International Business Machines Corporation
Method for privacy preserving anomaly detection in IoT

Abstract:

Embodiments may provide techniques to detect cyber-security events in IoT data traffic that provide improved detection accuracy and preservation of privacy. For example, in an embodiment, a method may be implemented in a computer comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, the method may comprise collecting a plurality of messages to and from at least one device, extracting metadata features from the collected plurality of messages, generating a time window, determining additional features based on the extracted metadata features present during the time window, detecting behavioral patterns of the at least one device based on the collected plurality of messages, clustering the determined additional features and the detected behavioral patterns present during the time window, and detecting at least one anomaly or type of anomaly using the clustered determined additional features and the detected behavioral patterns.