Abstract
Learning-based anomaly detection methods train models using normal data samples to capture normal behavioral patterns for identifying anomalies. Unfortunately, the distribution of normal data in Internet of Things (IoT) environments always shifts because of device upgrades and security patch implementations. Although few efforts have been made, current approaches fail to effectively exclude anomalies during the phase of normality shifts detection, and suffer from a high labeling costs during the adaptation phase. To overcome these drawbacks, this study proposes a comprehensive solution encompassing three modules. The first Normality Shift Filter is preposed to filter anomalies, meanwhile, leverages the latent space representation of an Autoencoder (AE) to capture representative samples, thereby significantly reducing the cost of labeling. The second Normality Shift Detector employs a tripartite ensemble method to accurately detect normality shifts. The third Normality Shift Adapter is designed as a customized progressive neural network to further adapt incoming shifts while retaining the valuable knowledge learned from historical data. Empirical tests conducted on open datasets demonstrate that our proposed method outperforms the state-of-the-art (SOTA) methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Al-Hawawreh, M., Sitnikova, E., et al.: X-iiotid: a connectivity-agnostic and device-agnostic intrusion data set for industrial internet of things. IEEE Internet Things J. 9(5), 3962ā3977 (2022)
Andresini, G., Pendlebury, F., et al.: Insomnia: towards concept-drift robustness in network intrusion detection. In: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, pp. 111ā122 (2021)
Cai, Z., He, Z.: Trading private range counting over big iot data. In: 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pp. 144ā153 (2019)
Cai, Z., Zheng, X., et al.: Private data trading towards range counting queries in internet of things. IEEE Trans. Mob. Comput. (2022)
Du, M., Chen, Z., et al.: Lifelong anomaly detection through unlearning. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security pp. 1283ā1297 (2019)
Fisher, R.A.: Statistical methods for research workers. In: Breakthroughs in Statistics: Methodology and Distribution, pp. 66ā70. Springer (1970)
Han, D., Wang, Z., et al.: Anomaly detection in the open world: normality shift detection, explanation, and adaptation. In: 30th Annual Network and Distributed System Security Symposium (NDSS) (2023)
Jordaney, R., Sharad, K., et al.: Transcend: detecting concept drift in malware classification models. In: Proceedings of the 26th USENIX Conference on Security Symposium, pp. 625ā642 (2017)
Lu, J., Liu, A., et al.: Learning under concept drift: a review. IEEE Trans. Knowl. Data Eng. 31(12), 2346ā2363 (2019)
Meng, W., Liu, Y., et al.: Logclass: anomalous log identification and classification with partial labels. IEEE Trans. Netw. Serv. Manage. 18(2), 1870ā1884 (2021)
Ramesh, R., Thangaraj, S.J.J.: Analyzing and detecting botnet attacks using anomaly detection with machine learning. In: 2023 5th International Conference on Inventive Research in Computing Applications (ICIRCA), pp. 911ā915 (2023)
Rusu, A.A., Rabinowitz, N.C., et al.: Progressive neural networks. arXiv preprint arXiv:1606.04671 (2016)
Sharma, D.K., Dhankhar, T., et al.: Anomaly detection framework to prevent ddos attack in fog empowered iot networks. Ad Hoc Netw. 121, 102603 (2021)
Smirnov, N.V.: On the estimation of the discrepancy between empirical curves of distribution for two independent samples. Bull. Math. Univ. Moscou 2(2), 3ā14 (1939)
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy, pp. 305ā316 (2010)
Song, J., Takakura, H., et al.: Statistical analysis of honeypot data and building of kyoto 2006+ dataset for nids evaluation. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29ā36 (2011)
Upadhyay, S.: Nature-Inspired Malware and Anomaly Detection in Android-Based Systems, pp. 85ā108. Springer (2022)
Yang, L., Zou, Y., et al.: Distributed consensus for blockchains in internet-of-things networks. Tsinghua Science and Technology (2022)
Yang, L., Guo, W., et al.: CADE: Detecting and explaining concept drift samples for security applications. In: 30th USENIX Security Symposium (USENIX Security 21). pp. 2327ā2344 (2021)
Yang, Y., Wu, L., et al.: A survey on security and privacy issues in internet-of-things. IEEE Internet Things J. 4(5), 1250ā1258 (2017)
Yu, D., Zou, Y., et al.: Competitive age of information in dynamic iot networks. IEEE Internet Things J. 8(20), 15160ā15169 (2020)
Zahan, H., Al Azad, M.W., et al.: Iot-ad: a framework to detect anomalies among interconnected iot devices. IEEE Internet Things J. 11(1), 478ā489 (2024)
Zheng, X., Cai, Z.: Preserved data sharing towards multiple parties in industrial iots. IEEE J. Sel. Areas Commun. 38(5), 968ā979 (2020)
Zhou, X., Liang, W., et al.: Adaptive segmentation enhanced asynchronous federated learning for sustainable intelligent transportation systems. IEEE Trans. Intell. Transp. Syst. (2024)
Zhou, X., Wu, J., et al.: Reconstructed graph neural network with knowledge distillation for lightweight anomaly detection. IEEE Trans. Neural Networks Learn. Syst. (2024)
Zou, Y., Xu, M., et al.: Crowd density computation and diffusion via internet of things. IEEE Internet Things J. 7(9), 8111ā8121 (2020)
Acknowledgements
This work is partially supported by the Young Scientists Fund of the National Natural Science Foundation of China under Grant No. 62302322 and 62302196, in part by the Guangzhou Basic and Applied Basic Research Project under Grant SL2022A04J01519.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Pan, M., Tang, W., He, Z., Chen, B. (2025). Anomaly Detection Under Normality-Shifted IoT Scenario: Filter, Detection, and Adaption. In: Cai, Z., Takabi, D., Guo, S., Zou, Y. (eds) Wireless Artificial Intelligent Computing Systems and Applications. WASA 2024. Lecture Notes in Computer Science, vol 14998. Springer, Cham. https://doi.org/10.1007/978-3-031-71467-2_34
Download citation
DOI: https://doi.org/10.1007/978-3-031-71467-2_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-71466-5
Online ISBN: 978-3-031-71467-2
eBook Packages: Computer ScienceComputer Science (R0)