Ramsha Rizwan,Farrukh Aslam Khan,Haider Abbas,Sajjad Hussain Chauhdary

DOI: https://doi.org/10.1155/2015/684952

IF: 1.938

2015-01-01

International Journal of Distributed Sensor Networks

Abstract:During the past few years, we have seen a tremendous increase in various kinds of anomalies in Wireless Sensor Network (WSN) communication. Recently, researchers have shown a lot of interest in applying biologically inspired systems for solving network intrusion detection problems. Several solutions have been proposed using Artificial Immune System (AIS), Ant Colony Optimization (ACO), Artificial Bee Colony (ABC) algorithm, Genetic Algorithm (GA), Particle Swarm Optimization (PSO) and so forth. In this paper, we propose a bioinspired solution using Negative Selection Algorithm (NSA) of the AIS for anomalies detection in WSNs. For this purpose, we implement the enhanced NSA and make a detector set that holds anomalous packets only. Then the random packets are tested and matched with the detector set and anomalies are identified. Anomalous data packets are used for further processing to identify specific anomalies. In this way, the number of wormholes, packets delayed, and packets dropped are calculated and identified. Simulations are performed on a large dataset and the results show high accuracy of the proposed algorithm in detecting anomalies. The proposed NSA is also compared with Clonal Selection Algorithm (CSA) for the same dataset. The results show significant improvement of the proposed NSA over CSA in most of the cases.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Zhongmin Wang,Rui Gao,Cong Gao,Yanping Chen,Fengwei Wang,Gao, Rui

DOI: https://doi.org/10.1007/s11277-024-10930-w

IF: 2.017

2024-03-21

Wireless Personal Communications

Abstract:Wireless sensor devices are affected by internal constraints and the external environment, generating abnormal data. Currently, many anomaly detection schemes ignore the correlation between screening nodes, wasting resources due to excessive communication. Therefore, this paper proposes a distributed anomaly detection scheme based on adaptive grouping using the correlation between nodes in wireless sensor networks. Limiting the scope of collaboration between nodes can reduce the waste of resources due to excessive communication. Since the computing resources of sensor nodes are limited, an edge-cloud framework is established. The scheme uses Spatio-temporal correlation and graph theory for wireless sensor networks to determine node groups with solid correlations on the cloud server. Based on the grouping results, anomaly detection is implemented locally. A Bayesian network model is constructed at the node within the group, and outlier detection is realized by inference on nodes. A correlation consistency evaluation method is proposed to improve anomaly detection accuracy to check the data consistency on the cluster head. The proposed scheme is verified by a generated data set and the real data of Intel Berkeley Research Lab. The effectiveness of the proposed method is verified by comparing it with three existing algorithms. Experimental results show that the method improves detection accuracy and reduces false detection.

telecommunications

Zai-wen Ni,Fan Wang,Xiao-peng Hu

DOI: https://doi.org/10.1142/9789813140011_0076

2016-01-01

Abstract:The past few years have seen an increased interest in the potential use of wireless sensor networks (WSNs) in applications. Unreliability and a dynamic nature are frequently present in the field of WSN, making anomaly detection necessary. Although events are often functions of more than one attribute and the energy in sensors is limited, the combination of data fusion and spatiotemporal correlations can overcome these limitations effectively. In this paper, we propose a spatiotemporal correlation-based anomaly detection model to differentiate normal and abnormal events in WSNs. The update phase occurs when abnormal events are detected. We demonstrate the usability and advantages of applying the spatiotemporal relevance in anomaly detection. Experimental results indicate its high performance in handling multi-dimensional sensor data.

Yi Gao,Chun Chen,Jiajun Bu,Wei Dong,Lei Ra,Xianghua Xu

2015-01-01

Abstract:Anomaly detection is an essential functionality of Wireless Sensor Networks (WSNs). However, the dynamic nature of WSNs makes the anomaly detection challenging. The environmental dynamics or internal topological dynamics pose difficulties to differentiate abnormal behaviors from normal ones. We observe that indirect correlations among multiple attributes of a sensor node can be utilized to capture and model the dynamic behaviors. Prior studies overlooked indirect correlations while in this study we exploit it for detecting anomaly efficiently and accurately. We propose ICAD, an indirect correlation based anomaly detection approach. By applying the Markov chain, the dynamic behaviors are modeled and subsequently used to detect anomalies. Compared with prior approaches, ICAD can detect different types of anomalies simultaneously and the performance is not sensitive to network dynamics. ICAD is implemented based on TinyOS/TelosB platform. Evaluation results show that ICAD achieves high detection accuracy with low overhead.

