DAD: a Distributed Anomaly Detection system using ensemble one-class statistical learning in edge networks

Nour Moustafa, Marwa Keshk, Kim-Kwang Raymond Choo, Timothy Lynar, Seyit Camtepe, Monica Whitty

Research output: Contribution to journalArticleResearchpeer-review

15 Citations (Scopus)


There are various data management and security tools deployed at the cloud for storing and analyzing big data generated by the Internet of Things (IoT) and Industrial IoT (IIoT) systems. There is a recent trend to move such tools to edge networks (closer to the users and the IoT/IIoT systems) to address limitations, especially latency and security issues, in cloud-based solutions. However, protecting edge networks against zero-day attacks is challenging, due to the volume, variety and veracity of data collected from the large numbers of IoT devices in edge networks. In this paper, we propose a Distributed Anomaly Detection (DAD) system to discover zero-day attacks in edge networks. The proposed system uses Gaussian Mixture-based Correntropy, a novel ensemble one-class statistical learning model, which is designed to effectively monitor and recognize zero-day attacks in real-time from edge networks. We also design an IoT-edge-cloud architecture to illustrate the complexity of edge networks and how one can deploy the proposed system at network gateways. The proposed system is evaluated using both NSL-KDD and UNSW-NB15 datasets. The findings reveal that the proposed system achieves better performance, in terms of detection accuracy and processing time, compared with five anomaly detection techniques.

Original languageEnglish
Pages (from-to)240-251
Number of pages12
JournalFuture Generation Computer Systems
Publication statusPublished - May 2021
Externally publishedYes


  • Anomaly detection
  • Correntropy technique
  • Edge computing
  • Edge networks
  • Gaussian mixture model
  • One-class learning

Cite this