because the topic is “invalid data injection”, I’d like to add this:

In my opinion, every sensor (urad or diy) should have (in first thought) two states:
1) works fine
2) incidence
nothing more

Where “incidence” for example could be:

• Value out of fixed range per device (also lower than minimum is detected!).
• Value out of floating (narrow) range, calculated on historical data.
  Also lower than minimum is detected!
  For example: Value out of 4 times the standard deviation of last year except last 3 days.
• Standard deviation itself (for example last hour) out of fixed limit.
  Meaning devices values are unreliable.

• Device offline.
• Device changed IP-Address in other intervals than regular.
  Standard deviation on the “same-IP-timespan”. ?? 🙂
• Device sent wrong packets within last 3 month.

Please extend this.

The idea of this list is, to detect problems with one sensor without relying on the packets the sensor sent.

Vinz