Anomaly Detection Based on a Multi-class CUSUM Algorithm for WSN

Security is one of the most important research issues in wireless sensor networks (WSN) applications. Given that the single detection threshold of the cumulative sum (CUSUM) algorithm causes longer detection delays and a lower detection rate, a multi-class CUSUM algorithm is hereby proposed. Firstly a maximum and minimum thresholds, which sensor nodes are able to reach during sending packet, are set to eliminate abnormal flow to enhance the detection efficiency. Secondly, CUSUM algorithms of different thresholds, all of which are selected according to the mean of traffic sequences, are applied to detect anomalous nodes. This study aims to optimize threshold parameters, the size of which increases with the number of traffic sequence. Using the NS2 tool, the different values of network traffic sequence are generated and simulated. Based on these values, the detection rates of the CUSUM algorithm and multi-class CUSUM algorithms, as well as their false positive rates, are then evaluated. Results show that the proposed algorithm achieves a higher and more accurate rate of detection and lower false positive rates than do the current important intrusion detection schemes of WSN. Index Terms WSN, CUSUM algorithm, multi-class CUSUM algorithm, threshold, anomaly detection