Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

An Efficient Hybrid Anomaly Detection Scheme Using K-Means Clustering for Wireless Sensor Networks

  • 705 Accesses

  • 15 Citations


Sensor nodes in a wireless sensor network (WSN) may be lost due to enervation or malicious attacks by an adversary. WSNs deployed for several applications including military applications are prone to various attacks, which degrade the network performance very rapidly. Hybrid anomaly is a type of anomaly that contains the different types of attacker nodes such as blackhole, misdirection, wormhole etc. These multiple attacks can be launched in the network using the hybrid anomaly. In this situation, it is very difficult to find out which kind of attacker nodes are activated in the network. This motivates us to design a robust and efficient secure intrusion detection approach in order to extend the lifetime of a WSN. In this paper, we aim to propose a new intrusion detection technique for hybrid anomaly, which uses the existing data mining algorithm, called K-means clustering. For the detection purpose, patterns of intrusions are built automatically by the K-means clustering algorithm over training data. After that intrusions are detected by matching network activities against these detection patterns. We evaluate our approach over a WSN dataset that is created using Opnet modeler, which contains various attributes, such as end-to-end delay, traffic sent and traffic received. The training dataset contains the normal values of the network parameters. The testing dataset is created in actual working mode consists of normal and abnormal values of the network parameters. The proposed technique has the ability to detect two types of malicious nodes: blackhole and misdirection nodes. Our scheme achieves 98.6 % detection rate and 1.2 % false positive rate, which are significantly better than the existing related schemes.

This is a preview of subscription content, log in to check access.

Fig. 1

Source: [2]

Fig. 2
Fig. 3
Fig. 4

Source: [3]

Fig. 5

Source: [4]

Fig. 6

Source: [4]

Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13


  1. 1.

    Akyildiz, I. F., Su, W., Sankarasubramaniam, Y., & Cayirci, E. (2002). Wireless sensor networks: A survey. Computer Networks, 38(4), 393–422.

  2. 2.

    Das, A. K., Sharma, P., Chatterjee, S., & Sing, J. K. (2012). A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications, 35(5), 1646–1656.

  3. 3.

    Dong, D., Li, M., Liu, Y., Li, X., & Liao, X. (2011). Topological detection on wormholes in wireless ad hoc and sensor networks. IEEE/ACM Transaction on Networking, 19(6), 1787–1796.

  4. 4.

    Shafieia, H., Khonsaria, A., Derakhshia, H., & Mousavia, P. (2014). Detection and mitigation of sinkhole attacks in wireless sensor networks. Computer and System Sciences, 80(3), 644–653.

  5. 5.

    Li, W., Yi, P., Wu, Y., Pan, L., & Li, J. (2014). A new intrusion detection system based on KNN classification algorithm in wireless sensor network. Electrical and Computer Engineering, 1–8. Article ID 240217. doi:10.1155/2014/240217.

  6. 6.

    Elbasiony, R. M., Sallam, E. A., Eltobely, T. E., & Fahmy, M. M. (2013). A hybrid network intrusion detection framework based on random forests and weighted K-means. Ain Shams Engineering, 4(4), 753–762.

  7. 7.

    Muda, Z., Yassin, W., Sulaiman, M. N., & Udzir, N. I. (2011). Intrusion detection based on k-means clustering and naive Bayes classification. In 7th IEEE International Conference on Information Technology in Asia (CITA) (pp. 1–6). Sarawak, Malaysia.

  8. 8.

    Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

  9. 9.

    Das, M. L. (2009). Two-factor user authentication in wireless sensor networks. IEEE Transactions on Wireless Communications, 8(3), 1086–1090.

  10. 10.

    Xie, M., Han, S., Tian, B., & Parvin, S. (2011). Anomaly detection in wireless sensor networks: A survey. Journal of Network and Computer Applications, 34(4), 1302–1325.

  11. 11.

    Zhang, J., Xiang, Y., Wang, Y., Zhou, W., Xiang, Y., & Guan, Y. (2013). Network traffic classification using correlation information. IEEE Transactions on Parallel and Distributed Systems, 24(1), 104–117.

  12. 12.

    Zhang, J., Chen, C., Xiang, Y., Zhou, W., & Xiang, Y. (2013). Internet traffic classification by aggregating correlated naive Bayes predictions. IEEE Transactions on Information Forensics and Security, 8(1), 5–15.

  13. 13.

    Xie, M., Hu, J., Han, S., & Chen, H. (2013). Scalable hyper grid k-NN-based online anomaly detection in wireless sensor networks. IEEE Transactions on Parallel and Distributed Systems, 24(8), 1661–1670.

  14. 14.

    Shin, S., Kwon, T., Jo, G., Park, Y., & Rhy, H. (2010). An experimental study of hierarchical intrusion detection for wireless industrial sensor networks. IEEE Transactions on Industrial Informatics, 6(4), 744–757.

  15. 15.

    Zhang, J., Zulkernine, M., & Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man and Cybernetics, 38(5), 649–659.

  16. 16.

    Hwang, K., Cai, M., Chen, Y., & Qin, M. (2007). Hybrid intrusion detection with weighted signature generation over anomalous internet episodes. IEEE Transactions on Dependable and Secure Computing, 4(1), 41–55.

  17. 17.

