IoT Anomaly Detection Using Picture Fuzzy Clustering Approach

1. Introduction

Anomaly detection within the Internet of Things (IoT) ecosystem has become an increasingly critical component of cybersecurity, primarily due to the rising frequency of unauthorized access and cyberattacks [1]. With the widespread adoption of IoT devices, there has been an exponential surge in data generation, making these devices attractive targets for malicious actors. As a result, ensuring information security—particularly through effective anomaly detection—has gained significant importance. Identifying anomalies in IoT data has numerous practical applications, such as fault diagnosis, fraud prevention, predictive maintenance, and system monitoring. In scenarios where consistent and dependable responses are unavailable, anomaly detection can provide valuable insights. To tackle these challenges, this work introduces reliable approaches for detecting anomalies in IoT environments.

The Internet of Things (IoT) refers to a network of interconnected devices embedded with computing and communication capabilities, enabling them to perform a variety of tasks autonomously [2]. The primary objective of IoT is to enrich and personalize user experiences by facilitating seamless interaction with physical objects. IoT has driven major technological advancements across diverse domains such as agriculture, smart cities, healthcare, transportation, retail, and logistics. Often regarded as a global infrastructure, IoT bridges the cyber and physical worlds by building on existing systems and early-generation IoT technologies [2].

Today, IoT devices have become deeply integrated into everyday life. In agriculture, they support applications such as precision farming, livestock monitoring, and smart irrigation systems [3]. In healthcare, IoT enables solutions like remote patient monitoring, heart rate and mood tracking, ingestible sensors, and robotic surgery [4]. In education, it supports innovations such as distance learning, smart classrooms, attendance automation, augmented reality, and adaptive learning platforms [5]. Additionally, IoT is widely applied in areas including smart cities, home automation, transportation, supply chain management, and manufacturing [6].

Given their constant connectivity to the Internet and to each other, IoT devices are particularly vulnerable to malicious actors. Therefore, implementing robust security mechanisms is essential to prevent and detect intrusions within these interconnected environments.

Several approaches have been proposed to address the aforementioned problem, among which clustering-based anomaly detection of IoT data [7,8] is a prominent method. Clustering is widely recognized as an effective technique for uncovering patterns and understanding data distribution within datasets [9,10], and it has been extensively applied in the context of anomaly detection. For instance, the authors in [8] introduced a fuzzy c-means clustering approach for detecting anomalies in mixed-type data. In [11], an agglomerative hierarchical clustering algorithm was developed for anomaly detection in network traffic which uses Canberra metric measure [12,13,14,15] as distance for fomula for clustering. A hybrid model combining both partitioning and hierarchical techniques was proposed in [16] to handle anomalies in mixed datasets. Additionally, the authors in [17] presented a hybrid method that integrates rough set theory with a density-based clustering technique for detecting anomalies in high-dimensional IoT data. A two-phase approach that incorporates both partitioning and hierarchical clustering, while also considering the temporal characteristics of real-time data, was introduced in [18].

Further related works can be found in [19,20,21,22,23,24,25,26,27,28,29,30,31,32], highlighting the ongoing interest and development in this area. Notably, [33] explores insider threats, which pose significant cybersecurity challenges for industrial control systems. An online anomaly detection method using random forests was presented in [34], offering a real-time solution. Finally, [35] provides a comprehensive review of various anomaly detection techniques applicable to IoT systems.

Many of the existing algorithms proposed in the literature exhibit certain limitations, particularly in effectively detecting anomalies within IoT data. However, incorporating fuzziness into clustering techniques can help overcome several of these challenges for the following key reasons. First, fuzzy clustering enables data points to belong to multiple clusters simultaneously, which is advantageous when dealing with complex data structures, ambiguity, or overlapping class boundaries. Second, it demonstrates greater resilience to noise and anomalies, as the transition between clusters occurs gradually rather than abruptly. Third, fuzzy clustering provides a more detailed representation of the association between data points and clusters, offering a richer and more nuanced understanding of the data’s inherent structure.

In [36], the authors introduced a novel algorithm that incorporates Mahalanobis distance to enhance the accuracy of intrusion detection. In [37], a fuzzy c-means clustering method was proposed for network intrusion detection, utilizing principal component analysis to select the most discriminative features. Related research efforts can also be found in [38,39,40,41,42].

