A Survey of Anomaly Detection Approaches in Internet of Things

Document Type: REVIEW PAPER


1 Faculty of Electronic and Computer Engineering, Malek Ashtar University of Technology, Tehran, Iran

2 Faculty of Computer Engineering, Sharif University of technology, Tehran, Iran

3 Department of Computer Engineering and Information Technology, Amirkabir University of Technology


Internet of Things is an ever-growing network of heterogeneous and constraint nodes which are connected to each other and the Internet. Security plays an important role in such networks. Experience has proved that encryption and authentication are not enough for the security of networks and an Intrusion Detection System is required to detect and to prevent attacks from malicious nodes. In this regard, Anomaly based Intrusion Detection Systems identify anomalous behavior of the network and consequently detect possible intrusion, unknown and stealth attacks. To this end, this paper analyses, evaluates and classifies anomaly detection approaches and systems specific to the Internet of Things. For this purpose, anomaly detection systems and approaches are analyzed in terms of engine architecture, application position, and detection method and in each point of view, approaches are investigated considering the associated classification.


  1. Raza, S. (2013). Lightweight Security Solutions for the Internet of Things (Doctoral dissertation, Mälardalen University, Västerås, Sweden)
  2. Jiang, D., & ShiWei, C. (2010, August). A study of information security for M2M of IOT. In Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on (Vol. 3, pp. V3-576). IEEE.
  3. Raza, S., Wallgren, L., & Voigt, T. (2013). SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks, 11(8), 2661-2674.
  4. Butun, I., Kantarci, B., & Erol-Kantarci, M. (2015, June). Anomaly detection and privacy preservation in cloud-centric Internet of Things. In Communication Workshop (ICCW), 2015 IEEE International Conference on (pp. 2610-2615). IEEE.
  5. Butun, I., Morgera, S. D., & Sankar, R. (2014). A survey of intrusion detection systems in wireless sensor networks. Communications Surveys & Tutorials, IEEE, 16(1), 266-282.
  6. Liu, Y., & Wu, Q. (2014, June). A lightweight anomaly mining algorithm in the Internet of Things. In Software Engineering and Service Science (ICSESS), 2014 5th IEEE International Conference on (pp. 1142-1145). IEEE.
  7. Miorandi, D., Sicari, S., De Pellegrini, F., & Chlamtac, I. (2012). Internet of Things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), 1497-1516.
  8. Aggarwal, C. C., Ashish, N., & Sheth, A. P. (2013). The Internet of Things: A Survey from the Data-Centric Perspective.
  9. Le, A., Loo, J., Lasebae, A., Aiash, M., & Luo, Y. (2012). 6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach. International Journal of Communication Systems, 25(9), 1189-1212.
  10. Kasinathan, P., Pastrone, C., Spirito, M., & Vinkovits, M. (2013, October). Denial-of-Service detection in 6LoWPAN based Internet of Things. In Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE 9th International Conference on (pp. 600-607). IEEE.
  11. Bandyopadhyay, D., & Sen, J. (2011). Internet of Things: Applications and challenges in technology and standardization. Wireless Personal Communications, 58(1), 49-69.
  12. Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM computing surveys (CSUR), 41(3),
  13. Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., & Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & security, 28(1), 18-28.
  14. Liu, C. M., Chen, S. Y., Zhang, Y., Chen, R., & Guo, K. L. (2012, February). An IoT Anomaly Detection Model Based on Artificial Immunity. In Advanced Materials Research (Vol. 424, pp. 625-628).
  15. Z. Zheng, J. Wang, Z. Zhu, “A General Anomaly Detection Framework for Internet of Things,” in Proc. 41st IEEE/IFIP International Conference on Dependable Systems and Networks, Hong Kong, June 27-30, 2011.
  16. Ageev, S., Kopchak, Y., Kotenko, I., & Saenko, I. (2015, May). Abnormal traffic detection in networks of the Internet of Things based on fuzzy logical inference. In Soft Computing and Measurements (SCM), 2015 XVIII International Conference on (pp. 5-8). IEEE.
  17. Greensmith, J. (2015, July). Securing the Internet of Things with Responsive Artificial Immune Systems. In Proceedings of the 2015 on Genetic and Evolutionary Computation Conference (pp. 113-120). ACM.
  18. Da Xu, L., He, W., & Li, S. (2014). Internet of Things in industries: a survey. Industrial Informatics, IEEE Transactions on, 10(4), 2233-2243.
