"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Energy-Efficient IDS in WSN
1. ENERGY-EFFICIENT INTRUSION DETECTION IN
WIRELESS SENSOR NETWORK
Solmaz Salehian , Farzaneh Masoumiyan , Dr. Nur Izura Udzir
Department of Communication Technology and Network
Faculty of Computer Science and Information Technology,
Universiti Putra Malaysia
UPM Serdang, Malaysia
The International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec2012)
2. OUTLINE
1 Introduction
2 IDS in WSN
3 Simulation
4 Analysis and Conclusion
2
4. INTRODUCTION
o WSNs consist of a collection of sensor nodes which are
distributed in open environment in various locations.
o Deploying sensors in open and unprotected environment and
dynamic topology in WSNs raises security issues.
o IDS can be used to detect and determine whether the
packets are malicious or neighbor node is anomalous.
4
5. ROUTING PROTOCOL CLASSIFICATION BASED ON NETWORK
STRUCTURE IN WSNS:
location-based RP Flat-based RP
5
Hierarchical RP
Fig1.Routing protocols classification
6. Energy-Efficient IDS in WSN
HIERARCHICAL ROUTING
• An IDS for CHs because in this
routing most attackers which are the
targets for attackers
•The anomaly and misuse detection
techniques are used as a hybrid
technique, and the rules-based analysis
method is used to build anomaly
detection modules and experts defined
the corresponding rules.
Fig2.Hybrid tech
6
7. Energy-Efficient IDS in WSN
HIERARCHICAL ROUTING CONT…
Anomaly detection provides a high detection rate, but high false
positive rate. The misuse detection has high accuracy but low
detection rate, so HIDS combines of the high detection rate of
anomaly detection and the high accuracy of misuse detection
and thus increase detection of unknown attacks.
7
8. Energy-Efficient IDS in WSN
FLAT-BASED ROUTING
An anomaly intrusion detection algorithm is used.
According to network structure, all nodes have the following
characteristics:
1) the neighbors of a specific node do not change during the course
of the analysis. This means three things:
Nodes are stationary, Transmission power levels do not change,
and no new node is added after a network is deployed.
Each node can uniquely identify its neighbors (for example, using
an assigned id).
Data and control packet flows are directional.
8
9. Each node provides neighboring nodes’ activities, and builds
a simple dynamic of the statistical model neighboring
nodes.
using statistic detection model detects whether the neighbor
node is anomalous. In this model the anomaly detection
algorithm executes at each node separately.
The nodes can identify a legitimate neighbor by comparing a
small number of received packet features.
9
10. Energy-Efficient IDS in WSN
LOCATION-BASED ROUTING
Algorithm 1 is developed to detect intrusion on the network.
Algorithms 2 will carry-out analysis on every packet sent by the
sensor nodes. The implementation of the two Algorithm will
achieve intrusion detection and types of intrusion on the
network.
Energy consumed will be reduced during single hop data
transmission from SN to BS. A careful consideration should be
given to distance between a sensor and BS before the sensors
were deployed, and keeping a close range of sensors to BS is
important.
All traffic from sensors must pass through installed IDS in
the BSs. If any attack is detected, data received from the attack
node will be stopped. Mobile Agents (MAs) are used to facilitate
communication among the BSs and also enhance intrusion
detection and prevention. Using MAs can help address over- 10
loading issues in the BSs.
11. Satellite
BS server
Sensor
Mobile agent
11
Fig3.Architecture view of D-IDS
12. SIMULATION OF IDS IN WSNS
using the KDDCup'99 dataset; as a training sample and testing
dataset in experiment.KDDCup'99 dataset.
Another measure is using the JSIM platform in order to
investigate whether the proposed secure routing protocol can
detect the malicious nodes.
Evaluating on real data gathered for WSNs which used TMote sky
wireless sensor for testing and simulation based on specified
parameters.
12
13. ANALYSIS & CONCLUSION
In hierarchical routing protocols : Protecting the CHs in hierarchical
routing not only can detect attack ,but also can help to prolong network life
time and decrease energy consumption. However, in this routing protocol,
finding a suitable path to the BS and avoiding route misbehavior must be
considered.
In flat-based routing protocols: This routing protocol can partially preserve
energy, but selecting legitimate nodes within the network is a challenge, and
the presented algorithms try to overcome this problem by detecting
anomalous and malicious nodes over network with regard to maintaining the
path which comprises memory resources. But this routing protocol becomes
necessary when reliability is strong.
In location-based routing protocol : In this routing protocol power loss is
increased specially when the nodes are located far from the BS; hence,
proposed models try to overcome this issue, for example by limiting SNs to
those which have data to transmit, or by making routing decision based on
location and trust information and ignoring nodes with poor trustworthiness
during routing .
13
14. REFERENCES
[1] C. F. García-Hernández, P. H. Ibargüengoytia-González, J. García-Hernández, and J. A. Pérez-Díaz (2007).
Wireless Sensor Networks and Applications: A Survey, in International Journal of Computer Science Issues
(IJCSI), 7(30):264-273.
