Skip to Main Content
Secure in-network aggregation in wireless sensor networks (WSNs) is a necessary and challenging task. In this paper, we address this research problem from an intrusion detection perspective. We propose that system monitoring modules, which provide one of the most important functionalities for WSNs, should be integrated with intrusion detection modules. Under this architecture, we first propose an extended Kalman filter (EKF) based mechanism to detect false injected data. Specifically, by monitoring behaviors of nodes' neighbors and using EKF to predict their future state (the real in-network aggregated value), we aim at setting up the normal range of neighbors' future transmitted aggregated values. We illustrate how we use EKF to create effective local detection mechanisms. Using different aggregation functions (average, sum, max, and min), we analyze how to obtain the threshold in theory. We then illustrate how our proposed local detection approach can work together with the system monitoring module to differentiate between malicious events and emergency events. We conduct simulations to evaluate performance of local detection mechanisms, including false positive rate and detection rate, under different aggregation functions.