Matrix-Based Graph Comparison Method for Behavioural Patterns Analysis with Application to Anomaly Detection Using Machine Learning in Wireless Multi-hop IoT Networks

Student thesis: Doctoral ThesisDoctor of Philosophy (PhD)


The digital world we live in emphasises the importance of data. From an end-user perspective, data content and availability are important as they help to meet users' demands for application services. In a complex system, the relationship between service consumers and service data generation is not straightforward. Data generated remotely can leave users uncertain about its origin, whether it has been tampered with, or if it has been intercepted during delivery. Assurance can be enhanced through cyber solutions and cryptographic means, but these often require additional resources such as computational power and energy. Unfortunately, such resources may not always be readily available in systems like Wireless Multi-hop IoT Networks, also referred to as Wireless Sensor Networks (WSNs).

WSNs, being often geographically dispersed and utilizing meshed networking over a wireless medium, create topologies on an ad-hoc basis in an attempt to optimize data delivery, thus potentially creating an open attack surface. To bolster data assurance, automatic capturing of normal behaviour becomes crucial for detecting abnormalities or ensuring that everything operates within a normal perimeter.

The thesis concentrates on capturing, characterizing, and assessing behavioural patterns to enhance data assurance and perform anomaly detection. These behavioural patterns, incorporating topology and data distributions, are modelled as labelled, directed, and weighted graphs. To effectively detect behavioural changes, a graph comparison method is necessary. In the context of WSNs, ad-hoc (opportunistic) connectivity paths facilitate communication with the destination, usually through the edge of the system. Alteration or disturbance of these paths can have a significant impact on data delivery service, and such attempts are identified through behavioural patterns analysis.

In the thesis, a graph comparison method along with associated metrics is proposed for use with machine learning algorithms to assess behavioural patterns. This methodology is specifically applied to WSNs to calculate numerical fingerprints and scores for topology and data patterns, enabling the detection of normal behaviour or anomalies stemming from misconfiguration and attacks. The results obtained demonstrate that behavioural characterization aids in the detection of both normal and unusual events within the system.
Date of Award7 May 2024
Original languageEnglish
Awarding Institution
  • University of Bristol
SupervisorGeorge Oikonomou (Supervisor) & Trevor P Martin (Supervisor)

Cite this