Method for privacy preserving anomaly detection in IoT

Assignee

• International Business Machines Corporation · US

Inventors

• Allon Adir · Kiryat Tivon, IL
• Ehud Aharoni · Kfar Sava, IL
• Lev Greenberg · Haifa, IL
• Omri Soceanu · Haifa, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments may provide techniques to detect cyber-security events in IoT data traffic that provide improved detection accuracy and preservation of privacy. For example, in an embodiment, a method may be implemented in a computer comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, the method may comprise collecting a plurality of messages to and from at least one device, extracting metadata features from the collected plurality of messages, generating a time window, determining additional features based on the extracted metadata features present during the time window, detecting behavioral patterns of the at least one device based on the collected plurality of messages, clustering the determined additional features and the detected behavioral patterns present during the time window, and detecting at least one anomaly or type of anomaly using the clustered determined additional features and the detected behavioral patterns.