    Sachan, R. S., Wazid, M., Singh, D. P., Katal, A., & Goudar, R. H. (2013). Misdirection attack in WSN: Topological analysis and an algorithm for delay and throughput prediction. In 7th IEEE International Conference on Intelligent Systems and Control (ISCO) (pp. 427–432). Coimbatore, India.

  18. 18.

    Wazid, M., Katal, A., Sachan, R. S., Goudar, R. H., & Singh, D. P. (2013). Detection and prevention mechanism for blackhole attack in wireless sensor network. In IEEE International Conference on Communication and Signal Processing (ICCSP) (pp. 576–581). Melmaruvathur, India.

  19. 19.

    Qazanfari, K., Mirpouryan, M. S., & Gharaee, H. (2012). Novel hybrid anomaly based intrusion detection method. In 6th IEEE International Symposium on Telecommunications (IST) (pp. 942–947). Tehran, Iran.

  20. 20.

    Chitrakar, R., & Chuanhe, H. (2012). Anomaly based intrusion detection using hybrid learning approach of combining k-medoids clustering and naive Bayes classification. In 8th IEEE International Conference on Wireless Communications (pp. 1–5). Networking and Mobile Computing (WiCOM) China: Shanghai.

  21. 21.

    Aneetha, A. S., Indhu, T. S., & Bose, S. (2012). Hybrid network intrusion detection system using expert rule based approach. In 2nd ACM International Conference on Computational Science (pp. 47–51). Coimbatore: Engineering and Information Technology (CCSEIT) India.

  22. 22.

    Agarwal, B., & Mittal, N. (2012). Hybrid approach for detection of anomaly network traffic using data mining techniques. In 2nd International Conference on Communication (pp. 996–1003). Rourkela: Computing and Security (ICCCS) India.

  23. 23.

    Arya, K. V., & Kumar, H. (2012). A clustering based algorithm for network intrusion detection. In 5th International Conference on Security of Information and Networks (pp. 193–196). Jaipur, India.

  24. 24.

    Chakraborty, S., & Nagwani, N. K. (2011). Analysis and study of incremental K-means clustering algorithm. In International Conference on High Performance Architecture and Grid Computing (HPAGC) (pp. 338–341). Chandigarh, India.

  25. 25.

    Misra, S., Bhattarai, K., & Xue, G. (2011). BAMBi: Blackhole attacks mitigation with multiple base stations in wireless sensor networks. In IEEE International Conference on Communications (ICC) (pp. 1–5). Kyoto, Japan.

  26. 26.

    Cheng, Y., & Agrawal, D. P. (2007). An improved key distribution mechanism for large-scale hierarchical wireless sensor networks. Ad Hoc Networks, 5(1), 35–48.

  27. 27.

    Das, A. K. (2009). An unconditionally secure key management scheme for large-scale heterogeneous wireless sensor networks. In First IEEE International on Communication Systems and Networks and Workshops (COMSNETS 2009) (pp. 1–10). Bangalore, India.

  28. 28.

    Das, A. K. (2011). An efficient random key distribution scheme for large-scale distributed sensor networks. Security and Communication Networks, 4(2), 162–180.

  29. 29.

    Crossbow Technology Inc., wireless sensor networks. Accessed September 2014.

  30. 30.

    Wang, J., Dong, W., Cao, Z., & Liu, Y. (2015). On the delay performance in a large-scale wireless sensor network: Measurement, analysis, and implications. IEEE/ACM Transactions on Networking, 23(1), 186–197.

  31. 31.

    Das, A. K. (2012). A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks. International Journal of Information Security, 11(3), 189–211.

  32. 32.

    Zhu, B., Setia, S., Jajodia, S., Roy, S., & Wang, L. (2010). Localized multicast: Efficient and distributed replica detection in large-scale sensor networks. IEEE Transactions on Mobile Computing, 9(7), 913–926.

  33. 33.

    Bandyopadhyay, S., & Maulik, U. (2002). An evolutionary technique based on K-means algorithm for optimal clustering in \(R^N\). Information Sciences, 146(1–4), 221–237.

  34. 34.

    OPNET: Application and network performance. Accessed June 2015.

  35. 35.

    Hubballi, N., Biswas, S., & Nandi, S. (2011). Network specific false alarm reduction in intrusion detection system. Security and Communication Networks, 4(11), 1339–1349.

  36. 36.

    Hubballi, N., Biswas, S., & Nandi, S. (2013). Towards reducing false alarms in network intrusion detection systems with data summarization technique. Security and Communication Networks, 6(3), 275–285.

  37. 37.

    Kasliwal, B., Bhatia, S., Saini, S., Thaseen, I. S., & Kumar, C. A. (2014). A hybrid anomaly detection model using G-LDA. In IEEE International Advance Computing Conference (IACC) (pp. 288–293). Gurgaon, India.

  38. 38.

    Elkan, C. (2000). Results of the KDD’99 classifier learning. SIGKDD Explorations Newsletter, 1(2), 63–64. doi:10.1145/846183.846199.

Download references

Author information

Correspondence to Ashok Kumar Das.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wazid, M., Das, A.K. An Efficient Hybrid Anomaly Detection Scheme Using K-Means Clustering for Wireless Sensor Networks. Wireless Pers Commun 90, 1971–2000 (2016).

Download citation


  • Wireless sensor networks
  • Hybrid anomaly
  • Misdirection attack
  • Blackhole attack
  • K-means clustering
  • Intrusion detection
  • Security