Intrusion detection algorithm in Smart Environments featuring activity footprints approach

Discovering anomalous data or behaviors is fundamental to obtain critical security information such as intrusion detections, faults and system failures. The limited resources, like computing and storage, make conventional techniques to design Intrusion Detection Systems (IDS) not particularly suitable for smart environments. This paper proposes a novel multiagent algorithm leveraging on devices activity footprints for intrusion detection in Internet of Things environment. Smart objects are mapped with real-valued vectors obtained through the IoT2Vec model, a word embedding technique able to capture the semantic context of device activities and represent these ones in dense vectors. The vectors are assigned to agents, which are spread onto a 2D virtual space, where they move following the rules of a bio-inspired model, the flocking model. A similarity function, applied to the associated vectors, drives the agents for a selective application of the movement rules. The outcome is the emergence of agent groups aggregated on the basis of the activities of their associated devices. Thus, it is possible to easily individuate isolated agents (i.e. devices with dissimilar activity from all), representing potential intruders or with anomalous behaviors to be monitored. Preliminary results confirm the validity of the approach.