A privacy‐focused approach for anomaly detection in IoT networks

IoT devices present a series of liabilities to administrators that aim for fully secure networks. Owing to their heterogeneity and limited processing power, administrators often implement monitoring mechanisms to prevent unauthorized use of resources and data exfiltration. However, most approaches allow for easy discrimination of private behavioral patterns of its users or nodes by their MAC or IP addresses. Inferring data exchange patterns at the physical layer is a more complex task, as a single signal power indicator may correspond to a mixture of simultaneous data transmissions. This article proposes privacy‐focused mechanisms by resorting to physical layer data analysis and one‐class classification models to perform anomaly detection in IoT networks. We present a full processing pipeline that considers the signal that identifies and models patterns on the channel activity and silence periods. We train our models with data captured from interactions with an Amazon Echo with devices generating background noise and test them against a similar scenario with a tampered network node periodically uploading data. Our data show that the best performing model, kernel density estimation, is able to detect anomalies with a 99% precision rate, even surpassing the tested neural networks approaches. We also propose a framework that aims to deploy validated models into production IoT environments. We designed an end‐to‐end data flow that autonomously extracts data and classifies them at the anomaly detection server. The envisioned components were designed to be horizontally scaled for a myriad of data streams and machine learning algorithms working in parallel.