Metric characteristics of anomalous traffic detection in internet of things

The urgent problem of timely detection of abnormal traffic in the Internet of Things networks, which wastes the energy of sensor devices, is discussed. Anomalous traffic means traffic that contains malicious software that implements an attacking effect on the nodes of the Internet of Things. Timely detection of abnormal traffic contributes to the preservation of the service life and, accordingly, the performance of the services provided by the Internet of Things. The subject of this research is the application of metric characteristics to detect abnormal traffic in the Internet of Things networks. The aim of the work is to propose a system of metrics that allow registering signatures of individual sensor devices or patterns of their behavior and assessing the mode of operation of individual network segments. Since the Internet of Things is built on a hierarchical basis - from a wireless sensor network to a global network, the attack detection system covers all levels - from a sensor device to a global cloud. Detection of abnormal traffic both in the wireless sensor network and at the level of wired networks - local and global - is implemented using metrics. A metric is a qualitative or quantitative indicator that reflects one or another characteristic of the functioning of an infocommunication network. Analysis of the sources showed the lack of systematization of metric characteristics for the Internet of Things networks. Research findings include: a description of the elements that make up the IoT ecosystem; layered model of the architecture of the Internet of things; an abnormal traffic detection metrics system containing a wide range of predictive, diagnostic and retrospective metrics. The proposed system of metrics can be used to build intrusion detection systems in IoT networks.