Research Article Mutual Defense Scheme for Secure Data ...downloads.hindawi.com/journals/ijdsn/2014/804907.pdf · As a resource-saving technique, data aggregation has been intensively

Research ArticleMutual Defense Scheme for Secure Data Aggregation inWireless Sensor Networks

Hu Rong-hua Dong Xiao-mei and Wang Da-ling

School of Information Science and Engineering Northeastern University Shenyang 110004 China

Correspondence should be addressed to Dong Xiao-mei dongxiaomeiiseneueducn

Received 27 February 2014 Revised 21 May 2014 Accepted 23 May 2014 Published 25 June 2014

Academic Editor Mauro Conti

Copyright copy 2014 Hu Rong-hua et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

As a resource-saving technique data aggregation has been intensively studied in wireless sensor networks (WSNs) Howeverexisting methods of secure data aggregation in WSNs either (1) cause high communication overhead or (2) cannot defend againstcompromised member nodes and aggregator nodes at the same time In this paper we propose a mutual defense scheme forsecure data aggregation which includes two components that is secure sort-group-filter data aggregation algorithm (SSGF) andlightweight TDMA-based monitoring mechanismThe SSGF is to defend against injecting false readings by compromised membernodes and themonitoringmechanism is to defend against altering the aggregation results by aggregator nodes In addition a securedata packet transmission scheme is also presented Considering that the readings sensed by neighbor nodes exhibit temporal andspatial correlation a constraint parameter called maximum tolerant difference (MTD) is introduced and the quantitative criteriafor abnormal readings evaluation are given Both the theoretical analysis and comparative experiments show the feasibility andefficiency of the proposed method

1 Introduction

The data aggregation technique is considered as one ofthe resource-saving strategies in wireless sensor networks(WSNs) to save the energy and minimize the medium accesslayer contention However in reality WSNs are likely to bedeployed in unattended areas which make them vulnerableagainst attacks When some nodes are compromised byattackers they can launch a wide variety of attacks such asinjecting altering and selective forwarding In this paperwe focus on the security issues of secure data aggregationespecially on preventing the stealthy attack In a stealthyattack a compromised node may inject bogus raw readingsor produce forge aggregation values with the aim of causingthe base station to accept false aggregation values while notbeing detected by the user In critical applications usingincorrect or maliciously modified aggregation results canhave disastrous consequences

Due to the importance of the secure data aggregationin WSNs many innovative and intuitive methods havebeen proposed [1 2] These existing secure data aggrega-tion methods can be classified into two main categoriescryptography-based schemes [3ndash13] and monitoring-based

schemes [14ndash21] In the first category the methods mainlyrely on pure cryptography techniques to provide end-to-endsecurity that is to ensure the confidentiality authenticationand integrity of data But these approaches cannot defendagainst all attacks and they especially cannot prevent attacksfrom compromised nodes which can send false raw readingsIn the second categorymonitoring-basedmethods have beenproposed as an attractive complement to cryptography insecuring WSNs These methods rely on monitoring mech-anisms to monitor the behaviors of nodes and then filterout the untrusted nodes and the bogus readings Howevermost of these solutions either (1) cause high communicationoverhead or (2) only consider the member nodes or theaggregator nodes to be the compromised nodes

In this paper to overcome the aforementioned draw-backs a lightweight mutual defense scheme is proposed forsecure data aggregation in WSNs It includes a secure sort-group-filter (SSGF) data aggregation algorithmand aTDMA-based listening mechanism which defend against compro-mised sensor nodes injecting false readings and aggregatorssending incorrect aggregation results respectively It alsoprovides security services including the integrity freshness

Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2014 Article ID 804907 14 pageshttpdxdoiorg1011552014804907

2 International Journal of Distributed Sensor Networks

and authentication via a secure data packet transmissionscheme Considering that the readings sensed by neighbornodes exhibit temporal and spatial correlation we define aconstraint parameter maximum tolerant difference (MTD)and give the quantitative criteria for abnormal readings eval-uation At the same time we analyze and prove the feasibilityof our method and present the worst aggregation results thatcompromised nodes can produce Extensive experiments areconducted and the results show that the proposedmechanismcan effectively and efficiently defend against and detect themalcompromised nodes Compared with existing methodsour method can ensure higher accuracy of the aggregationresults but with lower monitoring overhead

The rest of this paper is organized as follows Section 2gives a summary of related work Section 3 provides networkmodel attack model and assumptions Section 4 gives thedetails of ourmutual defense scheme for secure data aggrega-tion The analysis of aggregation results affected by compro-mised nodes is introduced in Section 5 and simulation resultsare provided in Section 6 Finally Section 7 concludes thispaper

2 Related Work

Thesecure data aggregation problem inWSNshas been inves-tigated extensively during the past few years Several surveysof these works are presented in [1 2] Wagner has studiedthe security of aggregation and proposed a mathematicalframework for formally evaluating secure aggregation [22]

In [3 4] a secure information aggregation (SIA) schemewas proposed to prevent the users from accepting incorrectaggregation results By constructing efficient random sam-pling mechanisms and interactive proofs SIA can let thehome server verify the correctness of the aggregated dataHowever as the aggregator not only needs to construct aMerkle hash tree-based commitment but also needs to dealwith the check tasks from the home server the computationand communication overhead of the aggregator is very high

In [5ndash9] several homomorphic encryption-based end-to-end secure data aggregation schemes were proposedThe advantage of these approaches is that the ciphertextscan be directly aggregated In [10] a pattern-based end-to-end secure data aggregation scheme was presented In[11] a watermark-based end-to-end secure data aggrega-tion approach was proposed In [12] to provide end-to-end data confidentiality a secure data aggregation schemewas proposed It achieves data privacy through the securechannel In [13] a signature-based data security techniquewas proposed to protect sensitive data aggregation It makesuse of the additive property of complex numbers Howeverthose approaches can only defend against external attacks andcannot prevent attacks from compromised nodes by injectingbogus raw readings

In [23] to defend against the falsified subaggregate attackin which a compromised node relays a false subaggregateto the parent node a verification algorithm was presentedThe base station can use it to determine if the computedaggregate includes any false contribution However it would

fail to compute the aggregate in the presence of the attackTo address this problem an attack-resilient computationalgorithm was designed in [24] In [25] a random sam-ple consensus paradigm-based technique called RANBARwas designed to filter out outlier elements from a samplebefore an aggregation procedure However RANBAR doesnot consider the situation where the aggregator nodes arecompromised

In [14] a trust management scheme was presented toidentify trustworthiness of sensor nodes As the strategy ofthis method is to collect multiple and redundant readingsand to crosscheck them for consistency the communicationoverhead is also high

In [15] a secure aggregation tree (SAT) was proposedto detect and prevent cheating In SAT as every child nodeneeds to gather all the messages from their sibling nodes tothe father node the communication overhead is relativelyhigh At the same time they do not consider the situationwhere the leaf nodes may also be compromised In [16] asecure and reliable data aggregation protocol called SELDAwas proposed The basic idea of SELDA is that each sensornode updates trust levels for environment by monitoringactions of its neighboring nodes using Beta distributionfunction However SELDA ignores the situation where theaggregator nodes are compromised In [17] a reputation-based secure data aggregation (RSDA) was proposed InRSDA as each node in a cell needs to compare its readingswith the readings of its neighbors and perform redundantoperations to monitor the actions of the cell representativethe communication and computation overhead is high In[18] a RSDA-based representative aggregation tree (RAT)scheme was presented to reduce the data transmission over-head However this scheme is just mentioned to adopt themonitoring mechanism to prevent the injection of bogusinformation and forged aggregation values In [19] a solutionto detect the false readings during the data aggregation andrecognize the attacking nodes was proposed The main ideais to be monitored by children and judged by majorityHowever it requires the dedicated external nodes to monitorthe internal nodes which wastes a lot of external nodes In[20] a monitoring-based secure data aggregation methodwas proposed to prevent on-off attacks In [21] a monitoringmechanism with two hierarchical levels was designed toensure the integrity and the accuracy of aggregate resultIn the first level monitoring a principal supervisor nodePSUP L1 monitors the behavior of clusterhead whereas inthe second level monitoring the rest of nodes in the clustermonitor the behavior of both PSUP L1 and clusterhead How-ever since each node participates in aggregation function andgathers the data through passive listening this scheme incursa very high monitoring overhead

3 System Model

We consider a static WSN with one sink node and 119873 sensornodes The sink node is a powerful node and secure Weassume that the network is densely deployed and readingssensed by nodes exhibit temporal and spatial correlation

International Journal of Distributed Sensor Networks 3

Base station

Cluster

Member node Clusterhead node

Figure 1The cluster-based logical architecture for data aggregation

which is reasonable because all the nodes can sense similarphysical phenomena at a specific time and area such as appli-cations to monitor the temperature humidity and lighting ofan area

Similar to other works in the literature we considerthe cluster-based network architecture for data aggregationfor instance the network can be organized into a clusteredstructure through some secure clustering algorithms such asthe protocol proposed in [26] or be divided into grids as[17 18] However such preestablished network architectureis not suitable for data aggregation in some event detectionapplications such as intruder detection Because it is verylikely that in a cluster some nodes detect an event whileothers do not Hence for this kind of applications it isvery important to organize the collaboration of sensor nodesdynamically to generate reports once events are detectedIn this paper we do not consider this kind of applicationsFigure 1 presents the logical architecture of the WSN con-sidered The clusterhead nodes also called aggregator nodesin this paper are responsible for aggregation of readingssent by their member nodes They form a structure treeto transmit aggregation readings by multihopping throughother clusterhead nodes In this paper we just consider theaverage aggregation operation We assume that the effectivekey-basedmechanisms are adopted such as [27ndash29] And thesecure communications between member nodes and theirclusterhead nodes are based on the symmetric keys Eachcluster has a group key which is used by the clusterhead nodeto send aggregation results to the sink node or the next hopclusterhead node

We assume that both the clusterhead nodes and theirmember nodes are possibly compromised by attackersWhenan attacker compromises a node he or she can obtain itscryptographic keys and completely control it Hence theattacker may use the compromised node to launch a varietyof active or passive attacks However in this paper we focus

on a passive attack In such attack a compromised nodefollows the normal network protocols and does not performattacks such as jamming and DoS attacks to block thenormal operations of the network Using the compromisedkeys it can inject forged or malmodified readings whichdeviate from the normal readings The purpose of attackersis to try to produce incorrect aggregation results withoutbeing detected Note that in this paper we do not considerattacks based on colluding clusterhead nodes In this attackmultiple compromised clusterhead nodes work in collusionto modify messages When a colluding clusterhead nodereceives a message generated from its distant colleagues itmodifies this message to avoid being detected Dealing withthis attack is beyond the scope of this paper and we will seeksolutions to this issue in the future

We classify the nodes in a cluster from two points of viewthe cluster and the individual node From the view of thecluster we classify the nodes in a cluster as invalid clusternodes and valid cluster nodes The invalid cluster nodes arethose nodes which have been excluded from the cluster whilethe valid cluster nodes are on the opposite The number ofthe valid cluster nodes will be decreased if the majority of thevalid cluster nodesmark some node as invalid From the viewof the individual node we classify the nodes in a cluster asinvalid cooperative nodes and valid cooperative nodes Fora specific node in a cluster its invalid cooperative nodes arethose nodes which have been marked as the malicious nodeby itself while valid cooperative nodes are on the oppositeThe number of the valid cooperative nodes of 119909 will bedecreased if 119909marks some node as invalid

We assume that the number of compromised nodes is lessthan the number of well-behaving nodes in any cluster Wealso classify the compromised nodes as invalid compromisednodes and valid compromised nodes The invalid compro-mised nodes are those compromised nodes which have beenexcluded from the network while the valid compromisednodes are on the opposite Notations summary lists somemajor notations and their specific meanings in this paper

4 The Mutual Defense Scheme forSecure Data Aggregation

Our mutual defense scheme for secure data aggregationcontains two aspects the clusterhead nodes defending againsttheir member nodes and the member nodes listening to theirclusterhead nodes It is based on a constraint parametercalled MTD representing the maximum tolerant differenceamong the valid readings in a cluster As mentioned earlierthe readings exhibit temporal and spatial correlation For aspecific application we can predefine the MTD The MTDis denoted by Δlowast in this paper The value of the MTD isdetermined by the specific applications and the size of thecluster For example in sensing temperature applicationsall sense nodes can obtain very similar readings about thetemperature in a cluster Hence the value of the MTD canbe set to the tolerated measure error in a cluster Note thattheMTD is a system parameter which cannot be modified byattackers


