Research Article Applying an Ontology to a Patrol …downloads.hindawi.com/journals/ijdsn/2014/634748.pdfResearch Article Applying an Ontology to a Patrol Intrusion Detection System

Research ArticleApplying an Ontology to a Patrol Intrusion DetectionSystem for Wireless Sensor Networks

Chia-Fen Hsieh Rung-Ching Chen and Yung-Fa Huang

Chaoyang University of Technology 168 Jifeng E Road Wufeng District Taichung 41349 Taiwan

Correspondence should be addressed to Rung-Ching Chen crchingcyutedutw

Received 9 July 2013 Revised 4 November 2013 Accepted 8 November 2013 Published 6 January 2014

Academic Editor Hung-Yu Chien

Copyright copy 2014 Chia-Fen Hsieh et alThis is an open access article distributed under the Creative CommonsAttribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

With the increasing application of wireless sensor networks (WSN) the security requirements for wireless sensor networkcommunications have become critical However the detection mechanisms of such systems impact the effectiveness of the entirenetwork In this paper we propose a lightweight ontology-based wireless intrusion detection system (OWIDS)The system appliesan ontology to a patrol intrusion detection system (PIDS) A PIDS is used to detect anomalies via detection knowledgeThe systemconstructs the relationship of the sensor nodes in an ontology to enhance PIDS robustness The sensor nodes preload comparisonmethods without detection knowledgeThe system transfers a portion of the detection knowledge to detect anomaliesThememoryrequirement of a PIDS is lower than that of other methods which preload entire IDS Finally the isolation tables prevent repeateddetection of an anomaly The system adjusts detection knowledge until it converges The experimental results show that OWIDScan reduce IDS (intrusion detection system) energy consumption

1 Introduction

Recently wireless security issues have drawn the attentionof wireless network and wireless sensor network (WSN)researchers WSN is a novel technology that involves thedeployment of low-cost microhardware and resource-limitedsensor nodes Applications of WSN include battlefield super-vision disaster response and health care [1 2] After sensornodes are deployed they self-organize and establish routesautomatically and transmit their information on their sur-roundings to a base station (BS) Since each sensor node hasa limited and irreplaceable energy resource energy conser-vation is the most important performance consideration in aWSN

A WSN has two major defenses cryptography and anintrusion detection system (IDS) Cryptography protectsinformation via encryption decryption and authenticationof each node Cryptography is the first line of protectionin WSN security An IDS protects information by anomalydetection An IDS detects each node by its behavior If asensor node is misbehaving the IDS will alert its managersThis is the second line of defense in WSN security

A Sybil attack is a common method that attackers useto gather information from the WSN Intruders pretend tobe sensor nodes routes andor base stations They use theseroles to request and collect data When they have receiveddata they copy it and return it to the real and victim nodesto establish their bona fides The attackers thus obtain theinformation they need to finish their preparationsThis attacktype merely copies information without altering it It is diffi-cult for the system to detect it and to redeploy against furtherintrusion [3] If the intrusion detection system prevents Sybilattacks it can reduce the severity of attacks To counterthis attack each node must be identified and authenticatedcorrectly The authentication method requires a simplifiedalgorithm to reduce energy consumption However if it is tooeasy to decrypt it will lose efficacyThus the system combinesIDS and an ontology to construct the relationship betweeneach node providing a novel way to detect Sybil attacks Weproposed an ontology IDS method which can detect Sybilattacks to prevent further attacks by intruders

Soft computing has been widely used for wired securitydue to its high knowledge extraction capabilities Howeverlittle research has been done on using soft computing in

Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2014 Article ID 634748 14 pageshttpdxdoiorg1011552014634748

2 International Journal of Distributed Sensor Networks

WSN IDS Soft computing consumes resources while themodel is being trained and tested with various machinelearning tools such as SVM [4] rough set [5] and ANN[6] Unfortunately WSN IDS resources are limited Thuslightweight soft computing applications for IDS are critical[7ndash9] The IDS uses well-trained features to reduce thefeatures of the system If the training and testing of IDSWSN information use soft computing processing in the basestation it can be lightweight In this paper we will implementontology-based lightweight method technologies to improvethe effectiveness of WSN IDS

An ontology is a knowledge representation methodThe main aim of the ontology is to classify independentknowledge into concepts and to determine the relationshipbetween them The classification knowledge of the ontologyis used to infer new knowledge In our research the nodesof the WSN are constructed in the ontology in their entiretyThe relationships of the sensor nodes may then be applied todetect malicious nodes [10]

After deployment of the WSN is completed the basestation (BS) will gather position information During thepreparation stage the IDS establishes the conceptual relation-ships of each sensor node in the ontology The transmissionof each node will depend on its relationship to the ontologyThe attacker cannot then pretend that malicious nodes arevalid nodes Thus the major contribution of this paper is topropose a lightweight intrusion detection method based onthe domain knowledge

The method is divided into four steps (1) Constructthe relationship of the sensor nodes in the ontology Thepatrol nodes will use the relationships of ontology toenhance system robustness (2) Choose detection knowledgedepending on the monitoring environment The patrol nodeloads detection knowledge to perform a circuit of anomalydetection (3) Record the error information in an isolationtable And (4) repeat these steps until the detection knowl-edge has converged In fact we rename the ranger nodethe patrol node since it is more appropriate for the nodeattributes Thus in this paper we use PIDS (patrol intrusiondetection system) instead of RIDS (ranger intrusion detectionsystem) as in our previous paper [11]

The rest of this paper is organized as follows Section 2presents the literature review Section 3 introduces ourmethodology Section 4 shows the experimental results andevaluations In Section 5 conclusions and suggestions aregiven for future research

2 Related Work

21 Intrusion Detection Systems in Wireless Sensor NetworksIntrusion detection systems detect intruders based on theirattack behaviors In cryptography each node authenticatesother nodes using their encryption method which is knownas a symmetric key Authentication methods only protectagainst outsider attacks as the first line of defense If attackerspenetrate this defense they can gather cryptographic infor-mation Thus the IDS is the second line of defense which

detects user misbehaviour and alerts managers immediately[12]

Wireless sensor networks broadcast data among nodes Apotential intruder gathers such data until it is able to decryptauthentication After an intruder obtains the associated keysit can connect to neighboring nodes and attack them freelyIn some cases intruders can gather sufficient information tocrash the entire network

However intruder behavior is different from that ofnormal nodes System managers use intrusion detection sys-tems to detect anomalous behaviors An intrusion detectionsystem has two detection methods misuse detection andanomaly detection [13] The misuse detection system storesbehaviors of known attacks in an attribute database Thesystem compares user behaviors with the attribute databaseto find intrusions The anomaly detection system storesnormal behaviors of common users in the rule database Thesystem compares user behavior with normal behavior to findintruders

In a misuse detection system the attack rules are com-posed of known attack behaviors This type of system issimilar to antivirus software in which scanned data arecompared to known virus codes If the behavior is found inthe attribute database the systemdeletes the affected filesThemisuse detection system stores the known attack behaviorsin an attribute database If the attack behavior is similar tothe rules in the database an attack is detected and the systemdefends itself The main drawback of misuse detection isthat the detection is dependent on information already inthe attribute database so it is difficult to identify new attackbehaviors

Anomaly detection is different from misuse detectionIn anomaly detection the system constructs a user modelbased on the behavior of normal users When user behavioris abnormal the system notifies managers that there is apotential intruder Since intruder attack methods rapidlyevolve the anomaly detection system collects normal userbehaviors and detects intruder behavior by comparing it withnormal behavior The anomaly detection system must clearlydefine correct user behaviors Otherwise the systemwill havea high false detection rateThus the drawback of an anomalydetection system is greater likelihood of false alarms

WSN intrusion detection approaches are divided intofour types continuous event-driven observation-drivenand combination [14]

(1) Continuous the IDS records alarms but does nottransmit data to the administrator immediatelyWhen the detection process has finished its dutycycle the IDS will return alarms to the BS

(2) Event-driven this method has no duty cycle Whenattack misbehavior is detected the IDS will transmitthe information to the administrator immediatelyThe administrator then must decide how to processthe anomaly information

(3) Observation-driven the anomaly information is pro-cessed when the system detects an attack If theintrusion is serious the administrator can initiate theisolation method to limit the damage

International Journal of Distributed Sensor Networks 3

(4) Combination this method combines two or more ofthe above methods In a normal system sensor nodesreport detection data periodically If attack behavioris detected the IDS will alert the administrator

22 Ontology Methods An ontology represents the rela-tionships between the concepts of domain knowledge Inan ontology the system often assumes correct relationshipsbetween each concept A defined ontology for intrusiondetection systems was constructed by Undercoffer et al[15] According to their definitions three different compo-nents made up the construction of ontologies for intrusiondetection systems The first category reflects the networkclass including the network layers of the protocol stacksuch as TCPIP The second category is the system classrepresenting the operating systemof the hostThe last processclass defines attributes representing particular processes thatare to be monitored They use the ontology specificationlanguage DAML (DARPAAgentMarkup Language) andOIL(Ontology Inference Layer) to implement their ontology andto distribute information The ontology and the inferenceenginewere used as an event aggregation language to confirmthe existence of an attack on a wired network