  19. Xie, M., Han, S., Tian, B., & Parvin, S. (2011). Anomaly detection in wireless sensor networks: A survey. Journal of Network and Computer Applications, 34(4), 1302-1325.
  20. Islam, M. S., & Rahman, S. A. (2011). Anomaly intrusion detection system in wireless sensor networks: security threats and existing approaches. International Journal of Advanced Science and Technology, 36(1), 1-8.
  21. Rajasegarar, S., Leckie, C., & Palaniswami, M. (2008). Anomaly detection in wireless sensor networks. Wireless Communications, IEEE, 15(4), 34-40.
  22. da Silva APR, Martins MHT, Rocha BPS, Loureiro AAF, Ruiz LB, Wong HC. Decentralized intrusion detection in wireless sensor networks. 1st ACM International Workshop on Quality of Service; Security in Wireless and Mobile Networks, Montreal, Quebec, Canada, 2005; 16–23.
  23. Strikos A. A full approach for intrusion detection in wireless sensor networks, 2007. School of Information and Communication Technology, KTH report.on (pp. 5-8). IEEE.
  24. Pongle, P., & Chavan, G. (2015). Real Time Intrusion and Wormhole Attack Detection in Internet of Things. International Journal of Computer Applications, 121(9).
  25. Amin, S. O., Siddiqui, M. S., Hong, C. S., & Lee, S. (2009). RIDES: Robust intrusion detection system for IP-based ubiquitous sensor networks. Sensors, 9(5), 3447-3468.
  26. Shilton, A., Rajasegarar, S., Leckie, C., & Palaniswami, M. (2015, April). DP1SVM: A dynamic planar one-class support vector machine for Internet of Things environment. In Recent Advances in Internet of Things (RIoT), 2015 International Conference on (pp. 1-6). IEEE.
  27. Trilles, S., Belmonte, Ò., Schade, S., & Huerta, J. (2016). A domain-independent methodology to analyze IoT data streams in real-time. A proof of concept implementation for anomaly detection from environmental data. International Journal of Digital Earth, 10(1), 103-120.
  28. Sedjelmaci, H., Senouci, S. M., & Al-Bahri, M. (2016, May). A lightweight anomaly detection technique for low-resource IoT devices: A game-theoretic methodology. In Communications (ICC), 2016 IEEE International Conference on (pp. 1-6). IEEE.
  29. Chen, Z., Tian, L., & Lin, C. (2015, November). A Method for Detection of Anomaly Node in IoT. In International Conference on Algorithms and Architectures for Parallel Processing (pp. 777-784). Springer International Publishing.
  30. Wang, J., Kuang, Q., & Duan, S. (2015). A new online anomaly learning and detection for large-scale service of Internet of Thing. Personal and Ubiquitous Computing, 19(7), 1021-1031.
  31. Han, M. L., Lee, J., Kang, A. R., Kang, S., Park, J. K., & Kim, H. K. (2015, December). A Statistical-Based Anomaly Detection Method for Connected Cars in Internet of Things Environment. In International Conference on Internet of Vehicles (pp. 89-97). Springer International Publishing.
  32. Kartakis, S., Yu, W., Akhavan, R., & McCann, J. A. (2016, April). Adaptive Edge Analytics for Distributed Networked Control of Water Systems. In 2016 IEEE First International Conference on Internet-of-Things Design and Implementation (IoTDI) (pp. 72-82). IEEE.
  33. Goodman, D. L., Hofmeister, J., & Wagoner, R. (2015, November). Advanced diagnostics and anomaly detection for railroad safety applications: Using a wireless, IoT-enabled measurement system. In IEEE AUTOTESTCON, 2015 (pp. 273-279). IEEE.
  34. Eliseev, V., & Gurina, A. (2016, July). Algorithms for network server anomaly behavior detection without traffic content inspection. In Proceedings of the 9th International Conference on Security of Information and Networks(pp. 67-71). ACM.
  35. Fu, R., Zheng, K., Zhang, D., & Yang, Y. (2011, November). An intrusion detection scheme based on anomaly mining in Internet of Things. In Wireless, Mobile & Multimedia Networks (ICWMMN 2011), 4th IET International Conference on (pp. 315-320). IET.
