An anomaly detection model utilizing attributes of low powered networks, IEEE 802.15.4e/TSCH and machine learning methods
MetadataShow full item record
The rapid growth in sensors, low-power integrated circuits, and wireless communication standards has enabled a new generation of applications based on ultra-low powered wireless sensor networks. These are employed in many environments including health-care, industrial automation, smart building and environmental monitoring. According to industry experts, by the year 2020, over 20 billion low powered, sensor devices will be deployed and an innumerable number of data objects will be created. The objective of this work is to investigate the feasibility and analyze optimal methods of using low powered wireless characteristics, attributes of communication protocols and machine learning techniques to determine traffic anomalies in low powered networks. Traffic anomalies can be used to detect security violations as well as network performance issues. Both live and simulated data have been used with four machine learning methods, to examine the relationship between performance and the various factors and methods. Several factors including the number of nodes, sample size, noise influence, model aging process and classification algorithm are investigated against performance accuracy using data collected from an operational wireless network, comprising more than one hundred nodes, during a six-month period. An important attribute of this work is that the proposed model is able to implement in any low powered network, regardless of the software and hardware architecture of individual nodes (as long as the network complies with an open standard communication mechanism). Furthermore, the experiment portion of this work includes over 80 independent experiments to evaluate the behaviour of various attributes of low powered networks. Machine learning models trained using carefully selected input features and other factors including adequate training samples and classification algorithm are able to detect traffic anomalies of low powered wireless networks with over 95% accuracy. Furthermore, in this work, a framework for an aggregated classification model has been evaluated and the experiment results confirm a further improvement of the prediction accuracy and a reduction of both false positive and negative rates in comparison to basic classification models.