Haiguang Chen,Peng Han,Xi Zhou,Chuanshan Gao

DOI: https://doi.org/10.1007/978-3-540-71549-8_9

2007-01-01

Abstract:Wireless Sensor Networks (WSNs) have an excellent application to monitor environments such as military surveillance and forest fire. However, WSNs are of interest to adversaries in many scenarios. They are susceptible to some types of attacks because they are deployed in open and unprotected environments. The WSNs are constituted of scarce resource devices. These security mechanisms which used for wired networks cannot be transferred directly to wireless sensor networks. In this paper we propose lightweight anomaly intrusions detection. In the scheme, we investigate different key features for WSNs and define some rules to building an efficient, accurate and effective Intrusion Detection Systems (IDSs). We also propose a moving window function method to gather the current activity data. The scheme fits the demands and restrictions of WSNs. The scheme does not need any cooperation among monitor nodes. Simulation results show that we proposed IDSs is efficient and accurate in detecting different kinds of attacks.

Chunyan An,Yingyi Liu,Qi Li,Pengbo Si

DOI: https://doi.org/10.3390/electronics13173482

IF: 2.9

2024-09-03

Electronics

Abstract:As electronic sensors and sensor networks advance, perception data are increasingly characterized by mixed attributes. Traditional anomaly detection methods predominantly focus on numerical attributes. In this paper, we introduce a weighted neighborhood information network (WNIN)-enabled anomaly detection method tailored for mixed-attribute data from electronic sensors and sensor networks. Firstly, we employ the analytic hierarchy process (AHP) to analyze the security of sensor networks, leveraging a hierarchical electronic sensor network model to construct a hierarchical perception security architecture for anomaly detection. Subsequently, a neighborhood information system is established to ascertain the relationships between data objects with mixed attributes. We then develop the WNIN to encapsulate the relationships, and a state-transferring probability matrix based on data object similarity is derived. Ultimately, a random wandering process within the WNIN is executed, and the importance of data objects is evaluated using the steady-state distribution vector, thereby determining the anomaly data. Simulation outcomes reveal that our proposed method attains superior anomaly detection rates compared with existing methods.

engineering, electrical & electronic,computer science, information systems,physics, applied

Lingren Wang,Jingbing Li,Uzair Aslam Bhatti,Yanlin Liu

DOI: https://doi.org/10.1007/978-3-030-24271-8_56

2019-01-01

Abstract:In recent years use of a Wireless Sensor Network (WSN) has become a leading area of research in various applications. Because of WSN limitation of its own features that low ability of calculation, small volume of storage, resource constrain, bad communicational environment of wireless, which lead to WSN be besieged by imminent security problems, the abnormal detection in WSN is vary important at this time. We focus on the quality of data, and aim at the characteristics of wireless sensor network node data with time and spatial similarity, and the current research on anomaly analysis. We use the classification to detect outliers. This paper presents a method of detecting the proximity of distance based on distance, which is the main reason for the study of the anomalous value of the network. The KNN (K-Nearest Neighbor) algorithm is used to analyze and detect the data to achieve the purpose of data anomaly detection in WSN. The algorithm of outlier detection is based on the design and achieve of QualNet simulation platform. It is effective and accurate to evaluate and test. The simulation results show the effectiveness of the proposed KNN algorithm.

Samir Ifzarne,Hiba Tabbaa,Imad Hafidi,Nidal Lamghari

DOI: https://doi.org/10.1088/1742-6596/1743/1/012021

2021-01-01

Journal of Physics: Conference Series

Abstract:Abstract The number of Wireless sensor network (WSN) deployments have been growing so exponentially over the recent years. Due to their small size and cost-effective, WSN are attracting many industries to use them in various applications. Environmental monitoring, security of buildings and precision agriculture are few example among several other fields. However, WSN faces high security threats considering most of them are deployed in unattended nature and hostile environment. In the aim of providing secure data processing in the WSN, many techniques are proposed to protect the data privacy while being transferred from the sensors to the base station. This work is focusing on attack detection which is an essential task to secure the network and the data. Anomaly detection is a key challenge in order to ensure the security and prevent malicious attacks in wireless sensor networks. Various machine learning techniques have been used by researchers these days to detect anomalies using offline learning algorithms. On the other hand online learning classifiers have not been thoroughly addressed in the literature. Our aim is to provide an intrusion detection model compatible with the characteristics of WSN. This model is built based on information gain ratio and the online Passive aggressive classifier. Firstly, the information gain ratio is used to select the relevant features of the sensor data. Secondly, the online Passive aggressive algorithm is trained to detect and classify different type of Deny of Service attacks. The experiment was conducted on a wireless sensor network-detection system (WSN-DS) dataset. The proposed model ID-GOPA results detection rate of 96% determining whether the network is in its normal mode or exposed to any type of attack. The detection accuracy is 86%, 68%, 63%, and 46% for scheduling, grayhole, flooding and blackhole attacks, respectively, in addition to 99% for normal traffic. These results shows that our model based on offline learning can be providing good anomaly detection to the WSN and replace online learning in some cases.

