Anomaly Detection in IoT Networks Based on Intelligent Security Event Correlation

Abstract

Modern Internet of Things networks combine many devices and sensors that transmit and process large amounts of data. Security tools identify security events that contain information about detected system or network states. In turn, high-performance data anomaly detection methods are required to ensure stability and reliability of work processes. Information about the correlation of identified security events can be used to detect and explain deviations from normal states. This study proposes an anomaly detection approach based on the causal correlation of security events using machine learning. The proposed approach does not require prior knowledge of event scenarios. Using cluster analysis and a convolutional recurrent neural network, we construct a security state correlation graph corresponding to the normal behavior of the system. Cluster analysis determines the similarity of events to each other. A convolutional LSTM, analyzes the spatio-temporal relationship of events. Using the identified event correlation thresholds, we look for anomalies in real time. Experimental results on an Internet of Things sensor dataset show that the proposed method is efficient in anomaly detection tasks.