Creation and operation of sensor systems is a complex challenge not only for industrial and military purposes but also for consumer services ("smart city", "smart home") and other applications such as agriculture ("smart farm", "smart greenhouse"). The use of such systems gives a positive economic effect and provides additional benefits from various points of view. At the same time, due to a large number of threats and challenges to cyber security, it is necessary to detect attacks on sensor systems in a timely manner. Here we present an anomaly detection method in which sensor nodes observe their neighbors and detect obvious deviations in their behavior. In this way, the community of neighboring nodes works collectively to protect one another. The nodes record only those parameters and attributes that are inherent in any node. Regardless of the node's functionality, such parameters include the amount of traffic passing through the node, its Central Processing Unit (CPU) load, as well as the presence and number of packets dropped by the node. Our method's main goal is to implement protection against the active influence of an internal attacker on the whole sensor network. We present the anomaly detection method, a dataset collection strategy, and experimental results that show how different types of attacks can be distinguished in the data produced by the nodes.
Keywords: anomaly; attacks; detection; divergence; entropy; normalization; security; smart sensors.