FH University of Applied Sciences TECHNIKUM WIEN Dominik - - PowerPoint PPT Presentation

fh
SMART_READER_LITE
LIVE PREVIEW

FH University of Applied Sciences TECHNIKUM WIEN Dominik - - PowerPoint PPT Presentation

Sep 11, 2023 944 likes •1.07k views

SoK: A Taxonomy for Anomaly Detection in Wireless Sensor Networks focused on Node-level Techniques FH University of Applied Sciences TECHNIKUM WIEN Dominik Widhalm, Karl M. Gschka, Wolfgang Kastner Doctoral College Resilient Embedded

slide-1
SLIDE 1

SoK: A Taxonomy for Anomaly Detection in Wireless Sensor Networks focused on Node-level Techniques

Dominik Widhalm, Karl M. Göschka, Wolfgang Kastner

Doctoral College Resilient Embedded Systems (DC-RES) dominik.widhalm@technikum-wien.at ARES 2020, August 25–28, 2020, Virtual Event, Ireland

University of Applied Sciences

TECHNIKUM FH WIEN

slide-2
SLIDE 2

Why do we need a taxonomy specific for WSNs? Sensor Layer Fog Layer Cloud Layer

Wireless Sensor Networks

  • Major source of data for our connected world
  • Strictly limited resources
  • Highly dynamic network structure
  • Wireless links with severe vulnerabilities
  • Operating in harsh environments

→ Need for separate treatment!

SoK: A Taxonomy for Anomaly Detection in WSNs 1

slide-3
SLIDE 3

Why do we focus on run-time anomaly detection?

Event or Fault? 00:00

time

  • temp. [°C]
  • 10

10 20 30 12:00 00:00 00:00 00:00 00:00 12:00 12:00 12:00

Are those deviations related to the physical phenomena or are they fault-induced?

Faults → Anomalies

“In the absence of ground-truth value (. . . ) the term fault refers to a deviation from the expected value. Hence, these data faults can also be thought of as anomalies.” – Sharma et al. [25]

SoK: A Taxonomy for Anomaly Detection in WSNs 2

slide-4
SLIDE 4

Taxonomy for Anomaly Detection I

Anomaly Detection Data Anomaly Network Anomaly Node Anomaly Anomaly Class 2.1 Scalar Score-based Anomaly Degree 2.2 Offline Online

Flow-based Batch-based

Operation Mode 2.3 Univariate Multivariate Input Data Instances 2.4

Temporal Spatial Spatio-Temporal

Contextual Correlation

Functional

Statistical Correlation Data Correlation 2.5 Host-based Network-based

Centralized Distributed

Model Structure 2.6 Application Domain Adaptability

Static Dynamic

Network Architecture

Flat Hierarchical

Other Other 2.8 Statistical Information Theoretic

  • Comp. Intelligence

Other Machine Learning Knowledge-based Detection Method 2.7

see next slide

SoK: A Taxonomy for Anomaly Detection in WSNs 3

slide-5
SLIDE 5

Taxonomy for Anomaly Detection II

Information Theoretic Entropy Kolmogorov Compl. Information Gain Fisher score Chi-squared Machine Learning Reinforced Learner Combination Learner

Hybrid Ensemble

Semi-Supervised

Hierarchical Clustering k-means Clustering Local Outlier Factor etc.

Unsupervised Supervised

Rule-based Nearest Neighbor Support Vector Machines Bayesian Networks etc.

  • Comp. Intelligence

Granular Computing

Fuzzy Sets Rough Sets Shadowed Sets Probabilistic Reasoning

Neuro-Computing

Supervised Unsupervised Reinforced Competitive

Evolutionary Comp. Artificial Life

Artificial Immune Systems Swarm Intelligence Genetic Algorithm Genetic Programming Artificial Endocrine Systems Semi-Supervised

Other Graph Theory Game Theory Cross-Layer Streaming etc. Knowledge-based Expert System Rule-based Ontology-based State Transition-based Logic-based Statistical Parametric

Gaussian

Non-Parametric

Mixture Regression Histogram-based Kernel-based Subjective Logic

Time Series Analysis

Markov Process Model

Probabilistic Models

SSA

Spectral Decomp.

