Low-Power and Lossy Networks (LLNs), e.g., sensor networks, have a myriad of applications, such as Smart Grid and Smart Cities. Various challenges are presented with LLNs, such as lossy links, low bandwidth, battery operation, low memory and/or processing capability of a device, etc. Changing environmental conditions may also affect device communications. For example, physical obstructions (e.g., changes in the foliage density of nearby trees, the opening and closing of doors, etc.), changes in interference (e.g., from other wireless networks or devices), propagation characteristics of the media (e.g., temperature or humidity changes, etc.), and the like, also present unique challenges to LLNs.
Anomaly detection seeks to ensure that a deployed network is operating as expected. This may entail detecting and remediating security threats, misbehaving or misconfigured devices, user policy violations, anomalous sensor readings, and the like. In traditional networks, anomaly detection is fairly straight-forward, as the devices in these networks have ample resources available to devote to anomaly detection. This allows the use of distributed anomaly detection approaches, as the devices themselves can perform the anomaly detection functions directly. However, devices in LLNs and other constrained networks likely do not have the resources to perform anomaly detection in addition to their primary functions. Accordingly, many anomaly detection approaches for constrained networks use a centralized model whereby the devices in the network pass status data to a more sophisticated, centralized anomaly detection device.