fh
play

FH University of Applied Sciences TECHNIKUM WIEN Dominik - PowerPoint PPT Presentation

Sep 11, 2023 •944 likes •1.07k views

SoK: A Taxonomy for Anomaly Detection in Wireless Sensor Networks focused on Node-level Techniques FH University of Applied Sciences TECHNIKUM WIEN Dominik Widhalm, Karl M. Gschka, Wolfgang Kastner Doctoral College Resilient Embedded

  1. SoK: A Taxonomy for Anomaly Detection in Wireless Sensor Networks focused on Node-level Techniques FH University of Applied Sciences TECHNIKUM WIEN Dominik Widhalm, Karl M. Göschka, Wolfgang Kastner Doctoral College Resilient Embedded Systems (DC-RES) dominik.widhalm@technikum-wien.at ARES 2020, August 25–28, 2020, Virtual Event, Ireland

  2. Why do we need a taxonomy specific for WSNs? Sensor Layer Fog Layer Cloud Layer Wireless Sensor Networks • Major source of data for our connected world • Strictly limited resources • Highly dynamic network structure • Wireless links with severe vulnerabilities • Operating in harsh environments → Need for separate treatment! SoK: A Taxonomy for Anomaly Detection in WSNs 1

  3. Why do we focus on run-time anomaly detection? Event or Fault? temp. [°C] 30 20 10 0 -10 time 00:00 12:00 00:00 12:00 00:00 12:00 00:00 12:00 00:00 Are those deviations related to the physical phenomena or are they fault-induced? Faults → Anomalies “In the absence of ground-truth value (. . . ) the term fault refers to a deviation from the expected value. Hence, these data faults can also be thought of as anomalies.” – Sharma et al. [25] SoK: A Taxonomy for Anomaly Detection in WSNs 2

  4. Taxonomy for Anomaly Detection I 2.1 Anomaly Class 2.2 Anomaly Degree 2.3 Operation Mode 2.4 Input Data Instances Data Anomaly Scalar O ffl ine Univariate Anomaly Detection Network Anomaly Score-based Online Multivariate Flow-based Node Anomaly Batch-based 2.5 Data Correlation 2.6 Model Structure 2.7 Detection Method 2.8 Other Other Statistical Correlation Host-based Statistical Adaptability Static Contextual Correlation Network-based Information Theoretic Dynamic Temporal Centralized Knowledge-based Application Domain Spatial Distributed Machine Learning Spatio-Temporal Network Architecture Comp. Intelligence Functional Flat Other Hierarchical see next slide SoK: A Taxonomy for Anomaly Detection in WSNs 3

  5. Taxonomy for Anomaly Detection II 2.7 Detection Method Statistical Information Theoretic Machine Learning Comp. Intelligence Other Parametric Entropy Supervised Granular Computing Graph Theory Gaussian Kolmogorov Compl. Rule-based Fuzzy Sets Game Theory SSA Nearest Neighbor Rough Sets Information Gain Cross-Layer Regression Support Vector Machines Shadowed Sets Chi-squared Mixture Bayesian Networks Probabilistic Reasoning Streaming etc. Non-Parametric Neuro-Computing Fisher score etc. Unsupervised Histogram-based Supervised Kernel-based Hierarchical Clustering Unsupervised Probabilistic Models k-means Clustering Semi-Supervised Knowledge-based Local Outlier Factor Reinforced Markov Process Model Expert System Competitive etc. Subjective Logic Rule-based Semi-Supervised Evolutionary Comp. Time Series Analysis Genetic Algorithm Ontology-based Reinforced Learner Spectral Decomp. Genetic Programming Logic-based Combination Learner Principal Component Analysis Swarm Intelligence Ensemble State Transition-based Arti fi cial Life Hybrid Arti fi cial Immune Systems Arti fi cial Endocrine Systems SoK: A Taxonomy for Anomaly Detection in WSNs 4

  6. Taxonomy for Anomaly Detection III 2.1 Class 2.7 Method 2.8 Other Architecture 2.2 Degree Adaptability Inf. Theory Knowledge Application 2.6 Model 2.3 Mode Statistical 2.5 Corr. Network 2.4 Data Other Node Data ML CI Authors Year Taxonomy Sebestyen et al. [1] 2018 Vasilomanolakis et al. [2]# 2015 × × × Wu & Banzhaf [3]# 2010 × × × Zhang et al. [4] 2007 Kumar et al. [5] 2019 Kurniabudi et al. [6] 2019 Zamini & Hasheminejad [7] 2019 Zhang & Xiao [8] 2019 Alaparthy et al. [9] 2018 Usman et al. [10] 2018 Duhan & Padmavati [11] 2016 Review / Survey Can & Sahingoz [12] 2015 Butun et al. [13] 2014 O’Reilly [14] 2014 Alrajeh & Lloret [15] 2013 Ghosal & Halder [16] 2013 Rassam et al. [17] 2013 Jurdak et al. [18] 2011 Xie et al. [19] 2011 Lim [20] 2010 Zhang et al. [21] 2010 Chandola et al. [22] 2009 Farooqi & Khan [23] 2009 Rajasegarar et al. [24] 2009 # not WSN-specific considered partly considered not considered × not applicable SoK: A Taxonomy for Anomaly Detection in WSNs 5