  36. Wang, J., & Duan, S. (2014, October). An Online Anomaly Learning and Forecasting Model for Large-Scale Service of Internet of Things. In Identification, Information and Knowledge in the Internet of Things (IIKI), 2014 International Conference on (pp. 152-157). IEEE.
  37. Arrington, B., Barnett, L., Rufus, R., & Esterline, A. (2016, August). Behavioral Modeling Intrusion Detection System (BMIDS) Using Internet of Things (IoT) Behavior-Based Anomaly Detection via Immunity-Inspired Algorithms. In Computer Communication and Networks (ICCCN), 2016 25th International Conference on (pp. 1-6). IEEE.
  38. Kasinathan, P., Costamagna, G., Khaleel, H., Pastrone, C., & Spirito, M. A. (2013, November). DEMO: An IDS framework for internet of things empowered by 6LoWPAN. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (pp. 1337-1340). ACM.
  39. Vijai, P., & Sivakumar, P. B. (2016). Design of IoT Systems and Analytics in the Context of Smart City Initiatives in India. Procedia Computer Science, 92, 583-588.
  40. Desnitsky, V. A., Kotenko, I. V., & Nogin, S. B. (2015, May). Detection of anomalies in data for monitoring of security components in the internet of things. In Soft Computing and Measurements (SCM), 2015 XVIII International Conference on (pp. 189-192). IEEE.
  41. Thanigaivelan, N. K., Nigussie, E., Kanth, R. K., Virtanen, S., & Isoaho, J. (2016, January). Distributed internal anomaly detection system for Internet-of-Things. In 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 319-320). IEEE.
  42. Tsitsiroudi, N., Sarigiannidis, P., Karapistoli, E., & Economides, A. A. (2016, July). EyeSim: A mobile application for visual-assisted wormhole attack detection in IoT-enabled WSNs. In Wireless and Mobile Networking Conference (WMNC), 2016 9th IFIP (pp. 103-109). IEEE.
  43. Surendar, M., & Umamakeswari, A. (2016, March). InDReS: An Intrusion Detection and response system for Internet of Things with 6LoWPAN. In Wireless Communications, Signal Processing and Networking (WiSPNET), International Conference on (pp. 1903-1908). IEEE.
  44. Ukil, A., Bandyoapdhyay, S., Puri, C., & Pal, A. (2016, March). IoT Healthcare Analytics: The Importance of Anomaly Detection. In 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA) (pp. 994-997). IEEE.
  45. Ding, J., Liu, Y., Zhang, L., & Wang, J. (2014, September). LCAD: A Correlation Based Abnormal Pattern Detection Approach for Large Amount of Monitor Data. In Asia-Pacific Web Conference (pp. 550-558). Springer International Publishing.
  46. Gendreau, A. A., & Moorman, M. (2016, August). Survey of Intrusion Detection Systems towards an End to End Secure Internet of Things. In Future Internet of Things and Cloud (FiCloud), 2016 IEEE 4th International Conference on (pp. 84-90). IEEE.
  47. Summerville, D. H., Zach, K. M., & Chen, Y. (2015, December). Ultra-lightweight deep packet anomaly detection for Internet of Things devices. In 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC) (pp. 1-8). IEEE.
  48. Ho, C. W., Chou, C. T., Chien, Y. C., & Lee, C. F. (2016, August). Unsupervised Anomaly Detection Using Light Switches for Smart Nursing Homes. In Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), 2016 IEEE 14th Intl C (pp. 803-810). IEEE.
  49. Machaka, P., McDonald, A., Nelwamondo, F., & Bagula, A. (2015, November). Using the Cumulative Sum Algorithm Against Distributed Denial of Service Attacks in Internet of Things. In International Conference on Context-Aware Systems and Applications (pp. 62-72). Springer International Publishing.
  50. Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., & Schönwälder, J. (2016, April). Using the RPL Protocol for Supporting Passive Monitoring in the Internet of Things. In IEEE/IFIP Network Operations and Management Symposium.
  51. Sarigiannidis, P., Karapistoli, E., & Economides, A. A. (2015, June). VisIoT: A threat visualisation tool for IoT systems security. In 2015 IEEE International Conference on Communication Workshop (ICCW) (pp. 2633-2638). IEEE.
  52. Bostani, H., & Sheikhan, M. (2017). Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach. Computer Communications, 98, 52-71.
  53. Yang, L., Ding, C., Wu, M., & Wang, K. (2017). Robust detection of false data injection attacks for data aggregation in an Internet of Things-based environmental surveillance. Computer Networks, 129, 410-428.