Principal Component Analysis

Detection Method 2.7

SoK: A Taxonomy for Anomaly Detection in WSNs 4

slide-6
SLIDE 6

Taxonomy for Anomaly Detection III

2.1 Class 2.7 Method 2.8 Other Authors Year Data Network Node 2.2 Degree 2.3 Mode 2.4 Data 2.5 Corr. 2.6 Model Statistical

  • Inf. Theory

Knowledge ML CI Other Adaptability Application Architecture Taxonomy Sebestyen et al. [1] 2018 Vasilomanolakis et al. [2]# 2015 × × × Wu & Banzhaf [3]# 2010 × × × Zhang et al. [4] 2007 Review / Survey Kumar et al. [5] 2019 Kurniabudi et al. [6] 2019 Zamini & Hasheminejad [7] 2019 Zhang & Xiao [8] 2019 Alaparthy et al. [9] 2018 Usman et al. [10] 2018 Duhan & Padmavati [11] 2016 Can & Sahingoz [12] 2015 Butun et al. [13] 2014 O’Reilly [14] 2014 Alrajeh & Lloret [15] 2013 Ghosal & Halder [16] 2013 Rassam et al. [17] 2013 Jurdak et al. [18] 2011 Xie et al. [19] 2011 Lim [20] 2010 Zhang et al. [21] 2010 Chandola et al. [22] 2009 Farooqi & Khan [23] 2009 Rajasegarar et al. [24] 2009 considered partly considered not considered × not applicable # not WSN-specific SoK: A Taxonomy for Anomaly Detection in WSNs 5

slide-7
SLIDE 7

Anomaly Detection in WSNs – New Insights

(1) Evaluation Criteria

Proper evaluation needs to consider correctness and efficiency metrics.

(2) Node Anomalies

Node anomaly detection approaches need to consider node-level information.

(3) Artificial Immune System-based Anomaly Detection

“. . . the process for characterizing a sensor network fault or anomaly is very similar to diagnosing an illness.” – Jurdak et al. [18]

(4) Context-aware Anomaly Detection

Cope with a dynamic environment and comply with the strict resource constraints of sensor nodes.

SoK: A Taxonomy for Anomaly Detection in WSNs 7

slide-8
SLIDE 8

Conclusion

To sum up . . .

  • Our paper proposes a taxonomy for anomaly detection
  • Based on related surveys & review articles (2007–2019)
  • New insights regarding efficient anomaly detection
  • Still a number of open research challenges

SoK: A Taxonomy for Anomaly Detection in WSNs 8

slide-9
SLIDE 9

References I

[1]

  • G. Sebestyen, A. Hangan, Z. Czako, and G. Kovacs, “A taxonomy and platform for anomaly detection,” in 2018 IEEE

International Conference on Automation, Quality and Testing, Robotics (AQTR), IEEE, May 2018. DOI: 10.1109/aqtr.2018.8402710. [2]

  • E. Vasilomanolakis, S. Karuppayah, M. Mühlhäuser, and M. Fischer, “Taxonomy and survey of collaborative intrusion

detection,” ACM Computing Surveys, vol. 47, no. 4, pp. 1–33, May 2015. DOI: 10.1145/2716260. [3]

  • S. X. Wu and W. Banzhaf, “The use of computational intelligence in intrusion detection systems: A review,” Applied Soft

Computing, vol. 10, no. 1, pp. 1–35, 2010, ISSN: 1568-4946. DOI: 10.1016/j.asoc.2009.06.019. [4]

  • Y. Zhang, N. Meratnia, and P

. Havinga, A taxonomy framework for unsupervised outlier detection techniques for multi-type data sets, ser. CTIT Technical Report Series Paper P-NS/TR-CTIT-07-79. Netherlands: Centre for Telematics and Information Technology (CTIT), Nov. 2007. [5]

  • D. P

. Kumar, T. Amgoth, and C. S. R. Annavarapu, “Machine learning algorithms for wireless sensor networks: A survey,” Information Fusion, vol. 49, pp. 1–25, 2019, ISSN: 1566-2535. DOI: 10.1016/j.inffus.2018.09.013. [6]

  • K. Kurniabudi, B. Purnama, S. Sharipuddin, D. Darmawijoyo, D. Stiawan, S. Samsuryadi, A. Heryanto, and R. Budiarto,

“Network anomaly detection research: A survey,” Indonesian Journal of Electrical Engineering and Informatics (IJEEI), vol. 7, no. 1, Mar. 2019. DOI: 10.11591/ijeei.v7i1.773. [7]

  • M. Zamini and S. M. H. Hasheminejad, “A comprehensive survey of anomaly detection in banking, wireless sensor

networks, social networks, and healthcare,” Intelligent Decision Technologies, vol. 13, no. 2, pp. 229–270, May 2019,

ISSN: 1872-4981. DOI: 10.3233/IDT-170155.

[8]

  • R. Zhang and X. Xiao, “Intrusion detection in wireless sensor networks with an improved NSA based on space division,”

Journal of Sensors, vol. 2019, pp. 1–20, Apr. 2019. DOI: 10.1155/2019/5451263.

