Abstract
Wireless sensor networks (WSNs) are vulnerable to attacks and faults which are often linked to abnormal events. Unsupervised
anomaly detection techniques can be incorporated into WSNs to effectively improve their security and robustness. In this thesis,
by both temporally and spatially analysing the influences of abnormal events, their corresponding anomalies are divided into
three broad types, i.e., local transient, local long-term and global long-term. We propose a specific technique for each type and
incorporate it in a completed scheme by re-designing some significant technical details. The contributions of this thesis can be
summarised as follows. 1) Most existing techniques detect local transient anomalies using the principles of classification and
clustering, which can only accurately characterise a dataset composed of well-separated dense regions which is unrealistic. To
address this issue, we characterise a dataset in terms of its probability density function (PDF) through the histogram and then
make an effort to reduce the computation consumed by real-time decision-making and the communication cost of information
exchange. The numerical experiments demonstrate that the proposed schemes can achieve more robust performance with lower
communication costs. 2) As existing techniques usually operate in a point-based manner that handles each observation
individually, they cannot efficiently report local long-term anomalies and will incur much communication cost. We proposed
several new techniques for handling data in a segment-based manner, where the anomaly detections are implemented through
exploiting the spatial predictabilities among neighbouring data segments. As the covariance matrix is aggregated using the
Spearman's rank correlation coefficient and differential compression, the proposed scheme reduces the communication cost by
80% in average while achieving comparable performance to the typical centralized approach. 3) Existing point-based techniques
are not efficient in tracking global long-term behaviours of WSNs. We develop a specialised kernel density estimator to track the
global PDF and then employ two types of approximated Kullback-Leibler divergence to measure the difference between every
two temporally successive PDFs, whereby a global long-term anomaly is reported if the variation is beyond a threshold. The
proposed scheme requires only transmission of a few data points while achieving high detection accuracy.