Zadeh [43] introduced the concept of fuzziness into mathematics by defining fuzzy sets (FS) based on membership degrees. This foundational idea led to the development of the mathematics of fuzziness, which has since been applied across nearly all domains of human knowledge. In response to real-world challenges, numerous extensions, generalizations, and variations of fuzzy sets have been proposed. One such extension is the intuitionistic fuzzy set (IFS), introduced by Atanassov [44], which incorporates both membership and non-membership degrees. Building on this, Cuong [45] proposed the picture fuzzy set (PFS), which further includes a degree of neutrality alongside membership and non-membership degrees.

Fuzzy sets and their extensions have been effectively employed in various applications, particularly in clustering and anomaly detection [8,9,36,37,38,40,41,42,46,47,48,49,50]. For example, an IFS-based hierarchical clustering algorithm was proposed in [51], leveraging traditional hierarchical clustering and intuitionistic fuzzy aggregation operators to cluster IFSs. In [52], the authors introduced the intuitionistic fuzzy c-means (IFCM) algorithm, which extends the well-known fuzzy c-means method by incorporating distance measures specific to IFSs [53,54]. Additionally, a hybrid method combining rough set theory and IFSs was proposed in [55] to detect anomalies in network data. This approach used the α-relation, based on the correlation coefficient of IFSs, to generate intuitionistic fuzzy rules.

As the demand for intelligent and autonomous systems grows—particularly within the Internet of Things (IoT) domain, which continuously generates massive amounts of data marked by high volume, velocity, variety, variability, veracity, value, time-sensitivity, location-awareness, and a highly unstructured, semi-structured, and heterogeneous nature—applying clustering algorithms like FCM and IFCM becomes increasingly challenging [42]. The clustering performance of FCM is often limited due to its reliance on classical fuzzy sets, which struggle with accurately modeling membership, hesitancy, and the vagueness of prototype parameters. Although IFCM addresses some of these issues and improves clustering quality to a certain extent, its effectiveness remains limited.

Motivated by these challenges, this paper aims to develop a novel fuzzy clustering approach for IoT anomaly detection using picture fuzzy sets (PFSs), with the goal of achieving higher clustering quality compared to both FCM and IFCM-based approaches.

The objectives of this paper are outlined as follows:

• First, a distance formula based on the Canberra metric [12,13,14,15] is defined for picture fuzzy sets (PFSs).
• Second, leveraging this distance measure, a novel fuzzy clustering method—termed the Picture Fuzzy C-Means (PFCM) algorithm [50]—is proposed to generate soft clusters from IoT data.
• Third, a comparative analysis is performed against existing clustering techniques, specifically FCM and IFCM, to evaluate the effectiveness of the proposed approach.

Additionally, the time complexity of the proposed approach is computed. The proposed algorithm is also implemented and tested using MATLAB, with experiments conducted on the NSL-KDD [56] and Skoltech Anomaly Benchmark (SAB) [57] datasets. The results demonstrate that the proposed PFCM-based method significantly outperforms both FCM and IFCM.

The structure of the paper is organized as follows: Section 2 presents the preliminaries. Section 3 details the proposed methodology. Section 4 provides the computational complexity analysis. Section 5 discusses the experimental results, and Section 6 concludes the paper with key findings, limitations, and directions for future research.

2. Preliminaries

In below, we present some important terms and definitions used in the paper.

Definition 2.1 [12,13,14,15].   Let$X=\left(x_1, x_2,\dots x_n\right)$  and   $Y=\left(y_1, y_2,\dots y_n\right)$  be two vectors, then the Canberra distance between X and Y is given by

$$d\left(X, Y\right)={{\displaystyle \sum }}_{i=1}^n{\displaystyle \frac{\left|x_i-y_i\right|}{\left|x_i\right|+\left|y_i\right|}}$$

(1)

Definition 2.2 [43]. Fuzzy set

Let X={x₁, x₂,… x_n} be the universe of discourse. A fuzzy set [43], A on X is characterized by

$$A=\text{{}(x_i,{\mu }_A\left(x_i\right)); x_{i}X, i=1, 2,\mathrm{..}n\}$$

(2)

where ${\mu }_A:X\left[0, 1\right]$ , the membership function, gives the grade of membership of each element$x_{i}X$  in A.

