Multi-scale Analysis of Long Range Dependent Traffic for Anomaly Detection in Wireless Sensor Networks

S. Zheng and J. S. Baras

Proceedings of the 50th IEEE Conference on Decision and Control and European Control Conference (CDC-ECC 2011), pp. 4060-4065, Orlando, USA, December 12-15, 2011.

Abstract

Anomaly detection is important for the correct functioning of wireless sensor networks. Recent studies have shown that node mobility along with spatial correlation of the monitored phenomenon in sensor networks can lead to observation data that have long range dependency, which could significantly increase the difficulty of anomaly detection. In this paper, we develop an anomaly detection scheme based on multiscale analysis of the long range dependent traffic to address this challenge. In this proposed detection scheme, discrete wavelet transform is used to approximately de-correlate the traffic data and capture data characteristics in different time scales. The remaining dependencies are then captured by a multi-level hidden Markov model in the wavelet domain. To estimate the model parameters, we propose an online discounting Expectation Maximization (EM) algorithm, which also tracks variations of the estimated models over time. Network anomalies are detected as abrupt changes in the tracked model variation scores. We evaluate our detection scheme numerically using typical long range dependent time series.