Cuppens-Boulahia et al [16] presented an approach toreact to network attacks using an ontology to store policyinformation and to generate new security models The policyinformation models can be combined to prove the instan-tiation of the policies They used the ontology specifica-tion languages OWL (Web Ontology Language) and SWRL(Semantic Web Rule Language) They offer the advantage ofexisting generic tools for parsing and reasoning OWL allowsmerging distributed ontologies However the expressivityof SWRL is limited since it does not permit several logicoperators such as OR or NOT Further the SWRL rules maynot be used to alter or delete information in the ontologyThisfact reduces the potential to revoke their method Most ofthe literature on WSN focuses on constructing the rules forthe IDS onWSNThis literature lacks information on how toconstruct the relationships of nodes in the WSN [17 18]

3 Ontology-Based Wireless IntrusionDetection System (OWIDS)

When sensor nodes are taken over by an intruder the normalsensor nodes become malicious nodes The malicious nodesgather data from neighboring nodes in the preparation stageThey alter information and broadcast wrong informationto normal nodes Moreover they rapidly exhaust WSNresources In wired networks the manager detects intrudersusing a well-trained intrusion detection system working withrobust resources However the resources of a WSN arelimited and the protocols of aWSN differ from those of wirednetworks Managers cannot construct wired IDS on a WSNIn this paper we propose a lightweight intrusion detectionsystem that minimizes energy consumption in intrusiondetection for wireless sensor networks

The Sybil attack is a common attack method that is usedto gather information from a WSN It is hard to detect but

enables an intruder to attack the WSN more easily Ourmethod uses an ontology to construct relationships betweensensor nodes The constructed relationship enables the IDSto detect a Sybil attack

In this paper the wireless sensor network is a hierarchicalnetwork that has four roles namely base station cluster headpatrol nodes and sensor nodes They are defined as follows

(1) Base station (BS) the BS is controlled by the admin-istrator and has robust energy and computing poweras well as a high degree of security The base stationreceives environmental information and sensor nodedata from the cluster head The base station usesa detection module to analyze the data The patrolnodes will patrol the network and monitor it Whenthe patrol cycle is completed the base station inte-grates the new collection of the network data Theintegrated data is simplified into the database untilthe attacking pattern knowledge has converged Theadministrator analyzes information from each nodeand constructs the relationship of the WSN in theontologyThe relationship adjustment depends on theWSN environment

(2) Cluster head (CH) the CH is responsible for con-nectivity between the wireless sensor network andbase station The CH controls the work of the patrolnodes The patrol nodes return information to CHTheCHwill balance the duty cycle of the patrol nodesand then assign patrol nodes for monitoring and dataintegration The CH transmits detection knowledgeand ontology relationships to the patrol nodes

(3) Patrol nodes (PN) a patrol node is a sensor nodewhich carries knowledge of how to detect intrusionThey share the work of the CH Since the WSN envi-ronment includes general events and emergenciesthe patrol nodes collect information on their sensornodes The patrol nodes use the detection knowledgeto monitor sensor nodes integrate information andtransmit it back to a CH The node relationshipscarried by the patrol node are used to detect attacksPatrol nodes will record information into an isolationtable In normal cases the patrol nodes send theisolation table to the CH regularly However if anunexpected situation occurs the isolation table willbe transmitted to the CH immediately

(4) Sensor nodes (SN) they are responsible for the overallnetwork and sense environmental dataThey transmitthe data to patrol nodes for regular integration Thesensor nodes have no ontology information at all

The workflow of our system is shown in Figure 1 Firstthe system gathers WSN packages and attack packages tobuild an intrusion features database to enable evaluation ofanomalous transmission packages The system then appliesthe ontology to construct the relationship between thewireless sensor nodes The manager sets the threshold valueof the ontology relationship to detect attacks The patrolintrusion detection system (PIDS) is a lightweight systemthat uses the detection knowledge to monitor the nodes


Deploy WSN and collect environment data

Gather package information

Construct relationship of WSN on ontology

Set relationship threshold

Simulate attack packages and protocol packages

Assign ontology to patrol node

Adjust attack knowledge until it has converged

Record anomaly information

Initialize OWIDS

Intr

usio

n de

tect

ion

stag

eO

ntol

ogy

cons

truc

tion

stag

ePr

epro

cess

ing

stage

Figure 1 The workflow of our system

in the wireless network The patrol node carries differenttypes of knowledge of how to detect intrusion dependingon the environment The ontology-based wireless intrusiondetection system (OWIDS) is divided into three stagesthe preprocessing stage ontology construction stage andintrusion detection stage

The preprocessing stage shows that each nodemust trans-late its data to base station and find the best translation routefor such dataThe ontology construction stage is divided intothe definition relationship and ontology construction phaseEach node calculates the membership value and defines therelationships between patrol nodes and sensor nodes Theintrusion detection stage compares the detection data tothe ontology pattern to find intrusions Finally the systemrecords anomaly information in an isolation table

The algorithm of the preprocessing stage is shown inAlgorithm 1 the algorithmof the ontology construction stageis shown in Algorithm 2 and the algorithm of the intrusiondetection stage is shown in Algorithm 3 The symbols of thealgorithms are as follows 119868 is information including ldquoSen-sorNodes ID energy 119864 4 hops sensed data type STrdquo arr[] isthe type of resource of the sensor nodes Patrolcandidate[]represents the candidate list of patrol nodes CH is the clusterhead 119904

119894and 119904119895represent different sensor nodes in the WSN

resource (119904119894) represents the resources of 119904

119894 such as energy

hops and sensor data type hop(119904119894 119904119895) is the number of hops

between 119904119894and 119904119895 patrolnode(119904

119894) represents the patrol node

assigned to 119904119894 119901119899119896represents the ID of the patrol nodes

119900119899119905119900119897119900119892119910[] means the ontology constructed by our methodand 119860[] represents the isolation table

31 Preprocessing Stage The system attempts to configurewireless sensor network nodes through random distribu-tion to simulate the wireless option connection When thedistribution of every node is completed the packet will becollected by the base station (BS) In addition the BS can usea routing protocol package to analyze intrusion behaviorsTo define several attacking behaviors the manager can useattack thresholds or attack featuresThe transmission packagecan be captured by the intrusion detection system The datathen need to be normalized in preprocessing followed by theconstruction of a network intrusion detection module Thealgorithm of the preprocessing stage is shown in Algorithm 1

After the WSN has been deployed the sensor nodesbroadcast to each other and construct route informationThe BS gathers data from the sensor nodes that includes thesensor node identification (number) energy (joules) hopdistance (hops) and sensing data type (ST) The system usesthe received information to construct the ontology


Algorithm OWIDSInput The packages of wireless sensor networks 119901Output 119860 list of anomaly nodes 119860[]

BEGINlowastPre-processing Stagelowastlowastbroadcasting routinglowastfor each sensor node 119904 connected to 119909 do

for each sensor node y in the network doif 119863119904[119910] + 119904(119909 119904) lt 119863

119909[119910] then

lowasta better route from 119909 to 119910 through s has been foundlowast119863119909[119910] larr 119863

119904[119910] + 119904(119909 119904)

119862119909[119910] larr (119909 119904)

lowastintegrating informationlowastfor each sensor node s transmitted to base station 119887119904 do

send data of itself 119868 to base station 119887119904

return 119868

Algorithm 1 Algorithm of preprocessing stage of OWIDS

32 Construct Ontology Stage Due to the nature of a Sybilattack it is hard to use an IDS to detect it In the systemthe relationships of each sensor node in the ontology areconstructed first Then the patrol node compares the rela-tionships of the ontology conceptual nodes to the testedwireless networks to determine whether the system has beenattacked The method for constructing the ontology is givenbelow The algorithm of the ontology construction stage isshown in Algorithm 2

After the entireWSN has been deployed the informationon each sensor node is translated to the base station forthe system to construct the ontology The relationships ofthe sensor nodes are constructed in the ontology Eachsensor node transmits its connection information to the basestation This method thus is a top-down design for ontologyconstruction in which construction proceeds from the basestation to the sensor nodes The system sorts sensor nodesdepending on the energy of the sensor nodes and selects thesensor node that has the best energy to be the cluster headThe candidates for patrol nodes are the top 20 of sensornodesThe patrol nodes are chosen by the candidate of patrolnodes that are one hop from the cluster head After the systempicks the patrol nodes up it begins to construct the ontology

First the system constructs patrol nodes in the ontologyThe system calculates the similarity between the patrol nodesusing formula (1) Formula (1) is calculated between patrolnodes and patrol nodes 119901119899

119894cap 119901119899119897means that the system

compares the data of 119901119899119894with the data of 119901119899

119897to gather the

minimum number (the data is energy() hop() ST() etc)The 119901119899

119894cup119901119899119897means that the system computes the data of 119901119899

119894

with the data of119901119899119897to gather theminimumnumber Consider

119878119894119898119894119897119886119903119894119905119910 (119901119899119894 119901119899119897) =

sum119899

119897=1(1003816100381610038161003816119901119899119894 cap 119901119899

119897

1003816100381610038161003816 1003816100381610038161003816119901119899119894 cup 119901119899

119897

1003816100381610038161003816)

119899 (1)

The construction of the patrol nodes in the ontologydepends on formula (1) which indicates the relationship ofthe patrol nodes Similar patrol nodes exchange information

with each other The relationship is used to construct sensornodes in the ontologyThere are two concepts of sensor nodeequal concept and sibling concept as follows

Definition 1 (equal concept) Consider

119864119902119906119886119897 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | ℎ119900119901 (119904

1

119894 1199042

119894) = 1

and (119878119890119899119904119900119903119873119900119889119890 (1199041

119894) = 119878119890119899119904119900119903119873119900119889119890 (119904

2

119894)

and 119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894))

(2)

The 1199041119894and 1199042119894are two different sensor nodes in theWSN

The distance between 1199041119894and 1199042119894is equal to one hop 119904119899

119894

indicates the sensor node 119899 is managed by 119901119886119905119903119900119897119899119900119889119890 119894119878119890119899119904119900119903119873119900119889119890(119904119899

119894) and 119903119890119904119900119906119903119888119890(119904119899

119894) indicate the class name

of the 119878119890119899119904119900119903119873119900119889119890 and the resources of 119878119890119899119904119900119903119873119900119889119890 119904respectively When 119903119890119904119900119906119903119888119890(1199041

119894) asymp 119903119890119904119900119906119903119888119890(1199042

119894) it means

the resources (energy hops sense type) of 1199041119894are similar

to the resources of 1199042119894 Definition 1 defines the concepts of

sensor nodes having equivalent resources and being close toeach other For example if a pair of concepts ldquo1199041rdquo and ldquo1199042rdquohas overlapped broadcasting range and possesses equivalentresources the equal concept definition is satisfied and thesystem will construct the relationship between them Therest of concepts will be used to determine the hierarchicalrelations in the ontology concepts

Definition 2 (sibling concept) Consider

119878119894119887119897119894119899119892 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | 1199041

119894= 1199042

119894

and (119878119894119887119897119894119899119892119879119890119903119898 (1199041

119894 1199042

119894)) and 2


lowast Construct Ontology Stage lowastlowast sort sensor nodes lowastfor each sensor node s in the network do

for (119894 = 119899 minus 1 119894 gt 0 119894 minus minus) dofor (119895 = 0 119895 lt 119894 119895++) do

if energy(119904119895) gt energy(119904

119894) then

buffer = arr[119895]arr[119895] = arr[119895 + 1]

arr[119895 + 1] = bufferreturn arr[] lowast return sort information lowast

set CH = arr[1] lowast the system selects up best sensor node to be cluster head lowastlowastpick up patrol nodeslowast

for (119901 = 0 119901 lt 119899 lowast 02 119901++) doPatrolcandidate[119901] = arr[119901] lowast pick up top 20 of sensor nodes lowastfor each sensor node 119904 in the Patrolcadidate[] doif hop(119904

119894 CH) = 1 then

lowasta patrol node has foundlowastset patrolnode[] = 119904

119894

lowastConstruct patrol nodes in Ontologylowastfor each patrol node in the network do

for (119897 = 1 119897le 119899 119897++) do lowast119897 is the index of patrol node lowast119905119897= intersection (119901119899

119894 119901119899119897) union (119901119899

119894 119901119899119897) lowast119905119897is similarity of patrol node 119897lowast

119905 = 119905 + 119905119896lowast119905 is the similarity lowast

return 119905

similiarity(119901119899119894 119901119899119897) = 119905119896

119901119899119897[] larr 119901119899

119894

Ontology[] larr 119901119899119897[]

lowast definition sensor nodes relationship lowastfor each sensor node s in the network do

if 119904119894ltgt 119904119895and resource(119904

119894) resource(119904

119895) and hop(119904

119894 119904119895) = 1 then

lowast a equal sensor has found lowastset 119904119894and 119904

119895are equal sensor nodes

for each sensor node s in the network doif 119904119894ltgt 119904119895and resource(119904

119894) resource(119904

119895) and 2 ≦ hop(119904

119894 119904119895) ≦ 3 then

lowasta sibling sensor has foundlowastset 119904119894and 119904

119895are sibling sensor nodes

else if patrolnode(119904119894) cap patrolnode(119904

119895) ltgt then

lowast 119886 sibling sensor has found lowastset 119904119894and 119904


lowast Construct Ontology lowastfor each sensor node in the network do


119896 119904119894) union (119901119899


119905 = 119905 + 119905119896

lowast119905 is the similarity lowastreturn 119905

similiarity(119901119899119896 119904119894) = 119905119896

119901119899119896[] larr 119904

119894

Ontology[] larr 119901119899119896[]

Algorithm 2 Algorithm of the construct ontology stage of OWIDS

le ℎ119900119901 (1199041

119894 1199042

119894)

le 3 or (119875119886119905119903119900119897119873119900119889119890 (1199041

119894 1)

cap119875119886119905119903119900119897119873119900119889119890 (1199042

119894 1) = 0)

119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894)

(3)

The 119878119894119887119897119894119899119892119879119890119903119898(1199041119894 1199042119894) indicates that 1199041

119894has a sister

term 1199042119894 In other words the sensor nodes have an identical

patrol node in the WSN and 119875119886119905119903119900119897119873119900119889119890(1199041119894 1) means that

the distance of 1199041119894from the patrol node is one hop When the

distance between 1199041119894and 1199042119894is less than or equal to 3 it will

be adjusted depending on the scale of the WSN Definition 2has two situations either a pair of concepts has sister-termrelations in the WSN or a pair of concepts has a common


Situation 1 Situation 2

Pnl Pnl

Pn2 s2

s1

s2s1

(a) (b)

Figure 2 The sibling relationship

patrol node over more than one levelThe difference betweenthem is shown in Figures 2(a) and 2(b) Situation 1 andsituation 2 are the relationships of SensorNode 1199041

119894and Sen-

sorNode 1199042119894in the WSN structure Situation 1 indicates that 1199041

119894

and 1199042119894have a sister-term relationship in the WSN situation

2 indicates 1199041119894and 1199042119894are not sister terms However they

satisfy the sibling concept because they have a commonpatrol node on the upper level In this case the distancebetween 119904

1

119894and 1199042119894is 3 hops as shown in Figure 2(b)

An ontology has various elements including conceptsattributes operators instances relations and axioms Ourontology has membership values between the patrol node(119901119899) and the sensor node (119904) The set of values between thepatrol nodes and sensor nodes is called the subclass Forexample the sensor node contains attributes such as senseinformation remaining resources and route informationThe membership values between patrol nodes and sensornodes can be calculated by formula (4) [19] Suchvalues might include for example 119899

1energy(08) hop

(02) ST(09) 1199011198992energy(03) hop(08) ST(08) and

1199041energy(075) hop(02) ST(07)The subclass is (119904

1 1199011198991) =

(075 + 02 + 07) (08 + 02 + 09) = 16519 = 087 Thesubclass is (119904

1 1199011198992) = (03 + 02 + 07) (03 + 08 + 08) =

1221 = 057 The membership value consists of sensornodes such as 119901119899

1(087) and 119901119899

2(057) the numbers

represent the membership values in each patrol node Themembership value between a patrol node and a sensor nodemay then be found The 119904

1is the subclass of 119901119899

1 Consider

119904119906119887119888119897119886119904119904 (119904 119901119899) =

1003816100381610038161003816119904 cap 1199011198991003816100381610038161003816

10038161003816100381610038161199011198991003816100381610038161003816

(4)

The relations between sensor nodes can be defined ina number of ways such as Belong-to and Consist-of whilethe subclass defines the values of the relationships betweenthe sensor nodes After constructing the concept layer themembership values can be simply and directly joined tothe ontology Each concept has the membership values foreach relevant patrol node The system can then build up theconcept hierarchyThe ontology information includes sensornode identify (number) patrol node identify (number)

energy (joule) hop distance (hops) and sensing data type(ST) as shown in Figure 3

The related value of the concept should define a suitablethreshold Let 119901119899

119896be the 119896th patrol node ofWSN 119904

119894indicates

the sensor node 119894 in the WSN 119901119899119898is the patrol node that

belongs to 119901119899119896 and 119899 is the number of comparison nodes

under the patrol node 119901119899119896 The similarity formula is listed in

formula (5) Formula (5) is similar to formula (1) Formula(1) is the similarity between patrol node and patrol nodeFormula (5) is the similarity between patrol node and sensornode

119904119894119898119894119897119886119903119894119905119910 (119901119899119896 119904119894) =

sum119899

119898=119896(1003816100381610038161003816119901119899119898 cap 119904

119894

1003816100381610038161003816 1003816100381610038161003816119901119899119898 cup 119904

119894

1003816100381610038161003816)

119899 (5)

For example the system uses formula (5) to calculatethe similarity of formal concepts Each patrol node hasmany sensor nodes Figure 4 shows an example of calculationbetween 119901119899

119896and 119904119894 It is not an ontology figure An example

of the ontology is shown in Figure 5 The similarity between119901119899119896and 119904119894is calculated as follows

119904119894119898119894119897119886119903119894119905119910 (1199011198991 1199041)

= (075 + 02 + 07

08 + 02 + 09+

02 + 07

075 + 02 + 075

+075 + 06

075 + 02 + 06) times (3)

minus1= 068

119904119894119898119894119897119886119903119894119905119910 (1199011198992 1199041)

= (03 + 02 + 07

03 + 08 + 08+

03 + 07

075 + 02 + 07) times (2)

minus1

= 047

(6)

We select themaximum similarity value of the conceptualpairs between 119901119899

119896and 119904

119894to determine the sonsor node 119904

119894

belongs to which patrol nodes 119901119899 In this case 1199041is more

similar to 1199011198991 The IDS calculates the relationship between

119899119901119896and 119904

119894to define the relationship threshold The IDS

calculation threshold depends on the similarity formula indifferent environments A higher threshold makes the entireWSN more secure However a higher threshold for the IDSmeans that attacks are easily misidentified