Definition 2.3 [44]. Intuitionistic fuzzy set

Atanassov [44] has proposed the definition of an intuitionistic fuzzy set (IFS) A on X as

$$A=\text{{}(x_i;{\mu }_A\left(x_i\right),{\nu }_A\left(x_i\right)); x_{i}X, i=1, 2,\dots n\}$$

(3)

where ${\mu }_A:X\left[0, 1\right]$  and $V_A:X\left[0, 1\right]$  are the membership function and non-membership function of the fuzzy set A respectively satisfying the condition 0 ≤${\mu }_A\left(x_i\right)$ + ${\nu }_A\left(x_i\right)$ ≤ 1 for every $x_{i}X$ . Obviously, ${\pi }_{A_1}\left(x_i\right)=1-{\mu }_A\left(x_i\right)$ + ${\nu }_A\left(x_i\right)$  is the degree of hesitation of $x_{i}X$ .

Definition 2.4. Distance measure on IFSs

Let IFS(X) be the collection of all IFSs on X= {x₁, x₂,… x_n}. A distance measure is a real-valued function$d_C:IFS\left(X\right)\times IFS\left(X\right)\to ℝ$  defined by

$$d^c\left(A_1, A_2\right)={\displaystyle \frac{1}{n}}{\displaystyle \sum }_{i=1}^n\left[{\displaystyle \frac{\left|{\mu }_{A_1}\left(x_i\right)-{\mu }_{A_2}\left(x_i\right)\right|}{{\mu }_{A_1}\left(x_i\right)+{\mu }_{A_2}\left(x_i\right)}}+{\displaystyle \frac{\left|{\nu }_{A_1}\left(x_i\right)-{\nu }_{A_2}\left(x_i\right)\right|}{{\nu }_{A_1}\left(x_i\right)+{\nu }_{A_2}\left(x_i\right)}}+{\displaystyle \frac{\left|{\pi }_{A_1}\left(x_i\right)-{\pi }_{A_2}\left(x_i\right)\right|}{{\pi }_{A_1}\left(x_i\right)+{\pi }_{A_2}\left(x_i\right)}}\right] \forall A_1, A_2ϵIFS\left(X\right)$$

(4)

Definition 2.5 [45]. Picture fuzzy set

A PFS [45] A over X= {x₁, x₂,… x_n} is defined as

$$A=\text{{}(x_i;{\alpha }_A\left(x_i\right),{\beta }_A\left(x_i\right),{\gamma }_A\left(x_i\right)); x_{i}X\}$$

(5)

with ${\alpha }_A\left(x_i\right)\in \left[0, 1\right]$  is the degree of positive membership, and ${\beta }_A\left(x_i\right)\in \left[0, 1\right]$  is the degree of neutral membership and ${\gamma }_A\left(x_i\right)\in \left[0, 1\right]$  is the degree of negative membership satisfying the condition ${\alpha }_A\left(x_i\right)+{\beta }_A\left(x_i\right)+{\gamma }_A\left(x_i\right)\le 1$  for every $x_i\in X$ . Also, ${\rho }_A\left(x_i\right)=1-\left({\alpha }_A\left(x_i\right)+{\beta }_A\left(x_i\right)+{\gamma }_A\left(x_i\right)\right)$ , is the degree of refusal membership of $x_i\in X$ .

Definition 2.6. Distance measure on PFSs

Let PFS(X) be the collection of all PFSs on X (discrete or continuous), then we define a metric measure onPFS(X) as follows:

i) For discrete case

(6)

ii) For continuous case ($taking X=\left[a,b\right]$  )

$$\begin{gathered} d^c\left(A_1, A_2\right)={\displaystyle \frac{1}{\left(b-a\right)}}\underset{a}{\overset{b}{{\displaystyle \int }}}\left[{\displaystyle \frac{\left|{{\alpha }_A}_1\left(x\right)-{\alpha }_{A_2}\left(x\right)\right|}{\left|{{\alpha }_A}_1\left(x\right)\right|+\left|{\alpha }_{A_2}\left(x\right)\right|}}+{\displaystyle \frac{\left|{\beta }_{A_1}\left(x\right)-{\beta }_{A_2}\left(x\right)\right|}{\left|{\beta }_{A_1}\left(x\right)\right|+\left|{\beta }_{A_2}\left(x\right)\right|}} \\ +{\displaystyle \frac{\left|{\gamma }_A{{\alpha }_A}_1\left(x\right)-{\gamma }_{A_2}\left(x\right)\right|}{\left|{\gamma }_{A_1}\left(x\right)\right|+\left|{\gamma }_{A_2}\left(x\right)\right|}}+{\displaystyle \frac{\left|{\rho }_{A_1}\left(x\right)-{\rho }_{A_2}\left(x\right)\right|}{\left|{\rho }_{A_1}\left(x\right)\right|+\left|{\rho }_{A_2}\left(x\right)\right|}}\right]dx, \forall A_1, A_2ϵPFS\left(\left[a, b\right]\right) \end{gathered}$$