41 Solution Outline To defend against compromised mem-ber nodes injecting bogus raw readings clusterhead nodesaggregate the collected data using the secure sort-group-filter(SSGF) aggregation algorithm proposed in this paper whichwill be presented in detail in the following subsection At thesame time clusterhead nodes update the normal or abnormalinformation of each member node separately according tothe aggregation results the MTD and the received datafrom each member node Then clusterhead nodes send theiraggregation results to their next hop clusterhead nodes or thesink node

To defend against clusterhead nodes sending forgedaggregation results a listening mechanism based on theTDMA scheme is designed for member nodes monitoringtheir clusterhead nodes which can conserve the energyof nodes effectively Based on its readings and the MTDeach member node will update the normal or abnormalinformation of its clusterhead node

42 Secure Data Packet Transmission Scheme In this subsec-tion we introduce the packet formats in data packet trans-mission phase They can provide security services includingthe integrity freshness and authentication

The data packet sent from a member node 119906 to itsclusterhead node V is described as the following format

119868119863119906 119868119863V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198891 119872119860119862119870(119906V) (1198891198861199051198861)

1199011198861199101198971199001198861198891 = 119864119870(119906V)

(119889119906)

1198891198861199051198861 = 119868119863119906 119868119863V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198891

(1)

where 119901119903119889-119903119899119889 is a number constructed by the periodnumber and the round number and is used to providefreshness service119870

(119906V) is the shared key between 119906 and V 119889119906is the reading of 119906 119864

119870(119863119860119879119860)means the encrypted result of

119863119860119879119860 using key 119870 and119872119860119862119870(119863119860119879119860) means the message

authentication code (MAC) of 119863119860119879119860 computed by usingkey 119870 which is used to provide integrity and authenticationservices

The clusterhead node V sends the data aggregation packetto its next-hop node119873V which may be a clusterhead node orthe sink node by the following format

119868119863V 119868119863119873V 119901119900119904V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198892

119872119860119862119866119870V

(1198891198861199051198862) 119872119860119862119870(V 119873V)

(1198891198861199051198863)

(2)

1199011198861199101198971199001198861198892 = 119864119866119870V

(119886119892119892119877V) (3)

1198891198861199051198862 = 119901119900119904V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198892 (4)

1198891198861199051198863 = 119868119863V 119868119863119873V 1198891198861199051198862 119872119860119862119866119870V (1198891198861199051198862) (5)

where 119901119900119904V is the position information of the clusterheadnode V 119866119870V is the group key shared between the sinknode and the cluster which the node V belongs to 119870

(V119873V)is the shared key between node V and node 119873V and 119886119892119892119877Vis the aggregation result of node V The first MAC andthe second MAC in (2) are used to provide end-to-end

integrity and authentication services and hop-to-hopintegrity and authentication services respectively Note thatthe 1198891198861199051198862 and the first MAC in (2) do not change whiledelivering the aggregation reports between route nodes

43 SSGF Secure Sort-Group-Filter Aggregation In this sub-section we focus on the SSGFThe SSGF algorithm consists offive steps including sorting grouping filtering aggregatingand updating

431 Sorting Phase In this step a clusterhead node firstlysorts the collected data sent by its valid cooperative nodesAssume that after sorting a clusterhead node V obtains anascending data sequence 119878V = 119889

(1) 119889(2) 119889

(119898V) where

119898V is the number of the valid cooperative nodes of VSecondly the clusterhead node computes Δ

119894119894+1= 119889(119894+1)

minus

119889(119894)(1 le 119894 le 119898V minus 1) and gets a difference sequence Δ

119878V=

Δ12 Δ23 Δ

119898Vminus1119898V

For instance considering that in a cluster with V asthe clusterhead a set of data received by V from its validcooperative nodes is 117 105 96 101 72 115 94 110119 111 Then the sorted ascending data sequence 119878V is72 94 96 101 105 110 111 115 117 119 and thedifference sequence Δ

119878Vis 22 02 05 04 05 01 04 02

02 For convenient description in subsequent examples weassume that the ten sensor nodes from 119904

1to 11990410

send thecorresponding data in 119878V that is 1199041 sends the data 72 1199042 sendsthe data 94 and so on

432 Grouping Phase In this step based on the obtaineddifference sequence Δ

119878Vand the MTD Δ

lowast the clusterheadnode groups the data sequence 119878V If Δ 119894119894+1 gt Δ

lowast

(1 le 119894 le

119898V minus 1) then it groups the sequence 119878V into two parts atindex 119894 Normally after this step we can get only one groupwith the maximum number of data items if the number ofnormal nodes is more than that of the compromised nodesin the cluster Assume that we obtain the group 119892

119905max =

119889(119896) 119889(119896+1)

119889(lowast) with the maximum number of data

itemsExtending the example at sorting phase we assume that

the MTD Δlowast is 20 and the normal readings in fact belong

to [100 120] That is to say 1199041 1199042 and 119904

3send fake readings

Then as Δ12

= 22 gt Δlowast we group the 119878V into two parts

at index 1 As a result we can obtain the group 119892119905max =

94 96 101 105 110 111 115 117 119

433 Filtering Phase In this step based on the MTD Δlowast

we filter out the abnormal extreme values 119889(119896)

and 119889(lowast)

if (119889(lowast)

minus 119889(119896)) gt Δ

lowast And repeating the above processuntil the difference between the extreme maximum valueand the extreme minimum value is not larger than the Δlowastsay 119889

(ℎ)minus 119889(119897)

le Δlowast then we obtain the group 119886119892

119892=

119889(119897) 119889(119897+1)

119889(ℎ) for aggregation

For the above example (119889(10)

minus 119889(2)) = 119 minus 94 = 25 gt

20 and then we filter out the abnormal extreme values 94and 119 Repeating this process we can filter out 119889

(3)and

119889(9) As (119889

(8)minus 119889(4)) = 115 minus 101 = 14 lt 20 then

we finish the filtering phase and obtain the group 119886119892119892=

101 105 110 111 115


434 Aggregating Phase In this step according to the aggre-gation function the clusterhead node V aggregates the group119886119892119892and gets the aggregation result 119886119892119892119877VContinuing our example considering the average aggre-

gation function we can get the aggregation result 119886119892119892119877V =

1084

435 Updating Phase In this step based on the result 119886119892119892119877Vand Δlowast V updates the normal information 119888119899119905normal and theabnormal information 119888119899119905abnormal of its each valid cooperativenode 119906 separately by formulae (7) and (8)

120572 =

1003816100381610038161003816119889119906 minus 119886119892119892119877V1003816100381610038161003816

Δlowast (6)

119888119899119905normal = 119888119899119905normal + 1 119889

119906isin [119889(119897) 119889(ℎ)]

119888119899119905normal otherwise(7)

119888119899119905abnormal

=

119888119899119905abnormal 119889119906isin [119889(119897) 119889(ℎ)]

119888119899119905abnormal+1 119889119906isin [119889(119896) 119889(119897)) cup (119889

(ℎ) 119889(lowast)] 120572 le 1

119888119899119905abnormal+120582120572

otherwise(8)

In formula (8) 120582 is a punishment base and 120582 gt 1 From(8) we know that the larger the absolute difference betweenthe data sent by one node and the aggregation result 119886119892119892119877V isthe severer punishment it will get If during a detection periodthe 119888119899119905abnormal for a specific node is satisfied 119888119899119905abnormal gt119888119899119905abthr the clusterhead node V marks the correspondingmember node as an invalid compromised node called thedirect case and broadcasts an alarm message to notify itsmember nodes of the abnormal node Note that in the directcase the number of the valid cooperative nodes of V will bedecreased The 119888119899119905abthr is a predefined detection thresholdand 119888119899119905abthr = 119901 times 119877 where 119877 is the number of roundsfor a detection period and 119901(0 lt 119901 lt 1) is an adjustingfactor which is defined by users for the detection threshold119888119899119905abthr One transmission for the aggregation result is lookedas one round (ie each round consists of both SSGF andTDMA-based listening defense mechanism) For exampleif 119901 = 02 and 119877 = 100 then 119888119899119905abthr = 20 whichmeans that for a specific node if 119888119899119905abnormal gt 20 during adetection period with 100 rounds the clusterhead node willdeem it as a compromised node However after a detectionperiod finishes if the 119888119899119905abnormal for a specific node is satisfied119888119899119905abnormal ⩽ 119888119899119905abthr the clusterhead node updates thecorresponding nodersquos 119888119899119905abnormal to zero

The value of 119888119899119905abthr can affect the detection ratio 119903119892and

the false positive ratio 119903119887in a detection period In order to

obtain a low 119903119887 we can use the expected ratio 119903

119898of valid

compromised nodes to normal nodes in a cluster to estimatethe 119888119899119905abthr 119903119898 is also the probability that a reading of anormal node is viewed as abnormal due to attacks by validcompromised nodes per round Hence for a given 119903

119887 we

can use 119903119888119899119905abthr119898

= 119903119887to estimate the 119888119899119905abthr For example if

119903119898= 23 and 119903

119887= 003 then 119888119899119905abthr = 20 Obviously

the higher the 119888119899119905abthr is the lower the 119903119887 will be However

this does not mean that the higher the 119888119899119905abthr is the betterthe result will become When the 119888119899119905abthr is very high the 119903119892may be very low in a detection period Therefore when wedetermine the 119888119899119905abthr we should trade off between 119903

119892and 119903119887

Note that in order to defend against the bad-mouthingattack in which a compromised clusterhead node libelsa normal node as an invalid compromised node when amember node receives an alarmmessage from its clusterheadnode it only marks the corresponding node as a suspiciouscompromised node A node 119909 is viewed as an invalidcompromised node by a node 119910 only in two cases the directcase mentioned above or the indirect case in which node 119910receives alarm messages about node 119909 from the majority ofvalid cluster nodes in the cluster Note that in the indirect casethe number of the valid cluster nodes will be decreased

Going on our example at aggregation phase the clusternode updates the 119888119899119905normal and the 119888119899119905abnormal for each ofits valid cooperative nodes For each node from 119904

4to 1199048

which sent the corresponding data in 119886119892119892 the corresponding

119888119899119905normal is increased by one For each node 1199042 1199043 1199049 and

11990410 which sent the corresponding data filtered out during

filtering phase the corresponding 119888119899119905abnormal is increased byone This means that when the 119888119899119905abnormal for malnodes 119904

2

and 1199043 is increased it may also lead to the 119888119899119905abnormal for

normal nodes 1199049and 11990410 being increased However as we

will prove in Section 51 the probability to deem a normalnode as a compromised node is relatively small For node 119904

1

that sent data 72 and has been filtered out at grouping phaseits 119888119899119905abnormal is increased by 120582120572 = 120582

182 If 120582 = 15 then its119888119899119905abnormal is increased by 209 It shows that the higher the120572(120572 gt 1) is the severer punishment a node with an abnormalreading will get

44 TDMA-Based Listening Defense Mechanism The moti-vation behind the TDMA-based listening mechanism is tosave the monitoring overhead per node Since energy is ascarce resource in WSNs if a node keeps the listening stateall the time a significant amount of energy will be consumedAdopting the TDMA-based method can reduce the energyconsumption caused by listening

A TDMA-based mechanism contains two phases assign-ing slots and sending messages in corresponding slots Forthe TDMA-based listening defensemechanism a clusterheadnode V firstly assigns the slots to its valid cooperativenodes and itself Secondly each node sends messages to itsclusterhead node in corresponding slot A valid cooperativenode will enter hibernation after it sends a data messagewhile it will wake up at the slot when its clusterhead nodesends the aggregation result

Based on the sensed reading 119889119906and the listening aggre-

gation result 1198861198921198921015840 sent by its clusterhead node V each validcooperative node 119906 of V updates the normal information119888119899119905normal and the abnormal information 119888119899119905abnormal of Vseparately by formulae (10) and (11) where119898V is the numberof valid cooperative nodes of V at the current detection periodConsider

120573 =

10038161003816100381610038161003816119889119906minus 119886119892119892

101584010038161003816100381610038161003816

Δlowast (9)


