Proceedings of the 13th International Conference on Identification, Information and Knowledge in the Internet of Things, IIKI 2025, 18-21 December 2025, Chengdu, China

Research Article

Anomaly Detection Based on Behavior Feature Correlation for IoT Systems

Download16 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.4108/eai.18-12-2025.2365298,
    author={Yifan  Lu and Qixiao  Lin and Jian  Mao and Qiange  Liu and Ziwen  Liu and Yaodong  Zhang and Yan  Huo},
    title={Anomaly Detection Based on Behavior Feature Correlation for IoT Systems},
    proceedings={Proceedings of the 13th International Conference on Identification, Information and Knowledge in the Internet of Things, IIKI 2025, 18-21 December 2025, Chengdu, China},
    publisher={EAI},
    proceedings_a={IIKI},
    year={2026},
    month={6},
    keywords={Internet of Things IoT security community detection behavior feature representation},
    doi={10.4108/eai.18-12-2025.2365298}
}
  • Yifan Lu
    Qixiao Lin
    Jian Mao
    Qiange Liu
    Ziwen Liu
    Yaodong Zhang
    Yan Huo
    Year: 2026
    Anomaly Detection Based on Behavior Feature Correlation for IoT Systems
    IIKI
    EAI
    DOI: 10.4108/eai.18-12-2025.2365298
Yifan Lu1, Qixiao Lin1, Jian Mao1,*, Qiange Liu1, Ziwen Liu1, Yaodong Zhang1, Yan Huo2
  • 1: School of Cyber Science and Technology, Beihang University, Beijing, China
  • 2: School of Electronics and Information Engineering, Beijing Jiaotong University, Beijing, China
*Contact email: maojian@buaa.edu.cn

Abstract

In Internet of Things (IoT) systems, automation rules are crucial for the intelligent control of devices. However, their reliance on event-driven logic is vulnerable to various security threats, such as event injection and command interception, which can disrupt system operations and compromise safety. Existing approaches typically extract state correlations from event sequences segmented by fixed time windows. These approaches struggle to identify long-range, multi-hop dependencies and can be bypassed by adversarial event sequences that partially mimic legitimate patterns, leading to false negatives. To address these, in this paper, we propose an anomaly detection method based on behavior feature correlation. Our approach models inter-device state correlations using a heterogeneous graph structure. It partitions behavior patterns through iterative community detection and automated semantic annotation, and represents normal behavior by embedding and clustering of state sequences. During the detection phase, anomalies are identified by measuring the similarity between the representation of a test sequence and the established benign profile. Experimental results demonstrate that our anomaly detection approach enhances precision by 1 time and recall by 3.2 times, compared to the leading baseline method.

Keywords
Internet of Things, IoT security, community detection, behavior feature representation
Published
2026-06-17
Publisher
EAI
http://dx.doi.org/10.4108/eai.18-12-2025.2365298
Copyright © 2025–2026 EAI
EAI Logo

About EAI

Community

Publish with EAI