(7)

Obviously, in both the cases,

$$0 \le d^c\left(A_1, A_2\right)\le 1.$$

(8)

Definition 2.7.   Each IoT data instance consists of n measured variables grouped into an n-dimensional vector x_i = [x_i1, x_i2,…x_in], x_i∈Rⁿ. A set of N data instance is given by X= {X_i; i=1, 2,…N} and is expressed as N×n matrix as follows

$$X=\left[\begin{array}{c}\begin{array}{ccc}{X}_{11}& X_{12}& \dots X_{1n}\\ X_{21}& X_{22}& \dots X_{2n}\\ \dots & \dots & \dots \dots \end{array}\\ X_{N1} X_{N2} \dots X_{Nn}\end{array}\right].$$

(9)

3. Proposed Algorithm

In this section, a picture fuzzy c-means clustering algorithm [50] for the detection of IoT anomaly detection is presented. Suppose that there is an IoT dataset X consisting of N data instances of dimension n. Our aim is to device X into c clusters each of which is PFS, satisfying the following objective function

$$Minimize \left(J\right)={\displaystyle \sum }_{i=1}^N{\displaystyle \sum }_{j=1}^c{({\alpha }_{ij}\left(2-{\gamma }_{ij}\right))}^m{d}^c{\left(X_i,V_j\right)}^2+{\displaystyle \sum }_{i=1}^N{\displaystyle \sum }_{j=1}^c{\beta }_{ij}\left(log{\beta }_{ij}+{\gamma }_{ij}\right)$$

(10)

subject to the constraints

$${\alpha }_{ij}+{\beta }_{ij}+{\gamma }_{ij}\le 1$$

(11)

$${{\displaystyle \sum }}_{j=1}^c({\alpha }_{ij}\left(2-{\gamma }_{ij}\right))=1$$

(12)

$${{\displaystyle \sum }}_{j=1}^c\left({\beta }_{ij}+{\displaystyle \frac{{\gamma }_{ij}}{c}}\right)=1$$

(13)

for i = 1, …N and j = 1, …c..

Using Lagrangian method the solution of the optimization problem (10) subject to (11-13) is obtained as follows:

$${\gamma }_{ij}=1-({\alpha }_{ij}+{\beta }_{ij})-{\left(1-{({\alpha }_{ij}+{\beta }_{ij})}^{\alpha }\right)}^{{\displaystyle \frac{1}{\alpha }}} i=1,\mathrm{..}N, j=1,\dots c$$

(14)

$${\alpha }_{ij}={\displaystyle \frac{1}{{{\displaystyle \sum }}_{k=1}^c{\left(\frac{d^c(X_i,V_j}{d^c(X_i,V_k}\right)}^{\frac{2}{m-1}}}}, i=1,\dots N, j=1,$$

(15)

$${\beta }_{ij}={\displaystyle \frac{e^{-{\gamma }_{ij}}}{{{\displaystyle \sum }}_{k=1}^c{e}^{-{\gamma }_{ik}}}}\left(1-{\displaystyle \frac{1}{c}}{\displaystyle \sum }_{k=1}^c{\gamma }_{ik}\right), i=1,\mathrm{..}N, j=1,\dots c$$

(16)

$$V_J={\displaystyle \frac{{{\displaystyle \sum }}_{i=1}^N{({\alpha }_{ij}\left(2-{\gamma }_{ij}\right))}^m{X}_i}{{{\displaystyle \sum }}_{i=1}^N{({\alpha }_{ij}\left(2-{\gamma }_{ij}\right))}^m}}, j=1,\dots c$$

(17)

With the help of the equations (14-17), the steps of picture fuzzy c-means (PFCM) clustering algorithm [50] for the detection of IoT anomaly is described as follows:

Picture Fuzzy c-Means (IFCM) Clustering Algorithm.

