关键词: 无线Mesh网络，跨层结合，观测序列，隐半马尔可夫模型，异常检测

Abstract: The existing methods on anomaly detection in wireless Mesh network mostly focus on single malicious at- tack, which can not detect various malicious attacks originated form different protocol layers. We presented a cross-layer based anomaly detection mechanism. Firstly a distributed )DS structure for Mesh backbone network topology was pro- posed, secondly cross-layer based features were collected for comprehensively monitoring network activities. Further- more,with the multidimensional observation sequences, the hidden semi-Markov model(HsMM) was trained and ex- ploited to characterize and model the normal states of network activities. The entropies of observation secfuences against the HsMM were calculated to evaluate their abnormality. An anomaly alert will be reported if the entropy is lower than a threshold. Experiment results show that the proposed detection mechanism is able to detect various malicious attacks from different protocol layers.

Key words: Wireless Mesh network, Cross-layer based, Observation sequences, Hidden semi-Markov model, Anomalydctc(tion