Anomaly Detection Fog (ADF): A federated approach for internet of things

Document Type : Article


1 Faculty of Electrical and Computer Engineering, Malek Ashtar University of Technology, Tehran, Iran

2 Department of Media Engineering, IRIB University, Tehran, Iran


Heterogeneous data models and resource constraints are the challenging issues of anomaly detection in Internet of Things. Due to these issues and the complexity of conventional anomaly detection methods, it is necessary to design an anomaly detection approach with IoT-specific concerns. This paper presents a framework for anomaly detection specially designed for IoT called Anomaly Detection Fog(ADF). ADF uses network slicing to present a federation of heterogeneous fog clusters. Federated fog clusters collaborate with each other via anomaly directives (heterogeneous context abstracts) for context-aware and application-independent anomaly detection. Evaluations show that ADF has a higher detection accuracy by detecting 95% of false alarms in comparison to conventional anomaly detection methods. Also, ADF reduces energy consumption by 40%, Moreover, it reduces communication overhead and detection latency by preventing cloud offloading.


1. " IoT Vulnerabilities- Google Search". q= https%3A%2F%2Fwww.owasp.+org%2Findex.php%2FTop IoT Vulnerabilities &oq=https%3A%2F%2Fwww.owasp.+org%2Findex.php%2FTop IoT Vulnerabili ties&gs l=psyab.3..33i160k1.2058.2058.0.2737.
2. Du, J. and Chao, S. "A study of information security for M2M of IOT", in 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE), 3, pp. V3-576-V3-579 (2010). DOI: 10.1109/ICACTE.2010.5579563.
3. Chandola, V., Banerjee, A., and Kumar, V. "Anomaly detection: A survey", ACM Comput. Surv., 41(3), p. 15 (2009).
4. Calo, S.B., Touna, M., Verma, D.C., et al. "Edge computing architecture for applying AI to IoT", In 2017 IEEE International Conference on (Big Data), pp. 3012-3016 (Dec. 2017). DOI: 10.1109/Big- Data.2017.8258272.
5. Xie, M., Han, S., Tian, B., et al. "Anomaly detection in wireless sensor networks: A survey", J. Netw. Comput. Appl., 34(4), pp. 1302-1325 (2011).
6. Rajasegarar, S., Leckie, C., and Palaniswami, M. "Anomaly detection in wireless sensor networks", IEEE Wirel. Commun., 15(4), pp. 34-40 (2008).
7. Aggarwal, C.C., Ashish, N., and Sheth, A. "The internet of things: A survey from the data-centric perspective", In Managing and Mining Sensor Data, Springer, pp. 383-428 (2013).
8. Butun, I., Morgera, S.D., and Sankar, R. "A survey of intrusion detection systems in wireless sensor networks", IEEE Commun. Surv. Tutorials, 16(1), pp. 266-282 (2014).
9. Butun, I., Kantarci, B., and Erol-Kantarci, M. "Anomaly detection and privacy preservation in cloudcentric Internet of Things", In Communication Workshop (ICCW), 2015 IEEE International Conference on, pp. 2610-2615 (2015).
10. Lavin, A. and Ahmad, S. "Evaluating real-time anomaly detection algorithms-the numenta anomaly benchmark", In 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), pp. 38-44 (Dec. 2015). DOI: 10.1109/ICMLA.2015.141.
11. Behniafar, M., Nowroozi, A., and Shahriari, H.R. "A survey of anomaly detection approaches in Internet of Things", ISC Int. J. Inf. Secur., 10(2), pp. 79-92 (2018). DOI: 10.22042/isecure.2018.116976.408.
12. "Transform your enterprise with an intelligent edge and IoT", Accessed: May 11, (2019) [Online]. Available:
13. Al-Khafajiy, M., Baker, T., Waraich, A., et al. "Iotfog optimal workload via fog offloading", Proc. - 11th IEEE/ACM Int. Conf. Util. Cloud Comput. Companion, UCC Companion 2018, pp. 349-352 Jan. (2019).DOI: 10.1109/UCC-COMPANION.2018.00081.
14. Bonomi, F., Milito, R., Natarajan, P., et al. "Fog computing: A platform for internet of things and analytics", Springer, Cham, pp. 169-186 (2014). DOI: 10.1007/978-3-319-05029-4 7.
15. Ai, Y., Peng, M., and Zhang, K. "Edge computing technologies for Internet of Things: a primer", Digit. Commun. Networks, 4(2), pp. 77-86, Apr. (2018).DOI: 10.1016/J.DCAN.2017.07.001.
16. "Cisco innovates in fog computing | The Network". type=webcontent&articleId=1894659 (accessed May 11, 2019).
17. "Open Fog Reference Architecture for Fog Computing", 2017. Accessed: May 11, (2019). [Online]. Available:
18. Misra, S. and Sarkar, S. "Theoretical modelling of fog computing: a green computing paradigm to support IoT applications", IET Networks, 5(2), pp. 23-29 Mar. (2016). DOI: 10.1049/iet-net.2015.0034.
