Osman Salem

Sensor fault and patient anomaly detection and classification in medical wireless sensor networks

Wireless Sensor Networks are vulnerable to a plethora of different fault types and external attacks after their deployment. We focus on sensor networks used in healthcare applications for vital sign collection from remotely monitored patients. These types of personal area networks must be robust and resilient to sensor failures as their capabilities encompass highly critical systems. Our objective is to propose an anomaly detection algorithm for medical wireless sensor networks. Our proposed approach firstly classifies instances of sensed patient attributes as normal and abnormal. Once we detect an abnormal instance, we use regression prediction to discern between a faulty sensor reading and a patient entering into a critical state. Our experimental results on real patient datasets show that our proposed approach is able to quickly detect patient anomalies and sensor faults with high detection accuracy while maintaining a low false alarm ratio.

A scalable, efficient and informative approach for anomaly-based intrusion detection systems: theory and practice

In this paper, we present the design and implementation of a new approach for anomaly detection and classification over high speed networks. The proposed approach is based first of all on a data reduction phase through flow sampling by focusing mainly on short lived flows. The second step is then a random aggregation of some descriptors such as a number of SYN packets per flow in two different data structures called Count Min Sketch and Multi-Layer Reversible Sketch. A sequential change point detection algorithm continuously monitors the sketch cell values. An alarm is raised if a significant change is identified in cell values. With an appropriate definition of the combination of IP header fields that should be used to identify one flow, we are able not only to detect the anomaly but also to classify the anomaly as DoS, DDoS or flash crowd, network scanning and port scanning. We validate our framework for anomaly detection on various real world traffic traces and demonstrate the accuracy of our approach on these real-life case studies. Our analysis results from online implementation of our algorithm over measurements gathered by a DAG sniffing card are very attractive in terms of accuracy and response time. The proposed approach is very effective in detecting and classifying anomalies, and in providing information by extracting the culprit flows with a high level of accuracy. Copyright

Anomaly Detection in Medical Wireless Sensor Networks

In this paper, we propose a new framework for anomaly detection in medical wireless sensor networks, which are used for remote monitoring of patient vital signs. The proposed framework performs sequential data analysis on a mini gateway used as a base station to detect abnormal changes and to cope with unreliable measurements in collected data without prior knowledge of anomalous events or normal data patterns. The proposed approach is based on the Mahalanobis distance for spatial analysis, and a kernel density estimator for the identification of abnormal temporal patterns. Our main objective is to distinguish between faulty measurements and clinical emergencies in order to reduce false alarms triggered by faulty measurements or ill-behaved sensors. Our experimental results on both real and synthetic medical datasets show that the proposed approach can achieve good detection accuracy with a low false alarm rate (less than 5.5%). Category: Embedded computing

Online Anomaly Detection in Wireless Body Area Networks for Reliable Healthcare Monitoring

In this paper, we propose a lightweight approach for online detection of faulty measurements by analyzing the data collected from medical wireless body area networks. The proposed framework performs sequential data analysis using a smart phone as a base station, and takes into account the constrained resources of the smart phone, such as processing power and storage capacity. The main objective is to raise alarms only when patients enter in an emergency situation, and to discard false alarms triggered by faulty measurements or ill-behaved sensors. The proposed approach is based on the Haar wavelet decomposition, nonseasonal Holt-Winters forecasting, and the Hampel filter for spatial analysis, and on for temporal analysis. Our objective is to reduce false alarms resulting from unreliable measurements and to reduce unnecessary healthcare intervention. We apply our proposed approach on real physiological dataset. Our experimental results prove the effectiveness of our approach in achieving good detection accuracy with a low false alarm rate. The simplicity and the processing speed of our proposed framework make it useful and efficient for real time diagnosis.

A lightweight anomaly detection framework for medical wireless sensor networks

In this paper, we focus on online detection and isolation of erroneous values reported by medical wireless sensors. We propose a lightweight approach for online anomaly detection in collected data, able to raise alarms only when patients enter in emergency situation and to discard faulty measurements. The proposed approach is based on Haar wavelet decomposition and Hampel filter for spatial analysis, and on boxplot for temporal analysis. Our objective is to reduce false alarms resulted from unreliable measurements. We apply our proposed approach on real physiological data set. Our experimental results prove the effectiveness of our approach to achieve good detection accuracy with low false alarm rate.