119888119899119905normal =

119888119899119905normal + 1 120573 le119898V minus 1

119898V


119888119899119905abnormal =

119888119899119905abnormal + 120582120573

120573 gt119898V minus 1

119898V

119888119899119905abnormal otherwise(11)

Theorem 1 The upper bound of the 120573 for the normal membernodesrsquo estimation is 120573 le (119898V minus 1)119898V

Proof Without loss of generality considering a normal coop-erative node 119906 and its reading 119889

119906 we can assume that 119889

119906is the

maximumorminimumvalue among all readings in its clusterat the current round Note that in a realistic scenario as thereadings of all normal cooperative nodes cannot be exactlythe same we do not consider this extreme case

If we assume that 119889119906is the maximum value and at the

same time assume that the reading of each other node isthe minimum value 119889

119906minus Δlowast then the minimum aggregation

result 119886119892119892est(min) can be estimated by formula (12) for node119906

119886119892119892est (min) = 119889119906minus119898V minus 1

119898VΔlowast

(12)

Similarly if we assume that 119889119906is the minimum value

and at the same time assume that the sensed data byeach other node is the maximum value 119889

119906+ Δlowast then the

maximumaggregation result 119886119892119892est(max) can be estimated bythe formula

119886119892119892est (max) = 119889119906+119898V minus 1

119898VΔlowast

(13)

Hence combining formulae (12) and (13) formula (9)becomes

120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (min)1003816100381610038161003816

Δlowast=119898V minus 1

119898V(14)

or

120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (max)1003816100381610038161003816


119898V (15)

That is we can obtain 120573 le (119898V minus 1)119898V

Therefore if 120573 le (119898V minus 1)119898V node 119906 can consider thatthe 1198861198921198921015840 sent by its clusterhead node V is normal otherwiseabnormal If the 119888119899119905abnormal for its clusterheadnode is satisfied119888119899119905abnormal gt 119888119899119905abthr then node 119906 marks its clusterheadnode V as an invalid compromised node and broadcasts analarm message to its neighbors Assume that the numberof the valid cluster nodes is 119898CL

V in the cluster with V asclusterhead When the number of alarm messages for V isabove lceil(119898CL

V +1)2rceil a new clusterhead nodewill be reselectedfrom those alarm nodes for that cluster and at the same timethe new clusterhead node will notify the sink node of theabnormal node by sending an alarmmessage which containsthe 119901119903119889-119903119899119889 field in (1) and signing information by each

member node using their secret key shared with the sinknode However after a detection period if the 119888119899119905abnormal forits clusterhead node is satisfied 119888119899119905abnormal ⩽ 119888119899119905abthr thenthenode 119906 updates 119888119899119905abnormal of V to zero

Note that our method can alleviate or restrict a com-promised clusterhead node to send incorrect aggregationresults even if the number of compromised nodes becomesmore than half of the number of its valid cooperative nodesvia repeatedly excluding normal node(s) from the clusterby the compromised clusterhead On the one hand if thenumber of normal nodes excluded by the clusterhead nodeis above lceil(119898

CLV + 1)2rceil as the abovementioned a new

clusterhead node will be selected and an alarm message willbe sent to the sink node Hence for this case the attackwill fail On the other hand if the number of normal nodesexcluded by the clusterhead node is below lceil(119898CL

V +1)2rceil thenthe compromised clusterhead sends incorrect aggregationresults For this case as the MTD is a constant parameternormal node(s) in the cluster will detect the abnormalresults using our defense method The larger the absolutedifference between the sensed result of a normal node andthe incorrect aggregation result is the severer punishmentthe clusterhead will get that is the faster alarm message(s)will be broadcasted by normal node(s) In other words if theattacker sends incorrect aggregation results freely eventuallythe number of alarm messages generated from the samecluster will be above lceil(119898CL

V + 1)2rceil Then the compromisedclusterhead node will be excluded from the network

As nodes just need to listen at the slots of their clusterheadnodes compared with other mechanisms this mechanismcan conserve plenty of energy at nodes as shown in Table 1

5 Analysis for AggregationResults under Attack

Without loss of generality considering that a cluster has oneclusterhead node V and 119898CL

V (119898CLV ge 3) valid cluster nodes

the number of valid cooperative nodes of V is 119898V Note that119898

CLV ge 119898V because some node(s) may be marked as invalid

by V while not being excluded from the cluster We assumethat there are 119899 normal member nodes in the cluster and119899 isin [lceil(119898

CLV + 1)2rceil 119898

CLV ] The readings set in this cluster are

expressed as allSenData(119898CLV ) = 119889

1 1198892 119889

119898CLV For the

average aggregation operation if there is no attack then theideal aggregation result can be calculated by the formula

119886119892119892ideal =1

119898CLV

119898CLV

sum

119894=1

119889119894 (16)

Assume that after sorting the readings sensed by thenormal member nodes we can obtain an ascending datasequence normalSenData(119899) = 119889

(1) 119889(2) 119889

(119899)

51 Only Member Nodes Compromised Considering a node119908 in the set119882 of the valid compromised member nodes andits reading 119889

119908 node 119908 firstly modifies the 119889

119908and obtains

119889lowast

119908and then sends the 119889lowast

119908to its clusterhead node To try not


Table 1 Comparison of different listening mechanisms

Listening mechanisms Communication overhead for each member node Criteria for abnormal readings evaluationWu et al [15] 119898

CLV -1 packets N

Alzaid et al [17]119898

CLV -1 packets N

Qiu et al [18]Boonsongsrikul et al [19] 1 packet NDong and Li [20] Only119898CL

V packets for monitoring nodes NLabraoui et al [21] 119898

CLV -1 packets N

Our paper 1 packet Y

Δlowast

d(1) d(1) + Δlowast

d(n) minus Δlowast d(n)Δmax

Δlowast

Figure 2 The maximum Δ119908for single modification

to be detected at least 119889lowast119908isin [119889119908minus Δlowast

119889119908+ Δlowast

] Assumethat 119889lowast

119908= 119889119908+ Δ119908 where Δ

119908is a modification value by a

compromised node119908 Therefore if a cluster is being attackedby compromised member nodes but those compromisednodes have not been detected then the aggregation result canbe calculated by the formula

119886119892119892bad =1

119898CLV

[

[

119898CLV

sum

119894=1

119889119894+ sum

119908isin119882

Δ119908

]

]

(17)

Combining (16) then (17) becomes

119886119892119892bad = 119886119892119892ideal +1

119898CLV

sum

119908isin119882

Δ119908 (18)

From (18) we know that in order to try to let theaggregation result deviate the ideal aggregation result itneeds forallΔ

119908gt 0 or forallΔ

119908lt 0 and at the same time the absolute

value of Δ119908should be as large as possible We have derived

the theoretical upper bound for it

Theorem2 Theupper bound of the |Δ119908| for node119908 tomodify

while probably not being detected is |Δ119908| le 2Δ

lowast

Proof As mentioned earlier the maximum and the mini-mum values sensed by normal member nodes are 119889

(1)and

119889(119899) respectively Based on Δlowast we can obtain the range of the

readings at one round as shown in Figure 2From Figure 2 we know that 119889

119908isin [119889(119899)minus Δlowast

119889(1)+ Δlowast

]In order to try not to be detected by its clusterhead node aftermodifying the 119889

119908 119889lowast119908isin [119889(119899)minus Δlowast

119889(1)+ Δlowast

]Consider the worst case when 119889

119908= 119889(119899)minus Δlowast or 119889

119908=

119889(1)+Δlowast the absolute value ofΔ

119908can bemaximum as shown

in the formula1003816100381610038161003816Δ119908 (max)1003816100381610038161003816 = 2Δ

lowast

minus (119889(119899)minus 119889(1)) (19)

Therefore in the worst case if 119889(1)= 119889(119899) the |Δ

119908(max)|

can obtain the extreme value 2Δlowast

Based on formulae (18) and (19) we have derived thetheoretical upper bound of |119886119892119892bad minus 119886119892119892ideal|

Theorem 3 The upper bound of the |119886119892119892119887119886119889

minus 119886119892119892119894119889119890119886119897

| forcompromised member nodes to affect the aggregation resultswhile probably not being detected is Δlowast if the number ofcompromised member nodes in the cluster with V as theclusterhead is not above lfloor(119898119862119871V minus 1)2rfloor

Proof Similarly in Theorem 2 in the worst case each of thecompromised member nodes modifies a maximum deviatedvalue as shown in formula (19) Then formula (18) can betransformed to

1003816100381610038161003816119886119892119892bad minus 119886119892119892ideal1003816100381610038161003816 =

119898CLV minus 119899

119898CLV

[2Δlowast

minus (119889(119899)minus 119889(1))] (20)

If 119889(1)

= 119889(119899)

and the number of compromised membernodes reaches the maximum lfloor(119898

CLV minus 1)2rfloor in other words

119899 = lceil(119898CLV + 1)2rceil then we can transform formula (20) to

1003816100381610038161003816119886119892119892bad minus 119886119892119892ideal1003816100381610038161003816max =

(1 minus1

119898CLV)Δlowast

119898CLV 2 = 0

(1 minus2

119898CLV)Δlowast

otherwise

(21)

From formula (21) we know that if 119898CLV rarr +infin then

|119886119892119892bad minus 119886119892119892ideal|max rarr Δlowast

However as mentioned earlier as the communicationbetween each member node with its clusterhead node adoptssymmetric key mechanism the compromised member node119908 cannot decrypt the data sent by normal member nodesIn order to stealthily modify its sensed data 119889

119908 from the

above analysis we know that node 119908 obtains 119889lowast119908= 119889119908+

Δ119908 |Δ119908| isin [0 2Δ

lowast

] Due to the random feature of themodification result if 119889lowast

119908notin [119889(119897) 119889(ℎ)] then the clusterhead

of node 119908 can detect the abnormal modificationAccording to the SSGF affected by node 119908 the 119889

119894sent

by a normal node 119894 may also be deemed as abnormal data if119889119894isin [119889(119896) 119889(119897))cup(119889(ℎ) 119889(lowast)] However the probability to deem

a normal node as a compromised node is relatively small andwe have derived the theoretical maximum value

Theorem 4 The average upper bound of the 119888119899119905119894affected by

compromised member nodes for normal node 119894 is 119888119899119905119886119887119905ℎ119903


Proof Without loss of generality considering a node 119908 inthe set 119882of the valid compromised member nodes assumethat its 119888119899119905abnormal is 119888119899119905119908 = 119862

119908 Then the average 119888119899119905abnormal

of normal node 119894 affected by 119908 is (1119899)119862119908 And the average

119888119899119905abnormal of normal node 119894 affected by 119882 is 119888119899119905119894

=

(1119899)sum119908isin119882

119862119908 Because forall119862

119908le 119888119899119905abthr 119888119899119905119894 le ((119898

CLV minus

119899)119899)119888119899119905abthrConsidering the worst case when the number of com-

promised member nodes is lfloor(119898CLV minus 1)2rfloor in other words

119899 = lceil(119898CLV + 1)2rceil 119888119899119905

119894can obtain the average maximum

value 119888119899119905119894(max) as shown in the formula

119888119899119905119894(max) =

119898CLV minus 2

119898CLV + 2

119888119899119905abthr 119898CLV 2 = 0

119898CLV minus 1

119898CLV + 1

119888119899119905abthr otherwise

(22)

52 Clusterhead Node Compromised To decide the compro-mised clusterhead node V as a malicious compromised nodein a cluster the number of the alarm nodes at least is equalto lceil(119898

CLV + 1)2rceil For the purpose of trying to make the

aggregation result 1198861198921198921015840 deviate the ideal aggregation result1198861198921198921015840

ideal = (1119899)sum119899

119894=1119889(119894)

and at the same time not beingdetected the compromised clusterhead node can let lceil(119898CL

V +

1)2rceil minus 1member nodes detect the abnormal behaviorsNote that although the compromised clusterhead node

V may mark normal uncompromised nodes as invalidfrom the view of V it does not introduce benefit to it bythe following reasons First those removed normal nodeswill report alarm messages against it if they are framedby V Second 119898CL

