2016
DOI: 10.1007/s11277-016-3433-3
|View full text |Cite
|
Sign up to set email alerts
|

An Efficient Hybrid Anomaly Detection Scheme Using K-Means Clustering for Wireless Sensor Networks

Abstract: Sensor nodes in a wireless sensor network (WSN) may be lost due to enervation or malicious attacks by an adversary. WSNs deployed for several applications including military applications are prone to various attacks, which degrade the network performance very rapidly. Hybrid anomaly is a type of anomaly that contains the different types of attacker nodes such as blackhole, misdirection, wormhole etc. These multiple attacks can be launched in the network using the hybrid anomaly. In this situation, it is very d… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
77
0

Year Published

2017
2017
2022
2022

Publication Types

Select...
5
1
1

Relationship

3
4

Authors

Journals

citations
Cited by 78 publications
(77 citation statements)
references
References 38 publications
0
77
0
Order By: Relevance
“…Assume that each packet sent by a node has unique sequence number in an increasing order, we denote t x ( j , k ) as the “receiving time of packet j on node k with respect to the perfect clock t r ( j , k ) and transmitting time of packet j on node k .” Transmission time or reception time is considered as the “time just before the first byte of a packet is transmitted or received.” Let P and Q be the source and destination nodes in a particular path. Then, t r ( j , P ) is the “generation time of packet j on the source node P .” The “end‐to‐end delay of the packet j for some path” can be then estimated as follows: td(j)=tr(j,Q)tr(j,P). If the “waiting time for packet j at node k on the path” be denoted by t w ( j , k ), we have t w ( j , k )= t x ( j , k )− t r ( j , k ). It is worth noting that the “waiting time t w ( j , k ) contains backoff time on node to contend for the channel.” Henceforth, the “end‐to‐end delay” is estimated as follows: td(j)=k=1n1tw(j,k), where n is the “number of nodes along with that path.” Note that, in RAD‐EI, P is a regular IoT sensor, and Q is an edge node.…”
Section: The Proposed Routing Attack Detection Schemementioning
confidence: 99%
See 2 more Smart Citations
“…Assume that each packet sent by a node has unique sequence number in an increasing order, we denote t x ( j , k ) as the “receiving time of packet j on node k with respect to the perfect clock t r ( j , k ) and transmitting time of packet j on node k .” Transmission time or reception time is considered as the “time just before the first byte of a packet is transmitted or received.” Let P and Q be the source and destination nodes in a particular path. Then, t r ( j , P ) is the “generation time of packet j on the source node P .” The “end‐to‐end delay of the packet j for some path” can be then estimated as follows: td(j)=tr(j,Q)tr(j,P). If the “waiting time for packet j at node k on the path” be denoted by t w ( j , k ), we have t w ( j , k )= t x ( j , k )− t r ( j , k ). It is worth noting that the “waiting time t w ( j , k ) contains backoff time on node to contend for the channel.” Henceforth, the “end‐to‐end delay” is estimated as follows: td(j)=k=1n1tw(j,k), where n is the “number of nodes along with that path.” Note that, in RAD‐EI, P is a regular IoT sensor, and Q is an edge node.…”
Section: The Proposed Routing Attack Detection Schemementioning
confidence: 99%
“…If these attacker nodes are present, the information may not reach to the destination within a specific time. Moreover, information may be lost or modified, which may also create more energy disbursement …”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…the user diagnosis), which is equivalent to that obtained from applying the classification tree, can be used for cell diagnosis. The k -means clustering has previously been applied to fault detection in the context of wireless networks [46].…”
Section: Performance Evaluationmentioning
confidence: 99%
“…The anomaly based model has a high detection rate and seldom classifies an actual intrusion as a normal packet, but it has a large false positive rate (FPR) i.e normal packets are defined as abnormal. Also as suggested in [11], there could be attacks due to hybrid anomaly which consists of multiple anomaly attacks, for which he proposes a model which has a detection technique based on K-means clustering. To improve on the disadvantages of these two conventional methods, a hybrid of the two IDS is usually incorporated known as a Hybrid Intrusion Detection System (HIDS).…”
Section: Introductionmentioning
confidence: 99%