Energy-aware and Explainable Anomaly Detection and Root Cause Analysis for Internet of Things Environment

The Internet of things (IoT) revolution has made it possible for a large number of networked devices to gather, process, and exchange enormous volumes of data. In dynamic, diverse, and resource-constrained IoT environments, traditional anomaly detection techniques face a number of difficulties, particularly with regard to scalability, explainability, and energy efficiency. As a result, maintaining effective security in large-scale IoT deployments has become a critical research concern. This thesis addresses these challenges through a progressive research framework that evolves from rule-based detection to energy-aware and explainable Automated Machine Learning (AutoML)-driven anomaly detection system and, finally, to causal reasoning for root-cause analysis in IoT systems.

This thesis is based on a programmable hybrid intrusion detection system (IDS) that is used in a software-defined IoT ecosystem. The proposed IDS guarantees real-time surveillance and tracking of intrusion-induced anomalous traffic, encompassing high-volume traffic activities and packet-fragmentation anomalies, thereby affirming the efficacy of the methodology. However, despite its effectiveness, the rule-based IDS relies on manual rule configuration that restricts its adaptability to unseen anomaly patterns and behaviours. So, to overcome this, this work introduces an AutoML approach that optimises feature selection, hyperparameters, and model architectures using a restricted search strategy and checkpoint-based evaluation to detect anomalies in an IoT environment. This approach improves detection accuracy and ensures the system's responsiveness to new and unseen anomaly patterns.

Although automation improves efficiency, the process involved increases computational and energy demands. This research aims to develop an energy-aware AutoML pipeline, integrating interpretable feature selection and real-time energy monitoring to facilitate sustainable model training. This proposed pipeline saves almost 60 of energy while degrading just 1 of accuracy, highlighting that it is possible to deploy the proposed model in resource-constrained IoT. In the final part, the key objective is to identify the root causes behind the identified anomalies in IoT traffic. For this purpose, a Bayesian network-based root-cause analysis (RCA) approach is developed to analyse the collected data and diagnose the identified anomalies. This approach models causal dependencies among network-level variables and performs forward and backward inference to identify causal relationships behind abnormal events.

The proposed framework is validated using extensive experiments on benchmark IoT datasets, confirming improvement in the detection accuracy, explainability, and energy efficiency while enabling causal diagnosis capabilities. This research proposes an intelligent framework to provide interpretable and sustainable anomaly detection in IoT environments through the amalgamation of detection, optimisation, and RCA.