Multimodal Wireless Networks: Communication ... - Semantic Scholar

2 downloads 19273 Views 2MB Size Report
International Conference on Acoustics, Speech, and Signal Processing ...... and s6 is the wavelet smooth of level 6 that contains all the signal ...... [91] E. Slezak, A. Bijaoui, and G. Mars, “Identification of structures from galaxy counts - Use of the wavelet ...... Therefore, we call this period as the parameter re-estimation period.
Multimodal Wireless Networks: Communication and Surveillance on the Same Infrastructure

Jianjun Chen

IT University of Copenhagen Copenhagen 2007

Abstract This thesis deals with certain aspects of using indoor wireless networks for surveillance purposes. In the last decade, wireless local area networks (WLANs) have been widely deployed in indoor environments like offices or campus buildings. The main functionality of these indoor WLANs is to provide network connections to mobile terminals including laptops and handheld devices. However, we realized that when one such indoor environment is empty during evenings, the indoor WLAN in the environment can be turned into a sensor network for detecting physical intruders. The intrusion detection is based on detecting the transient variations in the wireless channel caused by the movement of the intruders. In Part I of this thesis, the idea of using indoor WLANs for intrusion detection is demonstrated by an implemented multi-node system. Under the constraint of using today’s commercial, off-the-shelf hardware, the signal of interest of this application is the received signal strength index (RSSI) information. We derive maximum likelihood estimators, and we derive change detectors based on the generalized likelihood ratio test (GLRT) method. The performance of the detectors is analyzed using asymptotic theory in statistics. To prevent performance degradation due to slowly drifting parameter values, we propose different strategies to track and update the parameter estimates. The experimental results obtained from the implemented prototype surveillance system show very promising detection capabilities. In Part II of this thesis, we investigate the issues of using the channel estimates of orthogonal frequency division multiplexing (OFDM) based WLANs for intrusion detection. Using high-precision channel sounder device, we did a set of multi-node multiple-input multiple-output (MIMO) wireless channel measurements in a typical indoor office environment. The measurements cover different intrusion cases. These measurements enable us to investigate the performance of such systems at different bandwidths, number of antenna elements, etc. Based on discrete wavelet transform (DWT), we apply GLRT detectors to detect transient variations in the OFDM channel’s impulse response. We show that the detection performance of such systems is much better than the RSSI-based system demonstrated in Part I, and the detection performance improves when the number of antenna elements increases. We also show that different intrusion events can be classified by pattern classification methods with a small probability of error classification, and this reveals the potentials of positioning and tracking of intruders with such systems.

Preface I became a graduate student under the programme of multimedia technology at the IT University of Copenhagen in September 2002. In Spring 2003, during the middle of my M.Sc studies, I got to know that there was a vacant position as a PhD student, and the project was to use indoor WLANs to position mobile WLAN terminals. I found this project was interesting and I applied for the position, then I became a PhD student in September 2003 during the middle of my M.Sc studies. My PhD study programme is a special four-year programme. In the first two years, besides the research activities, I need to get enough courses credits and finish my M.Sc thesis to get my M.Sc degree. In the last two years, I need to finish the PhD thesis to get the PhD degree. At the beginning of my PhD studies, my main advisor was associate professor John Aasted Sørensen, and my co-advisors were assistant professors Zoltan Safar and K˚ are Jelling Kristoffersen. After several months of investigation, we realized that using indoor WLANs as sensor networks to detect indoor intruders could be a more interesting topic than the WLAN terminals positioning. Thus, in spring 2004, we changed my PhD project to this new area that has not been investigated earlier by others. We finished the work included in Part I of this thesis in 2004 and 2005. Part I is based on the paper of the same title: Jianjun Chen, Zoltan Safar and John Aa. Sørensen, “Multimodal Wireless Networks: Communication and Surveillance on the Same Infrastructure”, IEEE Transactions on Information Forensics and Security, vol. 2, no. 3, pp. 468-484, September 2007. This paper is the summary of our earlier five conference papers: • Jianjun Chen and Zoltan Safar, “Indoor Surveillance with Multimodal Wireless Networks: Multi-Cycle Detection and Performance Analysis”, IEEE Wireless Communications and Networking Conference (WCNC), March 2007. • Jianjun Chen, John Aa. Sørensen, Zoltan Safar, and K˚ are J. Kristoffersen, “A Lowcost and Robust Multimodal Wireless Network with Adaptive Estimator and GLRT Detector”, the 14th European Signal Processing Conference (EUSIPCO), September 2006. • Jianjun Chen, Zoltan Safar, John Aa. Sørensen and K˚ are J. Kristoffersen, “An RF-Based Surveillance System Using Commercial Off-The-Shelf Wireless LAN Com-

ponents”, the 13th European Signal Processing Conference (EUSIPCO), September 2005. • Zoltan Safar, John Aa. Sørensen, Jianjun Chen and K˚ are J. Kristoffersen, “Multimodal Wireless Networks: Distributed Surveillance with Multiple Nodes”, IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP), vol. 4, pp. 853-856, March 2005. • John Aa. Sørensen, Zoltan Safar, Jianjun Chen, K˚ are J. Kristoffersen and Martin Schiotz, “Indoor Surveillance with Multimodal Wireless Networks”, IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), pp. 242-245, December 2004. My supervisors left the university one by one for different reasons. Zoltan left ITU in March 2005, K˚ are left ITU in December 2005, and John left ITU in March 2006. I was a member of the Image Computing group at ITU from March 2006 to December 2006 and my advisor was professor Mads Nielsen. During the time, I was doing my own project, which is not related to the works of any other members in the group. Mads left ITU in January 2007. Professor Henrik Reif Andersen became my advisor at ITU in January 2007. From September 2006 to November 2007, I was a guest PhD student at the Radio System group, department of Electrical and Information Technology, Lund University, Lund, Sweden. Professor Ove Edfors was my advisor. During this period, we finished the work included in Part II of this thesis. I got valuable help from almost everyone in the group for discussions, channel sounder measurement campaigns, comments to the manuscripts, etc. Part II is based on our manuscript with the same title, this manuscript may be submitted soon in total as a single journal paper or in parts as two journal papers.

iv

Acknowledgements

Numerous people have helped me during my years as a PhD student and many of them have contributed to the work included in this thesis. I express my most sincere gratitude to my supervisor Ove Edfors. His inspiration, deep insight and very broad knowledge has a deep impact on my work. As his student, I have experienced the joy of doing research. In many times, when I was explaining some ideas stutteringly, he could almost immediately understand me and then led the discussion to a better formalized way. He is able to explain something complex in a few words and make you feel that it is really that simple and natural. Although he is extremely busy most of the time, I can still easily catch him for an instant discussion when I need. I am also very grateful to my previous supervisor John Aasted Sørensen. He showed me the wonderful area of signal processing, and he gave me the greatest freedom to try things in which I was interested. He is also a very good teacher and he is possibly liked by his every students. I am also grateful to my previous co-supervisor Zoltan Safar. He has very broad knowledge and brilliant insights. In many times, when I was trying to discuss some ideas with him, he can quickly figure out that some of them are not good, and then encourage me to carefully investigate the others. I can never forget his words: “Good intuition is great, but you have to prove it carefully”. I am also grateful to Fredrik Tufvesson at Lund University. He gave me numerous help on channel sounder measurement campaigns, discussions, and lots of personal help. His suggestions and comments are always the most valuable to me. I would also like to thank Mads Nielsen and Henrik Reif Andersen for their help on arranging the issues about visiting foreign universities and on other administration staff. I would like to thank K˚ are Jelling Kristoffersen, he was very patient with helping me to improve my scientific writing skills. Special thanks go to my friends and colleagues presently or formerly at IT University of Copenhagen - Sathiamoorthy Subbarayan, Mikkel Bundgaard, Troels C. Damgaard,

Andrzej Wasowski, Kim Steenstrup Pedersen, Francois Lauze, Jakob Raundahl, and Lars Arne Conrad-Hansen. I would also like to thank Camilla Torp-Smith, Annette Enggaard, Hanne Sørensen, Man Yu Li and Johanne Keiding for their help. Special thanks go to my friends and colleagues presently or formerly at Lund University - Peter Almers, Gunnar Eriksson, Andres Alayon Glazunov, Peter Hammarberg, Fredrik Harrysson, Hongtu Jiang, Anders Johansson, Johan K˚ aredal, Buon Kiong Lau, Kittichai Phansathitwong, Telmo Santos, Ruiyuan Tian, Shurjeel Wyne, Ulrike Richter, Frida Nilsson, and Martin Stridh. I would also like to thank Pia Bruhn, Birgitta Holmgren and Eric Jonsson for their help. Finally, I would like to express my deepest gratitude to my family for their love and supports. My grandma passed away several years ago, however I can still feel her love, greatest mercy and fortitude, and those words on how a noble person should behave that she repeated to me for thousands of times would never be forgot. My parents and sisters supported me for almost everything anytime. The love and supports from my wife Suiyan are the most beautiful things in my life.

vi

List of Acronyms ANOVA

Analysis Of Variance

AP

Access Point

AWGN

Additive White Gaussian Noise

CCTV

Closed-Circuit Television

CFAR

Constant False Alarm Rate

CP

Cyclic Prefix

CRLB

Cramer-Rao Lower Bound

DFT

Discrete Fourier Transform

DWT

Discrete Wavelet Transform

FFT

Fast Fourier Transform

GLRT

Generalized Likelihood Ratio Test

IDFT

Inverse Discrete Fourier Transform

ISI

Inter Symbol Interference

MAC

Medium Access Control

MANET

Mobile Ad hoc Network

MEMS

Micro-Electro-Mechanical System

MIMO

Multiple-Input Multiple-Output

ML

Maximum Likelihood

MPC

Multi-Path Component

MRA

Multiresolution Analysis

MSE

Mean Squared Error

OFDM

Orthogonal Frequency Division Multiplexing

PDF

Probability Density Function

PIR

Passive InfraRed

QMF

Quadrature Mirror Filter

RF

Radio Frequency

RMS

Root Mean Square

RSSI

Received Signal Strength Index

SISO

Single-Input Single-Output

SNR

Signal-to-Noise Ratio

TCP

Transmission Control Protocol

TDOA

Time Difference Of Arrival

TOA

Time Of Arrival

WLAN

Wireless Local Area Network

WSN

Wireless Sensor Network

UDP

User Datagram Protocol

UWB

Ultra-Wideband

viii

Contents 1 Introduction

1

1.1

Thesis organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2

1.2

Indoor surveillance technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2

1.2.1

Human identification systems . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3

1.2.2

Intrusion detection systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3

Using indoor WLANs for intrusion detection . . . . . . . . . . . . . . . . . . . . . . .

5

1.3.1

Current IEEE 802.11a/b/g WLAN technologies . . . . . . . . . . . . . . . . . .

5

1.3.2

Future IEEE 802.11n WLAN technology . . . . . . . . . . . . . . . . . . . . . .

5

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6

1.3

1.4

2 Sensor Networks and Sensor Fusion

7

2.1

Early stage of sensor networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

7

2.2

Sensor networks’ state of the art and trends . . . . . . . . . . . . . . . . . . . . . . . .

8

2.3

Applications of sensor networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9

2.4

Indoor surveillance sensor networks based on WLAN infrastructures: the system level design choices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10

2.4.1

Principles of the indoor surveillance systems based on WLAN infrastructures .

10

2.4.2

Power management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

11

2.4.3

Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

11

2.4.4

Multisensor data fusion and detection . . . . . . . . . . . . . . . . . . . . . . .

12

2.4.5

Target localization and tracking

. . . . . . . . . . . . . . . . . . . . . . . . . .

13

2.4.6

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14

3 Intrusion detection and intrusion events classification 3.1

15

Detect intruders by detecting transient variations in the channel observations . . . . .

15

3.1.1

Detect variations in RSSI observations . . . . . . . . . . . . . . . . . . . . . . .

15

3.1.2

Detect variations in OFDM channel’s impulse response . . . . . . . . . . . . . .

16

ix

3.1.3

Classifying different intrusion event cases by pattern classification . . . . . . .

4 Devices for the channel measurements

21

4.1

A system constructed with commercial 802.11b hardware . . . . . . . . . . . . . . . .

21

4.2

The RUSK Lund channel sounder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

23

5 Summary of contributions 5.1

26

Part I: “Multimodal Wireless Networks: Communication and Surveillance on the Same Infrastructure” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5.2

26

Part II: “Using MIMO-OFDM based WLANs to Detect and Position Indoor Physical Intruders” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A Discrete wavelet transform

I

19

27 29

A.1 Definition of wavelets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

29

A.2 Computation of DWT and the pyramid algorithm . . . . . . . . . . . . . . . . . . . .

31

A.3 Multiresolution analysis and analysis of variance . . . . . . . . . . . . . . . . . . . . .

33

A.4 Applications of wavelet transform, and overview of transient signal detection . . . . .

35

A.4.1 Transient detection based on linear transformation . . . . . . . . . . . . . . . .

35

A.4.2 Other methods in transient detection . . . . . . . . . . . . . . . . . . . . . . . .

36

A.4.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

37

Included Paper I

47

Multimodal Wireless Networks: Communication and Surveillance on the Same Infrastructure

48

1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

50

2

The Surveillance System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

52

3

Received Signal Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

53

4

Training Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

54

5

Detection Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

57

5.1

The Basic (Single-Cycle) Detector . . . . . . . . . . . . . . . . . . . . . . . . .

57

5.2

The Multi-Cycle Detector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

58

Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

59

6.1

Distribution of the Log-likelihood Ratios under H0 . . . . . . . . . . . . . . . .

60

6.2

Distribution of the Log-likelihood Ratios under H1 . . . . . . . . . . . . . . . .

60

6.3

Performance Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

62

6

x

7

Threshold Determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

64

8

Tracking Non-Stationary Environment . . . . . . . . . . . . . . . . . . . . . . . . . . .

65

9

Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

68

10

Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

72

10.1

Implementation of a Prototype Surveillance System . . . . . . . . . . . . . . .

72

10.2

Distribution of Likelihood Ratio, and Threshold Determination . . . . . . . . .

74

10.3

Door State Change Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . .

76

10.4

Door Opening Event Detection . . . . . . . . . . . . . . . . . . . . . . . . . . .

