Monday, December 12, 2016

MIMIC MQTT Simulator for testing IoT Anomaly Detection

Anomaly detection for IoT is a challenge of both infrastructure monitoring and big data.

For an example of the former, if a sensor fails to PING for a while, it can be
assumed to be down or unreachable. This can be detected with traditional
network management applications, this scenario is shown with MIMIC 
NetFlow Simulator generating flows to ELK.




On the other end of the spectrum is a sensor that is malfunctioning by
generating too much data, as the highlighted green node in the Kibana
graph below.


Data generated by your IoT sensors are a special case data source for
Anomaly Detection.

For reference, check these white papers

https://www.bosch-si.com/internet-of-things/iot-downloads/iot-analytics-white-paper/anomaly-detection.html

https://aws.amazon.com/blogs/iot/anomaly-detection-using-aws-iot-and-aws-lambda/

https://www.oreilly.com/ideas/the-elements-of-anomaly-detection-in-the-internet-of-things

https://software.intel.com/en-us/articles/change-and-anomaly-detection-framework-for-internet-of-things-data-streams

Database techniques can be used to populate your data repository for
priming an anomaly detection algorithm, but only real-time generation
of precisely tailored data verifies that end-to-end processing works
as intended.

MIMIC MQTT Simulator can simulate large numbers of heterogeneous
sensors generating desirable data patterns in real-time over MQTT. For
example, you can have miriads of sensors generating MQTT payloads
containing a "normal" pattern, and instruct a small subset of them to
"misbehave" predictably, then observe how long it take to detect this
anomaly.

By deterministically varying the anomaly patterns in the simulator you are
able to tune and regression test iterations in your detection algorithm.
You are able even to explore boundary conditions of the infrastructure
requirements, such as message rates, failure conditions, etc.

No comments: