Tru-Alarm: Trustworthiness Analysis of Sensor Networks in Cyber-Physical Systems

Paper:    Tru-Alarm: Trustworthiness Analysis of Sensor Networks in Cyber-Physical Systems
Authors: Lu-An Tang 1 , Xiao Yu1 , Sangkyum Kim1 , Jiawei Han1 , Chih-Chieh Hung2 , and
                1 Department of Computer Science, University of Illinois at Urbana-Champaign
                2 Department of Computer Science, National Chiao Tung University
                {tang18, xiaoyu1, kim71},,{wcpeng,


Problem: The paper deals with the trustworthiness of sensor networks in a cyber physical system. One of the reasons for lack of trustworthiness is due to the increase in data size. In a Cyber Physical System(CPS), there can be hundreds of sensors and each sensor generates huge amount of data. The CPS must be able to process the data and generate alarm even if the data increases.

The scenario considered is : There are 28 sensors deployed and each of them has a threshold of 10. If the value measured by sensor becomes greater than 10, it sends alarms. If it is a battle field and an enemy attacker comes in and there are 5 sensors s1, s2, s3, s4 and s5 surrounding this enemy. Then the sensor that shows a greater reading is closer to the enemy. The main problem with this system is that if a mouse passes in front of sensor s1 , its activity causes a high reading of the sensor and generates a false alarm.

Solution Approach: This paper proposes a method ‘Tru-Alarm’, that helps to identify meaningful and trustworthy alarms. Notation used here is r(s,t) which represents the detected signal strength by sensor s at time t.

r(s, t) = f (dist(s, o), Ω(o)) where, Ω(o) is object o’s signal strength dist(s,o) specifies the distance between sensor and the object. If the threshold set is δs, and if the severity recorded is  r(s, t)> δs, then an alarm is generated. The generated alarm is recorded as ra(s,t).

Consider R = {r(s1 , t1 ), r(s1 , t2 ), . . .r(sm , tn ) } be a CPS dataset Ra ⊆ R be the set of alarm records O is the object set. Then,  given a threshold δt , the work of Tru-Alarm is to find out the trustworthy alarms with τ (ra (s, t)) >δt and meaningful objects with τ (o) > δt .

Let ra (s, t) be an alarming record generated by sensor s at time t, the trustworthiness of ra (s, t) and object o is defined in this paper as the probability of it being correct, denoted as τ (ra (s, t)) and the probability that o really exists, which is denoted as τ (o). O be the object set and ds be the detecting range of a sensor s. The monitored object set of s is defined as Os = {o |o ∈ O, dist(s, o) < ds }.

Let S be a sensor set and ds be the detecting range of a sensor s. The monitoring sensor set of an object o is defined as So = {s | s ∈ S, dist(s, o) < ds }. If s ∈ So generates an alarm record ra (s, t), then ra (s, t) is said to be related to o.

Framework of Tru-alarm: A sensor should be able to detect any object in it’s detectable range. In this method, the authors build up a relational graph between the objects and alarms which helps in analysing the range of sensors.

Consider a case:

o2 is surrounded by three sensors s2, s3, s5. Here, only s5 reports the alarm ra(s5,t). ra(s5, t) also relates to o4 and o5. Since, o2, o4 and o5 are in the detectable range of the sensor s5, any one of them can result in an alarm.

How do we calculate the trustworthiness of the alarm?

The trustworthiness inference is done based on the weight of object-alarm edge. The weight represents the probability that the alarm is caused by the object. This is done with the help of coherence of readings from other sensors in set S(S2,S3,S5). Consider a mouse which is within the range of the sensor set S. If only S5 causes alarm and the value generated by S2 and S3 are less, it is likely to be a false alarm. If the readings from other sensors in set S are coherent, then the trustworthiness is high and chances are more that it is a true alarm.

To estimate the coherence score between two sensors’ records, the system should take count in both their severity difference and positions. For example, two nodes may have a large severity difference, but they are coherent if we count the distance factor. When computing coh(ra (si , t), r(sj , t)), the system should consider whether sj would report the same severity if it was located at si ’s position.

It is easy to deduce the inverse function of object o’s signal strength. The expected severity of sensor sj at si ’s location is computed as r (sj , t) = f (dist(si , o), Ωj (o)) Coherence coh(ra (si , t), r(sj , t)) is judged by the difference of the expected severity and real reading of sj. Its value range is [0, 1]. A standard deviation σ is computed for all the sensors in monitoring sensor set So . If sensor sj ’s severity is the same as expected value, the coherence score reaches the maximum of 1; if the difference is larger than standard deviation σ, i.e., sj ’s severity is quite different from expected value, the coherence score is set to 0.


Algorithm 1:

For each object o, the system first retrieves its related data records from the object-alarm graph, and computes the conditional alarm trustworthiness (Lines 2–7). The object’s trustworthiness is then computed and the meaningful objects are selected out (Lines 8–9). The system scans object-alarm graph again and computes the trustworthiness for each alarm (Lines 11–15).

Using the Tru-Alarm algorithm, the conditional alarm trustworthiness is calculated by grouping sensors and also grouping objects. It also calculates the trustworthiness of sensor and the object. They have also developed tru-alarm using object pruning.

Algorithm 2:

Computes τ (o) and prunes the objects that are not relevant before carrying out trustworthiness inference (Lines 4 – 5). The remaining steps are the same as Algorithm 1. (Please refer paper)

Analysis: They have practically tested these algorithms and it is found that it guarantees 100% recall – it doesn’t miss any trustworthy alarms.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s