Optimizing Anomaly Detection in Cognitive WSNs with the IFSC-GNN Architecture

Abstract

Cognitive Wireless Sensor Networks (CWSNs) are emerging as a vital communication paradigm that integrates wireless sensor networks with cognitive radio technology, enabling dynamic spectrum allocation and efficient utilization of underused licensed bands. Unlike traditional networks, CWSNs allow secondary users to opportunistically access spectrum resources without disrupting primary users. While these capabilities offer flexibility, they also expose CWSNs to unique vulnerabilities, particularly Spectrum Sensing Data Falsification (SSDF) attacks. In SSDF, malicious nodes inject falsified sensing information into cooperative spectrum sensing (CSS), leading to incorrect spectrum access decisions, degraded network efficiency, and increased risk of interference. Over the years, several detection techniques have been proposed, ranging from statistical tests to machine learning (ML) and clustering methods. Approaches such as Mean-Standard Deviation analysis, Support Vector Machines, and Isolation Forests have achieved notable success under controlled conditions. Hybrid frameworks such as Isolation Forest combined with Spectral Clustering (IFSC) have addressed some limitations by offering unsupervised detection, but Spectral Clustering’s cubic complexity restricts scalability and real-time applicability. To overcome these limitations, we propose IFSC-GNN, a lightweight framework that integrates Isolation Forest anomaly scoring with Graph Neural Networks (GNNs). By leveraging graph-based message passing and embeddings, IFSC-GNN achieves scalable, low-latency detection suitable for edge devices. Simulations indicate up to 40% latency reduction in networks exceeding 10,000 nodes. Beyond the technical design, this paper highlights the open challenges in GNN-based detection—including dataset scarcity, interpretability, and adversarial robustness—and outlines future research paths involving federated GNNs, automated architecture search, and energy-efficient models. In conclusion, IFSC-GNN represents a promising evolution for securing CWSNs against SSDF threats in real-world, large-scale deployments.

Introduction

The increasing demand for wireless communication has exposed major inefficiencies in traditional static spectrum allocation, where licensed bands remain underused while unlicensed bands face congestion. Cognitive Radio Networks (CRNs) and Cognitive Wireless Sensor Networks (CWSNs) address this by enabling sensor nodes to dynamically sense, learn, and access unused spectrum. These systems support applications in smart cities, healthcare, IIoT, and defense.

However, Cooperative Spectrum Sensing (CSS)—the core mechanism enabling reliable spectrum access—is highly vulnerable to Spectrum Sensing Data Falsification (SSDF) attacks. Even a small number of malicious nodes can distort sensing results, causing interference and degraded decision-making. Traditional detection approaches (statistical methods, classical ML, trust systems, Bayesian models, HMMs) suffer from key limitations: lack of scalability, poor real-time performance, and failure to model relational dependencies among nodes.

To overcome these challenges, recent work has shifted toward unsupervised and graph-based learning. Isolation Forest (IF) offers fast and label-free anomaly scoring, but its effectiveness decreases in dynamic environments and it requires carefully tuned parameters. The earlier IFSC framework combined Isolation Forest with Spectral Clustering but was hindered by the cubic computational cost of clustering.

Graph Neural Networks (GNNs) have emerged as a powerful solution because they naturally model the graph structure of CWSNs. Nodes are treated as vertices with features such as sensing data, spatial position, or signal metrics, while edges represent communication or correlation. GNNs capture both node attributes and inter-node relationships through message passing, making them effective against coordinated and stealthy SSDF attacks. Various GNN architectures—including GCN, GAT, GraphSAGE, GAEs, and temporal GNNs—help detect anomalies in both static and dynamic graphs, while lightweight variants (SGC, GNN-Lite, TinyGNN) enable deployment on resource-constrained edge devices.

Building on these advancements, the IFSC-GNN framework replaces Spectral Clustering with lightweight GNNs to achieve scalable, real-time SSDF detection. The method involves (1) generating anomaly scores using Isolation Forest, (2) constructing a graph of sensor relationships, and (3) using a lightweight GNN to classify nodes as normal or malicious. This hybrid approach preserves the strengths of unsupervised anomaly scoring while dramatically reducing computational overhead. IFSC-GNN improves scalability, reduces memory usage, supports incremental learning, and adapts to dynamic topologies. Simulations show up to 40% lower inference latency in large networks.