Flooding attacks detection and victim identification over high speed networks

With the rapid dependency on the internet for business, and the fast spread of powerful destructive DoS/DDoS attack tools, the detection and thwarting of these attacks is primordial for ISP, enterprises, hosting centers, etc. In this paper, we present the implementation of a new framework, for efficient detection and identification of flooding attacks over high speed links. To accomplish that, we apply multi-channel nonparametric CUSUM (MNP-CUSUM) over the shared counters in the proposed reversible sketch, in order to pinpoint flows with abrupt change via a new approach for sketch inversion. Shared counters are used to minimize the memory requirements and to identify the victim of flooding attacks. We apply our system at various real traces, some traces are provided by France Telecom (FT) within the framework of ANR-RNRT OSCAR project, other traces are collected in FT backbone network, during online experiments for testing and adjusting the proposed detection algorithms in this project. Our analysis results from real internet traffic, and from online implementation over Endace DAG 3.6ET sniffing card, show that our proposed architecture is able to quickly detect various kinds of flooding attacks and to disclose culprit flows with a high level of accuracy.

Epileptic seizure detection from EEG signal using Discrete Wavelet Transform and Ant Colony classifier

Electroencephalogram (EEG) is the electrical signal of brain which contains valuable information about its activities. In this paper, we propose a new approach for the early detection of epileptic seizure in EEG. The proposed approach is based on Discrete Wavelet Transform (DWT) and Ant Colony (AC) Classifier. We started by applying DWT to decompose the EEG signal into its sub-bands to extract the energy ratio from wavelet coefficients. Beside we extract some statistical features from the original signal, and we use the extracted features as the input for the AC algorithm to derive classification rules, which are used to detect epileptic seizures in the EEG of the monitored patient. Our experimental results on real dataset show that our proposed approach achieves a high level of detection accuracy.

Flooding attacks detection in traffic of backbone networks

Internet services are vulnerable to flooding attacks that lead to denial of service. This paper proposes a new framework to detect anomalies and to provide early alerts for flooding attacks in backbone networks. Thus allow to quickly react in order to prevent the flooding attacks from strangling the victim server and its access network. The proposed detection scheme is based on the application of Least Mean Square (LMS) filter and Pearson Chi-square divergence on randomly aggregated flows in Sketch data structure. Instead of analyzing one time series for overall traffic, random aggregation of flows is used to investigate a fixed number of time series for grained analysis. Least mean square filter is used to predict the next value of the time series based on previous values, and Pearson Chi-square divergence is used to measure the deviations between the current and estimated probability distributions. We evaluate our approach using publicly available real IP traces (MAWI) collected from the WIDE backbone network, on trans-Pacific transit link between Japan and USA. Our experimental results show that the proposed approach outperforms existing techniques in terms of detection accuracy and false alarm rate. It is able to detect low intensity attacks covered by the large number of traffic in high speed network.

Anomaly Detection Scheme for Medical Wireless Sensor Networks

Wireless Sensor Networks are vulnerable to a plethora of different fault types and external attacks after their deployment. We focus on sensor networks used in healthcare applications for vital sign collection from remotely monitored patients. These types of personal area networks must be robust and resilient to sensor failures as their capabilities encompass highly critical systems. Our objective is to propose an anomaly detection algorithm for medical wireless sensor networks, able to raise alarms only when patients enter in emergency situation and to discard faulty measurements. Our proposed approach firstly classifies instances of sensed patient attributes as normal and abnormal. Once we detect an abnormal instance, we use regression prediction to discern between a faulty sensor reading and a patient entering into a critical state. Our experimental results on real patient datasets show that our proposed approach is able to quickly detect patient anomalies and sensor faults with high detection accuracy while maintaining a low false alarm ratio.

A Novel Approach for Anomaly Detection over High-Speed Networks

This paper provides a new framework for efficient detection and identification of network anomalies over high speed links, in early stage of its occurrence to quickly react by taking the appropriate counter-measures. The proposed framework is based on change point detection in counters value of reversible sketch, which aggregates multiple data streams from high speed links in a stretched database. To detect network anomalies, we apply the cumulative sum (CUSUM) algorithm at the counter value of each bucket in the proposed reversible sketch, to detect change point occurrence and to uncover culprit flows via a new approach for sketch inversion. Theoretical framework for attacks detection is presented. We also give the results of our experiments analysis over two real data traces containing anomalies, and extensively analyzed in OSCAR French research project. Our analysis results from real-time internet traffic and online implementation over Endace DAG 3.6ET card show that our proposed architecture is able to detect culprit flows quickly with a high level of accuracy.