V ge 119898V if V sends forged aggregationvalues according to (11) the less 119898V is the more easily thenormal valid cooperative nodes of V will detect its abnormalaggregation values Hence in the analysis of this subsectionfrom the view of the compromised clusterhead node V weconsider the case when119898V = 119898

CLV

If119898CLV is even then we can compute the range of 1198861198921198921015840 by

formula (23) for the compromised clusterhead node inwhichit may not be detected as a malicious node

10038161003816100381610038161003816119889(119898

CLV 2+1)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

10038161003816100381610038161003816119889(119899minus119898

CLV 2)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

(23)

Because 119899 minus 119898CLV 2 le 119898

CLV 2 + 1 according to formula

(23) we can obtain

1198861198921198921015840

isin [119889(119899minus119898

CLV 2)

minus119898

CLV minus 1

119898CLV

Δlowast

119889(119898

CLV 2+1)

+119898

CLV minus 1

119898CLV

Δlowast

]

(24)

Similarly if119898CLV is odd we can obtain

1198861198921198921015840

isin [119889(119899minus(119898

CLV +1)2+1)

minus119898

CLV minus 1

119898CLV

Δlowast

119889((119898

CLV +1)2)

+119898

CLV minus 1

119898CLV

Δlowast

]

(25)

From the range of 1198861198921198921015840 we know that when 119899 = lceil(119898CLV +

1)2rceil the range of 1198861198921198921015840 can reach the maximum range

1198861198921198921015840

isin [119889(1)minus119898

CLV minus 1

119898CLV

Δlowast

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

] (26)

Based on the range of 1198861198921198921015840 we have derived the theoret-ical upper bound of |1198861198921198921015840 minus 1198861198921198921015840ideal|

Theorem 5 The upper bound of |1198861198921198921015840 minus 1198861198921198921015840119894119889119890119886119897

| affected bythe compromised clusterhead node V is |2 minus 1119898CL

V minus1lceil(119898CLV +

1)2rceil|Δlowast when it may not be detected as a malicious node

Proof The ideal aggregation can be calculated by formula(27) or (28) where Δ

(119894119895)= 119889(119894)minus 119889(119895)

1198861198921198921015840

ideal = 119889(1) +1

119899

119899

sum

119895=2

Δ(1198951)

(27)

1198861198921198921015840

ideal = 119889(119899) minus1

119899

119899minus1

sum

119895=1

Δ(119899119895)

(28)

Consider the worst case when 119899 = lceil(119898CLV + 1)2rceil one

reading sensed by a normal member node is the maximumvalue 119889max or minimum value 119889min and the readings sensedby other normal member nodes are the same and equal to119889max minus Δ

lowast or 119889min + Δlowast Then we can prove it as follows

100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(1)minus119898

CLV minus 1

119898CLV

Δlowast

minus 119889(1)minus1

119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1

lceil(119898CLV + 1) 2rceil

100381610038161003816100381610038161003816100381610038161003816

Δlowast


100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

minus 119889(119899)+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast

(29)

However the upper bound in Theorem 5 can hardlyhappen because it can only happen when one node obtainsthe maximum or minimum value and the other nodes obtain119889max minus Δ

lowast or 119889min + Δlowast at all rounds which is impossible

6 Simulation Results

We present the simulation results of SSGF including thedetection ratio false positive ratio the accuracy of aggrega-tion results the communication overhead for monitoringand aggregation results for a slow poisoning attack Forcomparison with SSGF we also implemented SELDA in[16] RSDA+ which is based on RSDA in [17] and is usedfor clusterhead nodes monitoring their member nodes andSAT+ which is based on SAT in [15] and is used forclusterhead nodes monitoring their member nodes only con-sidering the temporal correlation as [15] All the experimentsare simulated with the Castalia simulator [30] which is asimulator for WSNs and other low power embedded devicesnetworks and is based on the OMNeT++ [31] platform

We consider a WSN with 50 member nodes and aclusterhead node The locations of the member nodes aregenerated randomly within a 40-by-40 area with a uniformdistribution for their coordinates The clusterhead node liesin the centre of the deployment area For each member node119906 a random value 119889

119906following uniform distribution from

[100 120] is generated to simulate its real-time reading andhence Δlowast = 20 Note that in real scenarios the readings of anodemay change the range to [160 180] due to the variationsabout the monitored environment over time However theevaluated results are not affected by that evolutionWithout aspecial mention for each compromised member node119908 thedata sent by it is 119889

119908minus 119891lowast

times Δlowast where 119891lowast is a random value

controlled by a parameter 119891 and generated from the uniformdistribution [minus119891 0] The higher the value of 119891 is the largerthe distortion of the readings generated by malcompromisednodes will probably be The punishment base is 120582 = 20A detection period contains 100 rounds We repeated theexperiment 50 times and all the results are obtained bycomputing the average of all corresponding results

0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+

Figure 3The detection ratio when 119888119899 = 15119891 = 1 and 119888119899119905abthr = 20

0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+

Figure 4Thedetection ratiowhen 119888119899 = 20119891 = 1 and 119888119899119905abthr = 20

61The Detection Ratio and False Positive Ratio in a DetectionPeriod In this subsection we will present the experimentalresults of the detection ratio and the false positive ratio inone detection period with different numbers of compromisedmember nodes 119888119899 and different 119891 when 119888119899119905abthr = 20 Theresults are shown in Figures 3ndash7

Figures 3 and 4 show the results of the detection ratiowhen 119891 = 1 and the fraction of compromised nodes is30 and 40 respectively It can be seen that in bothcases the detection ratios for our method gradually reach100 while the detection ratios for both SELDA and RSDA+remain zero at the end of a detection period This meansthat when compromised nodes sendmalmodified readings in[80 120] both SELDA and RSDA+ methods cannot detectany compromised nodes while our method can detect allcompromised nodes This is because in both SELDA andRSDA+methods a reading in [119889mid minusΔ

lowast

119889mid +Δlowast

] is viewedas normal reading where 119889mid is the median of the receivedreadings at the clusterhead nodeHence the clusterhead nodecannot detect an abnormal behavior when a malmodifiedreading is in that rangeAt the same timewe can see that withthe increasing of the number of compromisedmember nodeswe need more rounds to detect all compromised nodes

Figures 5 and 6 show the results for another attackbehavior in which the readings sent by compromised nodes


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


are between 60 and 120 It can be seen that in both caseswhen the fraction of compromised nodes is 30 and 40respectively our method is faster than both SELDA andRSDA+ methods in detecting all compromised nodes Thisis because both SELDA and RSDA+methods adopt the samepunishment strategy for all abnormal readings That is if areading sent from a node is detected as an abnormal readingthen its 119888119899119905abnormal will be increased by one However in ourmethod besides using the above strategy to punish smalldistortion we also use a punishment base120582 to severely punisha node when the sent reading from it is satisfied 120572 gt 1 Thiscan also force compromised nodes to sendmore real readingsin order to avoid being detected

Figure 7 shows the false positive ratio when 119888119899 = 20 and119891 = 1 In the other three cases the false positive ratios remainzeroWe can see that ourmethod keeps the false positive ratiobelow 03 even when 40 of nodes are compromised andthe distortion for readings is very small with 119888119899119905abthr = 20Wealso repeated the similar experiments with 119888119899119905abthr = 30 andobserved that the false positive ratios remained zerowhile thedetection ratio could reach 99 as shown in Figure 8

In conclusion compared with SELDA and RSDA+ ourmethod outperforms them in terms of detection speed andordetection ratio for different cases At the same time thefalse positive ratio can remain zero by setting an appropriate119888119899119905abthr while keeping a high detection ratio

0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+

Figure 7The false positive ratio when 119888119899 = 20119891 = 1 and 119888119899119905abthr =20

0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


62 Aggregation Results In this subsection we will presentthe aggregation results of the above experiments The resultsare shown in Figures 9 10 11 and 12 in which ldquoallrdquomeans thatthe clusterhead node takes all the data for aggregation andldquogoodrdquo is the result by aggregating the data only from normalmember nodes

From Figures 9ndash12 we know that the results of bothour method and the comparison methods have a higheraccuracy than the ldquoallrdquo situation However the results fromour scheme are gradually consistent with the ldquogoodrdquo situationwith the increasing of the roundfor the four cases in Figures9ndash12 while this happens for two comparison methods (ieSELADA and RSDA+) only when the distortion of the datasent by compromised nodes is high as shown in Figures 11and 12 At the same time the speed of our method to beconsistent with the ldquogoodrdquo situation is faster than SELADAand RSDA+This is because our method can gradually detectand filter out all compromised nodes for the four cases inFigures 9ndash12 while SELADA and RSDA+ methods can onlydo this with a slower speed for the two cases in Figures 11and 12 as described in Section 61 In conclusion comparedwith SELADA and RSDA+ ourmethod outperforms them interms of the accuracy of the aggregation results for differentcases on the whole


105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+

Figure 9 Aggregation results when 119888119899 = 15 119891 = 1 and 119888119899119905abthr =20

103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


At the same time we have compared the resilient aggre-gation methods suggested by Wagner in [22] (ie trimmingand median) and RANBAR in [25] with SSGF The ideaof trimming is that if there are some bogus readings thenwe should ignore the highest 5 and the lowest 5 of thereadings (5 trimming) and calculate the average of theremaining readings as the estimation of the real averageIn other words it only works well if the proportion ofcompromised readings stays below 5 In our experimentsthere are 30 and 40 of compromised nodes in the clusterfor two situations respectively So some bogus readingsare considered as valid during the aggregation procedurethus the distortion of the aggregation results of trimmingis relatively high The median is defined as the middleelement(s) of the sorted readings In fact it is the extremecase of the trimming method (ie 49 trimming) Althoughthe median method excludes all the compromised readingsit also excludes the majority of the real readings Hence theaccuracy of the results also declines The idea of RANBAR isto construct the consensus set for aggregation by filtering outthe readings which are not satisfied with some distributionmodel randomly established based on the raw readings

10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


The size of the initial set is 1 themaximumpermitted numberof iterations is 15 and the error tolerance is 01 Since themethod to construct the consensus set is random and the setis considered as valid if the majority of readings are includedin it some real readings may be not included in the set whilesome bogus reading may be included Thus the accuracyof the results also declines In conclusion compared withtrimming median and RANBAR SSGF also outperformsthem on the whole

63 The Communication Overhead for Monitoring In thissubsection we will present the experimental results of thecommunication overhead for monitoring The results areshown in Figures 13 and 14 in which ldquocmp-119891 = 1rdquo and ldquocmp-119891 = 2rdquo are the results from the SELDA and RSDA+ methodswhen 119891 = 1 and 119891 = 2 respectively

Figures 13 and 14 show the results with 30 and 40 com-promised nodes respectively From the results we can seethat according to our monitoring mechanism the commu-nication overhead for monitoring by each node is obviously


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode

Figure 13 The communication overhead with different 119888119899119905abthr and119888119899 = 15

0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e


less than that of the SELDA andRSDA+methods for all casesThis is because in our method each member node only needsto monitor its clusterhead node to send aggregation resultswhile for the SELDA and RSDA+ methods each node needsto monitor other nodes in the same cluster

64 Aggregation Results for a Slow Poisoning Attack In thissubsection we will present the comparison experimentalresults with SAT+ about the accuracy of the aggregationresults against a slow poisoning attack in which the compro-mised nodes slowly change readings sent to the clusterheadnode The reading sent by a compromised node 119908 at 119903 round119889119908(119903) depends on the reading119889

119908(119903minus1) sent by it at 119903minus1 round

More specifically 119889119908(119903) = 119889

119908(119903 minus 1) minus 01 times 119891

lowast

times Δlowast That is

this case only considers the temporal correlation of sensorydata as [15]

Figure 15 shows the comparison results of our methodwith SAT+ when 40 of the nodes are compromised 119891 = 1and 119888119899119905abthr = 20 It can be seen that the results of ourscheme are gradually close to the ldquogoodrdquo situations after 20rounds while the results of SAT+ are gradually deviatedfrom the result of the ldquogoodrdquo situation This is because our

02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt

Figure 15 Aggregation results for a slowpoisoning attackwhen 119888119899 =20 119891 = 1 and 119888119899119905abthr = 20

method considers both the temporal correlation and thespatial correlationwhile SAT+only considers the formerThisindicates that our method can defend against this kind ofpoisoning attack while SAT+ cannot