SoK: A Taxonomy for Anomaly Detection in WSNs 9

slide-10
SLIDE 10

References II

[9]

  • V. T. Alaparthy, A. Amouri, and S. D. Morgera, “A study on the adaptability of immune models for wireless sensor network

security,” Procedia Computer Science, vol. 145, pp. 13–19, 2018, ISSN: 1877-0509. DOI: 10.1016/j.procs.2018.11.003. [10]

  • M. Usman, V. Muthukkumarasamy, X. Wu, and S. Khanum, Mobile agent-based anomaly detection and verification system

for smart home sensor networks. Springer Singapore, 2018, ISBN: 9789811074677. [11]

  • S. Duhan and P

. Khandnor, “Intrusion detection system in wireless sensor networks: A comprehensive review,” in 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT), Mar. 2016, pp. 2707–2713.

DOI: 10.1109/ICEEOT.2016.7755187.

[12]

  • O. Can and O. K. Sahingoz, “A survey of intrusion detection systems in wireless sensor networks,” in 2015 6th

International Conference on Modeling, Simulation, and Applied Optimization (ICMSAO), May 2015, pp. 1–6. DOI: 10.1109/ICMSAO.2015.7152200. [13]

  • I. Butun, S. D. Morgera, and R. Sankar, “A survey of intrusion detection systems in wireless sensor networks,” IEEE

Communications Surveys Tutorials, vol. 16, no. 1, pp. 266–282, First 2014. DOI: 10.1109/SURV.2013.050113.00191. [14]

  • C. O’Reilly, A. Gluhak, M. A. Imran, and S. Rajasegarar, “Anomaly detection in wireless sensor networks in a

non-stationary environment,” IEEE Communications Surveys Tutorials, vol. 16, no. 3, pp. 1413–1432, Third 2014. DOI: 10.1109/SURV.2013.112813.00168. [15]

  • N. A. Alrajeh and J. Lloret, “Intrusion Detection Systems Based on Artificial Intelligence Techniques in Wireless Sensor

Networks,” International Journal of Distributed Sensor Networks, vol. 9, no. 10, p. 351 047, 2013. DOI: 10.1155/2013/351047. [16]

  • A. Ghosal and S. Halder, “Intrusion detection in wireless sensor networks: Issues, challenges and approaches,” in Signals

and Communication Technology, Springer Berlin Heidelberg, 2013, pp. 329–367. DOI: 10.1007/978-3-642-36169-2_10.

SoK: A Taxonomy for Anomaly Detection in WSNs 10

slide-11
SLIDE 11

References III

[17]

  • M. Rassam, A. Zainal, and M. Maarof, “Advancements of data anomaly detection research in wireless sensor networks: A

survey and open issues,” Sensors, vol. 13, no. 8, pp. 10 087–10 122, Aug. 2013. DOI: 10.3390/s130810087. [18]

  • R. Jurdak, X. R. Wang, O. Obst, and P

. Valencia, “Wireless sensor network anomalies: Diagnosis and detection strategies,” in Intelligence-Based Systems Engineering, A. Tolk and L. C. Jain, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011, pp. 309–325, ISBN: 978-3-642-17931-0. DOI: 10.1007/978-3-642-17931-0_12. [19]

  • M. Xie, S. Han, B. Tian, and S. Parvin, “Anomaly detection in wireless sensor networks: A survey,” Journal of Network and

Computer Applications, vol. 34, no. 4, pp. 1302–1325, 2011, ISSN: 1084-8045. DOI: 10.1016/j.jnca.2011.03.004. [20]

  • T. H. Lim, “Detecting anomalies in wireless sensor networks,” PhD thesis, University of York, Aug. 2010.

[21]

  • Y. Zhang, N. Meratnia, and P

. Havinga, “Outlier detection techniques for wireless sensor networks: A survey,” IEEE Communications Surveys Tutorials, vol. 12, no. 2, pp. 159–170, Second 2010. DOI: 10.1109/SURV.2010.021510.00088. [22]

  • V. Chandola, A. Banerjee, and V. Kumar, “Anomaly detection: A survey,” ACM Computing Surveys, vol. 41, no. 3,
  • pp. 1–58, Jul. 2009. DOI: 10.1145/1541880.1541882.

[23]

  • A. H. Farooqi and F

. A. Khan, “Intrusion detection systems for wireless sensor networks: A survey,” in Communication and Networking, Springer Berlin Heidelberg, 2009, pp. 234–241. DOI: 10.1007/978-3-642-10844-0_29. [24]

  • S. Rajasegarar, C. Leckie, and M. Palaniswami, “Detecting data anomalies in wireless sensor networks,” in Security in Ad

Hoc and Sensor Networks, WORLD SCIENTIFIC, Sep. 2009, pp. 231–259. DOI: 10.1142/9789814271097_0008. [25]

  • A. B. Sharma, L. Golubchik, and R. Govindan, “Sensor faults: Detection methods and prevalence in real-world datasets,”

ACM Trans. on Sensor Networks, vol. 6, no. 3, pp. 1–39, Jun. 2010. DOI: 10.1145/1754414.1754419.

SoK: A Taxonomy for Anomaly Detection in WSNs 11