An example of an ontology is shown in Figure 5 Thereare 10 sensor nodes in the example For practical applicationsour method supports 50 sensor nodes in the ontology Theontology has a domain layer a category layer a patrol nodelayer and a sensor node layer The domain layer representsthe ontology domain issue thatwe focus on in constructing anIDS for a WSN Next the category layer represents differentjobs on the WSN such as sensing humidity temperatureand brightness One sensor node will take on one or moretasks The patrol node layer contains the information foreach patrol node in the WSN Each patrol node has anID energy (joule (j)) sensing data type (ST) the distanceto the cluster head (Hop) and membership value betweeneach relevant object for example119901119899idEnergy(j) hop(1hop)ST(1number of sense types) The sensor node layer con-tains each sensor node ID energy (joule (j)) sense data type


Patrol node number

Sensor node number

Energy(J)

Sense data type

The membership value between each relevance object

Patrol node number

Sensor node number

Energy(J)

Sense data type


Relation type

Subclass

Hops

Hops

Figure 3 The information of the concept of nodes in ontology

(ST) the distance to the cluster head (hop) and membershipvalue between each relevant object

33 Intrusion Detection Stage The attackers that intrudewireless sensor network can be divided into two stagespreparatory phase the attack and destruction phase Theattack behaviours of attack and destruction phase includesinkhole attack blackhole attack and hello flooding Inorder to obtain the required information of attack anddestruction phase the attackers apply Sybil attack to disguisevarious roles The behaviours of attack phase used differ-ent transmission technology to burn entire network evencause WSN unusable All the above behaviours are calledanomaly behaviours The assignment system will completethe information for the integration of the environmentalanalysis The ontology contains the entire relationship of theWSNThe system can preselect the knowledge based on thoseenvironmental attacks The ontology can thus detect illegalnodes in the WSNThe rules are shown in Algorithm 3

The WSN is usually deployed unequally causing it torapidly consume energy We have proposed a PIDS usingdetection knowledge to detect anomalies [11] The PIDS istransferred between patrol nodes to detect whether neighbor-ing nodes exhibit anomalies The PIDS will choose differentdetection knowledge in different environments The PIDSmerely requires a portion of the detection knowledge todetect an anomaly which reducesWSN energy consumptionThe architecture of the OWIDS combines the PIDS with theontologyTheOWIDS is transferred between the patrol nodesto detectwhether neighbouring nodes are anomalous Similar

to the PIDS the OWIDS will choose different detectionknowledge in different environments It requires merely aportion of the detection knowledge to detect anomaliesreducing WSN energy consumption The system will matchthe database and the attack pattern If there appears to benonselected detection knowledge the detection knowledgewill be added The intrusion detection mechanisms werecomputed on the base station The classification methodof detection knowledge is described in the following para-graphs

The detection knowledge is classification by supportvector machine (SVM) [21] The proposed method provideda strong argument for the improvement of WSN intrusiondetection systems The SVM uses a high dimension spaceto find a hyperplane to perform binary classification to findminimal error rate Notably the SVM is able to handle theproblem of linear inseparability The SVM uses a portion ofthe data to train the system finding several support vectorswhich represent the training data These support vectorswill be formed into a model by the SVM representing acategory According to this model the SVM will classify agiven unknown document A basic input data format and anoutput data domain are given as follows

(119909119894 119910119894) (119909

119899 119910119899) 119909 isin 119877

119898 119910 isin +1 minus1 (7)

where (119909119894 119910119894) (119909

119899 119910119899) are training data 119899 is the number

of samples119898 is the input vector and 119910 belongs to category of+1 or minus1

Regarding linear problems a hyperplane can be dividedinto two categories The hyperplane formula is

(119908 sdot 119909) + 119887 = 0 (8)

The category formula is

(119908 sdot 119909) + 119887 ge 0 if 119910119894= +1

(119908 sdot 119909) + 119887 le 0 if 119910119894= minus1

(9)

However it is not easy to find hyperplanes with which toclassify the dataThe SVMhas several kernel functions whichusers can apply to solve different problems As such selectingthe appropriate kernel function can solve the problem oflinear inseparability Also internal product operations affectthe classification function and a suitable inner product func-tion119870(119883119894 sdot 119883119895) can solve certain linear inseparable problemswithout increasing the complexity of the calculation Originaldata includes 31 features tagged with numbers from 0 to 30The system will convert the contents of the 31 features intonumeric values For instance the first element is ldquoEventrdquo andthe parameter is ldquo119904rdquo which is mapped to ldquo0 01rdquo An exampleof SVM data is shown in Figure 9 The OWIDS combinesontology with detection knowledge The patrol nodes carrypart of ontology to detect Sybil attack and the detectionknowledge is used to detect sinkhole blackhole and helloflooding

The ontology is divided into several parts depending onthe region of the patrol node The system sends detectionknowledge and the ontology to the cluster head The patrol


lowast Intrusion Detection Stage lowastfor each neighbor of patrol node s doreceive (119904id 119901119899id 119904INFO 119864119894) lowast Receive 119904id 119901119899id 119904INFO and the remaining energy lowastif 119904id ltgt Ontology [] then lowast Check whether the sensor node is constructed in the Ontology lowast

then 119860[] = (119904id 119901119899id 119860119899) lowast Record 119904id 119901119899id and anomaly information lowastif Pattern (119904) = Pattern (119860119872)lowast Check whether the receive information is different from attack knowledge lowast

then 119860[] = (119904id 119901119899id 119860119899) lowast Record 119904id 119901119899id and anomaly information lowastelse if broadcast 119860[] to 119862id lowast Broadcast isolation table to CH to back up lowastend for

Algorithm 3 Algorithm of the intrusion detection stage of OWIDS

Base station

energy (08) hop (02) ST (09) energy (03)

hop (08) ST (08)

hop (02)ST (07)

energy (075) ST (06)

energy (03) ST (07)

energy (075) hop (02) ST (07)

068

047pn1

pn3

pn4

pn5

pn2

s1

Figure 4 An example of membership calculation

node is a sensor node to do detection but its energy is limitedThe OWIDS does not train detection mechanism on patrolnode and only the cluster head transmits detection rules topatrol nodes The patrol nodes detect attacks by rotation toreduce the overall WSN energy consumption and extend thelifetime of the WSN When the duty of the patrol nodes isover the CH will collect the WSN information and transmitit to the base station The BS analyzes the informationtrains the detection data and constructs the ontology againThus the detection knowledge can be adjusted accordingto the WSN environment To improve the accuracy ofthe intrusion detection the system repeats the detectionknowledge training to remove less frequently used data untilthe knowledge converges This reduces the features of thedetection knowledge and makes the detection knowledgemore lightweight

The WSN is a self-organizing network meaning that therouting table will be changed The clustering system of theWSN will change cluster heads periodically The WSN as awhole thus cannot keep isolating anomalous nodes Rede-tection of anomalous nodes consumes energy This paperthus proposes an isolation table recorded in the base station[20] If new cluster heads are assigned or the entire WSNis changed the patrol maintains isolation of anomaly nodesusing the isolation table Intruders thus cannot attack theWSN through isolated anomaly nodes reducing redetectionenergy consumption

4 Experimental Results

The system performance was evaluated by network sim-ulation (NS-2) The experimental hardware environmentsconsisted of an Intel Core 2 i5-2410M CPU 230GHzNotebook with 8GB RAM and was implemented under theWindows 7 operating system The area for the simulationof the WSN was within 10000 square meters The field isstatic and deploys 300 sensor nodes randomly each with abroadcast radius of 50m The OWIDS uses a protegee toconstruct the ontology The behaviors of the attacker weregenerated by a Java program The attacks were randomlygenerated by different kinds of attack patterns For exampleSybil attacks were generated every 20 seconds but theattackers will masquerade different kinds of roles randomlysuch as cluster head sensor node The OWIDS detects Sybilattacks using the relationship of ontology In addition theexperiment was meant to simulate transmission packages inwireless sensor networksThe communications of packets canbe captured byOWIDSThedatawas collected from theWSNpackets of NS-2 simulator The data set can be divided intotwo protocols the training data and the testing data Thepackets are randomly selected for training and testing

Before using SVM classification the system performa data scaling operation to increases the accuracy whilereducing complexity The system kernel is RBF 119870(119909 119910) =

ℓminus119892119909minus119910

2

The systemwill classify the attributes of the features


WSN Domain layer

Brightness Category layerHumidity Temperature

Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513

Humidity temperature

hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1

Temperature humidity

Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2

Brightness temperature

energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2

Temperature brightness

Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3

ST (05)energy (1) hop (1) pn1

pn2 pn3

middot middot middot


057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J

energy (063) hop (03) ST (05)pn4 energy (082)

hop (03) ST (1) pn5

hop (01) ST(05) energy (093 ) S4561 energy (047) S2513 energy (098) S6829

energy (038) S1254 energy (1) S3152

pn2

pn4 pn5

Figure 5 An example of ontology construction


prior to preprocessing and use the SVM to train and testprocesses The output of SVM is 1 or minus1 If the output is 1there is an intrusion behavior on the model If the outputis minus1 it is normal The distribution of training data andtesting data are shown in Table 1 Specifically the user canemploy this model to evaluate the IDS 27 feature values areused to train three SVMmodels and to compare the accuracyof the three models [21]

This experiment compared OWIDS with the PIDS basedon energy consumption transmission accuracy and per-formance The attack behaviour is camouflaged as differentroles in the WSN The implementation environment is listedin Table 2 The total simulation time was 3600 sec Theattacks were randomly executed every 20 sec with attacksbeginning at six hundred sec The experiment assumes thatthe preprocessing stage is secure for attacks The maximumconnection meaning the maximum number of connections(end-to-end connection) used in the simulation was 80The experimental IDS was intended to simulate transmissionpackages in wireless sensor networks The IDS integratescommunications of packages and analyzes them