  54. Lyu, L., Jin, J., Rajasegarar, S., He, X., & Palaniswami, M. (2017). Fog-Empowered Anomaly Detection in IoT Using Hyperellipsoidal Clustering. IEEE Internet of Things Journal, 4(5), 1174-1184.
  55. Gunupudi, R. K., Nimmala, M., Gugulothu, N., & Gali, S. R. (2017). CLAPP: A self constructing feature clustering approach for anomaly detection. Future Generation Computer Systems, 74, 417-429.
  56. Domb, M., Bonchek-Dokow, E., & Leshem, G. (2017). Lightweight adaptive Random-Forest for IoT rule generation and execution. Journal of Information Security and Applications, 34, 218-224.
  57. Sedjelmaci, H., Senouci, S. M., & Taleb, T. (2017). An Accurate Security Game for Low-Resource IoT Devices. IEEE Transactions on Vehicular Technology, 66(10), 9381-9393.
  58. Moshtaghi, M., Erfani, S. M., Leckie, C., & Bezdek, J. C. (2017). Exponentially Weighted Ellipsoidal Model for Anomaly Detection. International Journal of Intelligent Systems, 32(9), 881-899.
  59. Yu, T., Wang, X., & Shami, A. (2017). Recursive Principal Component Analysis based Data Outlier Detection and Sensor Data Aggregation in IoT Systems. IEEE Internet of Things Journal.
  60. McDermott, C. D., & Petrovski, A. (2017). Investigation of computational intelligence techniques for intrusion detection in wireless sensor networks.
  61. Sheikhan, M., & Bostani, H. (2016, September). A hybrid intrusion detection architecture for Internet of Things. In Telecommunications (IST), 2016 8th International Symposium on (pp. 601-606). IEEE.
  62. Thing, V. L. (2017, March). IEEE 802.11 Network Anomaly Detection and Attack Classification: A Deep Learning Approach. In Wireless Communications and Networking Conference (WCNC), 2017 IEEE (pp. 1-6). IEEE.
  63. Jain, R., & Shah, H. (2016, October). An anomaly detection in smart cities modeled as wireless sensor network. In Signal and Information Processing (IConSIP), International Conference on (pp. 1-5). IEEE.
  64. Granjal, J., & Pedroso, A. (2018). An Intrusion Detection and Prevention Framework for Internet-Integrated CoAP WSN. Security and Communication Networks, 2018.
  65. Pacheco, J., & Hariri, S. (2018). Anomaly behavior analysis for IoT sensors. Transactions on Emerging Telecommunications Technologies, 29(4), e3188.
  66. Hoang, D. H., & Nguyen, H. D. (2018, February). A PCA-based method for IoT network traffic anomaly detection. In Advanced Communication Technology (ICACT), 2018 20th International Conference on (pp. 381-386). IEEE.
  67. Zhao, S., Li, W., Zia, T., & Zomaya, A. Y. (2017, November). A Dimension Reduction Model and Classifier for Anomaly-Based Intrusion Detection in Internet of Things. In Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence & Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), 2017 IEEE 15th Intl(pp. 836-843). IEEE.
  68. Tama, B. A., & Rhee, K. H. (2018). An Integration of PSO-based Feature Selection and Random Forest for Anomaly Detection in IoT Network. In MATEC Web of Conferences (Vol. 159, p. 02021). EDP Sciences.
  69. Onal, A. C., Sezer, O. B., Ozbayoglu, M., & Dogdu, E. (2017, December). Weather data analysis and sensor fault detection using an extended IoT framework with semantics, big data, and machine learning. In Big Data (Big Data), 2017 IEEE International Conference on (pp. 2037-2046). IEEE.
  70. Zissis, D. (2017, June). Intelligent security on the edge of the cloud. In Engineering, Technology and Innovation (ICE/ITMC), 2017 International Conference on (pp. 1066-1070). IEEE.
  71. Top IoT Vulnerabilities. (2018, 07 10). Retrieved from OWASP:  https://www.owasp.org/index.php/Top_IoT_Vulnerabilities
  72. Dyn Analysis Summary Of Friday October 21 Attack. (2018, 07 10). Retrieved from Dyn Blog: https://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/
  73. Persirai: New Internet of Things (IoT) Botnet Targets IP Cameras. (2018, 07 10). Retrieved from TrendLabs Security Intelligence Blog: https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/