John S. Baras

2012

Sequential Anomaly Detection in Wireless Sensor Networks and Effects of Long Range Dependant Data

S. Zheng and J.S. Baras

Special IWSM Issue of Sequential Analysis (SQA), Volume 31, p.p. 458-480, October 2012.

Full Text Paper (.pdf)

Abstract

Anomaly detection is important for the correct functioning of wireless sensor networks. Recent studies have shown that node mobility along with spatial correlation of the monitored phenomenon in sensor networks can lead to observation data that have long range dependency, which could significantly increase the difficulty of anomaly detection. In this paper, we develop an anomaly detection scheme based on multi-scale analysis of the long range dependent traffic to address this challenge. In this proposed detection scheme, the discrete wavelet transform is used to approximately de-correlate the traffic data and capture data characteristics in different time scales. The remaining dependencies are then captured by a multi-level hidden Markov model in the wavelet domain. To estimate the model parameters, we develop an online discounting Expectation Maximization (EM) algorithm, which also tracks variations of the estimated models over time. Network anomalies are detected as abrupt changes in the tracked model variation scores. Statistical properties of our detection scheme are evaluated numerically using long range dependent time series. We also evaluate our detection scheme in malicious scenarios simulated using the NS-2 network simulator.

Keywords: Anomaly detection; Hidden Markov Model; Long range dependency; Wavelet decomposition.

Subject Classifications: 62L12; 62F03; 62F15.

Biography | Site Map | Contact Dr. Baras | Send Feedback | ©2009 ISR