Li Zhi-tang,Li Yao,Wang Li

DOI: https://doi.org/10.1109/hpcasia.2005.7

2005-01-01

Abstract:More and more intrusion detection systems were developed, but most of these systems have very poor accuracy. To overcome this problem, a self-adaptive anomaly detection system was developed using fuzzy detection anomaly algorithm with negative selection of biology. The algorithm improves the accuracy of the detection method and produces a novel method to measure the deviation from the normal that does not need a discrete division of the non-self space. The proposed anomaly detection model is designed as flexible, extendible, and adaptable in order to meet the needs and preferences of network administrators and can be also supplied for IPv6 environment. Different experiments are performed with MIT-DARAP 1999 dataset (Lippmann et al., 2000) and real word data from different sources. The experimental results show that the proposed algorithms provide some advantages over other algorithms

Rui Li,Kebin Liu,Yuan He,Jizhong Zhao

DOI: https://doi.org/10.4108/icst.bodynets.2011.247058

2011-01-01

Abstract:Anomaly detection, for uncovering faults and failures, is a crucial task for wireless sensor networks (WSNs). There have been substantive research efforts in this field such as source-level troubleshooting, rule-based inference, and time sequence event analysis. Most existing approaches, however, rely on the collection of a large amount of information. Due to the lack of management on information features, the redundancy of collected information greatly degrades the efficiency of diagnosis in large-scale WSNs. To address this issue, we propose RFS (Ranking-based Feature Selection), a three-stage approach to efficiently select representative feature sets for diagnostic tasks and effectively characterize the network status. RFS is a compatible component that can be integrated with most state-of-the-art diagnosis approaches. We conduct extensive experiments based on a large-scale outdoor WSN system, GreenOrbs, to examine the performance of RFS. The results demonstrate that RFS achieves effective anomaly detection in a large-scale WSN with low overhead.

Zhouzhou Liu,Wei,Hao Wang,Yangmei Zhang,Qianyun Zhang,Shining Li

DOI: https://doi.org/10.1109/access.2018.2879891

IF: 3.9

2018-01-01

IEEE Access

Abstract:Aiming at large-scale, high dimensional data, and variable intrusion behavior in wireless sensor networks (WSNs), an intrusion detection algorithm based on parallel intelligent optimization feature extraction and distributed fuzzy clustering for WSNs is proposed. First, in order to effectively reduce the data dimensionality and improve the robustness of the feature extraction process, the parallel intelligent optimization feature extraction framework is constructed on the basis of defining the optimal feature evaluation index, for which the theoretical analysis shows that the index can eliminate feature redundancy and maintain the diversity of original data. Second, the spider cluster optimization algorithm evolution rule is redefined by introducing local search and adaptive multi strategy update method, and it proves that the improved social spider optimization (ISSO) algorithm has global convergence. The ISSO is used to solve the feature extraction framework, and through the parallel feature subset selection process, the best feature combination is extracted. Finally, WSNs intrusion detection is carried out by using the best feature subset and the distributed fuzzy clustering technology, and intelligent iterative evolution method and adaptive clustering strategy are introduced in order to improve the fuzzy clustering algorithm performance. Experimental results show that the intrusion detection algorithm can effectively give the results of intrusion detection, and moreover, compared with the other detection algorithms, the intrusion detection rate is improved by about 13.1%, and the false detection rate is decreased by about 8.5%.

