Metaheuristic algorithm for anomaly detection in Internet of Things leveraging on a neural-driven multiagent system

Detecting unusual data, activities and user behaviors is an extremely important task to acquire relevant security information that allow identifying faults, intrusions and system malfunctions. In Internet of Things (IoT), conventional anomaly detection approaches are not particularly appropriated due to the limited computing resources and the high dynamism of the entities involved. This paper proposes an activity footprints based method to detect anomalies in IoT by exploiting a multiagent algorithm. Devices and services are represented using dense vectors obtained through IoT2Vec, a word embedding technique able to capture the semantic context and represent them with high-dimensional vectors. The method allows mapping sequences of specific device activities - digital footprints - with real-valued vectors. The vectors are assigned to mobile agents that act following each one a modified bio-inspired model. This model enables an intelligent global behavior to emerge on the basis of simple local movement rules observed by all agents onto a virtual 2D space. A tailored similarity rule, based on the Pearson's correlation, drives each agent for a selective application of the movement rules, so enabling an automatic closer positioning of similar agents. The intelligent positioning (clustering), driven by the assigned vectors, allows identifying isolated agents, representing devices with unusual activities to be monitored, since they can be associated to potential intruders or malicious users. Experimental results confirm the validity of the metaheuristic algorithm.