7 Conclusions

In order to defend against compromised member nodes andaggregator nodes simultaneously during data aggregationin WSNs with low communication overhead we proposeda mutual defense scheme for secure data aggregation Itcontains a secure aggregation and defense mechanism SSGFfor clusterhead nodes to defend against their member nodesinjecting forged readings and a TDMA-based listeningmech-anism for member nodes to defend against their clusterheadnodes generating incorrect aggregation results It also pro-vides security services including the integrity freshness andauthentication via a secure data packet transmission schemeConsidering that the readings sent by neighbor nodes exhibittemporal and spatial correlation we defined the maximumtolerant difference (MTD) constraint parameter Based on theMTD we gave the quantitative criteria for abnormal readingsevaluation Moreover we analyzed and proved the worstaggregation results that compromised nodes can produceThe extensive simulation results also indicated the feasibil-ity and efficiency of our scheme Compared with existingmethods our method can achieve higher accuracy of theaggregation results while being with lower communicationoverhead for monitoring

There are a number of directions that are worth studyingin the future First in this paper we do not consider the col-luding attacks launched by compromised clusterhead nodesHowever in practice multiple compromised clusterheadnodes may be able to work in collusion to modify messagesThis presents interesting challenges to our approach Secondin this paper it only covers the average aggregation operationand it is not suitable for event detection applications wherethe event happens contingently and can only be detected bya small number of nodes each time Studying the averageaggregation operation and other aggregation operations suchas minimum maximum and counting for more broadapplications will be an interesting research direction


Notation Summary

119873 Total number of sensor nodes119899 The number of normal member

nodes in a clusterΔlowast The maximum tolerant difference

among the valid readings in a cluster119906 The member node 119906V The clusterhead node V119908 The valid compromised member

node 119908119873V The next-hop node of V119868119863119906 119868119863V 119868119863119873V Respective identifier of nodes 119906 V

and119873V119870(119906V) Shared key between 119906 and V

119866119870V The group key shared between thesink node and the cluster with V asclusterhead

119889119906 The raw reading of 119906

119864119870(119863119860119879119860) The ciphertext of data119863119860119879119860

encrypted with key119870119872119860119862

119870(119863119860119879119860) The message authentication code of

data119863119860119879119860 computed by using key 119870119878V The ascending data sequence

obtained by VΔ119878V The difference sequence of 119878V

119898V The number of the valid cooperativenodes of V

119898CLV The number of the valid cluster nodes

of the cluster with V as clusterhead119886119892119892119877V The aggregation result of V120582 The punishment base and 120582 gt 1119888119899119905abthr The predefined detection threshold119888119899119905abnormal The abnormal information record119877 The number of rounds for a detection

period119888119899 The number of compromised

member nodes in a cluster119891 The parameter to control the

distortion of the readings

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgments

This work was supported by the National Natural ScienceFoundation of China under Grant no 60873199 The authorsare grateful to the anonymous reviewers for their insightfulcomments

References

[1] S Ozdemir and Y Xiao ldquoSecure data aggregation in wirelesssensor networks a comprehensive overviewrdquo Computer Net-works vol 53 no 12 pp 2022ndash2037 2009

[2] H Alzaid E Foo J M G Nieto and D G Park ldquoA taxonomyof secure data aggregation in wireless sensor networksrdquo Inter-national Journal of Communication Networks and DistributedSystems vol 8 no 1-2 pp 101ndash148 2012

[3] B Przydatek D Song and A Perrig ldquoSIA secure informationaggregation in sensor networksrdquo in Proceedings of the 1st Inter-national Conference on Embedded Networked Sensor Systems(SenSys rsquo03) pp 255ndash265 November 2003

[4] H Chan A Perrig B Przydatek and D Song ldquoSIA secureinformation aggregation in sensor networksrdquo Journal of Com-puter Security vol 15 no 1 pp 69ndash102 2007

[5] J Girao D Westhoff and M Schneider ldquoCDA concealeddata aggregation for reverse multicast traffic in wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Communications (ICC rsquo05) pp 3044ndash3049 Seoul Republicof Korea May 2005

[6] DWesthoff J Girao andMAcharya ldquoConcealed data aggrega-tion for reversemulticast traffic in sensor networks encryptionkey distribution and routing adaptationrdquo IEEE Transactions onMobile Computing vol 5 no 10 pp 1417ndash1431 2006

[7] C Castelluccia E Mykletun and G Tsudik ldquoEfficient aggrega-tion of encrypted data in wireless sensor networksrdquo in Proceed-ings of the 2nd Annual International Conference on Mobile andUbiquitous Systems-Networking and Services (MobiQuitous rsquo05)pp 109ndash117 July 2005

[8] C Castelluccia A C-F Chan E Mykletun and G TsudikldquoEfficient and provably secure aggregation of encrypted datain wireless sensor networksrdquo ACM Transactions on SensorNetworks vol 5 no 3 pp 1ndash36 2009

[9] Q Zhou G Yang and L He ldquoAn efficient secure data aggre-gation based on homomorphic primitives in wireless sensornetworksrdquo International Journal of Distributed Sensor Networksvol 2014 Article ID 962925 11 pages 2014

[10] H Cam S Ozdemir P Nair D Muthuavinashiappan andH Ozgur Sanli ldquoEnergy-efficient secure pattern based dataaggregation for wireless sensor networksrdquo Computer Commu-nications vol 29 no 4 pp 446ndash455 2006

[11] W Zhang Y Liu S K Das and P De ldquoSecure data aggregationin wireless sensor networks a watermark based authenticationsupportive approachrdquo Pervasive and Mobile Computing vol 4no 5 pp 658ndash680 2008

[12] T Wang X Qin and L Liu ldquoAn energy-efficient and scalablesecure data aggregation for wireless sensor networksrdquo Interna-tional Journal of Distributed Sensor Networks vol 2013 ArticleID 843485 11 pages 2013

[13] M Yoon M Jang H Kim and J Chang ldquoA signature-baseddata security technique for energy-efficient data aggregation inwireless sensor networksrdquo International Journal of DistributedSensor Networks vol 2014 Article ID 272537 10 pages 2014

[14] J Hur Y Lee S M Hong and H Yoon ldquoTrust managementfor resilient wireless sensor networksrdquo in Proceeding of the 8thInternational Conference Information Security and Cryptology(ICISC rsquo05) pp 56ndash68 Seoul Republic of Korea December2006

[15] K Wu D Dreef B Sun and Y Xiao ldquoSecure data aggregationwithout persistent cryptographic operations in wireless sensornetworksrdquo Ad Hoc Networks vol 5 no 1 pp 100ndash111 2007

[16] S Ozdemir ldquoSecure and reliable data aggregation for wirelesssensor networksrdquo in Proceedings of the 4th International Confer-ence on Ubiquitous Computing Systems (UCS rsquo07) pp 102ndash109Tokyo Japan November 2007


[17] H Alzaid E Foo and J G Nieto ldquoRSDA reputation-basedsecure data aggregation in wireless sensor networksrdquo in Pro-ceedings of the 9th International Conference on Parallel andDistributed Computing Applications and Technologies (PDCATrsquo08) pp 419ndash424 Dunedin New Zealand December 2008

[18] W Qiu Y Zheng and K Chen ldquoBuilding representative-baseddata aggregation tree in wireless sensor networksrdquo Mathemat-ical Problems in Engineering vol 2010 Article ID 732892 11pages 2010

[19] A Boonsongsrikul K-S Lhee and M Hong ldquoSecuring dataaggregation against false data injection in wireless sensornetworksrdquo in Proceedings of the 12th International Conferenceon Advanced Communication Technology ICT for Green Growthand Sustainable Development (ICACT rsquo10) pp 29ndash34 SeoulRepublic of Korea February 2010

[20] X Dong and S Li ldquoSecure data aggregation approach basedon monitoring in wireless sensor networksrdquo China Communi-cations vol 9 no 6 pp 14ndash27 2012

[21] N Labraoui M Gueroui M Aliouat and J Petit ldquoReactive andadaptive monitoring to secure aggregation in wireless sensornetworksrdquo Telecommunication Systems vol 54 no 1 pp 3ndash172013

[22] D Wagner ldquoResilient aggregation in sensor networksrdquo inProceedings of the ACM Workshop on Security of Ad Hoc andSensor Networks (SASN rsquo04) pp 78ndash87 Washington DC USAOctober 2004

[23] S Roy M Conti S Setia and S Jajodia ldquoSecure data aggre-gation in wireless sensor networksrdquo IEEE Transactions onInformation Forensics and Security vol 7 no 3 pp 1040ndash10522012

[24] S Roy M Conti S Setia and S Jajodia ldquoSecure data aggre-gation in wireless sensor networks filtering out the attackerrsquosimpactrdquo IEEE Transactions on Information Forensics and Secu-rity vol 9 no 4 pp 681ndash694 2014

[25] L Buttyan P Schaffer and IVajda ldquoRANBARRANSAC-basedresilient aggregation in sensor networksrdquo in Proceedings of the4th ACM Workshop on Security of ad hoc and Sensor Networks(SASN rsquo06) pp 83ndash90 Alexandria Va USA October 2006

[26] K Sun P Peng P Ning and C Wang ldquoSecure distributedcluster formation in wireless sensor networksrdquo in Proceedingsof the 22nd Annual Computer Security Applications Conference(ACSAC rsquo06) pp 131ndash140 Washington DC USA December2006

[27] S Zhu S Setia and S Jajodia ldquoLEAP efficient securitymechanisms for large-scale distributed sensor networksrdquo inProceedings of the 10th ACM Conference on Computer andCommunications Security (CCS rsquo03) pp 62ndash72 WashingtonDC USA October 2003

[28] A Chadha L Yonghe and S K Das ldquoGroup key distributionvia local collaboration in wireless sensor networksrdquo in Proceed-ings of the 2ndAnnual IEEECommunications Society Conferenceon Sensor and AdHoc Communications and Networks (SECONrsquo05) pp 46ndash54 Santa Clara Calif USA September 2005

[29] A Perrig R Szewczyk J D Tygar V Wen and D E CullerldquoSPINS security protocols for sensor networksrdquo Wireless Net-works vol 8 no 5 pp 521ndash534 2002

[30] Castalia Home Castalia [EBOL] 2013 httpcastaliaresearchnictacomauindexphpen

[31] OMNeT++CommunityOMNeT++ [EBOL] 2013 httpwwwomnetpporg

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpwwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



and authentication via a secure data packet transmissionscheme Considering that the readings sensed by neighbornodes exhibit temporal and spatial correlation we define aconstraint parameter maximum tolerant difference (MTD)and give the quantitative criteria for abnormal readings eval-uation At the same time we analyze and prove the feasibilityof our method and present the worst aggregation results thatcompromised nodes can produce Extensive experiments areconducted and the results show that the proposedmechanismcan effectively and efficiently defend against and detect themalcompromised nodes Compared with existing methodsour method can ensure higher accuracy of the aggregationresults but with lower monitoring overhead

The rest of this paper is organized as follows Section 2gives a summary of related work Section 3 provides networkmodel attack model and assumptions Section 4 gives thedetails of ourmutual defense scheme for secure data aggrega-tion The analysis of aggregation results affected by compro-mised nodes is introduced in Section 5 and simulation resultsare provided in Section 6 Finally Section 7 concludes thispaper

2 Related Work

Thesecure data aggregation problem inWSNshas been inves-tigated extensively during the past few years Several surveysof these works are presented in [1 2] Wagner has studiedthe security of aggregation and proposed a mathematicalframework for formally evaluating secure aggregation [22]

In [3 4] a secure information aggregation (SIA) schemewas proposed to prevent the users from accepting incorrectaggregation results By constructing efficient random sam-pling mechanisms and interactive proofs SIA can let thehome server verify the correctness of the aggregated dataHowever as the aggregator not only needs to construct aMerkle hash tree-based commitment but also needs to dealwith the check tasks from the home server the computationand communication overhead of the aggregator is very high

In [5ndash9] several homomorphic encryption-based end-to-end secure data aggregation schemes were proposedThe advantage of these approaches is that the ciphertextscan be directly aggregated In [10] a pattern-based end-to-end secure data aggregation scheme was presented In[11] a watermark-based end-to-end secure data aggrega-tion approach was proposed In [12] to provide end-to-end data confidentiality a secure data aggregation schemewas proposed It achieves data privacy through the securechannel In [13] a signature-based data security techniquewas proposed to protect sensitive data aggregation It makesuse of the additive property of complex numbers Howeverthose approaches can only defend against external attacks andcannot prevent attacks from compromised nodes by injectingbogus raw readings