Bilal Ahmad,Wang Jian,Zain Anwar Ali,Sania Tanvir,M. Sadiq Ali Khan

DOI: https://doi.org/10.1007/s11277-018-5721-6

IF: 2.017

2018-04-16

Wireless Personal Communications

Abstract:Performance of wireless sensor network are highly prone to network anomalies particularly to misdirection attacks and blackhole attacks. Therefor intrusion detection system has a key role in WSN and it’s essential in security application. However the identification of active attacks is cumbersome in many cases particularly for remote sensing applications. This paper proposes hybrid anomaly detection method for misdirection and blackhole attacks by employing K-medoid customized clustering technique. A synthetic dataset was established by defining network parameters and threshold values were obtained to detect the anomalies. Experimental work was performed on network simulator (NS-2) and R studio. The proposed algorithm successfully detect the hybrid anomalies with high accuracy. This work is suitable for hybrid anomaly detection including misdirection and blackhole attacks in wireless environment.

telecommunications

Shashank Gavel,Ajay Singh Raghuvanshi,Sudarshan Tiwari

DOI: https://doi.org/10.1002/nem.2144

2020-12-02

International Journal of Network Management

Abstract:Real‐time sensing plays an important role in ensuring the reliability of industrial wireless sensor networks (IWSNs). Sensor nodes in IWSNs have inherent limitations that give rise to different anomalies in the network. These anomalies can lead to disastrous and harmful situations or even serious system failures. This article presents a formulation to the design of an anomaly detection scheme for detecting the anomalous node along with the type of anomaly. The proposed scheme is divided into two major parts. First, spatiotemporal correlation within a cluster is obtained for the normal and anomalous behavior of sensor nodes. Second, the multilevel hybrid classifier is used by combining the sequential minimal optimization support vector machine (SMO‐SVM) as a binary classifier with optimally pruned extreme learning machine (OP‐ELM) as a multiclass classifier for detection of an anomalous node and type of anomalies, respectively. Mahalanobis distance‐based lightweight K‐Medoid clustering is used to build a new set of training datasets that represents the original training dataset, by significantly reducing the training time of a multilevel hybrid classifier. Results are analyzed using standard WSN datasets. The proposed model shows high accuracy, i.e., 94.79% and detection rate, i.e., 94.6% with a reduced false positive rate as compared to existing hybrid methods.

computer science, information systems,telecommunications

Xiaoming Li,Guangquan Xu,Xi Zheng,Kaitai Liang,Emmanouil Panaousis,Tao Li,Wei Wang,Chao Shen

DOI: https://doi.org/10.1145/3331147

IF: 5

2019-01-01

ACM Transactions on Intelligent Systems and Technology

Abstract:In recent years, wireless sensor networks (WSNs) have become an active area of research for monitoring physical and environmental conditions. Due to the interdependence of sensors, a functional anomaly in one sensor can cause a functional anomaly in another sensor, which can further lead to the malfunctioning of the entire sensor network. Existing research work has analysed faulty sensor anomalies but fails to show the effectiveness throughout the entire interdependent network system. In this article, a dictionary learning algorithm based on a non-negative constraint is developed, and a sparse representation anomaly node detection method for sensor networks is proposed based on the dictionary learning. Through experiment on a specific thermal power plant in China, we verify the robustness of our proposed method in detecting abnormal nodes against four state of the art approaches and proved our method is more robust. Furthermore, the experiments are conducted on the obtained abnormal nodes to prove the interdependence of multi-layer sensor networks and reveal the conditions and causes of a system crash.

Shafiullah Khan,Muhammad Altaf Khan,Noha Alnazzawi

DOI: https://doi.org/10.3390/s24051641

IF: 3.9

2024-03-03

Sensors

Abstract:Wireless sensor networks (WSNs) are essential in many areas, from healthcare to environmental monitoring. However, WSNs are vulnerable to routing attacks that might jeopardize network performance and data integrity due to their inherent vulnerabilities. This work suggests a unique method for enhancing WSN security through the detection of routing threats using feed-forward artificial neural networks (ANNs). The proposed solution makes use of ANNs' learning capabilities to model the network's dynamic behavior and recognize routing attacks like black-hole, gray-hole, and wormhole attacks. CICIDS2017 is a heterogeneous dataset that was used to train and test the proposed system in order to guarantee its robustness and adaptability. The system's ability to recognize both known and novel attack patterns enhances its efficacy in real-world deployment. Experimental assessments using an NS2 simulator show how well the proposed method works to improve routing protocol security. The proposed system's performance was assessed using a confusion matrix. The simulation and analysis demonstrated how much better the proposed system performs compared to the existing methods for routing attack detection. With an average detection rate of 99.21% and a high accuracy of 99.49%, the proposed system minimizes the rate of false positives. The study advances secure communication in WSNs and provides a reliable means of protecting sensitive data in resource-constrained settings.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Beibei Li,Yujie Chang,Hanyuan Huang,Wenshan Li,Tao Li,Wen Chen