82

11

II

Conclusion

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Included Paper II

84

88

Using MIMO-OFDM based WLANs to Detect and Position Indoor Physical Intruders 89 1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

91

2

System architecture and parameters of interest . . . . . . . . . . . . . . . . . . . . . .

92

2.1

System architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

92

2.2

Parameter of interest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

93

3

Training phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

96

4

Detection phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

97

4.1

Methods for transient signal detection . . . . . . . . . . . . . . . . . . . . . . .

97

4.2

Channel variation detection based on DWT . . . . . . . . . . . . . . . . . . . .

99

4.3

Threshold determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

4.4

Parameter tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

5

Extension to multi-node systems with MIMO feature . . . . . . . . . . . . . . . . . . . 102

6

A low complexity RSSI-based detector for performance comparison . . . . . . . . . . . 103

7

Pattern classification for classifying different intrusion events . . . . . . . . . . . . . . 104

8

Experimental results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

9

8.1

Experiment setup and experimental site . . . . . . . . . . . . . . . . . . . . . . 106

8.2

Distribution of GLRT statistics under H0 . . . . . . . . . . . . . . . . . . . . . 108

8.3

Intrusion detection performance under no timing offset . . . . . . . . . . . . . . 110

8.4

Intrusion detection performance under timing offsets . . . . . . . . . . . . . . . 112

8.5

Intrusion detection performance under different SNR . . . . . . . . . . . . . . . 113

8.6

Intrusion detection performance under different bandwidths . . . . . . . . . . . 114

8.7

Intrusion events classification performance . . . . . . . . . . . . . . . . . . . . . 115

Conclusions and future work

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 xi

10

Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

11

Appendix: Timing offset mitigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 11.1

Timing offset mitigation under H0 . . . . . . . . . . . . . . . . . . . . . . . . . 120

11.2

Timing offset mitigation under H1 . . . . . . . . . . . . . . . . . . . . . . . . . 121

xii

Chapter 1

Introduction In the last two decades, many applications of wireless communications have become very successful. For example, nowadays cellular phones play a very important role in our daily lives. Moreover, wireless local area networks (WLANs) are also widely deployed in offices, campuses, cafes, hotels, airports, and even private homes. More and more wireless applications are emerging, such as digital audio broadcasting (DAB), digital video broadcasting (DVB), wireless sensor networks (WSN), etc. In the near future, wireless networks may become ubiquitous and offer high-speed communications. WLAN technology has become one of the most important technologies, on which many useful applications are supported. For example, people use their laptops or PDAs to surf the internet; people can use their WLAN-enabled handheld devices to make phone calls. It is a natural consequence that people want to find new applications/functionalities of WLANs other than the traditional communication functionality. Can the WLANs have other functionalities than communication? The answer to the above question is yes. For example, using WLAN to position the mobile terminals, such as laptops or PDAs equipped with WLAN interfaces, was proposed and demonstrated in [1]. This technology requires that the objects/humans to be located should have WLAN terminals attached. This WLAN positioning technology has many possible commercial, public safety and military applications [2] [3]. For example, it can be used to track those people who need special care like the elderly [2]; it can be used for shopping assistance [4]; it can be used for tracking prisoners [2]; it can also be used to prevent unauthorized users outside some office area to access the indoor WLAN of the office environment [5]. Because of the broad applications of WLAN-based indoor positioning technology, many research activities have been carried out. Approaches based on received signal strength index (RSSI) information are investigated in [1], [6], and the positioning method based on super-resolution time-of-arrival (TOA) estimation is investigated in [7]. In this thesis, we try to investigate another new functionality of WLANs - using indoor WLANs to detect intruders when it is supposed that there is currently no authorized person inside the indoor 1

environment. For example, the WLAN in an indoor office environment is not in use in the evening after all the people have left the office. In this case, we can let the WLAN work as a sensor network for detecting physical intrusion, which is based on detecting channel variations caused by the motions of the intruders. This technology may not require any extra hardware cost if the WLAN is already deployed, and therefore it is of low-cost. It is usually an advantage to combine multiple surveillance systems, which might be based on independent technologies, for achieving better intrusion detection performance. For this reason, we think that this WLAN-based indoor surveillance technology may become an useful alternative or complement of some existing indoor surveillance technologies like infrared-based, acoustic-based and camera-based surveillance technologies.

1.1

Thesis organization

Before introducing our work, we first give a brief review of some existing indoor surveillance technologies in Section 1.2. By comparing these technologies with our work in Part I and II of this thesis, we show how our work is different to these existing technologies. When we use an indoor WLAN for intrusion detection, the network essentially becomes a sensor network. Therefore, we briefly review the areas of sensor networks and the sensor fusion schemes in Chapter 2. By such a review, we can explain the system level design choices of our work. In Chapter 3, the principles of our WLAN-based indoor surveillance systems are illustrated and described. We also illustrate how we can use pattern classification methods to classify different intrusion cases, which means that our system can to some extent locate the intruders. The Experimental devices used in Part I and II are described in Chapter 4. We give a brief introduction of discrete wavelet transform in Appendix A, since in Part II of this thesis we will use GLRT detectors based on discrete wavelet transform to detect the transient channel variations caused by intrusions.

1.2

Indoor surveillance technologies

An indoor space is separated from the outside by physical objects including the walls, doors, windows and roof. In many environments, surveillance systems are still necessary to prevent or catch burglars. Surveillance technologies that can be used to prevent intrusions into an indoor environment can be classified into mainly two categories, human identification technologies and intrusion detection technologies.

2

1.2.1

Human identification systems

Surveillance systems based on human identification technologies are mainly used at the entrances of the indoor environment, such that unauthorized people can be prevented from entering the premises. There have been numerous efforts in research and development of these human identification technologies. Many human identification systems need the authorized people to wear some devices that can transmit identification information through infrared, radio, or ultrasonic links [8]. Many other human identification systems are based on biometrics. The most well-known human identification technologies are face recognition [9] and fingerprint recognition [10] technologies. Other successful human identification technologies are iris recognition [11], palm print recognition [12], and gait recognition1 [13] [14]. With fusion techniques, the biometrics-based human identification technologies can be combined to achieve higher identification performance [15] [16]. Notice that some of these human identification technologies can be used not only at the entrance, but also inside the environment. For example, face recognition and gait recognition can be used to process the video signal captured by cameras inside the environment. Human identification systems deployed at the entrances of an indoor environment cannot completely prevent intrusion, and burglars may still be able to sneak into the indoor environment if it is empty. Therefore it is sometimes necessary to install other surveillance systems inside and/or at the border of the environment.

1.2.2

Intrusion detection systems

Surveillance systems based on intrusion detection technologies are used for detecting environment changes or motions caused by intrusions. Many such systems are based on video, audio, and radar devices. Video surveillance systems are widely used, in which the most well-known technology is possibly the closed-circuit television (CCTV) systems. Video surveillance systems have a fairly long history and are still evolving. For example, several trends of the video surveillance technologies are digital video processing, wireless transmission, and covert cameras. Some systems can automatically detect moving objects in video [17], and the moving objects can be displayed separately and therefore easier for eye-checking [18]. Infrared video can also be used in indoor video surveillance and it is especially useful when the environment is not well illuminated. Since the usual optical video surveillance may require a well illuminated environment for good performance, infrared video surveillance can be a good complement. When they are combined through fusion techniques [18], better surveillance performance 1

Some features of gait style can be used to identify individual people, some example of these features are step length,

walking speed, joint movement of the hip, knee and ankle.

3

can be achieved. Another very widely used indoor surveillance technology is infrared motion detectors. Objects including human bodies generate radiation in the infrared range, and the infrared radiation can be received and measured with certain electronic devices. Sensors that passively receive infrared radiation are called passive infrared (PIR) sensors. Such PIR sensors measure the energy of the received infrared radiation, and detect the radiation energy variations caused by the motion of the people passing its sensing scope. Since in many cases, the intruder in an indoor environment will generate acoustic signals like talking or walking loudly, microphones can be used as sensors for indoor intrusion detection. It is shown in [19] that even low-fidelity microphones can be used to locate the intruders with reasonably good performance, given that the sensor nodes are sufficiently dense. Ultrasonic sensors are widely used for short distance objects ranging, and they are known to have high ranging precision [20] [21]. Therefore, ultrasonic sensors are used as motion detectors in indoor and outdoor environment, and naturally they are used in many indoor intrusion detection systems. From 1920s, radar systems have been used for target detection and ranging using radio signal. Due to the high complexity, high-cost of radar systems and/or military regulations, most radar systems are either used for military purposes or for critical public applications like air traffic surveillance. In recent years, more and more low-cost radar systems have been developed for through-wall surveillance [22]. This is mainly because the ultra-wide band impulse signal has high-precision time domain resolution, which is very suitable for target ranging [23]. Using the ranging information, 2D images can be generated for target display [24] [25]. Several prototype devices are reviewed in [22], the size of which ranges from flashlight to suitcase. Another very interesting application is the micropower impulse radar (MIR) [26] for through-wall motion detection, whose size is close to a matchbox. Its low-power characteristic makes it able to run for years on battery, and the hardware cost of each sensor node is less than tens of dollars. The ”smart floor” is a system with embedded pressure sensors in the floor for detecting and tracking footsteps [27]. Moreover, the footstep signals can be used for human identification using gait analysis. The advantage of this system is its locating and tracking accuracy. However, this system has the disadvantage of high constructional cost, which limits its applications. Notice that these different intrusion detection systems can be combined to achieve higher performance using fusion techniques [28] [29], and they can be even combined with the human identification systems. For example, the authorized persons can wear some kinds of identification devices, and then their appearance and moving inside the sensing area will not trigger alarms.

4

1.3

Using indoor WLANs for intrusion detection

In this thesis, we present our work of using indoor WLANs for intrusion detection. The solutions are different depending on the available channel information.

1.3.1

Current IEEE 802.11a/b/g WLAN technologies

In the current IEEE 802.11a/b/g WLAN standards, the only channel information available to upper layer applications is the received signal strength index (RSSI). Under this constraint, in Part I of this thesis, we propose and demonstrate a multi-node system that can detect intruders by detecting intrusion-caused variations in the RSSI information. We derive maximum likelihood estimators, and we derive change detectors based on the generalized likelihood ratio test (GLRT) method. To prevent performance degradation due to slowly drifting parameter values, we propose different strategies to track and update the parameter estimates. A set of experiments are carried out to investigate the intrusion detection performance.

1.3.2

Future IEEE 802.11n WLAN technology

In the future, new WLAN standard tend to be based on orthogonal frequency division multiplexing (OFDM) [30], and it also tend to include the multiple-input multiple-output (MIMO) feature [31]. The IEEE 802.11n is just such an example. In Part II of this thesis, we investigate the issues of using the detail channel information for intrusion detection purposes. We assume that the channel’s transfer function of each wireless frame is available, such that we can detect the variations in the channel transfer function. We also assume that the indoor WLAN is based on OFDM in combination with MIMO feature. Using a high-precision channel sounder, we did a set of multi-node MIMO wireless channel measurements in a typical indoor office environment. The measurements cover different intrusion cases. These measurements enable us to investigate the performance of such systems at different bandwidth, number of antenna elements, etc. We apply GLRT detectors based on discrete wavelet transform (DWT) to detect transient variations in the OFDM channel’s impulse response. We show that the detection performance of such systems is much better than the RSSI-based system demonstrated in Part I, and the detection performance improves when the number of antenna elements increases. We also show that different intrusion events can be classified by pattern recognition methods with a small probability of error classification, and this reveals the potentials of positioning and tracking of intruders with such systems.

5

1.4

Summary

When comparing our WLAN-based intrusion detection systems to the existing intrusion detection systems, we notice some differences. Our WLAN-based intrusion detection systems are not human-identification systems. Among the existing indoor surveillance technologies, we think that the low-cost radar systems for indoor surveillance are closest to our systems. The similarity is that they are both based on radio signals. However, the radar systems are special hardware, while our systems are based on WLAN infrastructures. Moreover, the radar systems have good capability of target ranging, while target ranging is very difficult in our systems due to the low resolution in time domain. However, this ranging capability might be possible if the future WLAN is based on ultra-wideband (UWB) technology. In Part II, we show that using pattern recognition techniques, we can differentiate the intrusion events happening at different locations with certain performance even when the system is not UWB. This capability of intrusion events differentiation can then be used to locate the intruders. As we mentioned in Section 1.2, different surveillance technologies can be combined to achieve better performance. This is also true for our WLAN-based surveillance technology. For example, it can be combined with video surveillance systems, since the through-wall detection capability of our system is a very good complement for the video surveillance systems. Moreover, our system can also be combined with the human identification system, such that the guard wearing an identificationtransmitting badge will be recognized, such that the channel variations caused by his motion will not trigger alarms.

6

Chapter 2

Sensor Networks and Sensor Fusion When we let an indoor WLAN work in the surveillance mode for intrusion detection, the network essentially becomes a sensor network. Therefore, we briefly overview the area of sensor networks and sensor fusion in this chapter. By means of this overview, we will be able to show how our work in this thesis is different from and is related to those research activities in sensor networks areas, and we can explain the system level design choices of our work.

2.1

Early stage of sensor networks

In [32], sensor networks are defined as those networks that use multiple sensors to collect and process information on certain entities of interests. Under this definition, some network systems with history of several decades can be regarded as some kinds of sensor networks. For example, the radar networks for air traffic control or military purposes; the national power grid with many sensors at different positions of the network, etc. These systems were developed and deployed much earlier than the term “sensor networks”, which became popular in recent years [32]. In 1940s, the development of the Sound Surveillance System (SOSUS) was started and soon deployed by the U.S. Navy, which was aiming for detecting and tacking the Soviet submarines in the Atlantic and the Pacific Oceans [32]. The SOSUS network is now also used for monitoring whales and earthquakes1 . In [32], several other military sensor network projects initiated from 1980s by the U.S. Navy and the Defense Advanced Research Projects Agency (DARPA) were described. These early military projects stimulated the sensor networks research activities including hardware development, acoustic or radar signal processing techniques, target detection and tracking, sensor fusion, etc. Many early-stage sensor networks have the following characteristics. First, the sensor nodes have very good sensing abilities which are designed for special purposes. Second, wired communication links 1

http://www.pmel.noaa.gov/vents/acoustics/sosus apps.html

7

are usually available for reliable transmission. Third, the locations of these sensor nodes are usually known to the system after deployment. Last, the system’s performance and robustness usually relies on the sensing and processing performance of each sensor node. The disadvantages of these early-stage sensor networks are obvious. First, generally the sensor nodes are of quite big size, and the sensors need to be connected by cables, therefore the deployments of these sensor networks require a lot of labour and they are sometimes very difficult. For example, it is almost impossible to deploy these early-stage sensor networks on battlefields. Second, these sensor nodes are designed for their specific purposes and therefore not suited for other applications. Third, the system is generally centralized and a huge amount of data need to be transferred through the network in order to have the best performance. Last, the performance of the whole system relies on the performance of each sensor node, and even if a small amount of nodes fail, the system performance may degrade significantly.

2.2

Sensor networks’ state of the art and trends Location finding system

Sensing unit Sensor

ADC

Mobilizer Processing unit Processor Storage

Power unit

Transceiver

Power generator

Figure 2.1: The components of a wireless sensor node The trend of sensor network technology is to develop low cost, tiny sensor nodes with wireless communication capability [33, 34, 35, 36]. The advancement in hardware technologies including digital circuitry, wireless communications and Micro-Electro-Mechanical System (MEMS) make it possible to develop very small sensor nodes integrated with sensing, data processing, communication and power supply components. Figure 2.1 shows the components of such a sensor node 2 , where the sensing 2

figure source: reference [35]

8

unit can be acoustic, infrared, seismic or any other kind of sensor. The sizes of the state-of-the-art sensor nodes are at the scale of cubic centimeters, for example, the sensor nodes made by Crossbow 3 . The future goal of Smart Dust is to develop sensor nodes which are at the scale of cubic millimeters [33, 36].

Sink

Internet

User Interface view/ query/ control

Sensor field

Sensor nodes

Figure 2.2: The architecture of a typical sensor network. Due to the small size of the wireless sensor nodes, they can be deployed very easily. For example, a large number of small sensors can be spread by aircrafts to a battlefield or a wild forest. The architecture of a typical sensor network is shown in Figure 2.2, where the sensor nodes can send their data to the sink node, and it is possible to remotely operate the sensor network through internet. The wireless link can allow the sensor nodes to communicate and forward information. In some systems, for example the Crossbow, the battery life can be more than one year. Moreover, some systems like Crossbow provide programming interface and customizable sensing units depending on the specific applications. All these characteristics make the wireless sensor networks (WSN) capable for enormous applications, and therefore WSN is regarded as one of the most important technologies for the 21st century [32].

2.3

Applications of sensor networks

Many applications of wireless sensor networks have been demonstrated or proposed. Although there is rarely any very mature and widely deployed system now, many small demo systems have been constructed and investigated. In the near future, we will see many applications become reality. Some companies, for instance, Crossbow and Ember4 , provide hardware and developing tools that can be 3 4

http://www.xbow.com http://www.ember.com

9

used for developing different applications. This may boost the wireless sensor networks industry, since people can concentrate their developments at the application layer for their specific purposes. Wireless sensor networks have many potential applications including: military sensing [35], habitat monitoring [37, 38, 39], environment observation and forecasting [40], physical security, building monitoring, health care, and biomedical purposes [33, 34, 36, 37, 41]. The above mentioned applications of WSN are just a few examples. Wireless sensor networks technology is said to be one of the most important technologies in this century, and a lot of applications of using wireless sensor networks were proposed and some demo systems were developed in the works mentioned above, but we should be aware that there still need many years before wireless sensor networks become pervasive.

2.4

Indoor surveillance sensor networks based on WLAN infrastructures: the system level design choices

In this section, we describe the main principles of our indoor surveillance systems based on WLAN infrastructures. By describing their main characteristics, we are able to clarify our design choices at the system level. The design choices include power management, networking, fusion scheme, localization and tracking methods. We notice that these design choices are quite different to those in the wellknown wireless sensor networks.

2.4.1

Principles of the indoor surveillance systems based on WLAN infrastructures

Figure 2.3: An indoor surveillance system based on WLAN infrastructures. The intruder’s body interfere with the electromagnetic waves, and therefore cause detectable signal variations.

10

Figure 2.3 illustrates an indoor surveillance system based on WLAN infrastructure. The intruder’s body interfere with the electromagnetic waves, and therefore cause detectable signal variations. Since the intruder’s body does not generate electromagnetic waves that can be detected by these sensor nodes (APs), these sensor nodes have to transmit wireless frames and scan the environment like radar. The intruder can be detected only if he cross some wireless signal propagation paths between these sensor nodes. Such a system has the following characteristics: 1) The sensor nodes are the APs or fixed terminals in the environment, generally they have power supplies. 2) The sensor node density is relatively low compared to many existing sensor networks. 3) These nodes are usually connected to the backbone network with network cables, and the backbone network usually has a broad bandwidth. 4) The network topology of such a network generally will not change during operation. 5) The sensor nodes usually have poor ranging capability except if the wireless channel is UWB. Based on the above characteristics of the indoor surveillance systems on top of WLAN infrastructures, we are able to describe the system level design choices of such indoor surveillance systems based on WLAN infrastructures.

2.4.2

Power management

Power management is one of the most important issues of wireless sensor networks, and it is a key challenge to extend the lifetime of a deployed and unattended system. A wireless sensor network usually has a large number of deployed sensor nodes, and maybe it is not possible to replace the batteries of those nodes. The amount of energy that can be utilized in every unit volume of chemical batteries is approaching the physical limit, therefore a lot of the research works in wireless sensor networks are focused on providing power-efficient solutions [33, 34, 36, 37]. Some solutions are, for example, using solar cells, developing extremely low power-consumption RF communication for short distance transmission, and using energy-optimized microprocessors to process the raw data locally for reducing the amount of data to be transmitted through the energy-consuming RF links. For our indoor surveillance systems based on WLAN infrastructures, as mentioned earlier, generally the nodes have power supplies. Therefore power management is not an important issue for our systems. However, we notice the possibility that some nodes running on battery can be included in our systems for achieving better detection performance. In this case, the power management becomes an issue and some ideas and results in [33, 34, 36, 37] may be borrowed.

2.4.3

Networking

Networking is another key research problem in wireless sensor networks [32, 35]. Basically, at different layers of the protocol stack,, there are different challenges including power-efficiency, bandwidth, and

11

network traffics. At the physical layer, the challenge is to design power-efficient wireless communication technologies with simple modulation schemes [36]. At the data link layer, the challenge is to design appropriate Medium Access Control (MAC) protocols to handle the highly dynamic network topologies [42, 43]. At the network layer, a multihop wireless routing protocol is required to forward packet between the sink node and the sensor nodes, and these sensor nodes are usually addressed with location-based or attribute-based addressing methods [44] [45] [46]. At the transport layer, the TCP and UDP protocols are not very suitable for wireless sensor networks, which is because of the above addressing problem and the energy-efficiency characteristic of TCP and UDP [47] [48] [49]. At the application layer, the querying, monitoring, and tasking are important issues in order to provide a general platform [50] [51] [52]. For our indoor surveillance systems based on WLAN infrastructures, as mentioned earlier, we do not have the power-saving issue at the physical layer; we do not have the dynamic network topology issue at the link layer; we do not have the addressing and routing issue at the network layer, since IP addressing and IP protocol are still well-suited; and then we can still use the TCP/UDP protocols at the transport layer; at the application layer, our application is simply to detect whether the intruder exist or not, and providing a general platform for other application is not an important issue for us. In other words, because of the characteristics of our indoor surveillance systems based on WLAN infrastructures, the whole network protocol stack of WLAN can be used without modification. We only need to concentrate on the application level system implementation.

2.4.4

Multisensor data fusion and detection

Multisensor data fusion means the acquisition, processing and collaborative combination of the information obtained by multiple sensors [53] [54]. Through proper fusion of the multisensor data, the system can achieve improved reliability and increased detection performance. In fact, the human brain is such a system and it has been evolved to be able to effectively combine senses of sight, hearing, taste, smell and touch. The multisensor data fusion can be done at different levels. In the following we briefly describe their differences, and then we can explain which is the appropriate choice for our WLAN-based indoor surveillance systems. Data level fusion. In this fusion mode, the sensors just send the raw sensing data to the fusion center without any information-lossy pre-processing, then the fusion center combine the raw data to make the global decision. This mode is essentially a centralized processing scheme, and the sensors are commensurate.

12

Feature level fusion In this fusion mode, the sensors first pre-process the raw sensing data to extract feature vectors, then these feature vectors are sent to the fusion center to make the global decision. This mode has lower requirement for the communication bandwidth, but usually there is performance degradation due to the information loss in the feature-extracting process. This fusion scheme is also regarded as a distributed processing scheme. Decision level fusion. In this fusion mode, the sensors make their own local decisions based on their raw sensing data, then these local decisions are sent to the fusion center to make the global decision. This scheme has a lot of information loss, which may result in significant detection performance degradation. This fusion scheme is regarded as a distributed processing scheme. We briefly list the difference between these fusion levels in Table 2.1. Table 2.1: A comparison of fusion schemes Data level fusion

Feature level fusion

Decision level fusion

Bandwidth requirement

large

medium

very small

Information loss

no loss

moderate loss

possibly significant loss

Performance loss

no loss

moderate loss

possibly significant loss

Fusion complexity

high

medium

low

Compared to the centralized scheme, the distributed signal processing schemes have some advantages including reduced communication bandwidth requirement, reduced cost, less requirement of the fusion center’s computational power. Moreover, when proper algorithms are used, the performance of the distributed scheme may be close to the performance of the centralized scheme [55] [56] [57] [58]. For our WLAN-based indoor surveillance systems, since the broadband backbone network is usually available and its bandwidth is sufficient for transmitting the raw sensing data, we choose the data level fusion scheme for achieving the optimal performance. However, we notice the possibility that when the broadband backbone network is not available, for example the sensor nodes (APs) relay the wireless frames through the wireless links between them, the feature level or even decision level fusion schemes can be used for reducing the network traffic at some detection performance loss.

2.4.5

Target localization and tracking

In the classical centralized sensor networks like radar and sonar, each sensor node has the ability to estimate the target range very precisely, and the central processor can combine all the range information and other details for target localization and tracking. However, for our indoor surveillance

13

systems based on WLAN infrastructures, the sensor nodes do not have good ranging capabilities except if they are based on UWB. Therefore, this approach of target localization and tracking is not suitable in our system. In wireless sensor networks, distributed target localization and tracking are investigated by many recent works [59, 60, 61, 62]. The main idea is to divide the sensor fields into spatial cells, and then the received signals at the sensor nodes are processed locally and collaboratively for locating and tracking the targets. This approach needs high sensor-node-density. Moreover, this approach still requires the sensor nodes to have reasonably good raging capability. These conditions are not satisfied in our indoor surveillance systems based on WLAN infrastructures, and therefore the methods in [59, 60, 61, 62] can not be used either. In Part II, we show that using pattern recognition methods, we can classify the intrusion events with reasonably good performance. These intrusion events include entering the indoor environment from certain doors, windows, or other possible paths. We can say that this classification of intrusion events is some type of target localization without using any high-precision ranging information. Moreover, we think that it is possible to further improve the performance given more advanced hardware, higher sensor-node-density, or new signal processing methods, etc.

2.4.6

Summary

Our work of using WLAN for indoor surveillance is related to but different from the research activities of sensor networks. Because of the physical constraint of battery energy and wireless link bandwidth, the research problems in wireless sensor networks are quite different to the research problems of our project in this thesis. For our WLAN-based indoor surveillance system, the classical centralized signal processing methods and detection schemes are more appropriate.

14

Chapter 3

Intrusion detection and intrusion events classification In this chapter, we briefly describe the principles of our WLAN-based indoor surveillance systems. We will mainly use illustrations and descriptions in this chapter, and the mathematical formulation is given in detail in Part I and Part II of this thesis.

3.1

Detect intruders by detecting transient variations in the channel observations

3.1.1

Detect variations in RSSI observations

RSSI information is the only channel information that is available to upper layer applications in the commercial, off-the-shelf WLAN hardware. Thus under the constraint of using these hardware, in Part I of this thesis, we investigate the issues of detecting intruders by detecting variations in the RSSI observations. As was illustrated in Figure 2.3, the intruder’s motion will interfere with the electromagnetic waves between the sensor nodes and cause variations in the received signal strength. The main challenges of this RSSI-based intrusion detection approach are: 1) The RSSI observations are coarse quantization of the noisy received signal strength information; 2) The energy of the variations are often relatively weak compared to the noise in the received signal strength information. In Part I, a GLRT detector is proposed and evaluated. In the system training phase, when there is no moving objects in the environment, by assuming that the received signal strength observations of each pair of transmit-receive nodes are Gaussian distributed before they are quantized into the RSSI values, a maximum likelihood (ML) estimator is derived to estimate the mean and noise power of the

15

signal strength information. In the detection phase, the noise power is assume to be unchanged, while due to the intruder’s motion, the mean of the received signal strength information is assumed varying and is piecewise estimated using an ML estimator. Then a GLRT detector is applied to test whether there are significant variations in the RSSI observations or not. This derivation of this RSSI-based variation detection approach is tedious but straightforward, and it is explained in very detail in Part I. Thus we do not describe it in further detail in this section.

3.1.2

Detect variations in OFDM channel’s impulse response

In Part I, the experimental results show that the RSSI-based approach have promising intrusion detection performance. However, a commercially mature indoor surveillance system is required to have an extremely small probability of false alarm Pf of every decision, since a false alarm will cause high costs and reduced confidence in the system. The energy of intrusion-caused variations in RSSI are usually very low if the intruder is neither close to any of the nodes nor crossing the LOS paths between these node pairs, and the detection performance of this RSSI-based approach will be limited. In order to achieve a very good intrusion detection performance, in Part II we assume that the future’s surveillance system can access the detailed wireless channel information, thus we can detect intrusioncaused variations in the detailed channel information instead of in the coarse RSSI observations. In Part II, we focus on using WLANs based on OFDM technology. The main reason is that OFDM is widely used in more and more WLAN standards, including the current IEEE 802.11 a/g and the future IEEE 802.11n standard. When the cyclic prefix (CP) is used in the OFDM channel, it can eliminate the intersymbol interference (ISI) and preserve the orthogonality of the subcarriers. The OFDM channel can be represented as a set of parallel Gaussian channels with complex-valued attenuations. The vector of these subcarrier-attenuation parameter is the channel transfer function, namely the frequency domain representation. The time domain representation of the channel, namely the impulse response, is the inverse discrete Fourier transform (IDFT) of the transfer function. Assume that the OFDM channel is constant within a single short frame, then we can regard the OFDM channel estimate of the frame as a single instant “observation” of the channel. Given a window of such OFDM channel observations, we can apply signal processing techniques to detect variations in the channel observation window. The detection can be done either in frequency domain, namely detecting variations in the window of transfer functions, or in time domain, namely detecting variations in the window of impulse responses. However, because the duration of one OFDM symbol is designed to be much longer than the duration of the impulse response, there is the power concentration phenomenon that most of the channel’s energy falls into a small number of delay taps of the impulse response, which motivate us to choose the time-domain approach.

16

−4

Magnitude

x 10 1.4 1.3 1.2 1.1

50

100

150 Time

200

250

300

50

100

150 Time

200

250

300

50

100

150 Time

200

250

300

50

100

150 Time

200

250

300

50

100

150 Time

200

250

300

50

100

150 Time

200

250

300

50

100

150 Time

200

250

300

50

100

150 Time

200

250

300

50

100

150 Time

200

250

300

50

100

150 Time

200

250

300

−4

Magnitude

x 10 Zoom

Zoom

1.4 1.3 1.2 1.1

−5

1.4

Zoom

1.2

(A)

8 7 6 5

Magnitude

−4

x 10

x 10

Zoom

1 0.8

Zoom

0.6

300

0.4 0.2

Magnitude

Magnitude

−5

x 10 4 2 0

200

−4

x 10

Magnitude

Time 0 0

100 2

4

6

Delay

8

10

12

0

4 2

−4

Magnitude

x 10 1.4 1.3 1.2 1.1

−4

Magnitude

x 10 Zoom

Zoom

1.4 1.3 1.2 1.1

−5

Magnitude

x 10 −4

x 10 1.4

Zoom

1.2 Zoom

1

−5

0.8 Zoom

0.6

300

0.4 0.2

4 2 0

200

−5

x 10

Time 0 0

Magnitude

x 10

100 2

4

6 Delay

8

10

12

0

Magnitude

Magnitude

(B)

8 7 6 5

4 2 0

Figure 3.1: Wireless channel’s impulse response measurements in a typical indoor environment in around 7 seconds: (A) when there is no moving object in the environment; (B) when there is a person walking in the environment.

17

This power concentration phenomenon is illustrated in Figure 3.1 by channel measurements. The ceter frequency is 5.2 GHz, the bandwidth is 40 MHz, and the number of subcarriers is 128. As we can see in the figure, the main lobe of the impulse response only contains around 10 delay taps. Because of this power concentration phenomenon, the energy of the intrusion-caused variations is also concentrated in the same range of delay taps in the impulse response. Moreover, analogous to those DFT-based OFDM channel estimators [63], we can ignore the correlation between these chosen delay taps to simplify the problem at some performance loss. Thus detecting variations in the window of channel impulse responses is turned into detecting variations in these one-dimensional sequences illustrated in Figure 3.1. Compared to the frequency domain approach, such a time-domain variation detection approach will have a much smaller dimensionality and much less computational complexity. Since the motion of an intruder is continuous, if we let the WLAN-based surveillance system scan the indoor environment sufficiently fast, each of the one-dimensional sequence in Figure 3.1 becomes constant parameter plus a transient signal component, which is mainly variations in large scales, as shown in Figure 3.1, and noise. Thus the transient signal detection methods in [64] [65] [66] [67] [68] can be applied for detecting the variations. Specifically, since the transient signal components are mainly in large scales, the discrete wavelet transform (DWT) based methods are most suitable [64] [65] [66] [67] [68], since they can sufficiently extract a signal’s components of chosen scales. One example is illustrated in Figure A.3, where the signal x(n) is decomposed into components of different scales, and s6 is the wavelet smooth of level 6 that contains all the signal components of scales larger than 26 . Similarly, in Part II, we apply DWT on each of the one-dimensional sequence in Figure 3.1 to extract the transient signal components that are larger than certain chosen scale 2J , for our application it is the DWT smooth signal at level J (A very brief introduction of those DWT concepts, which are involved in Part II of this thesis, can be found in Appendix A.). Let gτ = {g(τ, t)|0 ≤ t ≤ T − 1} denote the one-dimensional signal observations associated with delay tap τ as illustrated in Figure 3.1, the detection problem becomes the following binary hypothesis testing problem: H0 (no intrusion) :

gτ = gτ + nτ

H1 (intrusion) :

gτ = sτ + nτ

where gτ is the previously estimated steady signal parameter, nτ is observation noise, and sτ is the DWT smooth at chosen level J of the signal gτ . Following [65] [66] [67], we apply GLRT detector on each of these one-dimensional signal gτ to test whether there are significant variations in it. The logarithm of the GLRT statistics of signal gτ is lτ = 2 ln

p(gτ |H1 ) . p(gτ |H0 )

(3.1)

Since these one-dimensional signals gτ at different delay τ are regarded as uncorrelated to each other, 18

the GLRT statistics of all these delay taps can be added up and compared to the global decision threshold to decide either H0 : no intrusion present, or H1 : intrusion present. For one MIMO transmit-receive node pair with NT antenna elements at the transmitter node and NR antenna elements at the receiver node, there are NT NR number of SISO channel estimates for each transmitted wireless frame. If there are multiple nodes in the system, the frames transmitted by one node may be simultaneously received by multiple receiver nodes. Assume that there are totally K such transmit-receive SISO antenna pairs between these nodes, then for each of the one-dimensional (k)

sequence gτ

(k)

associated with delay tap τ of the k-th SISO link, we will have a GLRT statistic lτ .

These GLRT statistics form a two-dimensional grid surface as shown in Figure 3.2. One dimension is the number of SISO links, and the other dimension is the delay taps. These GLRT statistics can be added up and compared to the global decision threshold to decide either H0 : no intrusion present, or H1 : intrusion present.

3.1.3

Classifying different intrusion event cases by pattern classification

In an indoor environment deployed with this WLAN-based surveillance system, between all those transmit-receive antenna pairs, there are lots of electromagnetic waves covering the indoor environment because of the multi-reflection and penetration phenomenon. When one intruder enters this indoor environment from certain position, the intruder’s movement will only interfere with those electromagnetic waves whose paths he has crossed. In other words, although there are many multipath components (MPCs) between those transmit-receive antenna pairs, the intruder will only interfere with certain part of these MPCs in his intrusion. For different classes of intrusion events, for example breaking through a corridor gate or through an office window, the intruder will interfere with different sets of MPCs. Each MPC between any transmit-receive antenna SISO link is at a certain transmission (k)

delay, and since the GLRT statistic lτ

in (23) is related to the amount of variations corresponding

to the k-th SISO link at the τ -th delay, different classes of intrusion events tend to impact different (k)

subsets of the set of GLRT statistics {lτ |0 ≤ k ≤ K − 1, 0 ≤ τ ≤ τmax − 1}. (k)

Figure 3.2 shows the set of GLRT statistics lτ

of two different intrusion cases, each of which

are tested for multiple times. The GLRT statistics grids of these two intrusion cases show clearly different patterns. Based on the physical effect described above, when an intrusion event is detected, (k)

using the set of GLRT statistics {lτ }, the surveillance system may be able to locate the intruder by applying pattern classification methods. For this indoor surveillance application, the supervised learning strategy [69] is more suitable than the unsupervised learning strategy, since we should let the system to learn the possible classes of intrusion events and build the patterns before the happening of any real intrusion. Moreover, after every significant re-arrangement in the indoor environment, the

19

Case 2, test #1

GLRT statistics

GLRT statistics

Case 1, test #1

2000

1000

0 12 10

10000 5000 0 12 10

30

8

Delay tap

15000

6 4 2

10

30

8

20

Delay tap

SISO link

6 2

GLRT statistics

GLRT statistics

2000

1000

0 12 10

10000 5000 0 12 10

2

10

30

8

20

4

SISO link

15000

30

8 6

10

Case 2, test #2

Case 1, test #2

Delay tap

20

4

Delay tap

SISO link

6

20

4 2

10

SISO link

Case 2, test #3

Case 1, test #3

GLRT statistics

GLRT statistics

15000 2000

1000

0 12 10 10

(k)

Figure 3.2: The GLRT statistics lτ

0 12 30

8

Delay tap 6 4

20 2

5000

10

30

8

Delay tap 6 4

10000

SISO link

20 2

10

SISO link

of two different intrusion event cases, both cases are repeated for

multiple times. The GLRT statistics grids of these two intrusion cases show clearly different patterns. learning process may need to be carried out again. In Part II of this thesis, we apply pattern classification methods to classify the detected intrusion event. The experimental results show that the classification performance is very promising. This means that such systems can to some extent locate the intruders by pattern classification methods, although these nodes do not have good target-ranging capability.

20

Chapter 4

Devices for the channel measurements In order to investigate the intrusion detection performance of the WLAN-based surveillance system, we carried out a series of experiments. In our measurement campaigns, we have used two different measurement systems. In Part I of this thesis, the experimental system is constructed with commercial low-cost 802.11b hardware. In Part II of this thesis, the experimental system is the RUSK MIMO channel sounder of Lund University.

4.1

A system constructed with commercial 802.11b hardware

In Part I, under the constraint of using today’s off-the-shelf hardware, we try to investigate the detection performance of WLAN-based surveillance system. Due to this constraint, the only available channel information is the RSSI information. In order to detect wireless channel variations caused by intruders, we need to scan the indoor environment by transmitting/receiving wireless frames, such that the received signal strength between each transmit-receive node pair can be measured to detect any signal strength variations. This environment scanning process will be described in more detail in Part I. When a receiver node receive a wireless frame, the RSSI information of this frame is calculated at the physical layer, and this RSSI information can then be accessed by the hardware driver program. The RSSI information is discarded when the communication data is sent to upper layers in the TCP/IP protocol stack, which is mainly because there is no reserved field in the headers of the protocols. If an indoor WLAN is built with commercial APs, to use it for intrusion detection purpose, we need to modify the embedded software of these APs to collect the RSSI information. However, this approach is not feasible since most of the commercial available APs are not open source products. We demonstrate another approach in Part I, and the architecture of the demonstration system is illustrated in Figure 4.1. The network nodes in the system are IBM ThinkPad Laptops equipped

21

Sensor field

Sensor node #2

Sensor node #1

Sensor node #3

Ethernet cables

Fusion Center (controller) LAN switch

Figure 4.1: Architecture of the WLAN-based surveillance . with ZyXEL’s1 802.11b ZyAIR B-100 WLAN cards, the WLAN driver is HostAP2 and the operating system is Linux Redhat 9.0. With slight modification to the HostAP driver, the RSSI information can be written to the reserved position of each received wireless MAC frame and then be sent to the upper layers of the protocol stack. In this way, the surveillance software program at the application layer can collect the RSSI information, and finally the RSSI information can be either processed locally or sent to the fusion center (the controller node). Notice that it is possible to use other types of WLAN cards and other open source WLAN drivers. The APs in most deployed indoor WLANs are connected to Ethernet backbone networks. Similarly, in Figure 4.1, the sensor nodes and the fusion center are connected through Ethernet cables and LAN switch. Notice that the system is also able to work and communicate through the wireless links. In [70], the specification of the communication protocol between the fusion center and the sensor nodes are described, and the implementation and programming details are presented. The details of the intrusion detection experiments using the above RSSI-based system will be presented in detail in Part I. 1 2

http://www.zyxel.com http://hostap.epitest.fi/

22

Transmitter Unit Multiplexer

Tx array

Rx array

Receiver Unit Multiplexer Disp.

Arbitrary waveform generator

BP

BP

A/D

DSP

PC Disk

Local oscillator

Local oscillator

Synchronization cable

Rubidium frequency reference

Rubidium frequency reference

Figure 4.2: Block diagram of the RUSK channel sounder.

4.2

The RUSK Lund channel sounder

In Part II of this thesis, we proposed and derived the intrusion detection algorithm to detect variations in the impulse response of the wireless channels. Since there is no commercial available WLAN hardware that can provide channel impulse response information to the user layer programs, we use the RUSK channel sounder of the Lund University to measure the wireless channel. The RUSK Lund channel sounder is a fast vector MIMO channel sounder 3 , and its measurement principle is frequency correlation. The sounding signal of the RUSK channel sounder is an OFDM-like signal that excites all frequencies simultaneously. To minimize the peak-to-average power ratio (crest factor), the phases of the sub-carriers of the sounding signal are optimized and fixed. The exact detail of the RUSK sounding signal is not open to the public. The block diagram of the RUSK channel sounder is illustrated in Figure 4.2. The RUSK channel sounder is capable of MIMO channel measurement. Fast multiplexers, namely switches, are needed to sequentially connect one transmit antenna element out of the transmit antenna array and one receive antenna element out of the receive antenna array. The size of the MIMO measurement configuration is limited by the number of ports of the switches at the transmit and receive sides. The switching time of the multiplexers is synchronized to the sounding signal’s period Tss . Between the measurement of each single transmit-receive branch, there is a guard period with duration Tss to avoid transients caused by circuit switching. Figure 4.3 shows the measurement timing diagram. As 3

http://www.channelsounder.de/

23

Block 1

Block 2

Block N time

snapshot 1

snapshot 2

snapshot M

time

Tx1

Tx2

Tx3

Tx4

Tx5

Tx6

Tx7

Tx8

time Tss = sounding signal duration Tx2

Tx2

Tx2

Tx2

Tx2

Tx2

Tx2

Tx2

time

guard period

Rx1

guard period

Rx2

guard period

Rx3

guard period

Rx4

time

Figure 4.3: Measurement timing diagram of the RUSK channel sounder. we can see, each channel snapshot contains one measurement of each single transmit-receive branch. There may be multiple measurement snapshots forming a measurement block. If the duration of a measurement block is significantly shorter than the channel’s coherence time, the multiple snapshots of any single transmit-receive branch can be averaged to reduce the measurement noise. As shown in [71], if the channel sounder’s transmitter and receiver are not phase-locked, the phase noise of the channel measurements is a random-walk process. In order to avoid the phase noise of the channel measurements, we connect the RUSK transmitter and receiver to the same reference clock with a clock synchronization cable. Figure 4.4 shows the pictures of the RUSK channel sounder and the antennas we used in the measurement campaign. The receiver node has 16 antennas, out of which we choose 4 antennas circularly and symmetrically. The transmitter node TX1 has 8 antennas and we use the middle 4 antennas. The transmitter node TX2 has 16 antennas, out of which we choose 4 antennas circularly and symmetrically. In this way, we have two 4 × 4 MIMO configurations in the measurements. In Part II, the measurement campaign will be described in detail.

24

(A)

(B)

(C)

(D)

Figure 4.4: RUSK channel sounder and antennas: (A) RUSK channel sounder, with the transmitter unit to the right and the receiver unit to the left; (B) Receiver node; (C) Transmitter node TX1; (D) Transmitter node TX2.

25

Chapter 5

Summary of contributions In this section we summarize the main contributions of the included papers.

5.1

Part I: “Multimodal Wireless Networks: Communication and Surveillance on the Same Infrastructure”

Part I is based on our journal paper with the same title that is published on IEEE transactions on Information Forensics and Security. In this paper, the idea of using indoor WLANs for intrusion detection is first demonstrated with our implemented multi-node system. In this paper, we focus on using today’s commercial, off-the-shelf WLAN hardware. Specifically, IEEE 802.11b WLAN cards are used to construct the multi-node demonstration system. However, with very small modifications, the system can also be based on IEEE 802.11a/g hardware. In these IEEE 802.11a/b/g standards, the only channel information that can be accessed by upper layer applications is the RSSI information, which is noisy and coarsely quantized. In order to detect variations in the RSSI information between any transmit-receive node pair, we need to first estimate its steady state: the mean and noise power of the signal strength. We derive a maximum likelihood estimator, which is used to estimate these steady state parameters under the training phase. Then under the detection phase, we let these nodes scan the indoor environment by transmitting and receiving wireless frames, and a cyclic scanning strategy is designed and illustrated in the paper. We assume that the intruder’s motion only cause changes in the mean of the signal strength, while the noise parameter of the signal strength is unchanged because it is the consequence of thermal noise. Given a window of RSSI observations between any transmitreceive node pair, we estimate the variation of the signal strength mean piecewise using ML estimator. Thus, we can derive and apply a GLRT detector to detect signal strength variations in the observation window. The performance of the GLRT detector is analyzed using asymptotic theory in statistics. We show how the decision threshold of the GLRT detector can be determined when a certain probability 26

of false alarm is given as the system design goal. We also show the relationship between the detection performance and the RSSI quantization fineness. To prevent detection performance degradation due to slowly drifting parameter values, we propose different strategies to track and update the parameter estimates. We perform a set of experiments in an office area at the IT University of Copenhagen with our implemented system. The experimental results show very promising detection capabilities.

5.2

Part II: “Using MIMO-OFDM based WLANs to Detect and Position Indoor Physical Intruders”

Part II is based on our manuscript with the same title, which may be submitted in total as one journal paper or in parts as two journal papers. Part II investigates the issues of using the channel estimates of orthogonal frequency division multiplexing (OFDM) based WLANs for detecting physical intruders into indoor environment. In the future, new WLAN standard tend to be based on OFDM, and it also tend to include the MIMO feature. The IEEE 802.11n is just such an example. The work in Part II is motivated by the fact that an OFDM channel’s transfer function or impulse response can provide much more information than a corresponding RSSI value, thus it is possible to detect subtle channel variations in the observations of the OFDM channel’s transfer function or impulse response. Moreover, we realize that because of the power-concentration phenomenon, it is more suitable to detect intrusion-caused channel variations in the OFDM channel’s impulse response than in the OFDM channel’s transfer function. We realize that our channel variations detection problem falls into the area of transient signal detection. More specifically, the variations in the impulse response observations are a type of time-scale domain variations that mainly contains large-scale variations. Thus, the established theory of DWT-based transient signal detection using GLRT detector can be applied, because it can efficiently extract the signal components of certain chosen-scales. We also realize that for a MIMO-OFDM based WLAN, when different classes of intrusion events happen, the set of GLRT statistics of all the SISO links between the nodes in the system have different patterns. Thus, pattern classification theory can be applied to classify these detected intrusion events, given that the classifier has been trained with those possible intrusion cases to the indoor environment under surveillance. Using high-precision channel sounder, we did a set of multi-node multiple-input multipleoutput (MIMO) channel measurements in a typical indoor office environment. The measurements cover different intrusion cases. These measurements enable us to investigate the performance of such systems at different bandwidth, number of antenna elements, etc. The experimental results show this OFDM-based approach has significantly better intrusion detection performance than the RSSI-based approach in Part I, under the same probability of detection, this OFDM-based intrusion detection

27

approach has orders of magnitude smaller probability of false alarm. Moreover, the experimental results show that the different intrusion events can be classified by pattern classification methods with a small probability of error classification of the measured intrusion cases, and this reveals the potentials of positioning and tracking of intruders with such systems.

28

Appendix A

Discrete wavelet transform Since in Part II of this thesis, the DWT-based GLRT detector is applied for detecting the transient variations in the OFDM channels, hereby we provide a very brief introduction of those concepts of DWT that is involved in Part II.

A.1

Definition of wavelets

A continuous function ψ(t) defined over the real axis (−∞, ∞) is a wavelet if it has the following two properties:

Z



ψ(t)dt = 0

(A.1)

|ψ(t)|2 dt = 1.

(A.2)

−∞

and

Z



−∞

Equation (A.1) means that ψ(t) has zero mean and (A.2) means that ψ ∈ L2 (R) and ψ(t) has unit energy [72] [73]. For a signal x(t) defined over (−∞, ∞) and x ∈ L2 (R), the wavelet transform of x(t) at time u and scale s is

Z (ψ) Wu,s =



1 x(t) √ ψ ∗ s −∞

µ

t−u s

¶ dt

(ψ)

which means that Wu,s is the correlation of x(t) and the scaled and translated version of the wavelet function ψ(t). The following wavelet is one of the oldest wavelets, referred to as the Haar wavelet:  √ 2  : −1 < t ≤ 0   − 2    √ 2 ψ(t) ≡ :0γ

(20)

where γ is the decision threshold. In the next section we will describe how to determinate γ when a certain Pf is given as the system performance goal.

4.3

Threshold determination

In this section, we describe how to determine the decision threshold γ when certain Pf is given as the design goal. Since the J-th level DWT smooth of a Td -dimensional real vector is within its Td /2J -dimensional ˆ τ (t) in (18) can be regarded as a 2 × Td /2J -dimensional real vector real vector subspace [30], ∆g subspace of the 2 × Td -dimensional real vector space of ∆gτ . Therefore, as analyzed in [23] [24] [34], under H0 , l will follow a chi-square distribution with the degree of freedom equal to τmax × 2 × Td /2J ; under H1 , l will follow noncentral chi-square distribution with the same degree of freedom, with the non-centrality parameter equal to τmax X−1 τ =0

Td −1 ¯ ¯2 2 X ¯ˆ ¯ ¯∆gτ (t)¯ σ ˆτ2

(21)

t=0

which is the large-scale variations’ signal-to-noise ratio (SNR). As analyzed in [23] [24] [34], this detection system based on GLRT test is a constant false alarm rate (CFAR) system, since the probability of false alarm Pf only depend on the decision threshold. The 101

cumulative distribution function (CDF) of the chi-square distribution can be either calculated with numerical methods [34], or approximated with the CDF of a Gaussian distribution with corresponding parameters [34]. When a certain Pf is given as the system’s design goal, for example Pf = 4 × 10−9 as calculated in Section 1, the decision threshold γ can be obtained from the CDF of the chi-square distribution.

4.4

Parameter tracking

The signal parameters gτ and noise parameters στ2 may drift slowly because of slow changes either in the indoor propagation environment or in the transmitter and receiver hardware [36]. The detection system has to track the parameter drift in the detection phase, otherwise false alarms may be triggered. A simple strategy to handle this parameter drift is to re-estimate the parameters periodically in the detection phase. When there is no detected intrusion in the environment, a window of past channel observations can be used for such parameter re-estimation using the method in Section 3. Notice that a delay is necessary, such that the parameter re-estimation window does not overlap with the current variation detection window. Some more complicated parameter tracking strategies, for example the adaptive methods in [3], can also be used after slight and straightforward modifications. This topic is, however, beyond the scope of this paper.

5

Extension to multi-node systems with MIMO feature

In this section, we will show that the parameter estimation and channel variation detection methods considered in Section 3 and 4 can be straightforwardly extended to multi-node systems with MIMO feature. For one MIMO transmit-receive node pair with NT antenna elements at the transmitter node and NR antenna elements at the receiver node, there are NT NR number of SISO channel estimates for each transmitted wireless frame. When the MIMO channel is estimated with orthogonal pilot symbols, the noise n in (1) at different SISO links of the MIMO channel are uncorrelated. If there are multiple nodes in the system, the frames transmitted by one node may be simultaneously received by multiple receiver nodes. Assume that there are totally K such transmit-receive SISO antenna pairs between these nodes, given a window (of size Te ) of channel estimates of the set of links, the likelihood function is

102

 P (Z = G; g, σ 2 ) =

K−1 Y τmax Y−1 k=0

τ =0

1  ³ ´2Te exp − (k) π Te στ

 TX e −1 t=0

¯ ¯2 1 ¯ (k) (k) ¯  ³ ´2 ¯g (τ, t) − gτ ¯  (k) στ

(22)

where G = {g (k) (τ, t)|0 ≤ k ≤ K − 1, 0 ≤ τ ≤ τmax − 1, 0 ≤ t ≤ Te − 1}, is the observed realization of (k)

the set of the channel random vectors Z; g = {gτ |0 ≤ k ≤ K −1, 0 ≤ τ ≤ τmax −1}, is the set of signal (k)

parameters; σ 2 = {(στ )2 |0 ≤ k ≤ K − 1, 0 ≤ τ ≤ τmax − 1}, is the set of noise parameters. Because of the uncorrelated noise of each SISO link, in the training phase, we can estimate the parameter of each link separately use the method in Section 3. Similarly, in the detection phase, because of the uncorrelated noise, we can apply the DWT-based variation detector to each SISO link separately. Similar to the derivation of Equation (18), we have the GLRT statistic l = 2 ln({g (k) (τ, t)}|H1 ) − 2 ln({g (k) (τ, t)}|H0 ) K−1 d −1 ·¯ ¯ ¯ ¯2 ¸ X τmax X−1 2 TX ¯ (k) ¯2 ¯ (k) ¯ (k) ˆ = ¯∆gτ (t)¯ − ¯∆gτ (t) − ∆gτ (t)¯ σ ˆτ2 =

k=0 τ =0 K−1 X τmax X−1 k=0

(k)

where lτ

t=0

lτ(k)

(23)

τ =0

is the GLRT statistic according to the τ -th delay bin and the k-th SISO link, and their

sum, l, is the total GLRT statistic. Then the detection system compares l with the global decision threshold γ to make a decision. In other words, by assuming that the variations caused by an intrusion is deterministic and with unknown parameters, we can regard these SISO links separately analogous to those uncorrelated sensors in some classical sensor networks, since the noise at different receive antennas are uncorrelated. If the noise at different receive antennas are correlated, the estimator and detector should jointly process the data [33]. Equation (23) means that each receiver node can calculate the local GLRT statistics separately according to different SISO links, and the fusion center only need to sum up these local statistics to make the final detection.

6

A low complexity RSSI-based detector for performance comparison

To evaluate the intrusion detection performance of the OFDM-based approach proposed in this paper, we can compare its performance with some simple RSSI-based intrusion detection approach.

103

The received signal strength of the wireless frame at time t of the k-th SISO link can be defined as the summation of each subcarrier’s power E

(k)

(t) =

N −1 ¯ X

¯2 ¯ (k) ¯ ¯h (n, t)¯ .

n=0

Because of the noise on each subcarrier, [E (k) (0), E (k) (1), . . . , E (k) (Td − 1)] can be regarded as a constant parameter disturbed by Gaussian noise under H0 , and can be regarded as a sequence with transient variations and noise under H1 . Therefore, we can again apply the DWT-based transient variation detection method on each of such received signal strength sequence. Similarly to the derivations in Section 3, 4 and 5, we can have the GLRT statistics r=

K−1 X

r(k)

k=0

where r(k) is the GLRT statistic according to the k-th SISO link. Under H0 , r(k) follows the chi-square distribution with degree of freedom equal to Td /2J , where Td is the detection window size, and J is the level of the DWT smooth. Under H1 , r(k) follows the non-central chi-square distribution. The detector then compare r with certain global decision threshold Γ to decide either H0 or H1 . The performance of this received signal strength based approach will be better than the RSSI-based detector in [3] because of no quantization loss. Moreover, the performance would not be affected by any OFDM frequency and timing offsets. We denote this method still as “RSSI-based method” in the rest of this paper since it is somehow directly related to the RSSI-based detector in [3].

7

Pattern classification for classifying different intrusion events

In this section, we will show that pattern classification methods can be used to classify different classes of intrusion events, such that the intrusion detection system may be able to tell the location of the intruder. In an indoor environment deployed with this WLAN-based surveillance system, between all those transmit-receive antenna pairs, there are lots of electromagnetic waves covering the indoor environment because of the multi-reflection and penetration phenomenon. When one intruder enters this indoor environment from certain position, the intruder’s movement will only interfere with those electromagnetic waves whose paths are crossed by the intruder. In other words, although there are many multipath components (MPCs) between those transmit-receive antenna pairs, the intruder will only interfere with certain part of these MPCs in his intrusion. For different classes of intrusion events, for example breaking through a corridor gate or through an office window, the intruder will interfere with different set of MPCs. Each MPC between any transmit-receive antenna SISO link is at a certain 104

(k)

transmission delay, and since the GLRT statistic lτ

in (23) is related to the amount of variations

corresponding to the k-th SISO link at the τ -th delay, different classes of intrusion events tend to (k)

impact different subsets of the set of GLRT statistics {lτ |0 ≤ k ≤ K − 1, 0 ≤ τ ≤ τmax − 1}. Based on the physical effect described above, when an intrusion event is detected, using the set of (k)

GLRT statistics {lτ } in (23), the surveillance system may be able to locate the intruder by applying pattern classification methods. For this indoor surveillance application, the supervised learning strategy [38] is more suitable than the unsupervised learning strategy, since we should let the system to learn the possible classes of intrusion events and build the patterns before the happening of any real intrusion. Moreover, after every significant re-arrangement in the indoor environment, the learning process may need to be carried out again. (k)

As analyzed in Section 5, those GLRT statistics {lτ } are random variables that follow a chi(k)

square distribution under H0 and a noncentral chi-square distribution under H1 , and any two {lτ } (k)

at different k or τ can be regarded as uncorrelated to each other. Under H1 , lτ

depends on many

physical factors including the duration of certain MPCs being interfered by the intruder, the body shape of the intruder and even the clothes material. Therefore, it is impractical to parameterize the (k)

pdf of each lτ under H1 for each intrusion event class. Moreover, it is impractical to train the classifier with a large set of training data that all those physical factors are taken into account. Instead, for a practical system, the classifier training process should be easily finished within hours, which means that each class of intrusion events may be repeated no more than 10 times. Moreover, the classifier should not be very sensitive to the physical factors mentioned above, or in other words, should not (k)

be very sensitive to the specific value of {lτ }. Therefore, a reasonably simple feature-model and classifier are preferred. (k)

(k)

To reduce the classifier’s sensitivity to the specific value of lτ , we quantize each lτ value Vk,τ , such that

( Vk,τ =

into a binary

(k)

1 if lτ ≥ λ; (k) 0 if lτ < λ;

(24)

where Vk,τ is an element of the feature matrix V at the (k + 1)-th row and (τ + 1)-th column, and λ is the chosen quantization threshold. The binary value Vk,τ indicates whether there are significant enough variations exist in the k-th SISO link at the τ -th delay. In other words, this quantization (k)

from lτ

(k)

to Vk,τ is to quantize the very complicated distribution of lτ

into the very simple Bernoulli

distribution, such that to significantly simplify the classification problem. We define the feature vector v as the vectorization of V, such that v = vec(V). These coordinates of v are essentially independent binary features [38].

105

(25)

To train the classifier, each type of the predefined classes of intrusion events are repeated for Nr times (Nr ∼ 10), and this training process is essentially in order to estimate the Bernoulli distribution pdf of each coordinate of the feature vector. Let B denote the number of classes of intrusion events we have, and 0 ≤ b ≤ B −1 denote the index of the classes. For the b-th intrusion event class, assume that (b)

(k)

there are nk,τ times (among the total Nr times training repetition) that the lτ λ, then the Bernoulli distribution parameter

(b)

Pk,τ

exceeds the threshold

(b) Pk,τ

 (b) if nk,τ = 0;   ² (b) (b) = nk,τ /Nr if 1 ≤ nk,τ ≤ Nr − 1;   (b) 1−² if nk,τ = Nr ;

(26)

where 0 < ² < 1/Nr is a small value to ensure the validity of the Bernoulli distribution pdf. We choose a moderate value, ² = 0.5/Nr , such that every single coordinate of the feature vector would not dominate the behavior of the classifier. Generally we do not have a priori probabilities of the possible intrusion classes in this indoor surveillance system, therefore in this application, the classification process simply becomes to choose the class that has the maximum likelihood function [38]. In the detection phase, when an intrusion event is detected by the detector (23), we can build the current binary feature matrix V0 and binary feature vector v0 similarly to (24) and (25). Given a feature vector v0 , the likelihood function according to the b-th class is 0

p(v |b) =

K−1 Y τmax Y−1 k=0

0 p(Vk,τ |b)

(27)

τ =0

0 |b) is the probability of each coordinates of the feature vector v0 where p(Vk,τ

( 0 p(Vk,τ |b)

=

(b)

Pk,τ 1−

(b) Pk,τ

0 if Vk,τ = 1; 0 if Vk,τ = 0;

(28)

The classifier choose the intrusion event class b for which p(v0 |b) is the maximum for all 0 ≤ b ≤ B − 1. Notice that the classification performance will be affected by the choice of the quantization threshold λ. In Section 8, we will show by experiments that fortunately the classification performance is fairly insensitive to λ.

8 8.1

Experimental results Experiment setup and experimental site

In order to demonstrate the performance of the intrusion detection system, we carried out a set of experiments at a typical office area, which is the Radio System group’s office area at the 2nd floor 106

of the main building of the Department of Electrical and Information Technology, Lund university, Lund, Sweden. The building map of the experimental site is shown in Figure 2, The outer walls are reinforced concrete and bricks, and the walls between office rooms are wooden and thin concrete layers. The office doors are wooden and the corridor doors are made of wood and glass. The office windows

Tx1

2369

2368

2367

2366

2365

2364

2363

Main building corridor

are metalized glass.

N

2 4

Rx

1 6 2370A

2370B

2371

2372

Tx2

3 2373

2374

2375

2376

2377

5

Figure 2: Experimental site, the transmitter and receiver nodes, and the six experimental cases. In Case 1, the intruder is entering the site from the corridor door; In Case 2 and 3, the intruder is walking in the office; In Case 4, 5 and 6, the intruder is opening the office door. Currently, to the authors knowledge, there is no commercially-available WLAN hardware that enable upper layer applications to access the OFDM physical layer channel estimate of each frame. We carried out the experiments by using the MEDAV RUSK channel sounder to measure the channel transfer function of each SISO link periodically. The measurement frequency band was 40MHz centered at 5.2GHz, consisting of 129 subcarriers. Each OFDM symbol is 3.2 microseconds excluding CP, and the CP’s duration is 0.8 microseconds. We used two transmitter nodes, which are marked in Figure 2. Node Tx1 is cylinder patch antenna array with 8 antenna elements, and we used antenna elements 1, 3, 5 and 7. Node Tx2 is linear patch antenna array with 8 antenna elements, and we used antenna elements 3, 4, 5 and 6. Receiver node Rx is cylinder patch antenna array with 8 antenna elements, and we used antenna elements 1, 3, 5 and 7. The transmit-receive node pairs (Tx1,Rx) and (Tx2,Rx) are both 4 × 4 MIMO, and therefore there are totally 32 SISO links1 . In the measurement campaign, we carried out 6 cases of intrusion events. These intrusion cases 1

In the measurement campaign, we turned off all the fluorescent lights in the experimental site. The reason for doing

this is that, as shown in [39] [40], the gas in fluorescent lights will be excited at twice the frequency of the power network, which generates fast fading of that frequency in the indoor wireless channel.

107

are marked in Figure 2 with numbers from 1 to 6, respectively. Each intrusion case was repeated for 50 times in order to evaluate the system performance. Before the beginning of each event, there was a training phase during which there was no moving objects/person in the environment, which is needed for channel steady state estimation. In practice, the maximum speed of indoor moving intruders/objects can be several meters per second. However, in our measurement campaign, we let the “intruder” move much slower with the speed around one meter per second. Thus we can slow down the channel measurement frequency, which can give us convenience for easier cooperation between the persons in the measurement campaign. For example, after starting measurement, the persons except the “intruder” should leave the site as soon as possible, then there will be a short silent period after which the intrusion event begin. Each of these SISO links are measured with the channel sounder every 23 milliseconds. Each of these “intrusion events” lasted for around 8 seconds, which is analogous to real life case when the intruder’s movement speed is less than 4 m/sec, the channels are measured every 5.75 milliseconds, and the duration of the detection window is 2 seconds. Experiment case 1 was to demonstrate the system’s capability of detecting the intruder who open the corridor door and walk into the corridor. In the training phase, one person stood still outside the corridor behind the closed corridor door. Then in the detection phase, he opened the corridor door and walked into the corridor for around 4 meters as indicated by the arrow in Figure 2. Experiment cases 2 and 3 were to demonstrate the system’s capability of detecting the intruder who walk in the office rooms, which might happen if he break into a room from the window. In these experiments, all the doors in the site are closed. In the training phase, one person sat still at the corner of the chosen office indicated by the tail of the arrow in Figure 2. Then in the detection phase, he stood up and walked to another side of the office as indicated by the arrow. Experiment cases 4, 5 and 6 were to demonstrate the system’s capability of detecting the intruder who open the office door. In the training phase, he stood still outside the chosen office door. Then in the detection phase, he opened the door for around 30 degrees and then closed the door. Such kind of intrusion case may not happen in real life, however, we want to simulate the case that an intruder sneak into the office area without being detected (for example getting through from the roof), and then he open the office door and try to get into the office.

8.2

Distribution of GLRT statistics under H0

As shown in Section 4.2, the GLRT statistics follow chi-square distribution under H0 , and the intrusion detection system is therefore a CFAR system. To illustrate the distribution of the GLRT statistics under H0 , at the site described in Section 8.1, we conducted some experiments by having no moving objects/persons in the site.

108

(A) Histogram / theoretical distribution

0.06

relative frequency obtained in experiments theoretical chi-squared distribution

0.05 0.04 0.03 0.02 0.01 0

0

10

20

30

40

50

60

70

GLRT statistics of detail channel information based detector

(B) Histogram / theoretical distribution

0.1

relative frequency obtained in experiments theoretical chi-squared distribution

0.08 0.06 0.04 0.02 0

0

5

10

15

20

25

30

35

40

45

GLRT statistics of received signal strength based detector (k)

Figure 3: (A) Histogram of the detail channel information based GLRT statistics lτ

under H0 ob-

tained from experiments, and the corresponding theoretical chi-squared distribution (B) Histogram of the GLRT statistics of RSSI-based detector under H0 obtained from experiments, and the corresponding theoretical chi-squared distribution. (k)

In Figure 3 (A) and (B), we plot the empirical distribution of the GLRT statistics lτ

and r(k)

(k)

respectively. The parameters Td = 384, J = 5, are used in processing the data, therefore lτ

follows

chi-square distribution with degree of freedom 2 × Td /2J = 24, and r(k) follows chi-square distribution with degree of freedom Td /2J = 12. The range of these statistics are divided into bins of unit size to calculate the relative frequencies, and the theoretical probability corresponding to each bin was obtained by integrating the theoretical pdf over that bin. We can see that the empirical and theoretical distribution curves fit well, except that the experimental GLRT statistics are slight larger (slightly shifted to the right direction). This might be the consequence of the slight estimation errors in the signal and noise parameters. It is impractical to run the system for years to evaluate the system’s probability of false alarm at different decision threshold γ. Since the experimental and theoretical distributions are a close fit, we will later in this paper use the right tail probability of the corresponding chi-square distribution as the Pf as described in Section 4.3. 109

8.3

Intrusion detection performance under no timing offset

In this section, we investigate the system’s detection performance for each intrusion event cases. The high-precision channel measurement data are used, which were obtained by using the RUSK channel sounder. When processing the measurement data, we add noise to obtain 10 dB average subcarrier SNR, and we do not introduce any timing offset into the measurements. The achieved detection performance will be regarded as the benchmark for comparing with the case that there are timing offsets in the channels. There are 4 antenna elements on each of nodes in our experiments. In order to evaluate the performance when less antenna elements are available, we calculate the performance of each possible antenna combination, then average the performance for all these combinations. For example, if we use only one antenna on each node, we have to average (C41 )3 = 64 combinations, and if we use only two antennas on each nodes, we have to average (C42 )3 = 216 combinations. The probabilities of false alarm are the theoretical values, which are the right tail probabilities of the corresponding chi-square distributions. (D) d

Probability of detection P

Probability of detection P

d

(A) 1 0.95 OFDM 1x1 RSSI 1x1 OFDM 2x2 RSSI 2x2 OFDM 3x3 RSSI 3x3 OFDM 4x4 RSSI 4x4

0.9 0.85 0.8 0.75 −12 10

10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

1 0.95

0.85 0.8 0.75 −12 10

0

OFDM 1x1 RSSI 1x1 OFDM 2x2 RSSI 2x2 OFDM 3x3 RSSI 3x3 OFDM 4x4 RSSI 4x4

0.9

10

−10

10

−8

f

d

0.95 OFDM 1x1 RSSI 1x1 OFDM 2x2 RSSI 2x2 OFDM 3x3 RSSI 3x3 OFDM 4x4 RSSI 4x4

0.9 0.85 0.8 0.75 −12 10

10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

0

d

Probability of detection P

d

Probability of detection P

OFDM 1x1 RSSI 1x1 OFDM 2x2 RSSI 2x2 OFDM 3x3 RSSI 3x3 OFDM 4x4 RSSI 4x4

0.85 0.8

−8

−6

10 Probability of false alarm P

10

0

OFDM 1x1 RSSI 1x1 OFDM 2x2 RSSI 2x2 OFDM 3x3 RSSI 3x3 OFDM 4x4 RSSI 4x4

0.85 0.8

10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

0

f

(F)

0.9

10

−2

0.9

f

0.95

−10

10

0.95

(C)

10

−4

1

0.75 −12 10

1

0.75 −12 10

10 f

(E)

1

Probability of detection P

Probability of detection P

d

(B)

−6

10 Probability of false alarm P

10

−4

10

−2

10

1 0.95

0.85 0.8 0.75 −12 10

0

f

OFDM 1x1 RSSI 1x1 OFDM 2x2 RSSI 2x2 OFDM 3x3 RSSI 3x3 OFDM 4x4 RSSI 4x4

0.9

10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

f

Figure 4: Detection performance of intrusion case 1 to 6, where BW=40MHz, subcarrier average SNR=10dB, no timing offset. (A) case 1; (B) case 2; (C) case 3; (D) case 4; (E) case 5; (F) case 6;

110

10

0

Figure 4 shows the detection performance of intrusion cases 1 to 6, where the bandwidth is 40 MHz, the subcarrier average SNR is 10 dB, and there is no OFDM timing offset. Figure 4(A) shows the detection performance of intrusion case 1, where the intruder get into the site through the corridor gate. We can see in the figure that: 1) The proposed OFDM-based channel variation detection approach performs orders of magnitude better than the RSSI-based channel variation detection approach. This intrusion case seems very challenging for the RSSI-based approach. The reason might be that, as can be seen in Figure 2, the EM waves that can be interfered by the intruder in this event travel pretty long distances and suffer significant attenuations. Thus even though they can cause significant variations in some MPCs such that they can be easily detected by the OFDM-based channel variation detector, they can only cause slight RSSI variations such that can hardly be detected by RSSI-based approach. 2) More antenna elements, better detection performance for both the RSSI-based detector or the OFDM-based detector, which is intuitive. However, even if there are 4 antenna elements at each node, the RSSI-based approach can just have acceptable performance with Pd ≈ 0.8 at Pf = 10−10 , this performance is even worse than the OFDM-based approach when there is only one antenna element at each node. Figure 4(B) and 4(C) show the detection performance of intrusion cases 2 and 3 respectively, where the intruder is walking in the office room as illustrated in Figure 2. We can see in the figure that: 1) Both the OFDM-based and RSSI-based approaches have very good performance in detecting these intrusion events. The reason should be that, intrusion case 2 will interfere a lot of EM waves transmitted by node TX1, and intrusion case 3 will interfere a lot of EM waves transmitted by node TX2. 2) The performance of OFDM-based and RSSI-based approaches are not distinguishable in the shown range of probability of false alarm Pf when there are more than two antenna elements at each node. However we can still see in Figure 4(B) that the OFDM-based approach performs significantly better than the RSSI-based approach. Figure 4(D), (E) and (F) show the detection performance of intrusion cases 4, 5 and 6 respectively, where the intruder is opening the office doors as illustrated in Figure 2. We can see in the figure that: 1) Both the OFDM-based and RSSI-based approaches have very good performance in detecting these intrusion events. The reason should be that, intrusion case 4, 5 and 6 will interfere a lot of EM waves transmitted by node TX1 and Tx2. 2) When there are more than two antenna elements at each node, The performance of OFDM-based and RSSI-based approaches are not distinguishable in the shown range of probability of false alarm Pf . When there is only a single antenna element at each node, in Figure 4 (F) for intrusion case 6, we can see that the OFDM-based approach performs significantly better than the RSSI-based approach. Figure 5 shows the average detection performance for all the six intrusion cases. As we can see, 1)

111

Average detection performance for all intrusion cases

1

Probability of detection P

d

0.95

0.9

0.85

OFDM 1x1 RSSI 1x1 OFDM 2x2 RSSI 2x2 OFDM 3x3 RSSI 3x3 OFDM 4x4 RSSI 4x4

0.8

0.75 −12 10

10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

0

f

Figure 5: Average detection performance of all the six intrusion cases, where BW=40MHz, subcarrier average SNR=10dB, no timing offset. 1) Better detection performance can be achieved when more antenna elements are available, which is intuitive since every single antenna element is analogous to one sensor; 2) The OFDM-based approach performs orders of magnitude better than the RSSI-based approach; 3) In order to achieve average detection probability Pd > 0.95 at the required probability of false alarm Pf = 4 × 10−9 calculated in Section 1, the RSSI-based approach needs four antenna elements on each node, while the OFDM-based approach needs only one antenna elements on each node.

8.4

Intrusion detection performance under timing offsets

To evaluate the intrusion detection performance when there are OFDM timing offsets, we introduce random timing offsets into the data obtained with channel sounder, since there are no timing offsets in the channel measurements. We simulate that the timing offset for each channel measurement is Gaussian distributed, whose (−3σ, 3σ) range is (− 12 , 12 ) OFDM sample. Figure 6 shows the average detection performance of all the six intrusion cases when there are OFDM timing offsets. We can see that: 1) Figure 6(A) shows that because of the OFDM timing

112

Probability of detection P

d

(A) 1 0.95 with offsets 1x1 no offsets 1x1 with offsets 2x2 no offsets 2x2 with offsets 3x3 no offsets 3x3 with offsets 4x4 no offsets 4x4

0.9 0.85 0.8 0.75 −12 10

10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

0

f

Probability of detection P

d

(B) 1 0.95 offsets mitigated 1x1 no offsets 1x1 offsets mitigated 2x2 no offsets 2x2 offsets mitigated 3x3 no offsets 3x3 offsets mitigated 4x4 no offsets 4x4

0.9 0.85 0.8 0.75 −12 10

10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

0

f

Figure 6: Average detection performance of all the six intrusion cases, with OFDM timing offsets within (− 12 , 12 , ) OFDM sample, where BW=40MHz, subcarrier average SNR=10dB. (A) The OFDM timing offsets are not mitigated; (B) The OFDM timing offsets are mitigated using the algorithm in Appendix. offsets, there is significant detection performance degradation compared to the benchmark (no timing offset circumstance). We need at least three antenna elements on each node in order to still have satisfactory intrusion detection performance. 2) In Figure 6(B), after mitigating the timing offset using the method in Appendix, the detection performance is significantly recovered and is very close to the benchmark (no timing offset circumstance).

8.5

Intrusion detection performance under different SNR

Figure 7 shows the average detection performance of all the six intrusion cases under different subcarrier SNR. The bandwidth is 40 MHz, and each node has a single antenna element. Figure 7(A) and (B) show the performance of the OFDM-based approach and RSSI-based approach respectively. Not surprisingly, we can see that both approaches can achieve better performance when the SNR increase. We can see from Figure 7(A) and (B) that, under the same SNR condition and at the same probability

113

Probability of detection P

d

(A) 1 0.95 0.9 0.85 0.8 0.75 −12 10

SNR=12 dB SNR=10 dB SNR=8 dB SNR=6 dB 10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

0

f

Probability of detection P

d

(B) 1 0.95

SNR=12 dB SNR=10 dB SNR=8 dB SNR=6 dB

0.9 0.85 0.8 0.75 −12 10

10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

0

f

Figure 7: Average detection performance of all the six intrusion cases under subcarrier SNR at 6, 8, 10 and 12 dB respectively, where BW=40MHz, and each node has a single antenna element. (A) The average detection performance of the OFDM-based approach; (B) The average detection performance of the RSSI-based approach. of detection Pd , the probability of false alarm Pf of the OFDM-based approach are always orders of magnitude smaller than the RSSI-based approach.

8.6

Intrusion detection performance under different bandwidths

Figure 8 shows the average detection performance of all the six intrusion cases under different bandwidth. The average subcarrier SNR is 10 dB, and each node has a single antenna element. The curves corresponding to MIMO cases with more than one antenna elements are not shown, since almost all those curves are very close to 100% detection performance within the shown range of Pf . Figure 8(A) and (B) show the performance of the OFDM-based approach and the RSSI-based approach respectively. We can see that in Figure 8(A), better detection performance is achieved at larger bandwidth. The reason should be that better time-domain resolution is achieved at larger bandwidth, thus there are less MPCs in each delay bin of the channel impulse response, which means that the physical

114

Probability of detection P

d

(A) 1 0.95 0.9 0.85 0.8 0.75 −12 10

BW=20M BW=30M BW=40M 10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

0

f

Probability of detection P

d

(B) 1 0.95

BW=20M BW=30M BW=40M

0.9 0.85 0.8 0.75 −12 10

10

−10

10

−8

−6

10 Probability of false alarm P

10

−4

10

−2

10

0

f

Figure 8: Average detection performance of all the six intrusion cases with bandwidth at 20, 30 and 40 MHz respectively, where average subcarrier SNR is 10 dB, and each node has a single antenna element. (A) The average detection performance of the OFDM-based approach; (B) The average detection performance of the RSSI-based approach. variations in the impulse response are better isolated and easier to be detected. However, we cannot see the same tendency in Figure 8(B). The reason is that, when the bandwidth increase in certain proportion, the total noise energy in the frequency band will increase in the same proportion, and the energy of variations also increase in the same proportion if we assume that roughly the energy of variations is evenly spread over the frequency band. Therefore, the performance of the RSSI-based approach would not change much when the bandwidth increases.

8.7

Intrusion events classification performance

In this section, we investigate the system’s performance on intrusion events classification. The highprecision channel measurements are used. As described in Section 8.3, the performance are averaged for all possible combinations of MIMO configurations. In the data processing, ten repetitions of each intrusion cases are used for training the classifier, namely Nr = 10.

115

Intrusion events classification performance 1

0.9

Probability of correct classification

0.8

0.7

0.6

0.5

0.4

SNR=12 dB, 2x2 SNR=10 dB, 2x2 SNR=8 dB, 2x2 SNR=6 dB, 2x2 SNR=12 dB, 1x1 SNR=10 dB, 1x1 SNR=8 dB, 1x1 SNR=6 dB, 1x1

0.3

0.2 0

100

200

300 400 500 Feature quantization threshold λ

600

700

Figure 9: Intrusion events classification performance under subcarrier SNR at 6, 8, 10 and 12 dB respectively, where the bandwidth is 40 MHz, no timing offsets. Figure 9 shows the average intrusion events classification performance under different subcarrier SNR when there is no OFDM timing offset. 1) As we can see, both for the 2×2 MIMO configuration or the SISO configuration, better classification performance can be achieved at higher subcarrier SNR. (k)

This is because that under H1 , the certain subset of GLRT statistics lτ (k)

intruder will have larger values at higher SNR, while the subset of lτ

that are affected by the

that are not affected by the

intruder will have the same distribution under different SNR. therefore at higher SNR, the patterns of different intrusion cases are better isolated. 2) When the feature quantization threshold is λ = 0, the feature vector of any intrusion event will become an all one vector and the pattern for all event are also all one vectors, thus the probability of correct classification is 1/6, which is the reciprocal of the number of intrusion cases. 3) We know that for our parameter setup, as described in Section 8.2, (k)

the degree of freedom of the distribution of lτ

is 24. We can see in Figure 9 that a good classification

performance can be achieved when λ is in a reasonably large range compared to the degree of freedom (k)

of the distribution of lτ . Figure 10 shows the classification performance under different MIMO configurations, where the

116

Intrusion events classification performance

1

Probability of correct classification

0.9

0.8

0.7

0.6 MIMO 4x4 MIMO 3x3 MIMO 2x2 SISO 1x1 0.5

0

100

200

300 400 500 Feature quantization threshold λ

600

700

Figure 10: Intrusion events classification performance under different MIMO configurations, where the bandwidth is 20 MHz, the subcarrier SNR=10 dB, no timing offsets. bandwidth is 20 MHz, and the subcarrier SNR is 10 dB, and there is no OFDM timing offsets. As we can see in the Figure, better classification performance can be achieved when more antenna elements are available. This is intuitive, since when more antenna elements are available, physically the indoor propagation environment can be better covered by the EM waves, and mathematically the feature vector will have larger dimensions that the event patterns can be better isolated. Figure 11 shows the classification performance under different bandwidth, where the subcarrier SNR is 10 dB, and there is no OFDM timing offset. As we can see, better classification performance can be achieved at higher bandwidth. The reason is that the better timing domain resolution at higher bandwidth can help to distinguish the event patterns. Figure 12 shows the classification performance when there are OFDM timing offsets within (− 12 , 12 ) OFDM samples, where the subcarrier SNR is 10 dB and each node has 2 antenna elements. 1) As we can see, when there are OFDM timing offsets, the classification performance degrade significantly. This is because the timing offsets will cause the feature matrix Vk,τ in (24) smeared in the delay dimension, resulting that the event patterns are not well isolated. 2) When the OFDM timing offsets

117

Intrusion events classification performance

1

Probability of correct classification

0.9

0.8

0.7

BW=40 MHz, 2x2 BW=30 MHz, 2x2 BW=20 MHz, 2x2 BW=40 MHz, 1x1 BW=30 MHz, 1x1 BW=20 MHz, 1x1

0.6

0.5

0

100

200

300 400 500 Feature quantization threshold λ

600

700

Figure 11: Intrusion events classification performance under different bandwidth, where subcarrier SNR is 10 dB, no timing offsets. are mitigated using the method in Appendix, the classification performance are well recovered with slight performance loss.

9

Conclusions and future work

In this paper, we extended our earlier work of implementing indoor surveillance functionality based on indoor WLAN infrastructures. Compared to this earlier work of detecting intrusions by detecting variations in channel RSSI information, here we propose to detect intrusions by detecting the transient variations in the detail channel information of MIMO-OFDM based WLANs. We applied DWT-based GLRT detectors to detect such transient channel variations. We carried out a set of experiments in a typical indoor office area using a high-precision channel sounder. Our experimental results showed that this OFDM-based approach performed significantly better than the RSSI-based approach, especially when the energy of the intrusion-caused variations is relatively weak compared to the energy of the channel’s transfer function. We also found that pattern classification methods can be used to classify different intrusion events, this means that such systems can to some extent locate the intruders, which 118

1

Probability of correct classification

0.95

0.9

0.85

0.8

40MHz, no offsets 30MHz, no offsets 20MHz, no offsets 40MHz, with offsets 30MHz, with offsets 20MHz, with offsets 40MHz, offsets mitigated 30MHz, offsets mitigated 20MHz, offsets mitigated

0.75

0.7

0

100

200

300 400 500 Feature quantization threshold λ

600

700

Figure 12: Intrusion events classification performance with no timing offsets, with timing offsets, and with timing offsets being mitigated. The average subcarrier SNR is 10 dB, and each node has 2 antenna elements. may be very useful in practical indoor surveillance systems. There are still many aspects need to be investigated in the future. We just name a few such topics here. First, it is worth to investigate how to track a single intruder or even multiple intruders in the indoor environment. Second, we may need to investigate how to mitigate the interferences from outdoor environments like cars. One possible approach is to discard the subset of GLRT statistics that can be affected by outdoor interferences and only use the rest for intrusion detection, or such outdoor interferences might be able to be recognized by pattern classification methods. Third, this WLAN based indoor surveillance technology may be combined with other indoor surveillance technologies using fusion techniques, such that the whole system can achieve higher total performance.

10

Acknowledgement

The authors would like to thank Dr. Peter Almers, Johan K˚ aredal and Shurjeel Wyne at Lund university for their help in the measurement campaign with channel sounder, and thank Dr. Andres Alayon Glazunov at Lund university for helpful discussions. 119

11

Appendix: Timing offset mitigation

The parameter estimation and change detection algorithm in sections 3 and 4 assumes that there is no timing offset and frequency offset in the OFDM transmit-receive link. This assumption holds if the clocks of the transmitter and receiver nodes are synchronized with cables, or if there is high-precision clock hardware in the nodes. In [32], a reasonably low-cost cubic-centimeter size high-precision atomic clock is demonstrated. It is claimed in [32] that these atomic clocks can be used in wireless systems to provide very good frequency and timing synchronization. In this case, we can directly use the parameter estimation and detection algorithms in Section 3 and 4. In current practical OFDM systems, there are no synchronization cables and no such high-precision clocks, the frequency and timing offsets do exist. Fortunately, as shown in [18] [19], the frequency offsets can be estimated with high precision. Hence in this paper, we assume that the frequency offsets are mitigated and its residue effect can be regarded as very small increase in the subcarrier SNR. In practical OFDM systems, in order to avoid the ISI, many timing offsets estimation and mitigation methods are proposed [19] [20] [21], and these methods can reduce the timing offsets to the range of (− 12 , 12 ) OFDM samples when two consecutive preamble OFDM symbols are available. Since the duration of the CP is designed to be sufficiently long for the certain communication scenarios, such amount of timing offsets would not affect the communication functionality. However, such a range of timing offsets will make the phase of the channel’s transfer function vary significantly even when the channel is absolutely static, which pose a challenge for detecting the true channel variations caused by intrusions. As shown in Section 8.4, the timing offsets will cause significant intrusion detection performance degradation. Therefore, we have to further mitigate the timing offsets.

11.1

Timing offset mitigation under H0

Given an observation window containing Te channel estimates under H0 at time 0 ≤ t ≤ Te − 1, due to the timing offset and noise, the channel observation h(t, n) at time t is h(t, n) = h0 (n) exp(jnφt ) + u(t, n);

0≤n≤N −1

(29)

where h0 (n) is the true steady channel transfer function under H0 , u(t, n) ∼ N (0, σn2 ) is the noise on the n-th subcarrier, and φt = 2π∆t /N that ∆t is the relative timing offset defined as the actual timing offset divided by the OFDM symbol duration excluding the CP. The unknown parameters are {h0 (n)|0 ≤ n ≤ N − 1}, {σn2 |0 ≤ n ≤ N − 1}, and {φt |0 ≤ t ≤ Te − 1}. The likelihood function is " T −1 # N −1 e Y X 1 1 2 2 P (Z = H; h, σ , φ) = exp − |h(n, t) − h0 (n) exp(jnφt )| (30) (πσn2 ) σn2 n=0

t=0

120

where H = {h(n, t)} is the observed realization of the window of random vectors Z; h = [h0 (0), h0 (1), . . . , h0 (N − 2 2 1)] is the signal parameter vector; σ 2 = [σ02 , σ12 , . . . , σN −1 ] is the noise parameter vector and σn is the

noise parameter on the n-th subcarrier. Finding the ML estimates of these many parameters from the joint distribution of them is intractable, because the likelihood function is not analytical, and the special definition of the complex gradient of a real function with respect to complex parameters described in [35] can neither simplify the problem because of the exponential part exp(jnφt ). Instead, we propose a low-complexity method in this section. The idea is to first estimate the timing offset between the first channel observation and each of the other observations in the observation window, then we can align these observations with the first channel observation in the window to mitigate the timing offset. Thus the unknown parameters h0 (n) and σn2 are got around, and then we can estimate the time domain parameters directly as described in Section 3 since the offsets are mitigated. From (29) we get s(t, n) = h(0, n)h∗ (t, n) = [h0 (n) exp(jnφ0 ) + u(0, n)] · [h0 (n) exp(jnφt ) + u(t, n)]∗ = |h0 (n)|2 exp(jn(φ0 − φt )) + [u(0, n)h∗0 (n) exp(−jnφt ) + [u(t, n)h0 (n) exp(jnφ0 ) + u(0, n)u∗ (t, n)]. The information of timing offset difference between the first channel transfer function and the t-th transfer function is contained in the first part in s(t, n), and the second part is the interference. To estimate the phase difference (φ0 − φt ), we define a function G(θ) as the absolute value of the Hermitian inner product between [s(t, 0), s(t, 1), . . . , s(t, N − 1)]T and the following phase rotation vector r = [exp(j0θ), exp(jθ), . . . , exp(j(N − 1)θ)]T , ignoring the interference part, we have ¯N −1 ¯ ¯X ¯ ¯ ¯ G(θ) ≈ ¯ |h0 (n)|2 exp(jn(φ0 − φt )) ∗ exp(−jnθ)¯ ¯ ¯ n=0

The function G(θ) will achieve its maximum

PN −1 n=0

|h0 (n)|2 when θ = φ0 − φt . Since φ0 and φt are

π π both in the range (− N , N ), the solution θ to maximize G(θ) can be found by grid searching in the 2π range (− 2π N , N ). Because of the interference part in s(t, n), there will be some estimation error of this

offsets difference (φ0 − φt ). After (φ0 − φt ) is estimated for 1 ≤ t ≤ Te , we can mitigate the timing offset difference between the first channel estimate and the rest channel estimate by de-rotation. After the timing offset mitigation, the parameter estimation method in Section 3 can be applied.

11.2

Timing offset mitigation under H1

The timing offset mitigation algorithm in Section 11.1 is derived by assuming that the channel is static (under H0 ). However, we also need to mitigate the timing offset problem under H1 when the channel 121

is continuously varying. As we know that the main challenge for the detection problem is that the energy of the variations caused by intrusion is relatively weak compared to the energy of channel, otherwise even the RSSIbased detection method can achieve very good detection performance. Fortunately, this results in that the timing offset correcting method in Section 11.1 can still be used. We can estimate the timing offsets between the channel observations in the detection window and the steady channel that has been obtained, then mitigate the offsets. In this case, the variations caused by intrusion also becomes interference for the timing offset difference estimation, resulting in some performance loss in the intrusion events detection and classification.

122

Bibliography [1] P. Bahl and V. N. Padmanabhan, “RADAR: An In-building RF-based User Location and Tracking System”, IEEE INFOCOM, Vol. 2, pp. 775-784, March 2000. [2] K. Pahlavan, Wireless Information Networks, 2nd Edition, Wiley, 2005. [3] J. Chen, Z. Safar and J. Aa. Srensen, “Multimodal Wireless Networks: Communication and Surveillance on the Same Infrastructure”, IEEE Transactions on Information Forensics and Security, to appear. [4] G. Ye, J. Wei, M.R. Pickering, M.R. Frater, and J.F. Arnold, “Simultaneous tracking and registration in a multisensor surveillance system”, Image Processing, Sept. 2003, vol. 1. pp. I- 933-6. [5] K. Audenaert, H. Peremans, Y. Kawahara, and J. Van Campenhout, “Accurate ranging of multiple objects using ultrasonic sensors”, Proc. IEEE International Conference on Robotics and Automation, vol. 2, pp. 1733-1738, May 1992. [6] F. Gueuning, M. Varlan, C. Eugene, and P. Dupuis, “Accurate distance measurement by an autonomous ultrasonic system combining time-of-flight and phase-shift methods”, Proc. IEEE Instrumentation and Measurement Technology Conference, vol. 1, pp. 399-404, June 1996. [7] L.E. Parker, B. Birch, and C. Reardon, “indoor target intercept using an acoustic sensor network and dual wavefront path planning”, Proc. IEEE International Conference on Intelligent Robots and Systems, vol. 1, pp. 278-283, Oct. 2003. [8] S. Nag, H. Fluhler, and M. Barnes, “Preliminary interferometric images of moving targets obtained using a time-modulated ultra-wide band through-wall penetration radar”, Proc. Proceedings of the IEEE Radar Conference, pp. 64-69, May 2001. [9] G. Wang, M. Amin, “A new approach for target location of through the wall radar imaging in the presence of wall ambiguities”, Proc. IEEE International Symposium Signal Processing and Information Technology, pp. 183-186, Dec. 2004.

123

[10] S.E. Borek, “An overview of through the wall surveillance for homeland security”, Proc. Applied Imagery and Pattern Recognition Workshop, Oct. 2005. [11] R. J. Orr, and G. D. Abowd, “The smart floor: a mechanism for natural user identification and tracking”, Proc. Conference on Human Factors in Computing Systems, pp. 275-276, ACM press, New York, 2000. [12] N. Strobel, S. Spors, and R. Rabenstein, “Joint audio-video object localization and tracking”, IEEE Signal Processing Magazine, vol. 18, no. 1, pp. 22-31, Jan 2001. [13] J. J. van de Beek, O. Edfors, M. Sandell, S. K. Wilson and P. O. Borjesson, “On channel estimation in OFDM systems”, Proc. IEEE Vehicular Technology Conference, Vol. 2, pp. 815-819, July 1995. Chicago [14] Y. Li, L. J. Cimini and N. R. Sollenberger, “Robust channel estimation for OFDM systems with rapid dispersivefading channels”, IEEE Transactions on Communications, Vol. 46, No. 7, pp. 902-915. July 1998. [15] O. Edfors, M. Sandell, J. J. van de Beek, S. K. Wilson and P. O. Borjesson, “OFDM channel estimation by singular value decomposition”, IEEE Transactions on Communications, Vol. 46, No. 7, pp. 931-939. July 1998. [16] O. Edfors, M. Sandell, J. J. van de Beek, S. K. Wilson and P. O. B¨orjesson, “Analysis of DFTBased Channel Estimators for OFDM”, Wireless Personal Communications Journal, vol. 12, no. 1, pp. 55-70, Jan. 2000. Springer Netherlands. [17] S. Weinstein and P. Ebert, “Data Transmission by Frequency-Division Multiplexing Using the Discrete Fourier Transform”, IEEE Transactions on Communications, Vol. 19, No. 5, pp. 628-634. Oct. 1971. [18] P. H. Moose, “A technique for orthogonal frequency division multiplexingfrequency offset correction”, IEEE Transactions on Communications, Vol. 42, No. 10, pp. 2908-2914. Oct. 1994. [19] T. M. Schmidl and D. C. Cox, “Robust frequency and timing synchronization for OFDM”, IEEE Transactions on Communications, Vol. 45, No. 12, pp. 1613-1621. Dec. 1997. [20] J. J. van de Beek, M. Sandell and P. O. Borjesson, “ML estimation of time and frequency offset in OFDM systems”, IEEE Transactions on Signal Processing, Vol. 45, No. 7, July 1997.

124

[21] F. Tufvesson, O. Edfors and M. Faulkner, “Time and frequency synchronization for OFDM using PN-sequencepreambles”, Proc. IEEE Vehicular Technology Conference, Amsterdam, Vol. 4, pp. 2203-2207, Sept. 1999. [22] B. Porat and B. Friedlander, “Adaptive Detection of Transient Signals”, IEEE Transactions on Acoustics, Speech, and Signal Processing, Vol. 34, No. 6, pp. 1410-1418, Dec. 1986. [23] B. Friedlander and B. Porat, “Performance Analysis of Transient Detectors Based on a Class of Linear Transforms”, IEEE Transactions on Information Theory, vol. 38, no. 2, pp. 665-673, Mar. 1992. [24] B. Porat and B. Friedlander, “Performance Analysis of a Class of Transient Detection Algorithms - A Unified Framework”, IEEE Transactions on Signal Processing, vol. 40, no. 10, pp. 2536-2546, Oct. 1992. [25] M. Frisch and H. Messer, “The Use of the Wavelet Transform in the Detection of an Unknown Transient Signal”, IEEE Transactions on Information Theory, Vol. 38, No. 2, pp. 892-897, Mar. 1992. [26] M. Frisch and H. Messer, “Transient Signal Detection Using Prior Information in the Likelihood Ratio Test”, IEEE Transactions on Signal Processing, Vol. 41, No. 6, pp. 2177-2192, June 1993. [27] S. Del Marco and J. Weiss, “Improved Transient Signal Detection Using a Wavepacket-Based Detector with an Extended Translation-Invariant Wavelet Transform”, IEEE Transactions on signal Processing, vol. 45, no. 4, pp. 841-850, April. 1997. [28] S. Kulkarni and S. V. Bellary, “Nonuniform M-Band Wavepackets for Transient Signal Detection”, IEEE Transactions on signal Processing, vol. 48, no. 6, pp. 1803-1807, June 2000. [29] Z. Wang and P. Willet, “A Performance Study of Some Transient Detectors”, IEEE Transactions on signal Processing, vol. 48, no. 9, pp. 2682-2685, Sept. 2000. [30] D. Percival and A. T. Walden, Wavelet Methods for Time Series Analysis, Cambridge University Press, NY USA, 2000. [31] S. Qian, Introduction to Time Frequency and Wavelet Transforms, NJ: Prentice Hall PTR, Nov. 2002. [32] S. Knappe, V. Shah, P. D. D. Schwindt et al, “A microfabricated atomic clock”, Applied Physics Letters, Vol. 85, No. 9, pp. 1460-1462, Sept. 2004.

125

[33] R. S. Blum and S. A. Kassam, “Optimal Distributed Detection of Weak Signals in Dependent Sensors”, IEEE Transactions on Information Theory, Vol. 38, No. 3, pp. 1066-1079, May, 1992. [34] S. M. Kay, Fundamentals of Statistical Signal Processing: Detection Theory, Prentice-Hall, NJ USA, 1998. [35] S. M. Kay, Fundamentals of Statistical Signal Processing: Estimation Theory, Prentice-Hall, NJ USA, 1993. [36] J. Medbo, J. Berg and F. Harrysson, “Temporal Radio Channel Variations with Stationary Terminal”, IEEE Vehicular Technology Conference, Vol. 1, pp. 91-95, Sept. 2004. [37] R.S. Blum, S.A. Kassam, and H.V. Poor, “Distributed Detection with Multiple Sensors: Part II - Advanced topics”, Proceedings of the IEEE, Vol. 85, No.1, Jan. 1997. [38] R. O. Duda, P. E. Hart and D. G. Stock, “Pattern Classification, 2nd Ed.”, John Wiley & Sons, NY, USA, 2001. [39] P. Melancon and J. Lebel, “Effects of Fluorescent Lights on Signal Fading Characteristics for Infoor Radio Channels”, Electronics Letters, Vol. 28, No. 18, Aug. 1992. [40] B. H. Fleury and P. E. Leuthold, “Radiowave Propagation in Mobile Communications: An Overview of European Research”, IEEE Communications Magazine, Feb. 1996.

126