Advanced

Detection and identification of anomalies in wireless mesh networks using Principal Component Analysis (PCA)

Hakami, Sara; Zaidi, Zainab; Landfeldt, Björn LU and Moors, Tim (2008) International Symposium on Parallel Architectures, Algorithms, and Networks, I-SPAN 2008 In [Host publication title missing] p.266-266
Abstract
Anomaly detection is becoming a powerful and necessary component as wireless networks gain popularity. In this paper, we evaluate the efficacy of PCA based anomaly detection for wireless mesh networks. PCA was originally developed for wired networks. Our experiments show that it is possible to detect different types of anomalies in an interference prone wireless environment. However, the sensitivity of PCA to small changes in flows prompted us to develop an anomaly identification scheme which automatically identifies the flow(s) causing the detected anomaly and their contributions in terms of number of packets. Our results show that the identification scheme is able to differentiate false alarms from real anomalies and pinpoint the... (More)
Anomaly detection is becoming a powerful and necessary component as wireless networks gain popularity. In this paper, we evaluate the efficacy of PCA based anomaly detection for wireless mesh networks. PCA was originally developed for wired networks. Our experiments show that it is possible to detect different types of anomalies in an interference prone wireless environment. However, the sensitivity of PCA to small changes in flows prompted us to develop an anomaly identification scheme which automatically identifies the flow(s) causing the detected anomaly and their contributions in terms of number of packets. Our results show that the identification scheme is able to differentiate false alarms from real anomalies and pinpoint the culprit(s) in case of a real fault or threat. The experiments were performed over an 8 node mesh testbed deployed in an urban street layout in Sydney, under different realistic traffic scenarios. Our identification scheme facilitates the use of PCA based method for real-time anomaly detection in wireless networks as it can filter the false alarms locally at the monitoring nodes without excessive computational overhead. (Less)
Please use this url to cite or link to this publication:
author
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
in
[Host publication title missing]
pages
266 - 266
publisher
IEEE--Institute of Electrical and Electronics Engineers Inc.
conference name
International Symposium on Parallel Architectures, Algorithms, and Networks, I-SPAN 2008
external identifiers
  • scopus:49149102898
ISSN
1087-4089
ISBN
978-0-7695-3125-0
DOI
10.1109/I-SPAN.2008.14
language
English
LU publication?
no
id
a9fbdea5-8480-4150-a27c-15f5f3ccfbfc (old id 3131086)
date added to LUP
2012-10-19 11:38:52
date last changed
2017-09-24 04:08:05
@inproceedings{a9fbdea5-8480-4150-a27c-15f5f3ccfbfc,
  abstract     = {Anomaly detection is becoming a powerful and necessary component as wireless networks gain popularity. In this paper, we evaluate the efficacy of PCA based anomaly detection for wireless mesh networks. PCA was originally developed for wired networks. Our experiments show that it is possible to detect different types of anomalies in an interference prone wireless environment. However, the sensitivity of PCA to small changes in flows prompted us to develop an anomaly identification scheme which automatically identifies the flow(s) causing the detected anomaly and their contributions in terms of number of packets. Our results show that the identification scheme is able to differentiate false alarms from real anomalies and pinpoint the culprit(s) in case of a real fault or threat. The experiments were performed over an 8 node mesh testbed deployed in an urban street layout in Sydney, under different realistic traffic scenarios. Our identification scheme facilitates the use of PCA based method for real-time anomaly detection in wireless networks as it can filter the false alarms locally at the monitoring nodes without excessive computational overhead.},
  author       = {Hakami, Sara and Zaidi, Zainab and Landfeldt, Björn and Moors, Tim},
  booktitle    = {[Host publication title missing]},
  isbn         = {978-0-7695-3125-0},
  issn         = {1087-4089},
  language     = {eng},
  pages        = {266--266},
  publisher    = {IEEE--Institute of Electrical and Electronics Engineers Inc.},
  title        = {Detection and identification of anomalies in wireless mesh networks using Principal Component Analysis (PCA)},
  url          = {http://dx.doi.org/10.1109/I-SPAN.2008.14},
  year         = {2008},
}