Given dataset X as expressed using (9).

Initialize: c (number of clusters), m > 1 (weighting exponent), and ε > 0 terminating threshold.

Randomly initialize:${\alpha }_{ij},{\beta }_{ij}, and {\gamma }_{ij}$ .

for each iteration k =1, 2,…..

step1 compute cluster mean$V_j^{\left(k\right)}, j$ =1, 2,..c using equation (17).

step2 compute${d_{ij}^c}^{\left(k\right)}=d^c\left(X_i, V_j^{\left(k\right)}\right)$  , i=1,..N, j=1,…c.

Step3 Update${\alpha }_{ij},{\beta }_{ij}, and {\gamma }_{ij}$  using the equations (14-16) subject to the conditions (11-13).

step4Update$V_j^{\left(k+1\right)}=\left[v_1^{\left(k+1\right)}, v_2^{\left(k+1\right)}, \dots v_c^{\left(k+1\right)}\right]$  using equation (17)

step5 if||V^(k)-V^(k+1)|| < ε, then go to step6

else let k:=k+1, go to step1.

step6 End.

Here, each cluster in the final output cluster set is an PFS consisting of IoT data instances along with a positive membership degree, a neutral membership degree, and a negative membership degree. A data instance either does not belong to any of the clusters or belongs to all the clusters with low positive membership value, high neutral membership value and high non-membership value can be considered as anomaly. The flowchart of the PFCM clustering algorithm is given below in Figure 1.

4. Complexity Analysis

The proposed PFCM clustering-based approach computes the positive, neutral, and negative membership values in O(1, )O(1), and O(1) time. The initialization step takes O(c⋅N⋅n), where c is the number of clusters, N is the number of data instances, and n is the dimension of the IoT dataset. The distance computation also takes constant time. As a result, in each iteration, updating the membership values and cluster centroids requires O(c⋅N⋅n + c⋅N⋅n + c⋅N⋅n + c⋅N⋅n), while the convergence check requires O(c). Therefore, the total time complexity per iteration is O(c⋅N⋅n + c⋅N⋅n + c⋅N⋅n + c⋅N⋅n + c⋅N⋅n + c) = O(c⋅N⋅n). If t represents the number of iterations, the overall computational complexity of PFCM is O(t⋅c⋅N⋅n). Assuming c is small and negligible, t=O(N), and n ≤ N, the worst-case time complexity of the PFCM algorithm is O(N²⋅n). This shows that the proposed algorithm operates in quadratic time with respect to the dataset size and linear time with respect to the dataset's dimension.

5. Experimental Analysis, Results and Discussions

5.1. Experimental Analysis and Results

For finding the efficacy of the two proposed approach, the following two well-recognized datasets are employed.

NSL-KDD dataset [56]: This is a refined version of synthetic dataset KDDCup’99 [58] constructed by removing the duplicates and redundant instances and extensively used for benchmarking and evaluating intrusion detection systems. The dataset is divided into normal and attack traffic. The attack traffic is further categorized into several types, such as:

• DoS (Denial of Service)
• Probe (Scans or reconnaissance)
• R2L (Remote to Local)
• U2R (User to Root

It has around 1,47,000 data instances (normal or anomalous) with 41 features.

Skoltech Anomaly Benchmark (SAB) [57]: The dataset was developed by the Skolkovo Institute of Science and Technology (Skoltech) to support research in anomaly detection, specifically within the areas of network security and system monitoring. SAB offers well-defined evaluation metrics to assess anomaly detection models, which usually consist of the following:

• Precision: The proportion of correctly identified anomalies.
• Recall: The proportion of actual anomalies that are successfully detected.
• F1-Score: A measure that balances precision and recall.

The proposed algorithm, along with the classical k-means, FCM, and IFCM clustering methods, were implemented in MATLAB using the mentioned datasets on a standard computing machine. A partial graphical representation of the results is shown in Figure 2, Figure 3, Figure 4, Figure 5, Figure 6 and Figure 7.

Figure 2 illustrates the anomaly detection and accuracy of the k-means, FCM, IFCM, and PCM clustering algorithms, evaluated using the NSL-KDD [56] and SAB [57] datasets. The results are presented through bar diagrams, facilitating a comparative performance analysis of the algorithms based on their accuracy.

