A performance study of anomaly detection using entropy method

An experiment to study the entropy method for an anomaly detection system has been performed. The study has been conducted using real data generated from the distributed sensor networks at the Intel Berkeley Research Laboratory. The experimental results were compared with the elliptical method and has been analyzed in two dimensional data sets acquired from temperature and humidity sensors across 52 micro controllers. Using the binary classification to determine the upper and lower boundaries for each series of sensors, it has been shown that the entropy method are able to detect more number of out ranging sensor nodes than the elliptical methods. It can be argued that the better result was mainly due to the lack of elliptical approach which is requiring certain correlation between two sensor series, while in the entropy approach each sensor series is treated independently. This is very important in the current case where both sensor series are not correlated each other.Comment: Proceeding of the International Conference on Computer, Control, Informatics and its Applications (2017) pp. 137-14

Network anomaly detection research: a survey

Data analysis to identifying attacks/anomalies is a crucial task in anomaly detection and network anomaly detection itself is an important issue in network security. Researchers have developed methods and algorithms for the improvement of the anomaly detection system. At the same time, survey papers on anomaly detection researches are available. Nevertheless, this paper attempts to analyze futher and to provide alternative taxonomy on anomaly detection researches focusing on methods, types of anomalies, data repositories, outlier identity and the most used data type. In addition, this paper summarizes information on application network categories of the existing studies

Regularized Block Toeplitz Covariance Matrix Estimation via Kronecker Product Expansions

In this work we consider the estimation of spatio-temporal covariance matrices in the low sample non-Gaussian regime. We impose covariance structure in the form of a sum of Kronecker products decomposition (Tsiligkaridis et al. 2013, Greenewald et al. 2013) with diagonal correction (Greenewald et al.), which we refer to as DC-KronPCA, in the estimation of multiframe covariance matrices. This paper extends the approaches of (Tsiligkaridis et al.) in two directions. First, we modify the diagonally corrected method of (Greenewald et al.) to include a block Toeplitz constraint imposing temporal stationarity structure. Second, we improve the conditioning of the estimate in the very low sample regime by using Ledoit-Wolf type shrinkage regularization similar to (Chen, Hero et al. 2010). For improved robustness to heavy tailed distributions, we modify the KronPCA to incorporate robust shrinkage estimation (Chen, Hero et al. 2011). Results of numerical simulations establish benefits in terms of estimation MSE when compared to previous methods. Finally, we apply our methods to a real-world network spatio-temporal anomaly detection problem and achieve superior results.Comment: To appear at IEEE SSP 2014 4 page

Computational Contributions to the Automation of Agriculture

The purpose of this paper is to explore ways that computational advancements have enabled the complete automation of agriculture from start to finish. With a major need for agricultural advancements because of food and water shortages, some farmers have begun creating their own solutions to these problems. Primarily explored in this paper, however, are current research topics in the automation of agriculture. Digital agriculture is surveyed, focusing on ways that data collection can be beneficial. Additionally, self-driving technology is explored with emphasis on farming applications. Machine vision technology is also detailed, with specific application to weed management and harvesting of crops. Finally, the effects of automating agriculture are briefly considered, including labor, the environment, and direct effects on farmers

Unsupervised anomaly detection for unlabelled wireless sensor networks data

With the advances in sensor technology, sensor nodes, the tiny yet powerful device are used to collect data from the various domain. As the sensor nodes communicate continuously from the target areas to base station, hundreds of thousands of data are collected to be used for the decision making. Unfortunately, the big amount of unlabeled data collected and stored at the base station. In most cases, data are not reliable due to several reasons. Therefore, this paper will use the unsupervised one-class SVM (OCSVM) to build the anomaly detection schemes for better decision making. Unsupervised OCSVM is preferable to be used in WSNs domain due to the one class of data training is used to build normal reference model. Furthermore, the dimension reduction is used to minimize the resources usage due to resource constraint incurred in WSNs domain. Therefore one of the OCSVM variants namely Centered Hyper-ellipsoidal Support Vector Machine (CESVM) is used as classifier while Candid-Covariance Free Incremental Principal Component Analysis (CCIPCA) algorithm is served as dimension reduction for proposed anomaly detection scheme. Environmental dataset collected from available WSNs data is used to evaluate the performance measures of the proposed scheme. As the results, the proposed scheme shows comparable results for all datasets in term of detection rate, detection accuracy and false alarm rate as compared with other related methods