[2] P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez (2009), Anomaly-based
Network Intrusion Detection: Techniques, Systems and Challenges. Computers & Security, 28(1–
2):18–28.
[3] A. Patcha and J-M. Park (2007), An Overview of Anomaly Detection Techniques: Existing Solutions
and Latest Technological Trends. Computer Networks, 51(12):3448–3470.
[4] Q. Wang, S. Wang and Z. Meng (2009), Applying an Intrusion Detection Algorithm to Wireless Sensor
Networks. In Procs. Second International Workshop on Knowledge Discovery and Data Mining (WKDD
2009), pp. 284–287.
[5] K.Q. Yan, S. C. Wang., S.S. Wang and C.W. Liu (2010), Hybrid Intrusion Detection System for
Enhancing the Security of a Cluster-based Wireless Sensor Network. In Proceedings of the Computer
Science and Information Technology (ICCSIT), July 2010, vol.1, pp.114-118.
[6] J. N. Al-Karaki and A. E. Kamal (2004), Routing Techniques in Wireless Sensor Networks: A Survey. IEEE
Wireless Communications, 11(6):6–28.
[7] L. J. G. Villalba, A. L. S. Orozco, A. T. Cabrera, and C. J. B. Abbas (2009), Routing Protocols in Wireless
Sensor Networks, Sensors, 9(11):8399–8421.
[8] D. Liu and Q. Dong (2007), Detecting misused keys in wireless sensor networks. In Procs. IPCCC 2007, April
2007, pp. 272 - 280.
[9] M-W. Park, J-M. Kim, Y-J. Han, and T-M. Chung (2008), A Misused Key Detection Mechanism for Hierarchical
Routings in Wireless Sensor Network. In Fourth International Conference on Networked Computing and
14
Advanced Information Management 2008 (NCM’08), pp. 47–52.
15. REFERENCES CONT…
[10] M. K. Watfa, and S. Commuri (2006), Energy-efficient Approaches to Coverage Holes Detection inWireless Sensor
Networks. In IEEE International Symposium on Intelligent Control, 4-6 Oct. 2006, Munich, Germany, pp. 131–136.
[11] C-F. Hsieh, Y-F. Huang, and R-C. Chen (2011), A Light-Weight Ranger Intrusion Detection System on Wireless Sensor
Networks. In 2011 Fifth International Conference on Genetic and Evolutionary Computing (ICGEC), pp. 49–52.
[12] L. Guorui, J. He, and Y. Fu (2008), Group-based Intrusion Detection System in Wireless Sensor Networks,
Computer Communications, 31(18):4324–4332.
[13] I. Onat and A. Miri (2005), An intrusion detection system for Wireless sensor networks, in Procs. IEEE International
Conference on Wireless And Mobile Computing, Networking and Communications (WiMob'2005), 22-24 Aug.
2005, pp. 253–259.
[14] S. Janakiraman, S. Rajasoundaran, and P. Narayanasamy (2012). The Model #x2014: Dynamic and Flexible Intrusion
Detection Protocol for
High Error Rate Wireless Sensor Networks Based on Data Flow. In 2012 International Conference on Computing,
Communication and
Applications (ICCCA), pp. 1 –6.
[15] M.A. Rassam, M.A. Maarof, and A. Zainal (2011). A Novel Intrusion Detection Framework for Wireless Sensor Networks.
In 2011 7th
International Conference on Information Assurance and Security (IAS), pp. 350 –353.
[16] T. Zahariadis, P. Trakadas, S. Maniatis, P. Karkazis, H. C. Leligou, and S. Voliotis (2009), Efficient Detection of Routing
Attacks in Wireless
Sensor Networks. In 16th International Conference on Systems, Signals and Image Processing (IWSSIP 2009), pp. 1–4.
[17] S. I. Eludiora, O. O. Abiona, A. O. Oluwatope, S. A. Bello, M.L. Sanni, D. O. Ayanda, C.E. Onime, E. R. Adagunodo, and L.O.
Kehind (2011), A Distributed Intrusion Detection Scheme for Wireless Sensor Networks, in Procs. IEEE
International Conference on Electro/Information Technology (EIT) 2011, pp.1-5.
15
[18] SmartDetect WSN Team (2010), SmartDetect: An Efficient WSN Implementation for Intrusion Detection in 2010
Second International Conference on Communication Systems and Networks (COMSNETS), pp. 1 –2.
16. REFERENCES CONT…
[19] M. Khan, G. Pandurangan, and V. S. Anil Kumar (2009). Distributed algorithms for constructing
approximate minimum spanning trees in wireless sensor networks, IEEE Transactions on Parallel
and Distributed Systems, 20:124–139, Jan. 2009.
[20] R. Subramanian, P.V. Kumar, S. Krishnan, B. Amrutur, J. Sebastian, M. Hegde, S.V.R. Anand (2009).
A low-complexity algorithm for intrusion detection in a pir-based wireless sensor network, in
International Conference Series on Intelligent Sensors, Sensor Networks and Information Processing.