19. Aazam, M., Zeadally, S., and Harras, K. A. "Offloading in fog computing for IoT: Review, enabling technologies, and research opportunities", Futur. Gener. Comput. Syst., 87, pp. 278-289, Oct. (2018). DOI:10.1016/J.FUTURE.2018.04.057.
20. Chiang, M. and Zhang, T. "Fog and IoT: An overview of research opportunities", IEEE Internet Things J., 3(6), pp. 854-864, Dec. (2016). DOI: 10.1109/JIOT.2016.2584538.
21. Raza, S., Wallgren, L., and Voigt, T. "SVELTE: Realtime intrusion detection in the Internet of Things", Ad Hoc Networks, 11(8), pp. 2661-2674 (2013).
22. Le, A., Loo, J., Lasebae, A., et al. "6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach", Int. J. Commun. Syst., 25(9), pp. 1189-1212 (2012).
23. Thanigaivelan, N.K., Nigussie, E., Kanth, R.K., et al. "Distributed internal anomaly detection system for Internet-of-Things", In Consumer Communications & Networking Conference (CCNC), 2016 13th IEEE Annual , pp. 319-320 (2016).
24. Mayzaud, A., Sehgal, A., Badonnel, R., et al. "Using the RPL protocol for supporting passive monitoring in the Internet of Things", In Network Operations and Management Symposium (NOMS), 2016 IEEE/IFIP, pp. 366-374 (2016).
25. Tsitsiroudi, N., Sarigiannidis, P., Karapistoli, E., et al. "EyeSim: A mobile application for visual-assisted wormhole attack detection in IoT-enabled WSNs", In Wireless and Mobile Networking Conference (WMNC), 2016 9th IFIP, pp. 103-109 (2016).
26. Sarigiannidis, P., Karapistoli, E., and Economides, A.A. "VisIoT: A threat visualisation tool for IoT systems security", In Communication Workshop (ICCW), 2015 IEEE International Conference on, pp. 2633- 2638 (2015).
27. Surendar, M. and Umamakeswari, A. "InDReS: An intrusion detection and response system for internet of things with 6LoWPAN", In Wireless Communications, Signal Processing and Networking (WiSPNET), International Conference on, pp. 1903-1908 (2016).
28. Han, M.L., Lee, J., Kang, A.R., et al. "A statisticalbased anomaly detection method for connected cars in internet of things environment", In International Conference on Internet of Vehicles, pp. 89-97 (2015).
29. Kartakis, S., Yu, W., Akhavan, R., et al. "Adaptive edge analytics for distributed networked control of water systems", In Internet-of-Things Design and Implementation (IoTDI), 2016 IEEE First International Conference on, pp. 72-82 (2016).
30. Goodman, D.L., Hofmeister, J., and Wagoner, R. "Advanced diagnostics and anomaly detection for railroad safety applications: Using a wireless, IoT-enabled measurement system", in 2015 IEEE AUTOTESTCON, pp. 273-279 (2015). DOI: 10.1109/AUTEST.2015.7356502.
31. Da Xu, L., He, W., and Li, S. "Internet of things in industries: A survey", IEEE Trans. Ind. Informatics, 10(4), pp. 2233-2243 (2014).
32. Vijai, P. and Sivakumar, P.B. "Design of IoT systems and analytics in the context of smart city initiatives in India", Procedia Comput. Sci., 92, pp. 583-588 (2016).
33. Ho, C.-W., Chou, C.-T., Chien, Y.-C., et al. "Unsupervised anomaly detection using light switches for smart nursing homes", In Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), 2016 IEEE 14th Intl C, pp. 803-810 (2016).
34. Ukil, A., Bandyoapdhyay, S., Puri, C., et al. "IoT Healthcare Analytics: The Importance of Anomaly Detection", In 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA), pp. 994-997 (2016). DOI: 10.1109/AINA.2016.158.
35. Kasinathan, P., Pastrone, C., Spirito, M.A., et al. "Denial-of-service detection in 6LoWPAN based internet of things", In 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 600-607 (2013).
36. Ageev, S., Kopchak, Y., Kotenko, I., et al. "Abnormal traffic detection in networks of the internet of things based on fuzzy logical inference", In Soft Computing and Measurements (SCM), 2015 XVIII International Conference on, pp. 5-8 (2015).
37. Eliseev, V. and Gurina, A. "Algorithms for network server anomaly behavior detection without traffic content inspection", In Proceedings of the 9th International Conference on Security of Information and Networks, pp. 67-71 (2016).
38. Fu, R., Zheng, K., Zhang, D., et al. "An intrusion detection scheme based on anomaly mining in Internet of Things", In 4th IET International Conference on Wireless, Mobile & Multimedia Networks (ICWMMN 2011), pp. 315-320 (2011).
39. Chen, Z., Tian, L., and Lin, C. "A method for detection of anomaly node in IOT", In International Conference on Algorithms and Architectures for Parallel Processing, pp. 777-784 (2015).