Evaluation on a 50-node CWSN with 10 malicious nodes demonstrates high overlap between true and detected attackers, confirming the reliability of the combined IF–SVM anomaly detection stage and validating the effectiveness of the overall IFSC-GNN framework.

Conclusion

Cognitive Wireless Sensor Networks represent the next generation of intelligent communication systems, yet their reliance on cooperative spectrum sensing makes them highly vulnerable to SSDF attacks. Traditional anomaly detection methods, while foundational, fail to scale in dynamic, large-scale environments. The IFSC framework introduced a hybrid approach, but its reliance on Spectral Clustering limited its practical utility. The proposed IFSC-GNN framework addresses these limitations by integrating Isolation Forest anomaly scoring with lightweight Graph Neural Networks. This hybrid approach leverages the structural awareness of GNNs while maintaining the unsupervised advantage of IF, resulting in improved scalability, reduced latency, and compatibility with edge devices. Although challenges remain—including dataset scarcity, interpretability issues, and adversarial robustness—IFSC-GNN represents a significant step toward secure, real-time, and scalable anomaly detection in CWSNs. By pursuing future research directions such as federated learning, AutoML-driven GNN design, and energy-efficient deployments, the community can further enhance the resilience and sustainability of next-generation wireless sensor networks.

References

[1] S.?Shrivastava, A.?Rajesh, P.?K. Bora, et al., “A survey on security issues in cognitive radio based cooperative sensing,” IET Commun., vol.?15, no.?7, pp.?875–905, 2021, doi:?10.1049/com.2020.12131. [2] A.?Haque, M.?N.-U.-R. Chowdhury, H.?Soliman, et al., “Wireless sensor networks anomaly detection using machine learning: A survey,” in Lecture Notes in Networks and Systems, vol.?647, 2024, pp.?491–506, doi:?10.1007/978 3 031 47715 7_34. [3] X.?Ma and W.?Shi, “A comprehensive survey on graph anomaly detection with deep learning,” IEEE Trans. Knowl. Data Eng., vol.?34, no.?5, pp.?2021–2040, 2022, doi:?10.1109/TKDE.2021.3102786. [4] Y.?Zhang and X.?Zhang, “A novel anomaly detection method for multimodal WSN data flow via a dynamic GNN,” IEEE Sensors J., vol.?22, no.?6, pp.?5789–5797, 2022, doi:?10.1109/JSEN.2021.3090161. [5] T.?Luo and S.?G. Nagarajan, “Distributed anomaly detection using autoencoder neural networks in WSN for IoT,” in IEEE ICC, May 2018, pp.?1–6, doi:?10.1109/ICC.2018.8422402. [6] V.?Chandola, A.?Banerjee, and V.?Kumar, “Anomaly detection: A survey,” ACM Comput. Surv., vol.?41, no.?3, pp.?1–58, Jul. 2009, doi:?10.1145/1541880.1541880. [7] S.?Rajasegarar, C.?Leckie, and M.?Palaniswami, “Anomaly detection in wireless sensor networks,” IEEE Wirel. Commun., vol.?15, no.?4, pp.?34–40, Aug. 2008, doi:?10.1109/MWC.2008.4599219. [8] B.?Egilmez and A.?Ortega, “Spectral anomaly detection using graph-based filtering for WSNs,” in ICASSP, Apr. 2014, pp.?3185–3189, doi:?10.1109/ICASSP.2014.6853764. [9] M.