Abstract
Wireless sensor networks are often distributed
which makes detection of cyber-attacks or misconfiguration hard.
Topology and data patterns change may result from attacks
leading to the compromise of data and service availability or
indicate operational problems. Graphs are often used to model
topology and data paths to describe and compare state of a
system. For anomaly detection, the definition of normal patterns,
deviation from normal, and criteria when to declare anomaly
are required. In this contribution the process of acquisition of
normal patterns (ground truth), and criteria when to declare
anomaly based on graph comparison are proposed. The anomaly
detection is suitable for deployment at the edge of a network.
Finally, the inability to define all security threats is addressed
by a custom tree-based classifier which only requires normal
patterns for training. A simulated wireless sensor network was
used to acquire data and apply the method. Our experiments
show that data and topology change can be detected at the edge
of a network.
which makes detection of cyber-attacks or misconfiguration hard.
Topology and data patterns change may result from attacks
leading to the compromise of data and service availability or
indicate operational problems. Graphs are often used to model
topology and data paths to describe and compare state of a
system. For anomaly detection, the definition of normal patterns,
deviation from normal, and criteria when to declare anomaly
are required. In this contribution the process of acquisition of
normal patterns (ground truth), and criteria when to declare
anomaly based on graph comparison are proposed. The anomaly
detection is suitable for deployment at the edge of a network.
Finally, the inability to define all security threats is addressed
by a custom tree-based classifier which only requires normal
patterns for training. A simulated wireless sensor network was
used to acquire data and apply the method. Our experiments
show that data and topology change can be detected at the edge
of a network.
Original language | English |
---|---|
Title of host publication | 17th International Conference on Distributed Computing in Sensor Systems (DCOSS) |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 535-542 |
Number of pages | 8 |
ISBN (Electronic) | 9781665439299 |
ISBN (Print) | 9781665439305 |
DOIs | |
Publication status | Published - 17 Nov 2021 |
Event | 2021 17th International Conference on Distributed Computing in Sensor Systems (DCOSS) - Cyprus, Pafos, Cyprus Duration: 14 Jul 2021 → 16 Jul 2021 https://dcoss.org/ |
Publication series
Name | International Conference on Distributed Computing in Sensor Systems (DCOSS) |
---|---|
Publisher | IEEE |
ISSN (Print) | 2325-2936 |
ISSN (Electronic) | 2325-2944 |
Conference
Conference | 2021 17th International Conference on Distributed Computing in Sensor Systems (DCOSS) |
---|---|
Abbreviated title | DCOSS |
Country/Territory | Cyprus |
City | Pafos |
Period | 14/07/21 → 16/07/21 |
Internet address |
Keywords
- Anomaly detection
- Machine learning
- Sensor networks
- Data pattern
- Topology
- Graph
- Cyber-security
- Fault detection