Figure 3 presents the false alarm rates of the aforementioned algorithms, evaluated using the NSL-KDD [56] and SAB [57] datasets. This enables a straightforward comparative analysis of the algorithms' performance in terms of false alarm rates.

Figure 4 presents the Denial of Service (DoS) rates and Remote-to-Local (R2L) rates for the aforementioned algorithms, evaluated using the NSL-KDD [56] and SAB [57] datasets. This allows for an easy comparative performance analysis of the algorithms in terms of DoS rates.

Figure 5 shows the User-to-Root (U2R) and Probe percentages for the aforementioned algorithms, evaluated using the NSL-KDD [56] and SAB [57] datasets. This facilitates a straightforward comparative analysis of the algorithms based on these parameters.

Figure 6 presents the precision and recall values for the aforementioned algorithms, evaluated using the NSL-KDD [56] and SAB [57] datasets. This enables a clear comparative performance analysis of the algorithms based on these parameters.

Figure 7 displays the F-score of the aforementioned algorithms, evaluated using the NSL-KDD [56] and SAB [57] datasets. This allows for an effective comparative performance analysis of the algorithms based on this parameter.

Similarly, the execution times of the proposed algorithm with respect to the dimensions and sizes of the datasets are presented in Figure 8 and Figure 9.

5.2. Discussions

Based on the results obtained from the proposed algorithm, the following conclusions can be drawn: For both the NSL-KDD [56] and SAB [57] datasets, the detection rate of the proposed algorithm significantly surpasses that of k-means, FCM, and IFCM. Additionally, the detection rate remains almost identical for both datasets, indicating that the proposed algorithm is the most efficient in terms of detection rate.

Similarly, the accuracy rate of the proposed algorithm is considerably higher for both datasets compared to k-means, FCM, and IFCM. Moreover, the false alarm rate of the proposed algorithm is much lower than that of the other algorithms for both datasets. Regarding the attack parameters (Denial of Service, Remote-to-Local, User-to-Root, and Probe), the proposed algorithm consistently outperforms the others. In terms of other performance metrics, the proposed method also surpasses k-means, FCM, and IFCM clustering algorithms. However, in terms of execution time, the proposed algorithm performs comparably to the FCM and IFCM algorithms.

6. Conclusions, Limitations and Lines for Future Works

6.1. Conclusions

This article proposes a picture fuzzy clustering-based approach for anomaly detection in the IoT domain. The proposed algorithm, the Picture Fuzzy C-Means (PFCM) clustering algorithm, utilizes a distance measure based on the Canberra metric to form clusters. It generates a predefined number of clusters, where each IoT data instance is associated with a positive, neutral, and negative membership value, all lying between 0 and 1, with their sum also between 0 and 1. An IoT data instance that either does not belong to any cluster, belongs to all clusters with minimal positive membership values, or belongs to all clusters with maximum neutral and negative membership values, is considered an anomaly.

The efficacy of the proposed algorithm is demonstrated through experimental studies using the NSL-KDD [56] and SAB [57] datasets, along with a comparative analysis against traditional k-means, FCM, and IFCM algorithms. The results clearly show that the proposed approach outperforms the other methods across all evaluated parameters.

The runtime complexity of the proposed algorithm is dependent on the size and dimensions of the datasets. It operates in quadratic time with respect to the dataset size and linear time with respect to the dataset's dimensions. Since the dataset’s dimension is typically much smaller than its size, the overall time complexity of the algorithm is considered quadratic. Therefore, the proposed clustering-based approach is efficient for IoT anomaly detection.

6.2. Limitations and Lines for Future Works

Although the proposed algorithm demonstrates significant efficiency compared to other methods, it still has some limitations. First, like many partitioning-based clustering algorithms, the proposed approach is sensitive to the initial selection of cluster centroids. Second, it struggles with the curse of high dimensionality, which reduces its efficiency when handling high-dimensional data. Lastly, the algorithm may not always converge to the optimal solution, as it can get trapped in local minima.

Future work can focus on the following areas:

• Developing algorithms to address high dimensionality in IoT systems.
• Exploring alternative approaches beyond unsupervised methods for IoT anomaly detection.
• Investigating techniques like bipolar fuzzy or complex fuzzy clustering for IoT anomaly detection.