Home » Anomaly Detection in Wireless Sensor Networks: Visual Assessment and Clustering in Environmental Monitoring Systems

Anomaly Detection in Wireless Sensor Networks: Visual Assessment and Clustering in Environmental Monitoring Systems

By IEEE Ottawa Section Publications

18 November, 2011

Speaker: Dr. James Bezdek Retired Professor

Â Â Â Â Â Â Â Â Â (http://uwf.edu/computerscience/fac_staff/bezdek.cfm).

Title: Anomaly Detection in Wireless Sensor Networks: Visual Assessment and Clustering in Environmental Monitoring Systems

Date: Wednesday November 23, 2011

Time: 9:30-11:30 (EDT)

Location: Â Building M-50, NRC Auditorium, 1200 Montreal Road, Ottawa, Canada

Parking is free, and refreshments will be served.

Abstract:Â

A. General information about wireless sensor networks (WSNs). There are four categories of network anomalies: isolated and epoch anomalies are aberrant behavior internal to a single node; second order anomalies are atypical behavior of an entire node; and higher order anomalies are one or more subtrees of nodes in the network that exhibit anomalous behavior. We discuss two types of models to detect anomalies; DCAD models that use data capture by level sets of elliptical summaries; and ESAD models that rely on visual assessment of elliptical summaries, with detection based on single linkage clustering.

B. We define and illustrate three (DCAD) models that use data capture by level sets of ellipsoids having effective radii chosen with differing assumptions (viz., % of points captured, % of points within k standard deviations from the mean, and % of points captured based on the chi-squared distribution. Examples are given using real WSN data from the Intel Berkeley Research Lab (IBRL).

C. The ESAD models use visual assessment of elliptical summaries for anomaly detection. These models begin with four measures of similarity on sets of ellipsoids, namely compound normalized, transformation energy, Bhattacharya distance and focal dissimilarity. We define the four measures and compare them with some simple two-dimensional examples that reveal some surprising differences between human and mathematical assessment of elliptical similarities.

D. The similarities in C easily become dissimilarities, so we can apply visual assessment techniques (the recursive iVAT method of talk R1.C) to images of the (dis)similarity data. These images enable us to assess cluster tendency amongst the set of ellipsoids, and estimate the number of clusters (of elliptical summaries) in the data.
E. We show that these images are capable of detecting each of the anomalous behaviors defined in A with numerical examples using both real WSN and artificial data. The real data include the IBRL network, the Great Barrier Reef Ocean Observation System, and the Grand St. Bernard network for wind monitoring in a mountain pass on the border between France and Switzerland. Our model reliable detects first and second order anomalies in each of the three real data sets that are caused by Cyclone Hamish and node drift. These examples illustrate the real effectiveness of the ESAD model for detecting unusual events in environmental monitoring network