  7. Anomaly Detection in WSNs – New Insights (1) Evaluation Criteria Proper evaluation needs to consider correctness and efficiency metrics. (2) Node Anomalies Node anomaly detection approaches need to consider node-level information . (3) Artificial Immune System-based Anomaly Detection “. . . the process for characterizing a sensor network fault or anomaly is very similar to diagnosing an illness .” – Jurdak et al. [18] (4) Context-aware Anomaly Detection Cope with a dynamic environment and comply with the strict resource constraints of sensor nodes. SoK: A Taxonomy for Anomaly Detection in WSNs 7

  8. Conclusion To sum up . . . • Our paper proposes a taxonomy for anomaly detection • Based on related surveys & review articles (2007–2019) • New insights regarding efficient anomaly detection • Still a number of open research challenges SoK: A Taxonomy for Anomaly Detection in WSNs 8

  9. References I [1] G. Sebestyen, A. Hangan, Z. Czako, and G. Kovacs, “A taxonomy and platform for anomaly detection,” in 2018 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR) , IEEE, May 2018. DOI : 10.1109/aqtr.2018.8402710 . [2] E. Vasilomanolakis, S. Karuppayah, M. Mühlhäuser, and M. Fischer, “Taxonomy and survey of collaborative intrusion detection,” ACM Computing Surveys , vol. 47, no. 4, pp. 1–33, May 2015. DOI : 10.1145/2716260 . [3] S. X. Wu and W. Banzhaf, “The use of computational intelligence in intrusion detection systems: A review,” Applied Soft Computing , vol. 10, no. 1, pp. 1–35, 2010, ISSN : 1568-4946. DOI : 10.1016/j.asoc.2009.06.019 . [4] Y. Zhang, N. Meratnia, and P . Havinga, A taxonomy framework for unsupervised outlier detection techniques for multi-type data sets , ser. CTIT Technical Report Series Paper P-NS/TR-CTIT-07-79. Netherlands: Centre for Telematics and Information Technology (CTIT), Nov. 2007. [5] D. P . Kumar, T. Amgoth, and C. S. R. Annavarapu, “Machine learning algorithms for wireless sensor networks: A survey,” Information Fusion , vol. 49, pp. 1–25, 2019, ISSN : 1566-2535. DOI : 10.1016/j.inffus.2018.09.013 . [6] K. Kurniabudi, B. Purnama, S. Sharipuddin, D. Darmawijoyo, D. Stiawan, S. Samsuryadi, A. Heryanto, and R. Budiarto, “Network anomaly detection research: A survey,” Indonesian Journal of Electrical Engineering and Informatics (IJEEI) , vol. 7, no. 1, Mar. 2019. DOI : 10.11591/ijeei.v7i1.773 . [7] M. Zamini and S. M. H. Hasheminejad, “A comprehensive survey of anomaly detection in banking, wireless sensor networks, social networks, and healthcare,” Intelligent Decision Technologies , vol. 13, no. 2, pp. 229–270, May 2019, ISSN : 1872-4981. DOI : 10.3233/IDT-170155 . [8] R. Zhang and X. Xiao, “Intrusion detection in wireless sensor networks with an improved NSA based on space division,” Journal of Sensors , vol. 2019, pp. 1–20, Apr. 2019. DOI : 10.1155/2019/5451263 . SoK: A Taxonomy for Anomaly Detection in WSNs 9

  10. References II [9] V. T. Alaparthy, A. Amouri, and S. D. Morgera, “A study on the adaptability of immune models for wireless sensor network security,” Procedia Computer Science , vol. 145, pp. 13–19, 2018, ISSN : 1877-0509. DOI : 10.1016/j.procs.2018.11.003 . [10] M. Usman, V. Muthukkumarasamy, X. Wu, and S. Khanum, Mobile agent-based anomaly detection and verification system for smart home sensor networks . Springer Singapore, 2018, ISBN : 9789811074677. [11] S. Duhan and P . Khandnor, “Intrusion detection system in wireless sensor networks: A comprehensive review,” in 2016 International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT) , Mar. 2016, pp. 2707–2713. DOI : 10.1109/ICEEOT.2016.7755187 . [12] O. Can and O. K. Sahingoz, “A survey of intrusion detection systems in wireless sensor networks,” in 2015 6th International Conference on Modeling, Simulation, and Applied Optimization (ICMSAO) , May 2015, pp. 1–6. DOI : 10.1109/ICMSAO.2015.7152200 . [13] I. Butun, S. D. Morgera, and R. Sankar, “A survey of intrusion detection systems in wireless sensor networks,” IEEE Communications Surveys Tutorials , vol. 16, no. 1, pp. 266–282, First 2014. DOI : 10.1109/SURV.2013.050113.00191 . [14] C. O’Reilly, A. Gluhak, M. A. Imran, and S. Rajasegarar, “Anomaly detection in wireless sensor networks in a non-stationary environment,” IEEE Communications Surveys Tutorials , vol. 16, no. 3, pp. 1413–1432, Third 2014. DOI : 10.1109/SURV.2013.112813.00168 . [15] N. A. Alrajeh and J. Lloret, “Intrusion Detection Systems Based on Artificial Intelligence Techniques in Wireless Sensor Networks,” International Journal of Distributed Sensor Networks , vol. 9, no. 10, p. 351 047, 2013. DOI : 10.1155/2013/351047 . [16] A. Ghosal and S. Halder, “Intrusion detection in wireless sensor networks: Issues, challenges and approaches,” in Signals and Communication Technology , Springer Berlin Heidelberg, 2013, pp. 329–367. DOI : 10.1007/978-3-642-36169-2_10 . SoK: A Taxonomy for Anomaly Detection in WSNs 10

Recommend

More recommend