Abstract
The Internet of Things (IoT) is a new technology paradigm that refers to distributed physical devices that are connected to the Internet. The large amount of data generated by these devices is considered to be a challenging issue. This data suffers from anomalies or abnormal behaviour for a number of reasons, such as sensor faults or attack issues. However, the data collected from IoT devices is usually unlabelled, which means that the normal or anomaly classes are unknown. This study proposes TCMD, a two-tier classification model for anomaly detection in IoT. In addition, it describes the validation methods used for the model to evaluate the quality of the clustering and the performance of the classification. TCMD firstly employs hierarchical affinity propagation (HAP) clustering to group the data into normal and anomaly clusters. Secondly, the labelled data obtained from the clustering is used to train decision trees (DTs). The results show that the TCMD is able to label the data which can be helpful to reduce human intervention. In addition, in terms of false positive rate (FPR), TCMD performs well compared with the DTs on the original dataset and outperforms the state-of-the-art model.