Anomaly Detection Based Secure In-Network Aggregation for Wireless Sensor Networks

Secure in-network aggregation in wireless sensor networks (WSNs) is a necessary and challenging task. In this paper, we first propose integration of system monitoring modules and intrusion detection modules in the context of WSNs. We propose an extended Kalman filter (EKF) based mechanism to detect false injected data. Specifically, by monitoring behaviors of its neighbors and using EKF to predict their future states (actual in-network aggregated values), each node aims at setting up a normal range of the neighbors´ future transmitted aggregated values. This task is challenging because of potential high packet loss rate, harsh environment, and sensing uncertainty. We illustrate how to use EKF to address this challenge to create effective local detection mechanisms. Using different aggregation functions (average, sum, max, and min), we present how to obtain a theoretical threshold. We further apply an algorithm of combining cumulative summation and generalized likelihood ratio to increase detection sensitivity. To overcome the limitations of local detection mechanisms, we illustrate how our proposed local detection approaches work together with the system monitoring module to differentiate between malicious events and emergency events. We conduct experiments and simulations to evaluate local detection mechanisms under different aggregation functions.