Detecting unusual data, activities and user behaviors is an extremely important task to acquire relevant security information that allow identifying faults, intrusions and system malfunctions. In Internet of Things (IoT), conventional anomaly detection approaches are not particularly appropriated due to the limited computing resources and the high dynamism of the entities involved. This paper proposes an activity footprints based method to detect anomalies in IoT by exploiting a multiagent algorithm. Devices and services are represented using dense vectors obtained through IoT2Vec, a word embedding technique able to capture the semantic context and represent them with high-dimensional vectors. The method allows mapping sequences of specific device activities – digital footprints – with real-valued vectors. The vectors are assigned to mobile agents that act following each one a modified bio-inspired model. This model enables an intelligent global behavior to emerge on the basis of simple local movement rules observed by all agents onto a virtual 2D space. A tailored similarity rule, based on the Pearson’s correlation, drives each agent for a selective application of the movement rules, so enabling an automatic closer positioning of similar agents. The intelligent positioning (clustering), driven by the assigned vectors, allows identifying isolated agents, representing devices with unusual activities to be monitored, since they can be associated to potential intruders or malicious users. Experimental results confirm the validity of the metaheuristic algorithm.

检测异常数据、活动和用户行为是获取相关安全信息以识别故障、入侵和系统故障的一项极其重要的任务。在物联网 (IoT) 中，由于有限的计算资源和所涉及实体的高度动态性，传统的异常检测方法并不特别适用。本文提出了一种基于活动足迹的方法，通过利用多代理算法来检测物联网中的异常情况。设备和服务使用通过IoT2Vec获得的密集向量表示，一种能够捕获语义上下文并用高维向量表示它们的词嵌入技术。该方法允许使用实值向量映射特定设备活动的序列——数字足迹。向量被分配给移动代理，这些代理按照修改后的仿生模型进行操作。该模型基于所有代理在虚拟 2D 空间上观察到的简单局部移动规则，使智能全局行为能够出现。量身定制的相似性基于 Pearson 相关性的规则驱动每个智能体有选择地应用移动规则，从而实现相似智能体的自动更近定位。由分配的向量驱动的智能定位（聚类）允许识别孤立的代理，代表具有异常活动的设备进行监控，因为它们可能与潜在的入侵者或恶意用户相关联。实验结果证实了元启发式算法的有效性。