40. Liu, Y. and Wu, Q. "A lightweight anomaly mining algorithm in the Internet of Things", In Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on, pp. 1142-1145 (2014).
41. Lyu, L., Jin, J., Rajasegarar, S., et al. "Fog-empowered anomaly detection in IoT using hyperellipsoidal clustering", IEEE Internet Things J., 4(5), pp. 1174-1184(2017).
42. Machaka, P., McDonald, A., Nelwamondo, F., et al. "Using the cumulative sum algorithm against distributed denial of service attacks in internet of things", In International Conference on Context-Aware Systems and Applications, pp. 62-72 (2015).
43. Ding, J., Liu, Y., Zhang, L., et al. "LCAD: A Correlation Based Abnormal Pattern Detection Approach for Large Amount of Monitor Data", In Asia-Pacific Web Conference, pp. 550-558 (2014).
44. Amin, S.O., Siddiqui, M.S., Hong, C.S., et al. "RIDES: Robust intrusion detection system for IP-based ubiquitous sensor networks", Sensors, 9(5), pp. 3447-3468 (2009).
45. Trilles, S., Belmonte,  O., Schade, S., et al. "A domainindependent methodology to analyze IoT data streams in real-time. A proof of concept implementation for anomaly detection from environmental data", Int. J. Digit. Earth, 10(1), pp. 103-120 (2017). DOI: 10.1080/17538947.2016.1209583.
46. Garcia-Teodoro, P., Diaz-Verdejo, J., Macia- Fernandez, G., et al. "Anomaly-based network intrusion detection: Techniques, systems and challenges", Comput. Secur., 28(1-2), pp. 18-28 (2009).
47. Liu, C.M., Chen, S.Y., Zhang, Y., et al. "An IoT anomaly detection model based on artificial immunity", Advanced Materials Research, (2012).
48. Greensmith, J. "Securing the internet of things with responsive artificial immune systems", In Proceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation, pp. 113-120 (2015). DOI:10.1145/2739480.2754816.
49. intrusion detection system (BMIDS) using internet of things (IoT) behavior-based anomaly detection via immunity-inspired algorithms", In 2016 25th International Conference on Computer Communication and Networks (ICCCN), pp. 1-6 (2016). DOI: 10.1109/ICCCN.2016.7568495.
50. Zheng, Z., Wang, J., and Zhu, Z. "A general anomaly detection framework for internet of things", In Proc. 41st IEEE/IFIP International Conference on Dependable Systems and Networks, Hong Kong (2011).
51. Shilton, A., Rajasegarar, S., Leckie, C., et al. "DP1SVM: A dynamic planar one-class support vector machine for Internet of Things environment", In Recent Advances in Internet of Things (RIoT), 2015 International Conference on, pp. 1-6 (2015).
52. McDermott, C.D. and Petrovski, A. "Investigation of computational intelligence techniques for intrusion detection in wireless sensor networks", International Journal of Computer Networks and Communications [online], 9(4), pp. 45-56 (2017).
53. Thing, V.L.L. "IEEE 802.11 network anomaly detection and attack classification: A deep learning approach", In Wireless Communications and Networking Conference (WCNC), 2017 IEEE, pp. 1-6 (2017).
54. Jain, R. and Shah, H. "An anomaly detection in smart cities modeled as wireless sensor network", In Signal and Information Processing (IConSIP), International Conference on, pp. 1-5 (2016).
55. Yu, T., Wang, X., and Shami, A. "Recursive principal component analysis-based data outlier detection and sensor data aggregation in IoT systems", IEEE Internet Things J., 4(6), pp. 2207-2216 (2017).
56. Hoang, D.H. and Nguyen, H.D. "A PCA-based method for IoT network traffic anomaly detection", In Advanced Communication Technology (ICACT), 2018 20th International Conference on, pp. 381-386 (2018).
57. Zhao, S., Li, W., Zia, T., et al. "A dimension reduction model and classifier for anomaly-based intrusion detection in internet of things", In Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence & Computing,
3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress DASC/PiCom/DataCom/CyberSciTech), 2017 IEEE 15th Intl, pp. 836-843 (2017).
58. "Standard deviation-Wikipedia". dev ation (accessed Jul. 27, 2021).
59. "Coefficient of variation-Wikipedia". https://en of variation (accessed Jul. 27, 2021).
60. Ahmed, M., Mahmood, A., Computer, J. H.-J. of N. and, et al. "A survey of network anomaly detection techniques", Elsevier, (2016). DOI: 10.1016/j.jnca .2015.11.016.
61. "CityPulse Smart City Datasets". (accessed Oct. 23,2018).
62. "Run Anomaly Detection On Your Data-Anomaly Detection in Azure Machine Learning". http://anom -alydetection-aml.azurewebsites. net/Single.aspx (accessed Jan. 25, 2020).
63. "Intel Lab Data". /labdata.html (accessed Aug. 09, 2021).