In [23] to defend against the falsified subaggregate attackin which a compromised node relays a false subaggregateto the parent node a verification algorithm was presentedThe base station can use it to determine if the computedaggregate includes any false contribution However it would

fail to compute the aggregate in the presence of the attackTo address this problem an attack-resilient computationalgorithm was designed in [24] In [25] a random sam-ple consensus paradigm-based technique called RANBARwas designed to filter out outlier elements from a samplebefore an aggregation procedure However RANBAR doesnot consider the situation where the aggregator nodes arecompromised

In [14] a trust management scheme was presented toidentify trustworthiness of sensor nodes As the strategy ofthis method is to collect multiple and redundant readingsand to crosscheck them for consistency the communicationoverhead is also high

In [15] a secure aggregation tree (SAT) was proposedto detect and prevent cheating In SAT as every child nodeneeds to gather all the messages from their sibling nodes tothe father node the communication overhead is relativelyhigh At the same time they do not consider the situationwhere the leaf nodes may also be compromised In [16] asecure and reliable data aggregation protocol called SELDAwas proposed The basic idea of SELDA is that each sensornode updates trust levels for environment by monitoringactions of its neighboring nodes using Beta distributionfunction However SELDA ignores the situation where theaggregator nodes are compromised In [17] a reputation-based secure data aggregation (RSDA) was proposed InRSDA as each node in a cell needs to compare its readingswith the readings of its neighbors and perform redundantoperations to monitor the actions of the cell representativethe communication and computation overhead is high In[18] a RSDA-based representative aggregation tree (RAT)scheme was presented to reduce the data transmission over-head However this scheme is just mentioned to adopt themonitoring mechanism to prevent the injection of bogusinformation and forged aggregation values In [19] a solutionto detect the false readings during the data aggregation andrecognize the attacking nodes was proposed The main ideais to be monitored by children and judged by majorityHowever it requires the dedicated external nodes to monitorthe internal nodes which wastes a lot of external nodes In[20] a monitoring-based secure data aggregation methodwas proposed to prevent on-off attacks In [21] a monitoringmechanism with two hierarchical levels was designed toensure the integrity and the accuracy of aggregate resultIn the first level monitoring a principal supervisor nodePSUP L1 monitors the behavior of clusterhead whereas inthe second level monitoring the rest of nodes in the clustermonitor the behavior of both PSUP L1 and clusterhead How-ever since each node participates in aggregation function andgathers the data through passive listening this scheme incursa very high monitoring overhead

3 System Model

We consider a static WSN with one sink node and 119873 sensornodes The sink node is a powerful node and secure Weassume that the network is densely deployed and readingssensed by nodes exhibit temporal and spatial correlation


Base station

Cluster
















119868119863119906 119868119863V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198891 119872119860119862119870(119906V) (1198891198861199051198861)

1199011198861199101198971199001198861198891 = 119864119870(119906V)

(119889119906)

1198891198861199051198861 = 119868119863119906 119868119863V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198891

(1)







119868119863V 119868119863119873V 119901119900119904V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198892

119872119860119862119866119870V

(1198891198861199051198862) 119872119860119862119870(V 119873V)

(1198891198861199051198863)

(2)

1199011198861199101198971199001198861198892 = 119864119866119870V

(119886119892119892119877V) (3)

1198891198861199051198862 = 119901119900119904V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198892 (4)

1198891198861199051198863 = 119868119863V 119868119863119873V 1198891198861199051198862 119872119860119862119866119870V (1198891198861199051198862) (5)






(1) 119889(2) 119889

(119898V) where


119894119894+1= 119889(119894+1)

minus


119878V=

Δ12 Δ23 Δ

119898Vminus1119898V


119878Vis 22 02 05 04 05 01 04 02


1to 11990410





lowast

(1 le 119894 le


119905max =

119889(119896) 119889(119896+1)





3send fake readings

Then as Δ12



94 96 101 105 110 111 115 117 119



and 119889(lowast)

if (119889(lowast)

minus 119889(119896)) gt Δ


(ℎ)minus 119889(119897)


119892=

119889(119897) 119889(119897+1)



minus 119889(2)) = 119 minus 94 = 25 gt


(3)and

119889(9) As (119889



101 105 110 111 115




1084


120572 =

1003816100381610038161003816119889119906 minus 119886119892119892119877V1003816100381610038161003816

Δlowast (6)

119888119899119905normal = 119888119899119905normal + 1 119889

119906isin [119889(119897) 119889(ℎ)]


119888119899119905abnormal

=

119888119899119905abnormal 119889119906isin [119889(119897) 119889(ℎ)]


(ℎ) 119889(lowast)] 120572 le 1

119888119899119905abnormal+120582120572

otherwise(8)





119898of valid


119887 we

can use 119903119888119899119905abthr119898


119903119898= 23 and 119903




119892and 119903119887



4to 1199048





2




1







120573 =

10038161003816100381610038161003816119889119906minus 119886119892119892

101584010038161003816100381610038161003816

Δlowast (9)


119888119899119905normal =

119888119899119905normal + 1 120573 le119898V minus 1

119898V


119888119899119905abnormal =

119888119899119905abnormal + 120582120573

120573 gt119898V minus 1

119898V





119906is the







119898VΔlowast

(12)





119886119892119892est (max) = 119889119906+119898V minus 1

119898VΔlowast

(13)


120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (min)1003816100381610038161003816


119898V(14)

or

120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (max)1003816100381610038161003816


119898V (15)


















CLV + 1)2rceil 119898



1 1198892 119889

119898CLV For the


119886119892119892ideal =1

119898CLV

119898CLV

sum

119894=1

119889119894 (16)


(1) 119889(2) 119889

(119899)



119908and obtains

119889lowast






CLV -1 packets N


CLV -1 packets N



CLV -1 packets N


Δlowast



Δlowast



119889119908+ Δlowast


119908= 119889119908+ Δ119908 where Δ



119886119892119892bad =1

119898CLV

[

[

119898CLV

sum

119894=1

119889119894+ sum

119908isin119882

Δ119908

]

]

(17)


119886119892119892bad = 119886119892119892ideal +1

119898CLV

sum

119908isin119882

Δ119908 (18)








lowast


(1)and




119889(1)+ Δlowast



119889(1)+ Δlowast


119908= 119889(119899)minus Δlowast or 119889

119908=




lowast

minus (119889(119899)minus 119889(1)) (19)


119908(max)|




minus 119886119892119892119894119889119890119886119897



1003816100381610038161003816119886119892119892bad minus 119886119892119892ideal1003816100381610038161003816 =

119898CLV minus 119899

119898CLV

[2Δlowast

minus (119889(119899)minus 119889(1))] (20)

If 119889(1)

= 119889(119899)





(1 minus1

119898CLV)Δlowast

119898CLV 2 = 0

(1 minus2

119898CLV)Δlowast

otherwise

(21)




119908 from the


Δ119908 |Δ119908| isin [0 2Δ

lowast




119894sent










=

(1119899)sum119908isin119882

119862119908 Because forall119862

119908le 119888119899119905abthr 119888119899119905119894 le ((119898

CLV minus



119899 = lceil(119898CLV + 1)2rceil 119888119899119905



119888119899119905119894(max) =

119898CLV minus 2

119898CLV + 2

119888119899119905abthr 119898CLV 2 = 0

119898CLV minus 1

119898CLV + 1


(22)




ideal = (1119899)sum119899

119894=1119889(119894)


V +




CLV



10038161003816100381610038161003816119889(119898

CLV 2+1)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

10038161003816100381610038161003816119889(119899minus119898

CLV 2)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

(23)



(23) we can obtain

1198861198921198921015840

isin [119889(119899minus119898

CLV 2)

minus119898

CLV minus 1

119898CLV

Δlowast

119889(119898

CLV 2+1)

+119898

CLV minus 1

119898CLV

Δlowast

]

(24)


1198861198921198921015840

isin [119889(119899minus(119898

CLV +1)2+1)

minus119898

CLV minus 1

119898CLV

Δlowast

119889((119898

CLV +1)2)

+119898

CLV minus 1

119898CLV

Δlowast

]

(25)



1198861198921198921015840

isin [119889(1)minus119898

CLV minus 1

119898CLV

Δlowast

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

] (26)







(119894119895)= 119889(119894)minus 119889(119895)

1198861198921198921015840

ideal = 119889(1) +1

119899

119899

sum

119895=2

Δ(1198951)

(27)

1198861198921198921015840

ideal = 119889(119899) minus1

119899

119899minus1

sum

119895=1

Δ(119899119895)

(28)




100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(1)minus119898

CLV minus 1

119898CLV

Δlowast


119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast


100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

minus 119889(119899)+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast

(29)











0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+




lowast

119889mid +Δlowast




0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Base station

Cluster
















119868119863119906 119868119863V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198891 119872119860119862119870(119906V) (1198891198861199051198861)

1199011198861199101198971199001198861198891 = 119864119870(119906V)

(119889119906)

1198891198861199051198861 = 119868119863119906 119868119863V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198891

(1)







119868119863V 119868119863119873V 119901119900119904V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198892

119872119860119862119866119870V

(1198891198861199051198862) 119872119860119862119870(V 119873V)

(1198891198861199051198863)

(2)

1199011198861199101198971199001198861198892 = 119864119866119870V

(119886119892119892119877V) (3)

1198891198861199051198862 = 119901119900119904V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198892 (4)

1198891198861199051198863 = 119868119863V 119868119863119873V 1198891198861199051198862 119872119860119862119866119870V (1198891198861199051198862) (5)






(1) 119889(2) 119889

(119898V) where


119894119894+1= 119889(119894+1)

minus


119878V=

Δ12 Δ23 Δ

119898Vminus1119898V


119878Vis 22 02 05 04 05 01 04 02


1to 11990410





lowast

(1 le 119894 le


119905max =

119889(119896) 119889(119896+1)





3send fake readings

Then as Δ12



94 96 101 105 110 111 115 117 119



and 119889(lowast)

if (119889(lowast)

minus 119889(119896)) gt Δ


(ℎ)minus 119889(119897)


119892=

119889(119897) 119889(119897+1)



minus 119889(2)) = 119 minus 94 = 25 gt


(3)and

119889(9) As (119889



101 105 110 111 115




1084


120572 =

1003816100381610038161003816119889119906 minus 119886119892119892119877V1003816100381610038161003816

Δlowast (6)

119888119899119905normal = 119888119899119905normal + 1 119889

119906isin [119889(119897) 119889(ℎ)]


119888119899119905abnormal

=

119888119899119905abnormal 119889119906isin [119889(119897) 119889(ℎ)]


(ℎ) 119889(lowast)] 120572 le 1

119888119899119905abnormal+120582120572

otherwise(8)





119898of valid


119887 we

can use 119903119888119899119905abthr119898


119903119898= 23 and 119903




119892and 119903119887



4to 1199048





2




1







120573 =

10038161003816100381610038161003816119889119906minus 119886119892119892

101584010038161003816100381610038161003816

Δlowast (9)


119888119899119905normal =

119888119899119905normal + 1 120573 le119898V minus 1

119898V


119888119899119905abnormal =

119888119899119905abnormal + 120582120573

120573 gt119898V minus 1

119898V





119906is the







119898VΔlowast

(12)





119886119892119892est (max) = 119889119906+119898V minus 1

119898VΔlowast

(13)


120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (min)1003816100381610038161003816


119898V(14)

or

120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (max)1003816100381610038161003816


119898V (15)


















CLV + 1)2rceil 119898



1 1198892 119889

119898CLV For the


119886119892119892ideal =1

119898CLV

119898CLV

sum

119894=1

119889119894 (16)


(1) 119889(2) 119889

(119899)



119908and obtains

119889lowast






CLV -1 packets N


CLV -1 packets N



CLV -1 packets N


Δlowast



Δlowast



119889119908+ Δlowast


119908= 119889119908+ Δ119908 where Δ



119886119892119892bad =1

119898CLV

[

[

119898CLV

sum

119894=1

119889119894+ sum

119908isin119882

Δ119908

]