Wireless Sensor Network Security: Approaches to Detecting and Avoiding Wormhole Attacks

This paper explores Wireless Sensor Networks (WSNs) and the related security issues and complications arising from a specific type of security breach, the wormhole attack. Wormhole attacks against WSNs are classified as passive, external laptop-class threats. Because malicious wormhole attacks are increasing, these attacks pose a serious security threat and increase the costs to maintain a Wireless Sensor Network. Research into preventing wormhole attacks yields two distinct model approach types: Administrator-Viewpoint models and User-Viewpoint models. While the modalities vary, the four Administrator-Viewpoint models reviewed were designed in the early 2000s and suggest defending against wormhole attacks through the use of expensive hardware, packet leashes, or topology visualization systems. On the other hand, the four proposed User-Viewpoint models have become the current theoretical models of choice.  While existing as simulation approaches to defend against wormhole attacks, the User-Viewpoint models use internally calculated routing algorithms to suggest routes to avoid or evade, not defend against, established wormhole routes. This paper confirms the efficacies of the User-Viewpoint models in the lab simulations are viewed as the most promising cost-effective, future security solutions to wormhole attacks

Distributed Anomaly Detection Using Minimum Volume Elliptical Principal Component Analysis

Principal component analysis and the residual error is an effective anomaly detection technique. In an environment where anomalies are present in the training set, the derived principal components can be skewed by the anomalies. A further aspect of anomaly detection is that data might be distributed across different nodes in a network and their communication to a centralized processing unit is prohibited due to communication cost. Current solutions to distributed anomaly detection rely on a hierarchical network infrastructure to aggregate data or models; however, in this environment, links close to the root of the tree become critical and congested. In this paper, an algorithm is proposed that is more robust in its derivation of the principal components of a training set containing anomalies. A distributed form of the algorithm is then derived where each node in a network can iterate towards the centralized solution by exchanging small matrices with neighboring nodes. Experimental evaluations on both synthetic and real-world data sets demonstrate the superior performance of the proposed approach in comparison to principal component analysis and alternative anomaly detection techniques. In addition, it is shown that in a variety of network infrastructures, the distributed form of the anomaly detection model is able to derive a close approximation of the centralized model

3-WAY Secured WSN with CSDSM-DNN based Intrusion Detection Model

In Wireless Sensor Networks (WSNs), intrusion aims indegrading or even eliminating the capacity of these networks for providing their functions. Thus, in recent years, several ideas are brought and employed. However, these techniques still did not fulfill their requirements in attaining better classification accuracy. This paper proposes a novel Cosine Similarity Distance integrated Sammon Mapping learning layer-Deep Neural Network (CSDSM-DNN)-centricIntrusion Detection Model (IDM) in WSNfor attaining better outcomes. Initially, the nodes are clustered; after that, utilizing Binomial Distribution based Dwarf Mongoose Optimization (BD-DMO), the cluster heads are selected. Then, theIdentity Matrix Function-Kalman Filter (IMF-KF) identified the optimal route. Subsequently, the data is transferred via the secured route. The transferred data is pre-processed and then, the important features are selected. Lastly, to classify whether the data is attacked or non-attacked, the selected features are given into the CSDSM-DNN. Therefore, with the prevailing approaches, the experiential outcomes are evaluated and analogized and it exhibits the proposed model’s higher reliability and efficacy