[21] F. Ye, G. Zhong, S. Lu, and L. Zhang (2005). Gradient broadcast: a robust data delivery protocol
for large scale sensor networks, Wirel. Netw., 11(3):285–298.
[22] http://www.wsn-roup.org/comment/13#comment-13
[23] J. Yick, B. Mukherjee, and D. Ghosal (2008), Wireless Sensor Network Survey. Computer Networks , 52(12):
2292–2330.
[24] W. Seah and Y. K. Ta, (2010). Chapter 12: Routing Security Issues in Wireless Sensor Networks: Attacks
and Defenses, in Sustainable Wireless Sensor networks, pp. 279-308.
[25] Bc. L. Honus (2009). Design, Implementation and simulation of
intrusion detection system for wireless sensor networks, M.S. Thesis,
Masarykova Univerzita, Czech.
16
Security solutions in the network : prevention and detection Prevention techniques: The first line of defense like encryption, authentication, firewalls,… Intrusion detection: The second line of defense is that when preventive .Two important modules of intrusion detection : Anomaly detection and misuse detection
WSN can be used for different applications such as medical monitoring, military applications, environment monitoring, and healthy applications [1]. The use of WSNs has developed rapidly in the last decade and the traditional way of protecting networks is no longer sufficient for these types of networks. Attack can occur from any direction and any node in WSNs, so one significant security problem is the networks’ intrusion detection.
In flat-based routing protocols, each node plays the same roles in routing procedure [7]. In large networks, Base Station (BS) specifies certain regions and sends queries to them, and then waits for data from nodes in that region. This routing is data-centric and saves energy through data negotiation and elimination of data redundancy [6]. In hierarchical routing protocols nodes play different roles and this routing are based on clustering, and Cluster Heads (CHs) are responsible to collect data from neighbors in each cluster and sends collected data to the BS. This routing protocol is scalable and energy-efficient [6], because nodes with higher energy can be CHs. In location-based routing protocol, the transmission route for a node is based on the localization of the final destination and the other node positions [7]. In this routing, some location-based scheme in order to save energy demand nodes go to sleep mode when there is no activity [6]. In this paper several works for building IDS are presented with regard to energy consumption as a crucial resource for sensors as well as being the key challenge in WSNs. These papers are grouped based on three types of WSNs routing protocols.
As shown in Fig.1, the anomaly detection module checks a large number of packets, and then the misuse detection module judges the abnormal packets. The final decision is made in the decision making module. The outputs of the anomaly detection and misuse detection modules are integrated and the types of attacks are reported to the network administrator. The decision making model uses the following rules in order to make the final decision: 1. If the anomaly detection module detects an attack but the misuse detection module does not detect an attack, then it is not an attack and it is an erroneous classification. 2. If both anomaly detection module and misuse detection module detect an attack, then it is an attack and the class of attack is determined. A three-layer Back Propagation Network (BPN) is adopted for misuse detection module, which is used to classify the attacks and evaluate the performance of the misuse detection.
2>low-complexity cooperation algorithm may improve the detection and containment process [13].
TMote sky wireless sensors which are programmable, to allow intelligent communication between the SNs and the BSs
The entire network may be vulnerable to various attacks. Algorithm 1 is developed to detect intrusion on the network. The BS has the power to detect the frequency at which sensor node is sending captured data. For Example, if a sensor node sending data 5s is being programmed to send every 30s interval. This becomes abnormal behavior to the BS and the BS can broadcast to other BSs within the networks to alert them. In this case the details of such a sensor node will be made available to other BSs. The data from this sensor node will not be considered pending the time it will be recovered. Algorithms 2 will carry-out analysis on every packet being sent by the sensor nodes to determine character by character the content of the packet. This will assist in detecting the false and true alerts (detection) on the network. Conclusions can then be drawn using results being generated. The implementation of the two Algorithm will achieve intrusion detection and types of intrusion on the network. Each sensor can be uniquely identified. The sensor would have being programmed before any deployment.
1>which was arranged from intrusions simulated in a military network environment, consists of 34 types of numerical features and 7 types of symbolic features, regard to different attack properties. This dataset considers many attack behaviors catagorized into four groups and one kind of normal communication,then recorded data are classified based on these four groups and normal group.2>JSim is a Java-based simulation which is for building quantitative numeric models and analyze these models regarding to experimental reference data.computational engine is quite general and it can be used in a wide range of scientific domains.3>TMoteplatform.TMote platform used the CC2420 radio communication chip which designd for low-power and low-voltage wireless applications.
According to the security level standard, protocols must be as light as possible with regard to limited sensor energy in WSNs. Therefore, IDS in WSNs need to detect intrusion in a way that does not threat sensor energy dissipation. The goal of a secure routing protocol for a WSN is to ensure the integrity, authentication, and availability of messages [18]. Most of the routing protocols for WSNs are vulnerable to various types of attacks like advertising routes by an adversary node to non-existent nodes. To handle these problems different mechanisms, for example appropriate authentication or creating trust table in each node can be used to ensure that only legitimate group nodes receive broadcast and multicast communication,