Meysam Alikhani; Mohammad Ahmadi Livani
Abstract
Mobile Ad-hoc Networks (MANETs) by contrast of other networks have more vulnerability because of having nature properties such as dynamic topology and no infrastructure. Therefore, a considerable challenge for these networks, is a method expansion that to be able to specify anomalies with high accuracy ...
Read More
Mobile Ad-hoc Networks (MANETs) by contrast of other networks have more vulnerability because of having nature properties such as dynamic topology and no infrastructure. Therefore, a considerable challenge for these networks, is a method expansion that to be able to specify anomalies with high accuracy at network dynamic topology alternation. In this paper, two methods proposed for dynamic anomaly detection in MANETs those named IPAD and IAPAD. The anomaly detection procedure consists three main phases: Training, Detection and Updating in these methods. In the IPAD method, to create the normal profile, we use the normal feature vectors and principal components analysis, in the training phase. In detection phase, during each time window, anomaly feature vectors based on their projection distance from the first global principal component specified. In updating phase, at end of each time window, normal profile updated by using normal feature vectors in some previous time windows and increasing principal components analysis. IAPAD is similar to IPAD method with a difference that each node use approximate first global principal component to specify anomaly feature vectors. In addition, normal profile will updated by using approximate singular descriptions in some previous time windows. The simulation results by using NS2 simulator for some routing attacks show that average detection rate and average false alarm rate in IPAD method is 95.14% and 3.02% respectively, and in IAPAD method is 94.20% and 2.84% respectively.
Mohammad Ahmadi Livani; mahdi Abadi; Meysam Alikhany; Meisam Yadollahzadeh Tabari
Abstract
Detecting anomalies is an important challenge for intrusion detection and fault diagnosis in wireless sensor networks (WSNs). To address the problem of outlier detection in wireless sensor networks, in this paper we present a PCA-based centralized approach and a DPCA-based distributed energy-efficient ...
Read More
Detecting anomalies is an important challenge for intrusion detection and fault diagnosis in wireless sensor networks (WSNs). To address the problem of outlier detection in wireless sensor networks, in this paper we present a PCA-based centralized approach and a DPCA-based distributed energy-efficient approach for detecting outliers in sensed data in a WSN. The outliers in sensed data can be caused due to compromised or malfunctioning nodes. In the distributed approach, we use distributed principal component analysis (DPCA) and fixed-width clustering (FWC) in order to establish a global normal pattern and to detect outlier. The process of establishing the global normal pattern is distributed among all sensor nodes. We also use weighted coefficients and a forgetting curve to periodically update the established normal profile. We demonstrate that the proposed distributed approach achieves comparable accuracy compared to the centralized approach, while the communication overhead in the network and energy consumption is significantly reduced.