In an Internet of Things (IoT) environment (e.g., smart home), several IoT devices may be available that are interconnected with each other. In such interconnected environments, a faulty or compromised IoT device could impact the operation of other IoT devices. In other words, anomalous behavior exhibited by an IoT device could propagate to other devices in an IoT environment. In this paper, we argue that mitigating the propagation of the anomalous behavior exhibited by a device to other devices is equally important to detecting this behavior in the first place. In line with this observation, we present a framework, called IoT Anomaly Detector (IoT-AD), that can not only detect the anomalous behavior of IoT devices, but also limit and recover from anomalous behavior that might have affected other devices. We implemented a prototype of IoT-AD, which we evaluated based on open-source IoT device datasets as well as through real-world deployment on a small-scale IoT testbed we have built. We have further evaluated IoT-AD in comparison to prior relevant approaches. Our evaluation results show that IoT-AD can identify anomalous behavior of IoT devices in less than 2.12 milliseconds and with up to 98% of accuracy.

翻译：在物联网环境（如智能家居）中，多个物联网设备可能相互连接。在这种互联环境中，故障或受损的物联网设备可能影响其他设备的运行。换言之，某个物联网设备表现出的异常行为可能传播至整个物联网环境中的其他设备。本文认为，在检测异常行为的同时，缓解设备异常行为向其他设备的传播同等重要。基于这一观察，我们提出名为物联网异常检测器（IoT-AD）的框架，该框架不仅能检测物联网设备的异常行为，还能限制并恢复已影响其他设备的异常行为。我们实现了IoT-AD原型系统，并基于开源物联网设备数据集以及自建的小规模物联网测试床实际部署进行了评估。通过与先前相关方法的对比评估，结果显示IoT-AD能在2.12毫秒内以高达98%的准确率识别物联网设备的异常行为。