To estimate the performance of the OWIDS system threeimportant formulas and an indicator method are used toevaluate system accuracy attack detection rate (ADR) falsepositive rate (FPR) system accuracy (SA) and live nodes(indicator) The ADR represents the number of attacks thatthe IDS has detected out of the total number of attacks TheFPR represents the number of normal processes that theIDS has misclassified The accuracy rate is the total numberof processes the IDS has classified correctly The live nodesrepresent the number of useful nodes in the entire WSNwhich tests the loading of our methods and its performance

Attack Detection Rate

=Total number of detected attacks

Total number of attackstimes 100

False Positive Rate

=Total number of misclassified processes

Total number of normal processestimes 100

Accuracy Rate

=Total number of correct classified processes

Total number of processestimes 100

(10)

In this section we present three experimental resultsfor the OWIDS The first experimental method focuses onthe percentage of patrol nodes The patrol node is a kindof sensor node The BS chooses patrol nodes to executethe IDS The percentage of sensor nodes which should bepatrol nodes is a key issue Second the energy consumptionand remaining resources are present in the live nodes Thethird experimental method focuses on the ADR FPR andSA of the OWIDS Thus two types of experiments wereimplemented comparison of the number of live nodes across

Table 1 The training data and test data

Original Train TestNormal 80641 24192 7258Sinkhole 3568 1070 321Blackhole 5368 1610 483Hello flooding 44084 13225 3968Total 133661 40098 12029

Table 2 Implementation environment

Parameter ValuesSensor nodes 50 150 300Patrol nodes (20 of sensor nodes) 10 30 60WSN size 1000 lowast 1000 (m2)Starting energy 2 JTransmission radius 50mTransmission consumption 0036wReceive consumption 0024w

the non-IDS PIDS and OWIDS and comparison of thetransmission accuracy with PIDS

41 Percentage of Patrol Nodes The patrol node is used todetect abnormal behaviours OWIDS needs to balance thenumbers of patrol nodes and the overall life cycle of wirelesssensor networks From the experiment results twenty per-centages of patrol nodes can provide better detection resultsThe percentage of patrol nodes was set between 10 and 40at intervals of 10 The experiments are divided into 50 150and 300 sensor nodes These numbers are used to calculatethe suggested percentage of patrol nodes The experimentalresults are shown in Tables 3 4 and 5

The experimental results show that 30 and 40 yieldthe highest accuracy However the lifecycle of entire WSN isshorter than that when 10 and 20 are used The lifecycleof 10 is the longest but its accuracy is the lowest WhenOWIDS sets the patrol node percentage to 10 the loading isthe lightest However for theOWIDS at 10 the patrol nodeslack sufficient data to be compared with each other meaningthat the accuracy is the lowestThe accuracy of the case of 20patrol nodes is close to that of the case of 30 or 40 patrolnodes Hence the system selected 20 of whole sensor nodesas patrol nodes to do detection to save energy

42 Live Nodes of OWIDS The first simulation is shown inFigures 6 7 and 8The number of live nodes is defined as thenumber of sensor nodes in theWSN that still work normallyThe normal IDS trains detection features and translates theentire IDS onto the sensor nodes This consumes the WSNenergymore rapidlyThe lightweight IDS trains the detectionmethod on the base station and uses filtered features to detectintrusions In this case the IDS ismore lightweight and nodesremain alive longer Since a WSN may be used in manyapplications our method is implemented in eight situations


Table 3 Percentage of patrol nodes (50 sensor nodes)

Percent of patrolnodes () Patrol nodes Lifecycle (sec) Accuracy ()

10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97

The live nodes experiment has six situations no IDS andno attack no IDS but faces attacks loads PIDS but no attacksloads PIDS and faces attacks loads OWIDS but no attacksand loads OWIDS and faces attacks The overhead for PCHmonitoring is high if the notion of collaborative monitoringis absent If the patrol nodes are too few an intruder caneasily infiltrate the network The OWIDS combines PIDSand the ontology to detect anomalies Though it consumesmore energy than the PIDS the energy expenditure is nearlyidentical We simulate 50 150 and 300 sensor nodes in thenon-IDS PIDS and OWIDS Results show that the lifetimeof a sensor node is longest using OWIDS and that the sensornodes die slowly The MN sends data to the RN but not toany MN The RN obtains information directly from the MNThe connections between the RN and the PCH are similarmeaning that the OWIDS consumes less energy in gatheringdata andmonitoring theWSNTheOWIDS takes a part of theontology from PIDS The energy consumption of PIDS andOWIDS is similar in the no attack environment In Figures 6ndash8 there are more sensor nodes in theWSN meaning that thesystem hasmore patrol nodes to detect anomalies Hence theOWIDS detects misbehaviour more effectively The results ofthe simulation show that the OWIDS can easily be loadedonto the WSN

43 ADR FPR and SA of OWIDS The second simulationaddresses the attack detection rate the false positive rateand the accuracy rate in PIDS and OWIDS as shown inTable 6The total number of simulation packages is 1065474

0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)

Have no IDS and have no attack

Have no IDS but have attacks

Load PIDS but have no attacks

Load PIDS and have attacks

Load OWIDS but have no attacks

Load OWIDS and have attacks

Figure 6 The case of 50 sensor nodes in alive nodes

50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)







Figure 8 Case of 300 sensor nodes in live nodes

which include 1697 attack packages and 1063777 normalpackages In the PIDS patrol nodes carry attack knowledgeto detect anomalies The false positive rate is higher andthe attack detection rate is lower than that of OWIDS TheOWIDS appends the relationships of ontology making iteasier to detect illegal sensor nodes in the WSN The system


Table 6 Accuracy attack detection rate and false positive rate of OWIDS

IDS method Attack detection rate False positive rate AccuracyPIDS (15351697) 9045 (1414451063777) 1329 (9532871063777) 8961OWIDS (16651697) 9811 (401221063777) 377 (10253521063777) 9639

Table 7 The accuracy rate of detection classification

IDS method Sybil attack Sinkhole Blackhole Hello floodingPIDS (136150) 9067 (118130) 9077 (5562) 8871 (12261355) 9048OWIDS (145150) 9667 (128130) 9846 (5762) 9194 (13351355) 9852

Original Datas -t 1000000000 -Hs 8 -Hd -2 -Ni 8 -Nx 203200 -Ny 69300 -Nz 000 -Ne -1000000 -Nl AGT -Nw mdash -Ma 0 -Md 0-Ms 0 -Mt 0 -Is 80 -Id 40 -It cbr -Il 1000 -If 0 -Ii 0 -Iv 32 -Pn cbr -Pi 0 -Pf 0 -Po 0SVM Input Data0 01 1 1000000000 2 8 3minus2 4 8 5 203200 6 69300 7 000 8minus1000000 9 1 10 0 11 0 12 0 13 0 14 0 15 8016 40 17 1 18 1000 19 0 20 0 21 32 22 1 23 0 24 0 25 0 26 0 27 0 28 0 29 0 30 0

Figure 9 The SVM input data

accuracy of PIDS and OWIDS is higher than 8961 thetolerance value of the IDS in the WSN The results of thesecond simulation show that theOWIDSdetects attacksmoreeffectively

The attack packages include four types of attacks Sybilattack sinkhole attack blackhole attack and hello floodingthe detailed detection classification is shown in Table 7 Thesystem simulates 150 Sybil attacks 130 sinkhole attacks 62blackhole and 1355 hello flooding attacks The results ofaccuracy rate are shown in Table 7 The accuracy rate ofdetection classification is better than 90 and OWIDS isbetter than PIDS The results of the second simulation showthat the OWIDS detects attacks more effectively

5 Conclusions and Future Work

In this paper a preliminary research of intrusion detectionsystems based on domain ontology is proposed and therelevance of a lightweight patrol intrusion detection systemis explored A major finding is that the effect of ontology canbe observed in attack detection at all levels of the wirelesssensor network The results indicated that the constructedontology relationship between the WSNs can detect attackseffectively This implies that an ontology indicating each roleand its membership in the WSN could be constructed forother attack types This research leads to an ontology-basedintrusion detection system which allows us to study the rela-tionship mechanism involving patrol node status and sensornodes Such ontologies can also be applied to reduce theburden of lightweight intrusion detection systems onwirelesssensor networks In general they will be useful in improvingthe lifecycle of wireless sensor networks and particularly theusability of intrusion detection systems for wireless sensornetworks This research can also serve to reinforce the useof soft computing technology for intrusion detection systemsand to systematize preprocessing technology to reduce thefeatures of the intrusion detection system The attacker may

intrude network in preprocessing stage The preprocessingsecurity issuewill be solved in the future workThis ontology-based intrusion detection system remains experimental onlyand much work remains to be done More must be knownabout constructing ontologies to detect different types ofattacks in wireless sensor networks There is a continuingneed for an adequate theoretical basis for the practicalapplication of ontology-based intrusion detection systems

Conflict of Interests

In this paper the specifications and brand of CPUdo not haveany financial relationship with the commercial identities

Acknowledgments

This work is partially supported by the National ScienceCouncil (NSC) Taiwan with Project no NSC-99-2221-E-324-021 The authors also express many thanks for thecomments from the reviewers that improved the paper

References

[1] I F Akyildiz W Su Y Sankarasubramaniam and E CayircildquoWireless sensor networks a surveyrdquo Computer Networks vol38 no 4 pp 393ndash422 2002

