Sequential Anomaly Detection in Wireless Sensor Networks and Effects of Long Range Dependant Data

Anomaly detection is important for the correct functioning of wireless sensor networks. Recent studies have shown that node mobility along with the spatial correlation of the monitored phenomenon in sensor networks can lead to observation data that have long-range dependency, which could significantly increase the difficulty of anomaly detection. In this article, we develop an anomaly detection scheme based on multiscale analysis of the long-range dependent traffic to address this challenge. In this proposed detection scheme, the discrete wavelet transform is used to approximately de-correlate the traffic data and capture data characteristics in different timescales. The remaining dependencies are then captured by a multilevel hidden Markov model in the wavelet domain. To estimate the model parameters, we develop an online discounting expectation-maximization (EM) algorithm, which also tracks variations of the estimated models over time. Network anomalies are detected as abrupt changes in the tracked model variation scores. Statistical properties of our detection scheme are evaluated numerically using long-range dependent time series. We also evaluate our detection scheme in malicious scenarios simulated using the NS-2 network simulator.