Anomaly Detection in Wireless Sensor Networks: Visual Assessment and Clustering in Environmental Monitoring Networks
Speaker(s) : James C. Bezdek (Milton, FL, USA)
A. General information about wireless sensor networks (WSNs). There are four categories of network anomalies: isolated and epoch anomalies are aberrant behavior internal to a single node); second order anomalies are atypical behavior of an entire node; and higher order anomalies are one or more subtrees of nodes in the network that exhibit anomalous behavior. We discuss two types of models to detect anomalies; DCAD models that use data capture by level sets of elliptical summaries; and ESAD models that rely on visual assessment of elliptical summaries, with detection based on single linkage clustering.
B. We define and illustrate three (DCAD) models that use data capture by level sets of ellipsoids having effective radii chosen with differing assumptions (viz., % of points captured, % of points within k standard deviations from the mean, and % of points captured based on the chi-squared distribution. Examples are given using real WSN data from the Intel Berkeley Reseach Lab (IBRL).
C. The ESAD models use visual assessment of elliptical summaries for anomaly detection. These models begin with four measures of similarity on sets of ellipsoids, namely compound normalized, transformation energy, Bhattacharya distance and focal dissimilarity. We define the four measures and compare them with five simple two dimensional examples that reveal some surprising differences between human and mathematical assessment of elliptical similarities.
D. The similarities in C easily become dissimilarities, so we can apply visual assessment techniques (the recursive iVAT method of talk R1.C) to images of the (dis)similarity data. These images enable us to assess cluster tendency amongst the set of ellipsoids, and estimate the number of clusters (of elliptical summaries) in the data.
E. We show that these images are capable of detecting each of the anomalous behaviors defined in A with numerical examples using both real WSN and artifical data. The real data include the IBRL network, the Great Barrier Reef Ocean Observation System, and the Grand St. Bernard network for wind monitoring in a mountain pass on the border between France and Switzerland. Our model reliable detects first and second order anomalies in each of the three real data sets that are caused by Cyclone Hamish and node drift. These examples illustrate the real effectiveness of the ESAD model for detecting unusual events in environmental monitoring networks.
Biographical Information: James C. Bezdek Jim received the PhD in Applied Mathematics from Cornell University in 1973. Jim is past president of NAFIPS (North American Fuzzy Information Processing Society), IFSA (International Fuzzy Systems Association) and the IEEE CIS (Computational Intelligence Society): founding editor the Int'l. Jo. Approximate Reasoning and the IEEE Transactions on Fuzzy Systems: Life fellow of the IEEE and IFSA; and a recipient of the IEEE 3rd Millennium, IEEE CIS Fuzzy Systems Pioneer, and IEEE CIS technical field award Rosenblatt medals. Jim's interests: woodworking, optimization, motorcycles, pattern recognition, cigars, clustering in very large data, fishing, co-clustering, blues music, and visual clustering. Jim retired in 2007, and will be coming to a university near you soon.
Thomas.Baerecke (at) nulllip6.fr