[2] T P Hong and C H Wu ldquoAn improved weighted clusteringalgorithm for determination of application nodes in hetero-geneous sensor networksrdquo Journal of Information Hiding andMultimedia Signal Processing vol 2 no 2 pp 173ndash184 2011

[3] J Newsome E Shi D Song and A Perrig ldquoThe Sybil attack insensor networks analysis amp defensesrdquo in Proceedings of the 3rdInternational Symposium on Information Processing in SensorNetworks (IPSN rsquo04) pp 259ndash268 April 2004

[4] W-H Chen S-H Hsu and H-P Shen ldquoApplication of SVMand ANN for intrusion detectionrdquo Computers and OperationsResearch vol 32 no 10 pp 2617ndash2634 2005


[5] Z Pawlak ldquoRough setsrdquo International Journal of Computer ampInformation Sciences vol 11 no 5 pp 341ndash356 1982

[6] A N Toosi and M Kahani ldquoA new approach to intrusiondetection based on an evolutionary soft computingmodel usingneuro-fuzzy classifiersrdquoComputer Communications vol 30 no10 pp 2201ndash2212 2007

[7] A Patwardhan J Parker M Iorga A Joshi T Karygiannisand Y Yesha ldquoThreshold-based intrusion detection in ad hocnetworks and secure AODVrdquoAdHoc Networks vol 6 no 4 pp578ndash599 2008

[8] R-C Chen and C-H Hsieh ldquoWeb page classification based ona support vectormachine using aweighted vote schemardquoExpertSystems with Applications vol 31 no 2 pp 427ndash435 2006

[9] G Song J Zhang and Z Sun ldquoThe research of dynamic changelearning rate strategy in BP neural network and applicationin network intrusion detectionrdquo in Proceedings of the 3rdInternational Conference on Innovative Computing Informationand Control (ICICIC rsquo08) pp 514ndash517 June 2008

[10] RCChenC J Yeh andC T Bau ldquoMerging domain ontologiesbased on the WordNet system and Fuzzy Formal ConceptAnalysis techniquesrdquoApplied SoftComputing Journal vol 11 no2 pp 1908ndash1923 2011

[11] R C Chen Y F Haung and C F Hsieh ldquoRanger intrusiondetection system for wireless sensor networks with sybil attackbased on ontologyrdquo in Proceedings of the 10th WSEAS Interna-tional Conference on Applied Informatics and Communications2010

[12] M A Simplıcio Jr P S L M Barreto C B Margi and T CM B Carvalho ldquoA survey on key management mechanisms fordistributedWireless SensorNetworksrdquoComputerNetworks vol54 no 15 pp 2591ndash2612 2010

[13] M Depren E Topallar andM Kemal ldquoAn intelligent intrusiondetection system (IDS) for anomaly and misuse detection incomputer networksrdquo Expert Systems with Applications vol 29no 4 pp 713ndash722 2005

[14] S Tilak B Abu-Ghazaleh and W A Heinzelman ldquoTaxonomyof wireless micro-sensor network modelsrdquo Mobile Computingand Communications Review vol 6 no 2 pp 28ndash36 2002

[15] J Undercoffer A Joshi and J Pinkston ldquoModeling computerattacks an ontology for intrusion detectionrdquo Computer Sciencevol 2820 pp 113ndash135 2003

[16] N Cuppens-Boulahia F Cuppens F Autrel and H DebarldquoAn ontology-based approach to react to network attacksrdquoInternational Journal of Information and Computer Security vol3 no 3-4 pp 280ndash305 2009

[17] H-C Hsieh J-S Leu and W-K Shih ldquoReaching consensusunderlying an autonomous local wireless sensor networkrdquoInternational Journal of Innovative Computing Information andControl vol 6 no 4 pp 1905ndash1914 2010

[18] W K Lai C-S Fan and C-S Shieh ldquoOptimal cluster sizefor balanced power consumption in wireless sensor networksrdquoICIC Express Letters vol 6 no 2 pp 1471ndash1476 2012

[19] T T Quan S C Hui A C M Fong and T H CaoldquoAutomatic Fuzzy ontology generation for semanticWebrdquo IEEETransactions on Knowledge and Data Engineering vol 18 no 6pp 842ndash856 2006

[20] R-C Chen C-F Hsieh and Y-F Huang ldquoAn isolation intru-sion detection system for hierarchical wireless sensor networksrdquoJournal of Networks vol 5 no 3 pp 335ndash342 2010

[21] C F -Hsieh K F Cheng Y F Huang and R C Chen ldquoAnintrusion detection system for Ad Hoc networks with multi-attacks based on a support vector machine and rough settheoryrdquo Journal of Convergence Information Technology vol 8no 2 pp 767ndash776 2013

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpwwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



WSN IDS Soft computing consumes resources while themodel is being trained and tested with various machinelearning tools such as SVM [4] rough set [5] and ANN[6] Unfortunately WSN IDS resources are limited Thuslightweight soft computing applications for IDS are critical[7ndash9] The IDS uses well-trained features to reduce thefeatures of the system If the training and testing of IDSWSN information use soft computing processing in the basestation it can be lightweight In this paper we will implementontology-based lightweight method technologies to improvethe effectiveness of WSN IDS

An ontology is a knowledge representation methodThe main aim of the ontology is to classify independentknowledge into concepts and to determine the relationshipbetween them The classification knowledge of the ontologyis used to infer new knowledge In our research the nodesof the WSN are constructed in the ontology in their entiretyThe relationships of the sensor nodes may then be applied todetect malicious nodes [10]

After deployment of the WSN is completed the basestation (BS) will gather position information During thepreparation stage the IDS establishes the conceptual relation-ships of each sensor node in the ontology The transmissionof each node will depend on its relationship to the ontologyThe attacker cannot then pretend that malicious nodes arevalid nodes Thus the major contribution of this paper is topropose a lightweight intrusion detection method based onthe domain knowledge

The method is divided into four steps (1) Constructthe relationship of the sensor nodes in the ontology Thepatrol nodes will use the relationships of ontology toenhance system robustness (2) Choose detection knowledgedepending on the monitoring environment The patrol nodeloads detection knowledge to perform a circuit of anomalydetection (3) Record the error information in an isolationtable And (4) repeat these steps until the detection knowl-edge has converged In fact we rename the ranger nodethe patrol node since it is more appropriate for the nodeattributes Thus in this paper we use PIDS (patrol intrusiondetection system) instead of RIDS (ranger intrusion detectionsystem) as in our previous paper [11]

The rest of this paper is organized as follows Section 2presents the literature review Section 3 introduces ourmethodology Section 4 shows the experimental results andevaluations In Section 5 conclusions and suggestions aregiven for future research

2 Related Work

21 Intrusion Detection Systems in Wireless Sensor NetworksIntrusion detection systems detect intruders based on theirattack behaviors In cryptography each node authenticatesother nodes using their encryption method which is knownas a symmetric key Authentication methods only protectagainst outsider attacks as the first line of defense If attackerspenetrate this defense they can gather cryptographic infor-mation Thus the IDS is the second line of defense which

detects user misbehaviour and alerts managers immediately[12]

Wireless sensor networks broadcast data among nodes Apotential intruder gathers such data until it is able to decryptauthentication After an intruder obtains the associated keysit can connect to neighboring nodes and attack them freelyIn some cases intruders can gather sufficient information tocrash the entire network

However intruder behavior is different from that ofnormal nodes System managers use intrusion detection sys-tems to detect anomalous behaviors An intrusion detectionsystem has two detection methods misuse detection andanomaly detection [13] The misuse detection system storesbehaviors of known attacks in an attribute database Thesystem compares user behaviors with the attribute databaseto find intrusions The anomaly detection system storesnormal behaviors of common users in the rule database Thesystem compares user behavior with normal behavior to findintruders

In a misuse detection system the attack rules are com-posed of known attack behaviors This type of system issimilar to antivirus software in which scanned data arecompared to known virus codes If the behavior is found inthe attribute database the systemdeletes the affected filesThemisuse detection system stores the known attack behaviorsin an attribute database If the attack behavior is similar tothe rules in the database an attack is detected and the systemdefends itself The main drawback of misuse detection isthat the detection is dependent on information already inthe attribute database so it is difficult to identify new attackbehaviors

Anomaly detection is different from misuse detectionIn anomaly detection the system constructs a user modelbased on the behavior of normal users When user behavioris abnormal the system notifies managers that there is apotential intruder Since intruder attack methods rapidlyevolve the anomaly detection system collects normal userbehaviors and detects intruder behavior by comparing it withnormal behavior The anomaly detection system must clearlydefine correct user behaviors Otherwise the systemwill havea high false detection rateThus the drawback of an anomalydetection system is greater likelihood of false alarms

WSN intrusion detection approaches are divided intofour types continuous event-driven observation-drivenand combination [14]

(1) Continuous the IDS records alarms but does nottransmit data to the administrator immediatelyWhen the detection process has finished its dutycycle the IDS will return alarms to the BS

(2) Event-driven this method has no duty cycle Whenattack misbehavior is detected the IDS will transmitthe information to the administrator immediatelyThe administrator then must decide how to processthe anomaly information

(3) Observation-driven the anomaly information is pro-cessed when the system detects an attack If theintrusion is serious the administrator can initiate theisolation method to limit the damage
























Initialize OWIDS

Intr

usio

n de

tect

ion

stag

eO

ntol

ogy

cons

truc

tion

stag

ePr

epro

cess

ing

stage



















119909[119910] then


119904[119910] + 119904(119909 119904)

