Development and implementation of a method to detect an abnormal behavior of nodes in a group of robots

The present paper examines the issues of security in a group of mobile robots in the implementation of malicious attacks aimed at the availability of information.  The main methods and approaches for detecting attacks and mobile robots anomalies were analyzed. The major advantages and disadvantages of existing approaches were identified. The aim is to develop an attack detection method that allows avoiding a creation of either a reference distribution, or a signature database, or rules for a group of mobile robots. The method should detect anomalies within the current conditions with a dynamically changing network structure. The paper presents a method for detecting abnormal behavior of a network node based on analysis of parameters: the residual energy and network load. The behavior of individual robots of the group is analyzed with respect to the deviation from the general behavior using probabilistic methods, which avoids creating a reference distribution for describing the behavior of the node, as well as the creating of a signature database for detecting anomalies. The developed method of detecting abnormal behavior based on the probabilistic evaluation of events. Three types of a network node state were defined, a graph of node transitions to each state was constructed, and parameters that affect these transitions were determined. The developed method demonstrates a high detection rate of denial of service attacks and distributed denial of service attacks when the number of malicious nodes is not greater than or slightly greater than the amount trusted nodes. It also provides detection of the Sybil attack. An experimental study was carried out. It includes the development of a model to simulate a group of mobile robots, in particular a robot network. Scenarios of attacks were developed, implemented for a group of mobile robots. It allows evaluating the effectiveness of this method of anomalous behavior detection. To determine the effectiveness of the developed method, the following indicators were used: time of detection of attackers and the number of nodes of the attacker that can be detected