Design and Implementation of a Hybrid Anomaly Detection System for IoT

In recent years, the dramatic increase in the number of devices has empowered the Internet of Things (IoT). Unfortunately though, IoT networks are susceptible to cyberattacks, due to the limited capabilities of the nodes. Since conventional security designs do not consider such limitations, the development of new solutions, suitable for IoT networks has become an urgent task. In this paper, we propose a modular hybrid anomaly detection system (ADS) for IoT. The proposed system utilizes cloud computing to detect anomalies in both application and network layers and train a neural network in a centralized manner. The obtained neural network weights are then downloaded to the IoT devices. This architecture allows the IoT devices to detect anomalies in a local manner, thereby reducing the communication overhead and detection latency. Also, the ADS has a mechanism to measure the deviation between the local models and the central model. Then, the deviation is used to set the frequency at which the model updates. This allows the system to update the local models less frequently when the deviation is low, further reducing the overhead. The ADS was deployed on a test IoT system and the results proved the advantages of the proposed mechanism in decreasing the detection latency and the communications overhead, while improving the detection accuracy locally.