When wireless sensors are deployed to monitor the working or life conditions of people, the data collected and processed by these sensors may reveal privacy of people. The actual content of sensory data should be concealed to preserve the privacy, but the data concealment feature may be abused by compromised sensors to modify or ill-process data without being caught. Hence, reconciling privacy preservation and intrusion detection, which apparently conflict with each other, is important. This paper studies this problem in the context of sensory data aggregation, a fundamental primitive for efficient operation of sensor networks. A scheme is proposed that can detect ill-performed aggregation without knowing the actual content of sensory data, and therefore allow sensory data to be kept concealed. The results show that, the actual content of raw and aggregated sensory data can be well concealed. Meanwhile, most of ill-performed aggregations can be detected; the ill-performed aggregations that can escape from being detected have only negligible impact on the final aggregation results.