Internet of things or in short IoT is a network of interconnected entities such as computing devices, mechanical machines, digital gadgets etc. Cloud based IoT infrastructures are susceptible to Distributed Denial of Service (DDoS) attacks. A DDoS attack may render the server useless for a long period of time causing the services to crash due to extensive load. In this project we will try to introduce the concept of fog computing and try to explain its importance in a 3-tier architecture. We have proposed an anomaly detection architecture for IoT networks where the detection actually happens on the fog layer. The algorithm is based on the CRPS metric which is a single variable algorithm which is the case in most statistical algorithms. Therefore, we have proposed a way to use multiple variables and shown why it is required in a heterogeneous network like IoT. For detection purposes(testing data) we have used Week 5 Day 1 data of DARPA 99 as it contains a TCP SYN attack initiated once for a duration of 6 min 51 s and for ICMP Week 4 Day 1 data of DARPA 99 is used it has 2 attacks for 1s each. The algorithm is able to identify these attacks correctly.

物联网或简称物联网是互连实体的网络，例如计算设备、机械机器、数字小工具等。基于云的物联网基础设施容易受到分布式拒绝服务 (DDoS) 攻击。DDoS 攻击可能导致服务器长时间无用，导致服务因负载过大而崩溃。在这个项目中，我们将尝试介绍雾计算的概念，并尝试解释它在 3 层架构中的重要性。我们为物联网网络提出了一种异常检测架构，其中检测实际上发生在雾层。该算法基于 CRPS 度量，它是大多数统计算法中的单变量算法。所以，我们提出了一种使用多个变量的方法，并说明了为什么在物联网等异构网络中需要它。出于检测目的（测试数据），我们使用了 DARPA 99 的第 5 周第 1 天数据，因为它包含一次发起的 TCP SYN 攻击，持续时间为 6 分 51 秒，并且对于 ICMP 第 4 周第 1 天的 DARPA 99 数据使用它有2次攻击，每次1s。该算法能够正确识别这些攻击。