]

(17)


119886119892119892bad = 119886119892119892ideal +1

119898CLV

sum

119908isin119882

Δ119908 (18)








lowast


(1)and




119889(1)+ Δlowast



119889(1)+ Δlowast


119908= 119889(119899)minus Δlowast or 119889

119908=




lowast

minus (119889(119899)minus 119889(1)) (19)


119908(max)|




minus 119886119892119892119894119889119890119886119897



1003816100381610038161003816119886119892119892bad minus 119886119892119892ideal1003816100381610038161003816 =

119898CLV minus 119899

119898CLV

[2Δlowast

minus (119889(119899)minus 119889(1))] (20)

If 119889(1)

= 119889(119899)





(1 minus1

119898CLV)Δlowast

119898CLV 2 = 0

(1 minus2

119898CLV)Δlowast

otherwise

(21)




119908 from the


Δ119908 |Δ119908| isin [0 2Δ

lowast




119894sent










=

(1119899)sum119908isin119882

119862119908 Because forall119862

119908le 119888119899119905abthr 119888119899119905119894 le ((119898

CLV minus



119899 = lceil(119898CLV + 1)2rceil 119888119899119905



119888119899119905119894(max) =

119898CLV minus 2

119898CLV + 2

119888119899119905abthr 119898CLV 2 = 0

119898CLV minus 1

119898CLV + 1


(22)




ideal = (1119899)sum119899

119894=1119889(119894)


V +




CLV



10038161003816100381610038161003816119889(119898

CLV 2+1)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

10038161003816100381610038161003816119889(119899minus119898

CLV 2)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

(23)



(23) we can obtain

1198861198921198921015840

isin [119889(119899minus119898

CLV 2)

minus119898

CLV minus 1

119898CLV

Δlowast

119889(119898

CLV 2+1)

+119898

CLV minus 1

119898CLV

Δlowast

]

(24)


1198861198921198921015840

isin [119889(119899minus(119898

CLV +1)2+1)

minus119898

CLV minus 1

119898CLV

Δlowast

119889((119898

CLV +1)2)

+119898

CLV minus 1

119898CLV

Δlowast

]

(25)



1198861198921198921015840

isin [119889(1)minus119898

CLV minus 1

119898CLV

Δlowast

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

] (26)







(119894119895)= 119889(119894)minus 119889(119895)

1198861198921198921015840

ideal = 119889(1) +1

119899

119899

sum

119895=2

Δ(1198951)

(27)

1198861198921198921015840

ideal = 119889(119899) minus1

119899

119899minus1

sum

119895=1

Δ(119899119895)

(28)




100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(1)minus119898

CLV minus 1

119898CLV

Δlowast


119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast


100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

minus 119889(119899)+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast

(29)











0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+




lowast

119889mid +Δlowast




0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














119868119863119906 119868119863V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198891 119872119860119862119870(119906V) (1198891198861199051198861)

1199011198861199101198971199001198861198891 = 119864119870(119906V)

(119889119906)

1198891198861199051198861 = 119868119863119906 119868119863V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198891

(1)







119868119863V 119868119863119873V 119901119900119904V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198892

119872119860119862119866119870V

(1198891198861199051198862) 119872119860119862119870(V 119873V)

(1198891198861199051198863)

(2)

1199011198861199101198971199001198861198892 = 119864119866119870V

(119886119892119892119877V) (3)

1198891198861199051198862 = 119901119900119904V 119901119903119889-119903119899119889 1199011198861199101198971199001198861198892 (4)

1198891198861199051198863 = 119868119863V 119868119863119873V 1198891198861199051198862 119872119860119862119866119870V (1198891198861199051198862) (5)






(1) 119889(2) 119889

(119898V) where


119894119894+1= 119889(119894+1)

minus


119878V=

Δ12 Δ23 Δ

119898Vminus1119898V


119878Vis 22 02 05 04 05 01 04 02


1to 11990410





lowast

(1 le 119894 le


119905max =

119889(119896) 119889(119896+1)





3send fake readings

Then as Δ12



94 96 101 105 110 111 115 117 119



and 119889(lowast)

if (119889(lowast)

minus 119889(119896)) gt Δ


(ℎ)minus 119889(119897)


119892=

119889(119897) 119889(119897+1)



minus 119889(2)) = 119 minus 94 = 25 gt


(3)and

119889(9) As (119889



101 105 110 111 115




1084


120572 =

1003816100381610038161003816119889119906 minus 119886119892119892119877V1003816100381610038161003816

Δlowast (6)

119888119899119905normal = 119888119899119905normal + 1 119889

119906isin [119889(119897) 119889(ℎ)]


119888119899119905abnormal

=

119888119899119905abnormal 119889119906isin [119889(119897) 119889(ℎ)]


(ℎ) 119889(lowast)] 120572 le 1

119888119899119905abnormal+120582120572

otherwise(8)





119898of valid


119887 we

can use 119903119888119899119905abthr119898


119903119898= 23 and 119903




119892and 119903119887



4to 1199048





2




1







120573 =

10038161003816100381610038161003816119889119906minus 119886119892119892

101584010038161003816100381610038161003816

Δlowast (9)


119888119899119905normal =

119888119899119905normal + 1 120573 le119898V minus 1

119898V


119888119899119905abnormal =

119888119899119905abnormal + 120582120573

120573 gt119898V minus 1

119898V





119906is the







119898VΔlowast

(12)





119886119892119892est (max) = 119889119906+119898V minus 1

119898VΔlowast

(13)


120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (min)1003816100381610038161003816


119898V(14)

or

120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (max)1003816100381610038161003816


119898V (15)


















CLV + 1)2rceil 119898



1 1198892 119889

119898CLV For the


119886119892119892ideal =1

119898CLV

119898CLV

sum

119894=1

119889119894 (16)


(1) 119889(2) 119889

(119899)



119908and obtains

119889lowast






CLV -1 packets N


CLV -1 packets N



CLV -1 packets N


Δlowast



Δlowast



119889119908+ Δlowast


119908= 119889119908+ Δ119908 where Δ



119886119892119892bad =1

119898CLV

[

[

119898CLV

sum

119894=1

119889119894+ sum

119908isin119882

Δ119908

]

]

(17)


119886119892119892bad = 119886119892119892ideal +1

119898CLV

sum

119908isin119882

Δ119908 (18)








lowast


(1)and




119889(1)+ Δlowast



119889(1)+ Δlowast


119908= 119889(119899)minus Δlowast or 119889

119908=




lowast

minus (119889(119899)minus 119889(1)) (19)


119908(max)|




minus 119886119892119892119894119889119890119886119897



1003816100381610038161003816119886119892119892bad minus 119886119892119892ideal1003816100381610038161003816 =

119898CLV minus 119899

119898CLV

[2Δlowast

minus (119889(119899)minus 119889(1))] (20)

If 119889(1)

= 119889(119899)





(1 minus1

119898CLV)Δlowast

119898CLV 2 = 0

(1 minus2

119898CLV)Δlowast

otherwise

(21)




119908 from the


Δ119908 |Δ119908| isin [0 2Δ

lowast




119894sent










=

(1119899)sum119908isin119882

119862119908 Because forall119862

119908le 119888119899119905abthr 119888119899119905119894 le ((119898

CLV minus



119899 = lceil(119898CLV + 1)2rceil 119888119899119905



119888119899119905119894(max) =

119898CLV minus 2

119898CLV + 2

119888119899119905abthr 119898CLV 2 = 0

119898CLV minus 1

119898CLV + 1


(22)




ideal = (1119899)sum119899

119894=1119889(119894)


V +




CLV



10038161003816100381610038161003816119889(119898

CLV 2+1)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

10038161003816100381610038161003816119889(119899minus119898

CLV 2)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

(23)



(23) we can obtain

1198861198921198921015840

isin [119889(119899minus119898

CLV 2)

minus119898

CLV minus 1

119898CLV

Δlowast

119889(119898

CLV 2+1)

+119898

CLV minus 1

119898CLV

Δlowast

]

(24)


1198861198921198921015840

isin [119889(119899minus(119898

CLV +1)2+1)

minus119898

CLV minus 1

119898CLV

Δlowast

119889((119898

CLV +1)2)

+119898

CLV minus 1

119898CLV

Δlowast

]

(25)



1198861198921198921015840

isin [119889(1)minus119898

CLV minus 1

119898CLV

Δlowast

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

] (26)







(119894119895)= 119889(119894)minus 119889(119895)

1198861198921198921015840

ideal = 119889(1) +1

119899

119899

sum

119895=2

Δ(1198951)

(27)

1198861198921198921015840

ideal = 119889(119899) minus1

119899

119899minus1

sum

119895=1

Δ(119899119895)

(28)




100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(1)minus119898

CLV minus 1

119898CLV

Δlowast


119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast


100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

minus 119889(119899)+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast

(29)











0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+




lowast

119889mid +Δlowast




0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












1084


120572 =

1003816100381610038161003816119889119906 minus 119886119892119892119877V1003816100381610038161003816

Δlowast (6)

119888119899119905normal = 119888119899119905normal + 1 119889

119906isin [119889(119897) 119889(ℎ)]


119888119899119905abnormal

=

119888119899119905abnormal 119889119906isin [119889(119897) 119889(ℎ)]


(ℎ) 119889(lowast)] 120572 le 1

119888119899119905abnormal+120582120572

otherwise(8)





119898of valid


119887 we

can use 119903119888119899119905abthr119898


119903119898= 23 and 119903




119892and 119903119887



4to 1199048





2




1







120573 =

10038161003816100381610038161003816119889119906minus 119886119892119892

101584010038161003816100381610038161003816

Δlowast (9)


119888119899119905normal =

119888119899119905normal + 1 120573 le119898V minus 1

119898V


119888119899119905abnormal =

119888119899119905abnormal + 120582120573

120573 gt119898V minus 1

119898V





119906is the







119898VΔlowast

(12)





119886119892119892est (max) = 119889119906+119898V minus 1

119898VΔlowast

(13)


120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (min)1003816100381610038161003816


119898V(14)

or

120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (max)1003816100381610038161003816


119898V (15)


















CLV + 1)2rceil 119898



1 1198892 119889

119898CLV For the


119886119892119892ideal =1

119898CLV

119898CLV

sum

119894=1

119889119894 (16)


(1) 119889(2) 119889

(119899)



119908and obtains

119889lowast






CLV -1 packets N


CLV -1 packets N



CLV -1 packets N


Δlowast



Δlowast



119889119908+ Δlowast


119908= 119889119908+ Δ119908 where Δ



119886119892119892bad =1

119898CLV

[

[

119898CLV

sum

119894=1

119889119894+ sum

119908isin119882

Δ119908

]

]

(17)


119886119892119892bad = 119886119892119892ideal +1

119898CLV

sum

119908isin119882

Δ119908 (18)








lowast


(1)and




119889(1)+ Δlowast



119889(1)+ Δlowast


119908= 119889(119899)minus Δlowast or 119889

119908=




lowast

minus (119889(119899)minus 119889(1)) (19)


119908(max)|




minus 119886119892119892119894119889119890119886119897



1003816100381610038161003816119886119892119892bad minus 119886119892119892ideal1003816100381610038161003816 =

119898CLV minus 119899

119898CLV

[2Δlowast

minus (119889(119899)minus 119889(1))] (20)

If 119889(1)

= 119889(119899)





(1 minus1

119898CLV)Δlowast

119898CLV 2 = 0

(1 minus2

119898CLV)Δlowast

otherwise

(21)




119908 from the


Δ119908 |Δ119908| isin [0 2Δ

lowast




119894sent










=

(1119899)sum119908isin119882

119862119908 Because forall119862

119908le 119888119899119905abthr 119888119899119905119894 le ((119898

CLV minus



119899 = lceil(119898CLV + 1)2rceil 119888119899119905



119888119899119905119894(max) =

119898CLV minus 2

119898CLV + 2

119888119899119905abthr 119898CLV 2 = 0

119898CLV minus 1

119898CLV + 1


(22)




ideal = (1119899)sum119899

119894=1119889(119894)


V +




CLV



10038161003816100381610038161003816119889(119898

CLV 2+1)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

10038161003816100381610038161003816119889(119899minus119898

CLV 2)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

(23)



