Anomaly detection in wireless sensor networks: A survey

Xie, Miao; Han, Sunyoung; Tian, Bo; Parvin, Salma

doi:10.1016/j.jnca.2011.03.004

Cited by 282 publications

(159 citation statements)

References 37 publications

Supporting

Mentioning

156

Contrasting

Unclassified

Order By: Relevance

“…The k-means algorithm is the most widely used algorithm for data mining applications [6,27]. It is simple, scalable, easily understood, and can be adopted to work with high-dimensional data [28][29][30].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Anomaly Detection Based on Optimization

Alguliyev¹,

Alıguliyev²,

İmamverdiyev³

et al. 2017

IJISA

View full text Add to dashboard Cite

Abstract-At present, an anomaly detection is one of the important problems in many fields. The rapid growth of data volumes requires the availability of a tool for data processing and analysis of a wide variety of data types. The methods for anomaly detection are designed to detect object's deviations from normal behavior. However, it is difficult to select one tool for all types of anomalies due to the increasing computational complexity and the nature of the data. In this paper, an improved optimization approach for a previously known number of clusters, where a weight is assigned to each data point, is proposed. The aim of this article is to show that weighting of each data point improves the clustering solution. The experimental results on three datasets show that the proposed algorithm detects anomalies more accurately. It was compared to the k-means algorithm. The quality of the clustering result was estimated using clustering evaluation metrics. This research shows that the proposed method works better than k-means on the Australia (credit card applications) dataset according to the Purity, Mirkin and F-measure metrics, and on the heart diseases dataset according to F-measure and variation of information metric.

show abstract

Section: Related Workmentioning

confidence: 99%

“…The solution of the anomaly detection problem is not trivial [6,7]. Another reason is that several methods for anomaly detection require labeling of normal and/or abnormal behaviors that are not easy to archive [8,9].…”

Section: Introductionmentioning

confidence: 99%

An Anomaly Detection Based on Optimization

Alguliyev¹,

Alıguliyev²,

İmamverdiyev³

et al. 2017

IJISA

View full text Add to dashboard Cite

show abstract

“…For decades, researchers have been developing techniques and tools to identify security anomalies. For example, recent works have covered topics from the identification of anomalous user behaviour in social networks (Viswanath et al, 2014), anomalies in network traffic (Catania et al, 2012;Mahoney, 2003), anomaly detection in wireless networks (Islam and Rahman, 2011;Xie et al, 2011), and the anomaly detection in power station security (Ten et al, 2011). All these studies generate good results and demonstrate the potential of using machine learning and statistics to identify anomalies.…”

Section: Related Workmentioning

confidence: 99%

Identification of irregularities and allocation suggestion of relative file system permissions

Parkinson

Crampton

2016

Journal of Information Security and Applications

View full text Add to dashboard Cite

It is well established that file system permissions in large, multi-user environments can be audited to identify vulnerabilities with respect to what is regarded as standard practice. For example, identifying that a user has an elevated level of access to a system directory which is unnecessary and introduces a vulnerability. Similarly, the allocation of new file system permissions can be assigned following the same standard practices. On the contrary, and less well established, is the identification of potential vulnerabilities as well as the implementation of new permissions with respect to a system's current access control implementation. Such tasks are heavily reliant on expert interpretation. For example, the assigned relationship between users and groups, directories and their parents, and the allocation of permissions on file system resources all need to be carefully considered.This paper presents the novel use of statistical analysis to establish independence and homogeneity in allocated file system permissions. This independence can be interpreted as potential anomalies in a system's implementation of access control. The paper then presents the use of instance-based learning to suggest the allocation of new permissions conforming to a system's current implementation structure. Following this, both of the presented techniques are then included in a tool for interacting with Microsoft's New Technology File System permissions (NTFS). This involves experimental analysis on six different NTFS directories structures within different organisations. From using this tool we can establish the effectiveness of the developed techniques by evaluating the true positive and true negative instances. The presented results demonstrate the potential of the proposed techniques for overcoming complexities with real-world file system administration.

show abstract

“…We cover a broader spectrum of papers since we include techniques other than anomaly detection, describe further steps for detecting malicious data and include a significant amount of literature published since then. Xie et al [2011] survey anomaly detection in WSNs, with a focus on the WSN architecture (Hirearchical/Flat) and the detection approach (statistical, rule based, data mining etc.). They describe the detection procedure in a similar way to us: definition of a "normal profile", which we refer to as normal or expected behaviour, and test to decide whether it is an anomaly or not, or to what extent.…”

Section: Related Surveysmentioning

confidence: 99%

“…They describe the detection procedure in a similar way to us: definition of a "normal profile", which we refer to as normal or expected behaviour, and test to decide whether it is an anomaly or not, or to what extent. However, our survey is structured based on the approach to both the definition of the normal behaviour and the detection based on it, while [Xie et al 2011] focus only on the latter. This choice allows us to pinpoint the motivation for the use of a particular detection technique, based on how the data normally looks like.…”

Section: Related Surveysmentioning

confidence: 99%

Detecting Malicious Data Injections in Wireless Sensor Networks

Illiano

Lupu

2015

ACM Comput. Surv.

View full text Add to dashboard Cite

Wireless Sensor Networks are widely advocated to monitor environmental parameters, structural integrity of the built environment and use of urban spaces, services and utilities. However, embedded sensors are vulnerable to compromise by external actors through malware but also through their wireless and physical interfaces. Compromised sensors can be made to report false measurements with the aim to produce inappropriate and potentially dangerous responses. Such malicious data injections can be particularly difficult to detect if multiple sensors have been compromised as they could emulate plausible sensor behaviour such as failures or detection of events where none occur. This survey reviews the related work on malicious data injection in wireless sensor networks, derives general principles and a classification of approaches within this domain, compares related studies and identifies areas that require further investigation.

show abstract

Anomaly detection in wireless sensor networks: A survey

Cited by 282 publications

References 37 publications

An Anomaly Detection Based on Optimization

An Anomaly Detection Based on Optimization

Identification of irregularities and allocation suggestion of relative file system permissions

Detecting Malicious Data Injections in Wireless Sensor Networks

Contact Info

Product

Resources

About