Anomaly Detection in Wireless Sensor Networks

Abstract

Wireless sensor networks (WSNs) are vulnerable to attacks and faults which are often linked to abnormal events. Unsupervised anomaly detection techniques can be incorporated into WSNs to effectively improve their security and robustness. In this thesis, by both temporally and spatially analysing the influences of abnormal events, their corresponding anomalies are divided into three broad types, i.e., local transient, local long-term and global long-term. We propose a specific technique for each type and incorporate it in a completed scheme by re-designing some significant technical details. The contributions of this thesis can be summarised as follows. 1) Most existing techniques detect local transient anomalies using the principles of classification and clustering, which can only accurately characterise a dataset composed of well-separated dense regions which is unrealistic. To address this issue, we characterise a dataset in terms of its probability density function (PDF) through the histogram and then make an effort to reduce the computation consumed by real-time decision-making and the communication cost of information exchange. The numerical experiments demonstrate that the proposed schemes can achieve more robust performance with lower communication costs. 2) As existing techniques usually operate in a point-based manner that handles each observation individually, they cannot efficiently report local long-term anomalies and will incur much communication cost. We proposed several new techniques for handling data in a segment-based manner, where the anomaly detections are implemented through exploiting the spatial predictabilities among neighbouring data segments. As the covariance matrix is aggregated using the Spearman's rank correlation coefficient and differential compression, the proposed scheme reduces the communication cost by 80% in average while achieving comparable performance to the typical centralized approach. 3) Existing point-based techniques are not efficient in tracking global long-term behaviours of WSNs. We develop a specialised kernel density estimator to track the global PDF and then employ two types of approximated Kullback-Leibler divergence to measure the difference between every two temporally successive PDFs, whereby a global long-term anomaly is reported if the variation is beyond a threshold. The proposed scheme requires only transmission of a few data points while achieving high detection accuracy.