NF-BoT-IoT, and their V2 versions), MAS-LSTM offers scalable, decentralized anomaly detection. The LSTM networks capture temporal dependencies, enhancing anomaly detection in time-series data. This framework overcomes key limitations of existing methods, such as scalability in heterogeneous traffic and computational efficiency in resource-constrained IIoT environments. Additionally, it leverages graph signal processing for adaptive and modular detection across diverse IoT scenarios. Experimental results demonstrate its effectiveness, achieving F1 scores of 0.9861 and 0.8413 on NF-BoT-IoT and NF-ToN-IoT, respectively. For V2 versions, MAS-LSTM achieves F1 scores of 0.9965 and 0.9678. These results highlight its robustness in handling large-scale IIoT traffic. Despite challenges in real-world deployment, such as adversarial attacks and communication overhead, future research could focus on self-supervised learning and lightweight architectures for resource-constrained environments.