-C.?Zhong and M.?Velipasalar, “Deep actor-critic reinforcement learning for anomaly detection,” in IEEE GLOBECOM, Dec. 2019, pp.?1–6, doi:?10.1109/GLOBECOM38437.2019.9013223. [10] X.?Feng et al., “Anomaly detection in WSNs using support vector data description,” Int. J. Distrib. Sensor Netw., vol.?13, no. 1, pp.?1–12, 2017, doi:?10.1177/1550147716686161. [11] T.?Xie, J.?Hu, S.?Zomaya, et al., “Scalable hypergrid k NN based online anomaly detection in WSNs,” IEEE Trans. Parallel Distrib. Syst., vol.?24, no.?8, pp.?1586–1596, Aug. 2013, doi:?10.1109/TPDS.2012.261. [12] S.?Trinh, K.?Tran, and T.?T.?Huong, “Hyperparameter optimization of one-class SVM for WSNs,” in IEEE ATC, Oct. 2017, pp.?563–568, doi:?10.1109/ATC.2017.8167642. [13] A.?Abduvaliyev et al., “On the vital areas of intrusion detection systems in WSNs,” IEEE Commun. Surv. Tutor., vol.?15, no.?3, pp.?1223–1238, 2013, doi:?10.1109/SURV.2012.121912.00006. [14] M.?Bosman, G.?Iacca, A.?Liotta, et al., “Spatial anomaly detection in sensor networks using neighborhood information,” Inf. Fusion, vol.?33, pp.?41–56, Jul. 2017, doi:?10.1016/j.inffus.2016.04.007. [15] S.?Suthaharan et al., “Labelled data collection for anomaly detection in WSNs,” in IEEE ISSNIP, Dec. 2010, pp.?1–6, doi:?10.1109/ISSNIP.2010.5706782. [16] S. Wang and S. Sun, “Threatrace: Detecting and tracing host-based threats in node level through provenance graph learning,” IEEE Trans. Inf. Forensics Secur., vol.?17, pp.?1123–1135, 2022, doi:10.1109/TIFS.2021.3108674. [17] Q. Wang, W.?U. Hassan, D. Li, K. Jee, and X. Yu, “You Are What You Do: Hunting stealthy malware via data provenance analysis,” in NDSS, 2020, doi:10.14722/ndss.2020.23322. [18] I.?J. King and H.?H.?Huang, “Euler: Detecting network lateral movement via scalable temporal link prediction,” in NDSS, 2022, doi:10.14722/ndss.2022.24473. [19] Y. Zhao, Z. Liu, and J. Pang, “Anomaly Detection in Network Traffic via Cross-Domain Federated Graph Representation Learning,” Appl. Sci., vol.?15, no.?11, p.?6258, 2025, doi:10.3390/app15116258. [20] Y. Wang and S. Yang, “A lightweight method for graph neural networks based on knowledge distillation and graph contrastive learning,” Appl. Sci., vol.?14, no.?11, p.?4805, 2024, doi:10.3390/app14114805. [21] J.?K. Kong, W.?Zhang, H.?Wang, M.?Hou, X.?Chen, X.?Yan, and S.?K.?Das, “Federated graph anomaly detection via contrastive self-supervised learning,” in AAAI, vol.?39, no.?20, 2023, doi:10.1609/aaai.v39i20.35458. [22] C. He et al., “FedGraphNN: A federated learning system and benchmark for graph neural networks,” arXiv preprint arXiv:2104.07145, 2021. [23] T.?Gurumurthy, H.?Pal, and C.?Sharma, “Federated spectral graph transformers meet neural ordinary differential equations for non IID graphs,” arXiv preprint arXiv:2504.11808, 2025. [24] A. Caville, W.?W. Lo, S.?Layeghy, and M. Portmann, “Anomal E: A self supervised network intrusion detection system based on graph neural networks,” arXiv preprint arXiv:2207.06819, 2022. [25] T.?Nguyen, J.?He, L.?Tan Le, W. Bao, and N.?H. Tran, “Federated PCA on Grassmann manifold for anomaly detection in IoT networks,” arXiv preprint arXiv:2212.12121, 2022. [26] “A survey of dynamic graph neural networks,” arXiv preprint arXiv:2404.18211, 2024. [27] S.?Joshi, “Recent advances in efficient and scalable graph neural networks,” 2022. [28] “Computing graph neural networks: A survey from algorithms to applications,” ACM Comput. Surv., 2022. [29] “A survey on recommender systems using graph neural network,” ACM Comput. Surv., 2024. [30] “A survey of computationally efficient graph neural networks for embedded systems,” Preprints.org, 2024, doi:10.20944/preprints202406.0281.v1.

Copyright

Copyright © 2025 Ms. Rashee Kori, Ms. Megha Soni. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.