(23) we can obtain

1198861198921198921015840

isin [119889(119899minus119898

CLV 2)

minus119898

CLV minus 1

119898CLV

Δlowast

119889(119898

CLV 2+1)

+119898

CLV minus 1

119898CLV

Δlowast

]

(24)


1198861198921198921015840

isin [119889(119899minus(119898

CLV +1)2+1)

minus119898

CLV minus 1

119898CLV

Δlowast

119889((119898

CLV +1)2)

+119898

CLV minus 1

119898CLV

Δlowast

]

(25)



1198861198921198921015840

isin [119889(1)minus119898

CLV minus 1

119898CLV

Δlowast

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

] (26)







(119894119895)= 119889(119894)minus 119889(119895)

1198861198921198921015840

ideal = 119889(1) +1

119899

119899

sum

119895=2

Δ(1198951)

(27)

1198861198921198921015840

ideal = 119889(119899) minus1

119899

119899minus1

sum

119895=1

Δ(119899119895)

(28)




100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(1)minus119898

CLV minus 1

119898CLV

Δlowast


119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast


100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

minus 119889(119899)+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast

(29)











0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+




lowast

119889mid +Δlowast




0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










119888119899119905normal =

119888119899119905normal + 1 120573 le119898V minus 1

119898V


119888119899119905abnormal =

119888119899119905abnormal + 120582120573

120573 gt119898V minus 1

119898V





119906is the







119898VΔlowast

(12)





119886119892119892est (max) = 119889119906+119898V minus 1

119898VΔlowast

(13)


120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (min)1003816100381610038161003816


119898V(14)

or

120573 (max) =1003816100381610038161003816119889119906 minus 119886119892119892est (max)1003816100381610038161003816


119898V (15)


















CLV + 1)2rceil 119898



1 1198892 119889

119898CLV For the


119886119892119892ideal =1

119898CLV

119898CLV

sum

119894=1

119889119894 (16)


(1) 119889(2) 119889

(119899)



119908and obtains

119889lowast






CLV -1 packets N


CLV -1 packets N



CLV -1 packets N


Δlowast



Δlowast



119889119908+ Δlowast


119908= 119889119908+ Δ119908 where Δ



119886119892119892bad =1

119898CLV

[

[

119898CLV

sum

119894=1

119889119894+ sum

119908isin119882

Δ119908

]

]

(17)


119886119892119892bad = 119886119892119892ideal +1

119898CLV

sum

119908isin119882

Δ119908 (18)








lowast


(1)and




119889(1)+ Δlowast



119889(1)+ Δlowast


119908= 119889(119899)minus Δlowast or 119889

119908=




lowast

minus (119889(119899)minus 119889(1)) (19)


119908(max)|




minus 119886119892119892119894119889119890119886119897



1003816100381610038161003816119886119892119892bad minus 119886119892119892ideal1003816100381610038161003816 =

119898CLV minus 119899

119898CLV

[2Δlowast

minus (119889(119899)minus 119889(1))] (20)

If 119889(1)

= 119889(119899)





(1 minus1

119898CLV)Δlowast

119898CLV 2 = 0

(1 minus2

119898CLV)Δlowast

otherwise

(21)




119908 from the


Δ119908 |Δ119908| isin [0 2Δ

lowast




119894sent










=

(1119899)sum119908isin119882

119862119908 Because forall119862

119908le 119888119899119905abthr 119888119899119905119894 le ((119898

CLV minus



119899 = lceil(119898CLV + 1)2rceil 119888119899119905



119888119899119905119894(max) =

119898CLV minus 2

119898CLV + 2

119888119899119905abthr 119898CLV 2 = 0

119898CLV minus 1

119898CLV + 1


(22)




ideal = (1119899)sum119899

119894=1119889(119894)


V +




CLV



10038161003816100381610038161003816119889(119898

CLV 2+1)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

10038161003816100381610038161003816119889(119899minus119898

CLV 2)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

(23)



(23) we can obtain

1198861198921198921015840

isin [119889(119899minus119898

CLV 2)

minus119898

CLV minus 1

119898CLV

Δlowast

119889(119898

CLV 2+1)

+119898

CLV minus 1

119898CLV

Δlowast

]

(24)


1198861198921198921015840

isin [119889(119899minus(119898

CLV +1)2+1)

minus119898

CLV minus 1

119898CLV

Δlowast

119889((119898

CLV +1)2)

+119898

CLV minus 1

119898CLV

Δlowast

]

(25)



1198861198921198921015840

isin [119889(1)minus119898

CLV minus 1

119898CLV

Δlowast

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

] (26)







(119894119895)= 119889(119894)minus 119889(119895)

1198861198921198921015840

ideal = 119889(1) +1

119899

119899

sum

119895=2

Δ(1198951)

(27)

1198861198921198921015840

ideal = 119889(119899) minus1

119899

119899minus1

sum

119895=1

Δ(119899119895)

(28)




100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(1)minus119898

CLV minus 1

119898CLV

Δlowast


119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast


100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

minus 119889(119899)+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast

(29)











0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+




lowast

119889mid +Δlowast




0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












CLV -1 packets N


CLV -1 packets N



CLV -1 packets N


Δlowast



Δlowast



119889119908+ Δlowast


119908= 119889119908+ Δ119908 where Δ



119886119892119892bad =1

119898CLV

[

[

119898CLV

sum

119894=1

119889119894+ sum

119908isin119882

Δ119908

]

]

(17)


119886119892119892bad = 119886119892119892ideal +1

119898CLV

sum

119908isin119882

Δ119908 (18)








lowast


(1)and




119889(1)+ Δlowast



119889(1)+ Δlowast


119908= 119889(119899)minus Δlowast or 119889

119908=




lowast

minus (119889(119899)minus 119889(1)) (19)


119908(max)|




minus 119886119892119892119894119889119890119886119897



1003816100381610038161003816119886119892119892bad minus 119886119892119892ideal1003816100381610038161003816 =

119898CLV minus 119899

119898CLV

[2Δlowast

minus (119889(119899)minus 119889(1))] (20)

If 119889(1)

= 119889(119899)





(1 minus1

119898CLV)Δlowast

119898CLV 2 = 0

(1 minus2

119898CLV)Δlowast

otherwise

(21)




119908 from the


Δ119908 |Δ119908| isin [0 2Δ

lowast




119894sent










=

(1119899)sum119908isin119882

119862119908 Because forall119862

119908le 119888119899119905abthr 119888119899119905119894 le ((119898

CLV minus



119899 = lceil(119898CLV + 1)2rceil 119888119899119905



119888119899119905119894(max) =

119898CLV minus 2

119898CLV + 2

119888119899119905abthr 119898CLV 2 = 0

119898CLV minus 1

119898CLV + 1


(22)




ideal = (1119899)sum119899

119894=1119889(119894)


V +




CLV



10038161003816100381610038161003816119889(119898

CLV 2+1)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

10038161003816100381610038161003816119889(119899minus119898

CLV 2)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

(23)



(23) we can obtain

1198861198921198921015840

isin [119889(119899minus119898

CLV 2)

minus119898

CLV minus 1

119898CLV

Δlowast

119889(119898

CLV 2+1)

+119898

CLV minus 1

119898CLV

Δlowast

]

(24)


1198861198921198921015840

isin [119889(119899minus(119898

CLV +1)2+1)

minus119898

CLV minus 1

119898CLV

Δlowast

119889((119898

CLV +1)2)

+119898

CLV minus 1

119898CLV

Δlowast

]

(25)



1198861198921198921015840

isin [119889(1)minus119898

CLV minus 1

119898CLV

Δlowast

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

] (26)







(119894119895)= 119889(119894)minus 119889(119895)

1198861198921198921015840

ideal = 119889(1) +1

119899

119899

sum

119895=2

Δ(1198951)

(27)

1198861198921198921015840

ideal = 119889(119899) minus1

119899

119899minus1

sum

119895=1

Δ(119899119895)

(28)




100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(1)minus119898

CLV minus 1

119898CLV

Δlowast


119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast


100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

minus 119889(119899)+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast

(29)











0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+




lowast

119889mid +Δlowast




0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














=

(1119899)sum119908isin119882

119862119908 Because forall119862

119908le 119888119899119905abthr 119888119899119905119894 le ((119898

CLV minus



119899 = lceil(119898CLV + 1)2rceil 119888119899119905



119888119899119905119894(max) =

119898CLV minus 2

119898CLV + 2

119888119899119905abthr 119898CLV 2 = 0

119898CLV minus 1

119898CLV + 1


(22)




ideal = (1119899)sum119899

119894=1119889(119894)


V +




CLV



10038161003816100381610038161003816119889(119898

CLV 2+1)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

10038161003816100381610038161003816119889(119899minus119898

CLV 2)

minus 119886119892119892101584010038161003816100381610038161003816le119898

CLV minus 1

119898CLV

Δlowast

(23)



(23) we can obtain

1198861198921198921015840

isin [119889(119899minus119898

CLV 2)

minus119898

CLV minus 1

119898CLV

Δlowast

119889(119898

CLV 2+1)

+119898

CLV minus 1

119898CLV

Δlowast

]

(24)


1198861198921198921015840

isin [119889(119899minus(119898

CLV +1)2+1)

minus119898

CLV minus 1

119898CLV

Δlowast

119889((119898

CLV +1)2)

+119898

CLV minus 1

119898CLV

Δlowast

]

(25)



1198861198921198921015840

isin [119889(1)minus119898

CLV minus 1

119898CLV

Δlowast

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

] (26)







(119894119895)= 119889(119894)minus 119889(119895)

1198861198921198921015840

ideal = 119889(1) +1

119899

119899

sum

119895=2

Δ(1198951)

(27)

1198861198921198921015840

ideal = 119889(119899) minus1

119899

119899minus1

sum

119895=1

Δ(119899119895)

(28)




100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(1)minus119898

CLV minus 1

119898CLV

Δlowast


119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899

sum

119895=2

Δ(1198951)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast


100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

minus 119889(119899)+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast

(29)











0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+




lowast

119889mid +Δlowast




0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










100381610038161003816100381610038161198861198921198921015840

minus 1198861198921198921015840

ideal10038161003816100381610038161003816

le

10038161003816100381610038161003816100381610038161003816100381610038161003816

119889(119899)+119898

CLV minus 1

119898CLV

Δlowast

minus 119889(119899)+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

=

10038161003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+1

119899

119899minus1

sum

119895=1

Δ(119899119895)

10038161003816100381610038161003816100381610038161003816100381610038161003816

le

1003816100381610038161003816100381610038161003816100381610038161003816

119898CLV minus 1

119898CLV

Δlowast

+119899 minus 1

119899Δlowast

1003816100381610038161003816100381610038161003816100381610038161003816

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus1

119899

100381610038161003816100381610038161003816100381610038161003816

Δlowast

=

100381610038161003816100381610038161003816100381610038161003816

2 minus1

119898CLVminus

1


100381610038161003816100381610038161003816100381610038161003816

Δlowast

(29)











0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+




lowast

119889mid +Δlowast




0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





0

005

01

015

02

025

03

10 20 30 40 50 60 70 80 90 100Round

False

pos

itive

ratio

()

SSGFSELDA

RSDA+


0

20

40

60

80

100

120

10 20 30 40 50 60 70 80 90 100Round

Det

ectio

n ra

tio (

)

SSGFSELDA

RSDA+





105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










105

106

107

108

109

11

111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


103104105106107108109

11111

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+



10

102

104

106

108

11

112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+


969810

102104106108

11112

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

resu

lt

All

SSGF

SELDARANBAR

Trimming

Median

GoodRSDA+






0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGF

cntabthr

cmp-f= 1

cmp-f= 2

per n

ode


0

1000

2000

3000

4000

5000

6000

10 20 30 40

Num

ber o

f pac

kets

mon

itore

d

SSGFcmp-f = 1

cmp-f = 2

cntabthr

per

nod

e







lowast




02468

1012

10 20 30 40 50 60 70 80 90 100Round

Aver

age o

f agg

rega

tion

SSGFGoodSAT+

resu

lt



7 Conclusions




Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Notation Summary





















Acknowledgments


References



































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









Documents

Research Article Mutual Defense Scheme for Secure Data ...downloads.hindawi.com/journals/ijdsn/2014/804907.pdf · As a resource-saving technique, data aggregation has been intensively