119862119909[119910] larr (119909 119904)



return 119868







119897to gather the



119894


119878119894119898119894119897119886119903119894119905119910 (119901119899119894 119901119899119897) =

sum119899

119897=1(1003816100381610038161003816119901119899119894 cap 119901119899

119897

1003816100381610038161003816 1003816100381610038161003816119901119899119894 cup 119901119899

119897

1003816100381610038161003816)

119899 (1)




119864119902119906119886119897 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | ℎ119900119901 (119904

1

119894 1199042

119894) = 1

and (119878119890119899119904119900119903119873119900119889119890 (1199041

119894) = 119878119890119899119904119900119903119873119900119889119890 (119904

2

119894)

and 119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894))

(2)



119894


119894) and 119903119890119904119900119906119903119888119890(119904119899



119894) asymp 119903119890119904119900119906119903119888119890(1199042

119894) it means





119878119894119887119897119894119899119892 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | 1199041

119894= 1199042

119894

and (119878119894119887119897119894119899119892119879119890119903119898 (1199041

119894 1199042

119894)) and 2





119894) then





119894 CH) = 1 then


119894



119894 119901119899119897) union (119901119899



return 119905

similiarity(119901119899119894 119901119899119897) = 119905119896

119901119899119897[] larr 119901119899

119894

Ontology[] larr 119901119899119897[]



119894) resource(119904

119895) and hop(119904

119894 119904119895) = 1 then




119894) resource(119904

119895) and 2 ≦ hop(119904

119894 119904119895) ≦ 3 then




119895) ltgt then





119896 119904119894) union (119901119899


119905 = 119905 + 119905119896


similiarity(119901119899119896 119904119894) = 119905119896

119901119899119896[] larr 119904

119894

Ontology[] larr 119901119899119896[]


le ℎ119900119901 (1199041

119894 1199042

119894)

le 3 or (119875119886119905119903119900119897119873119900119889119890 (1199041

119894 1)

cap119875119886119905119903119900119897119873119900119889119890 (1199042

119894 1) = 0)

119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894)

(3)


119894has a sister








Pnl Pnl

Pn2 s2

s1

s2s1

(a) (b)



119894and Sen-


119894




1



1energy(08) hop



1 1199011198991) =

(075 + 02 + 07) (08 + 02 + 09) = 16519 = 087 Thesubclass is (119904

1 1199011198992) = (03 + 02 + 07) (03 + 08 + 08) =


1(087) and 119901119899

2(057) the numbers



1 Consider

119904119906119887119888119897119886119904119904 (119904 119901119899) =

1003816100381610038161003816119904 cap 1199011198991003816100381610038161003816

10038161003816100381610038161199011198991003816100381610038161003816

(4)





119894indicates





119904119894119898119894119897119886119903119894119905119910 (119901119899119896 119904119894) =

sum119899

119898=119896(1003816100381610038161003816119901119899119898 cap 119904

119894

1003816100381610038161003816 1003816100381610038161003816119901119899119898 cup 119904

119894

1003816100381610038161003816)

119899 (5)




119904119894119898119894119897119886119903119894119905119910 (1199011198991 1199041)

= (075 + 02 + 07

08 + 02 + 09+

02 + 07

075 + 02 + 075

+075 + 06

075 + 02 + 06) times (3)

minus1= 068

119904119894119898119894119897119886119903119894119905119910 (1199011198992 1199041)

= (03 + 02 + 07

03 + 08 + 08+

03 + 07

075 + 02 + 07) times (2)

minus1

= 047

(6)


119896and 119904


119894



119899119901119896and 119904





Patrol node number

Sensor node number

Energy(J)

Sense data type


Patrol node number

Sensor node number

Energy(J)

Sense data type


Relation type

Subclass

Hops

Hops







(119909119894 119910119894) (119909

119899 119910119899) 119909 isin 119877

119898 119910 isin +1 minus1 (7)

where (119909119894 119910119894) (119909




(119908 sdot 119909) + 119887 = 0 (8)


(119908 sdot 119909) + 119887 ge 0 if 119910119894= +1

(119908 sdot 119909) + 119887 le 0 if 119910119894= minus1

(9)








Base station


hop (08) ST (08)

hop (02)ST (07)


energy (03) ST (07)

energy (075) hop (02) ST (07)

068

047pn1

pn3

pn4

pn5

pn2

s1







ℓminus119892119909minus119910

2



WSN Domain layer


Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513


hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1


Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2


energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2


Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3


pn2 pn3



057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J


hop (03) ST (1) pn5



pn2

pn4 pn5









False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation
































Initialize OWIDS

Intr

usio

n de

tect

ion

stag

eO

ntol

ogy

cons

truc

tion

stag

ePr

epro

cess

ing

stage



















119909[119910] then


119904[119910] + 119904(119909 119904)

119862119909[119910] larr (119909 119904)



return 119868







119897to gather the



119894


119878119894119898119894119897119886119903119894119905119910 (119901119899119894 119901119899119897) =

sum119899

119897=1(1003816100381610038161003816119901119899119894 cap 119901119899

119897

1003816100381610038161003816 1003816100381610038161003816119901119899119894 cup 119901119899

119897

1003816100381610038161003816)

119899 (1)




119864119902119906119886119897 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | ℎ119900119901 (119904

1

119894 1199042

119894) = 1

and (119878119890119899119904119900119903119873119900119889119890 (1199041

119894) = 119878119890119899119904119900119903119873119900119889119890 (119904

2

119894)

and 119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894))

(2)



119894


119894) and 119903119890119904119900119906119903119888119890(119904119899



119894) asymp 119903119890119904119900119906119903119888119890(1199042

119894) it means





119878119894119887119897119894119899119892 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | 1199041

119894= 1199042

119894

and (119878119894119887119897119894119899119892119879119890119903119898 (1199041

119894 1199042

119894)) and 2





119894) then





119894 CH) = 1 then


119894



119894 119901119899119897) union (119901119899



return 119905

similiarity(119901119899119894 119901119899119897) = 119905119896

119901119899119897[] larr 119901119899

119894

Ontology[] larr 119901119899119897[]



119894) resource(119904

119895) and hop(119904

119894 119904119895) = 1 then




119894) resource(119904

119895) and 2 ≦ hop(119904

119894 119904119895) ≦ 3 then




119895) ltgt then





119896 119904119894) union (119901119899


119905 = 119905 + 119905119896


similiarity(119901119899119896 119904119894) = 119905119896

119901119899119896[] larr 119904

119894

Ontology[] larr 119901119899119896[]


le ℎ119900119901 (1199041

119894 1199042

119894)

le 3 or (119875119886119905119903119900119897119873119900119889119890 (1199041

119894 1)

cap119875119886119905119903119900119897119873119900119889119890 (1199042

119894 1) = 0)

119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894)

(3)


119894has a sister








Pnl Pnl

Pn2 s2

s1

s2s1

(a) (b)



119894and Sen-


119894




1



1energy(08) hop



1 1199011198991) =

(075 + 02 + 07) (08 + 02 + 09) = 16519 = 087 Thesubclass is (119904

1 1199011198992) = (03 + 02 + 07) (03 + 08 + 08) =


1(087) and 119901119899

2(057) the numbers



1 Consider

119904119906119887119888119897119886119904119904 (119904 119901119899) =

1003816100381610038161003816119904 cap 1199011198991003816100381610038161003816

10038161003816100381610038161199011198991003816100381610038161003816

(4)





119894indicates





119904119894119898119894119897119886119903119894119905119910 (119901119899119896 119904119894) =

sum119899

119898=119896(1003816100381610038161003816119901119899119898 cap 119904

119894

1003816100381610038161003816 1003816100381610038161003816119901119899119898 cup 119904

119894

1003816100381610038161003816)

119899 (5)




119904119894119898119894119897119886119903119894119905119910 (1199011198991 1199041)

= (075 + 02 + 07

08 + 02 + 09+

02 + 07

075 + 02 + 075

+075 + 06

075 + 02 + 06) times (3)

minus1= 068

119904119894119898119894119897119886119903119894119905119910 (1199011198992 1199041)

= (03 + 02 + 07

03 + 08 + 08+

03 + 07

075 + 02 + 07) times (2)

minus1

= 047

(6)


119896and 119904


119894



119899119901119896and 119904





Patrol node number

Sensor node number

Energy(J)

Sense data type


Patrol node number

Sensor node number

Energy(J)

Sense data type


Relation type

Subclass

Hops

Hops







(119909119894 119910119894) (119909

119899 119910119899) 119909 isin 119877

119898 119910 isin +1 minus1 (7)

where (119909119894 119910119894) (119909




(119908 sdot 119909) + 119887 = 0 (8)


(119908 sdot 119909) + 119887 ge 0 if 119910119894= +1

(119908 sdot 119909) + 119887 le 0 if 119910119894= minus1

(9)








Base station


hop (08) ST (08)

hop (02)ST (07)


energy (03) ST (07)

energy (075) hop (02) ST (07)

068

047pn1

pn3

pn4

pn5

pn2

s1







ℓminus119892119909minus119910

2



WSN Domain layer


Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513


hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1


Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2


energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2


Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3


pn2 pn3



057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J


hop (03) ST (1) pn5



pn2

pn4 pn5









False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation


















Initialize OWIDS

Intr

usio

n de

tect

ion

stag

eO

ntol

ogy

cons

truc

tion

stag

ePr

epro

cess

ing

stage



















119909[119910] then


119904[119910] + 119904(119909 119904)