DOI: https://doi.org/10.1016/j.future.2023.06.011

IF: 7.307

2023-06-18

Future Generation Computer Systems

Abstract:Recent years have witnessed an increased attack surface of the Industrial Internet of Things (IIoT), as the deep convergence of the Internet of Things (IoT) and other information and communications technologies (ICTs). However, the massive geographically-dispersed IoT devices and the big spatiotemporal data they generated, both pose extreme challenges to traditional centralized and cumbersome anomaly detection systems (ADSs). To meet this gap, in this paper we propose a novel artificial immunity based distributed and fast anomaly detection system, coined AIm-ADS. Specifically, first we develop an artificial immune system based data representation and distributed preprocessing framework, to characterize and prepare the hyper-dimensional IIoT data for anomaly detection (i.e., distinguishing between selfs and nonselfs). Second, we design a new negative selection based hyper-dimensional anomaly detector generation model along with a point-hyperspace (PH) tree based self-detector indexing mechanism, for creating anomaly detectors and indexing self-detectors in a hyperspace. Last, we craft a PH tree based fast anomaly detection method to identify anomalous behaviors of cyberattacks on IIoT. Extensive experiments on three publicly available and widely used real-world datasets (i.e., SDS, SWaT and WADI), demonstrate that the proposed AIm-ADS outperforms existing artificial immunity based and deep learning based anomaly detection studies, in terms of both the detection rate and detection time.

computer science, theory & methods

Yi Gao,Chun Chen,Jiajun Bu,Wei Dong,Daojing He

DOI: https://doi.org/10.1109/WCNC.2011.5779209

2011-01-01

Abstract:Anomaly detection is an essential functionality of Wireless Sensor Networks (WSNs) due to their complex behaviors and the wireless dynamics. In dynamic WSNs, many characteristics such as network topology, locations of sensor nodes, change frequently over time. We observe that indirect correlations among multiple attributes of a sensor node can be utilized to capture and model the historical behaviors. Prior studies overlooked indirect correlations while in this study we exploit it for detecting anomaly efficiently and accurately. Therefore, we propose ICAD, an indirect correlation based anomaly detection approach. By applying the Markov chain, the state transition probability matrix is calculated and it is subsequently used to detect anomalies. Compared to prior approaches, ICAD can detect different types of anomalies simultaneously. Furthermore, ICAD is implemented based on TinyOS and evaluated in a test-bed with 17 TelosB motes. Evaluation results show that ICAD has high detection accuracy with acceptable overhead.

Zuotao Wei

DOI: https://doi.org/10.1007/s11036-024-02409-6

2024-08-31

Mobile Networks and Applications

Abstract:The impact of network anomaly on data transmission and system operation cannot be ignored, so an effective anomaly detection method is needed to ensure the stability of the system. This study aims to improve the anomaly detection ability of the cardiopulmonary exercise monitoring system by constructing artificial intelligence algorithms based on wireless sensor networks, ensure the accuracy and reliability of real-time data, and provide support for sports health management. In this study, an integrated learning algorithm was adopted, combined with network traffic monitoring and sensor data analysis, and through data preprocessing, feature extraction and anomaly detection model construction, real-time monitoring of cardiopulmonary monitoring data was realized. Simulation platform is used to evaluate the performance of the algorithm in different network environments, especially in wireless networks and mobile networks. The experimental results show that the proposed algorithm can effectively identify abnormal data under abnormal network conditions. Compared with traditional detection methods, the proposed method significantly improves detection efficiency and response speed, and can adapt to complex wireless sensing environment.

computer science, information systems,telecommunications, hardware & architecture

Nengsong Peng,Weiwei Zhang,Hongfei Ling,Yuzhao Zhang,Lixin Zheng

DOI: https://doi.org/10.3390/info9090236

2018-09-18

Information

Abstract:A key issue in wireless sensor network applications is how to accurately detect anomalies in an unstable environment and determine whether an event has occurred. This instability includes the harsh environment, node energy insufficiency, hardware and software breakdown, etc. In this paper, a fault-tolerant anomaly detection method (FTAD) is proposed based on the spatial-temporal correlation of sensor networks. This method divides the sensor network into a fault neighborhood, event and fault mixed neighborhood, event boundary neighborhood and other regions for anomaly detection, respectively, to achieve fault tolerance. The results of experiment show that under the condition that 45% of sensor nodes are failing, the hit rate of event detection remains at about 97% and the false negative rate of events is above 92%.