Detection and Identification of Anomalies in Wireless Mesh Networks Using Principal Component Analysis (PCA)

Anomaly detection is becoming a powerful and necessary component as wireless networks gain popularity. In this paper, we evaluate the efficacy of PCA based anomaly detection for wireless mesh networks. PCA was originally developed for wired networks. Our experiments show that it is possible to detect different types of anomalies in an interference prone wireless environment. However, the sensitivity of PCA to small changes in flows prompted us to develop an anomaly identification scheme which automatically identifies the flow(s) causing the detected anomaly and their contributions in terms of number of packets. Our results show that the identification scheme is able to differentiate false alarms from real anomalies and pinpoint the culprit(s) in case of a real fault or threat. The experiments were performed over an 8 node mesh testbed deployed in an urban street layout in Sydney, under different realistic traffic scenarios. Our identification scheme facilitates the use of PCA based method for real-time anomaly detection in wireless networks as it can filter the false alarms locally at the monitoring nodes without excessive computational overhead.