119862119909[119910] larr (119909 119904)



return 119868







119897to gather the



119894


119878119894119898119894119897119886119903119894119905119910 (119901119899119894 119901119899119897) =

sum119899

119897=1(1003816100381610038161003816119901119899119894 cap 119901119899

119897

1003816100381610038161003816 1003816100381610038161003816119901119899119894 cup 119901119899

119897

1003816100381610038161003816)

119899 (1)




119864119902119906119886119897 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | ℎ119900119901 (119904

1

119894 1199042

119894) = 1

and (119878119890119899119904119900119903119873119900119889119890 (1199041

119894) = 119878119890119899119904119900119903119873119900119889119890 (119904

2

119894)

and 119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894))

(2)



119894


119894) and 119903119890119904119900119906119903119888119890(119904119899



119894) asymp 119903119890119904119900119906119903119888119890(1199042

119894) it means





119878119894119887119897119894119899119892 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | 1199041

119894= 1199042

119894

and (119878119894119887119897119894119899119892119879119890119903119898 (1199041

119894 1199042

119894)) and 2





119894) then





119894 CH) = 1 then


119894



119894 119901119899119897) union (119901119899



return 119905

similiarity(119901119899119894 119901119899119897) = 119905119896

119901119899119897[] larr 119901119899

119894

Ontology[] larr 119901119899119897[]



119894) resource(119904

119895) and hop(119904

119894 119904119895) = 1 then




119894) resource(119904

119895) and 2 ≦ hop(119904

119894 119904119895) ≦ 3 then




119895) ltgt then





119896 119904119894) union (119901119899


119905 = 119905 + 119905119896


similiarity(119901119899119896 119904119894) = 119905119896

119901119899119896[] larr 119904

119894

Ontology[] larr 119901119899119896[]


le ℎ119900119901 (1199041

119894 1199042

119894)

le 3 or (119875119886119905119903119900119897119873119900119889119890 (1199041

119894 1)

cap119875119886119905119903119900119897119873119900119889119890 (1199042

119894 1) = 0)

119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894)

(3)


119894has a sister








Pnl Pnl

Pn2 s2

s1

s2s1

(a) (b)



119894and Sen-


119894




1



1energy(08) hop



1 1199011198991) =

(075 + 02 + 07) (08 + 02 + 09) = 16519 = 087 Thesubclass is (119904

1 1199011198992) = (03 + 02 + 07) (03 + 08 + 08) =


1(087) and 119901119899

2(057) the numbers



1 Consider

119904119906119887119888119897119886119904119904 (119904 119901119899) =

1003816100381610038161003816119904 cap 1199011198991003816100381610038161003816

10038161003816100381610038161199011198991003816100381610038161003816

(4)





119894indicates





119904119894119898119894119897119886119903119894119905119910 (119901119899119896 119904119894) =

sum119899

119898=119896(1003816100381610038161003816119901119899119898 cap 119904

119894

1003816100381610038161003816 1003816100381610038161003816119901119899119898 cup 119904

119894

1003816100381610038161003816)

119899 (5)




119904119894119898119894119897119886119903119894119905119910 (1199011198991 1199041)

= (075 + 02 + 07

08 + 02 + 09+

02 + 07

075 + 02 + 075

+075 + 06

075 + 02 + 06) times (3)

minus1= 068

119904119894119898119894119897119886119903119894119905119910 (1199011198992 1199041)

= (03 + 02 + 07

03 + 08 + 08+

03 + 07

075 + 02 + 07) times (2)

minus1

= 047

(6)


119896and 119904


119894



119899119901119896and 119904





Patrol node number

Sensor node number

Energy(J)

Sense data type


Patrol node number

Sensor node number

Energy(J)

Sense data type


Relation type

Subclass

Hops

Hops







(119909119894 119910119894) (119909

119899 119910119899) 119909 isin 119877

119898 119910 isin +1 minus1 (7)

where (119909119894 119910119894) (119909




(119908 sdot 119909) + 119887 = 0 (8)


(119908 sdot 119909) + 119887 ge 0 if 119910119894= +1

(119908 sdot 119909) + 119887 le 0 if 119910119894= minus1

(9)








Base station


hop (08) ST (08)

hop (02)ST (07)


energy (03) ST (07)

energy (075) hop (02) ST (07)

068

047pn1

pn3

pn4

pn5

pn2

s1







ℓminus119892119909minus119910

2



WSN Domain layer


Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513


hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1


Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2


energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2


Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3


pn2 pn3



057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J


hop (03) ST (1) pn5



pn2

pn4 pn5









False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













119909[119910] then


119904[119910] + 119904(119909 119904)

119862119909[119910] larr (119909 119904)



return 119868







119897to gather the



119894


119878119894119898119894119897119886119903119894119905119910 (119901119899119894 119901119899119897) =

sum119899

119897=1(1003816100381610038161003816119901119899119894 cap 119901119899

119897

1003816100381610038161003816 1003816100381610038161003816119901119899119894 cup 119901119899

119897

1003816100381610038161003816)

119899 (1)




119864119902119906119886119897 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | ℎ119900119901 (119904

1

119894 1199042

119894) = 1

and (119878119890119899119904119900119903119873119900119889119890 (1199041

119894) = 119878119890119899119904119900119903119873119900119889119890 (119904

2

119894)

and 119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894))

(2)



119894


119894) and 119903119890119904119900119906119903119888119890(119904119899



119894) asymp 119903119890119904119900119906119903119888119890(1199042

119894) it means





119878119894119887119897119894119899119892 (1199041

119894 1199042

119894) = (119904

1

119894 1199042

119894) | 1199041

119894= 1199042

119894

and (119878119894119887119897119894119899119892119879119890119903119898 (1199041

119894 1199042

119894)) and 2





119894) then





119894 CH) = 1 then


119894



119894 119901119899119897) union (119901119899



return 119905

similiarity(119901119899119894 119901119899119897) = 119905119896

119901119899119897[] larr 119901119899

119894

Ontology[] larr 119901119899119897[]



119894) resource(119904

119895) and hop(119904

119894 119904119895) = 1 then




119894) resource(119904

119895) and 2 ≦ hop(119904

119894 119904119895) ≦ 3 then




119895) ltgt then





119896 119904119894) union (119901119899


119905 = 119905 + 119905119896


similiarity(119901119899119896 119904119894) = 119905119896

119901119899119896[] larr 119904

119894

Ontology[] larr 119901119899119896[]


le ℎ119900119901 (1199041

119894 1199042

119894)

le 3 or (119875119886119905119903119900119897119873119900119889119890 (1199041

119894 1)

cap119875119886119905119903119900119897119873119900119889119890 (1199042

119894 1) = 0)

119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894)

(3)


119894has a sister








Pnl Pnl

Pn2 s2

s1

s2s1

(a) (b)



119894and Sen-


119894




1



1energy(08) hop



1 1199011198991) =

(075 + 02 + 07) (08 + 02 + 09) = 16519 = 087 Thesubclass is (119904

1 1199011198992) = (03 + 02 + 07) (03 + 08 + 08) =


1(087) and 119901119899

2(057) the numbers



1 Consider

119904119906119887119888119897119886119904119904 (119904 119901119899) =

1003816100381610038161003816119904 cap 1199011198991003816100381610038161003816

10038161003816100381610038161199011198991003816100381610038161003816

(4)





119894indicates





119904119894119898119894119897119886119903119894119905119910 (119901119899119896 119904119894) =

sum119899

119898=119896(1003816100381610038161003816119901119899119898 cap 119904

119894

1003816100381610038161003816 1003816100381610038161003816119901119899119898 cup 119904

119894

1003816100381610038161003816)

119899 (5)




119904119894119898119894119897119886119903119894119905119910 (1199011198991 1199041)

= (075 + 02 + 07

08 + 02 + 09+

02 + 07

075 + 02 + 075

+075 + 06

075 + 02 + 06) times (3)

minus1= 068

119904119894119898119894119897119886119903119894119905119910 (1199011198992 1199041)

= (03 + 02 + 07

03 + 08 + 08+

03 + 07

075 + 02 + 07) times (2)

minus1

= 047

(6)


119896and 119904


119894



119899119901119896and 119904





Patrol node number

Sensor node number

Energy(J)

Sense data type


Patrol node number

Sensor node number

Energy(J)

Sense data type


Relation type

Subclass

Hops

Hops







(119909119894 119910119894) (119909

119899 119910119899) 119909 isin 119877

119898 119910 isin +1 minus1 (7)

where (119909119894 119910119894) (119909




(119908 sdot 119909) + 119887 = 0 (8)


(119908 sdot 119909) + 119887 ge 0 if 119910119894= +1

(119908 sdot 119909) + 119887 le 0 if 119910119894= minus1

(9)








Base station


hop (08) ST (08)

hop (02)ST (07)


energy (03) ST (07)

energy (075) hop (02) ST (07)

068

047pn1

pn3

pn4

pn5

pn2

s1







ℓminus119892119909minus119910

2



WSN Domain layer


Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513


hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1


Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2


energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2


Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3


pn2 pn3



057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J


hop (03) ST (1) pn5



pn2

pn4 pn5









False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













119894) then





119894 CH) = 1 then


119894



119894 119901119899119897) union (119901119899



return 119905

similiarity(119901119899119894 119901119899119897) = 119905119896

119901119899119897[] larr 119901119899

119894

Ontology[] larr 119901119899119897[]



119894) resource(119904

119895) and hop(119904

119894 119904119895) = 1 then




119894) resource(119904

119895) and 2 ≦ hop(119904

119894 119904119895) ≦ 3 then




119895) ltgt then





119896 119904119894) union (119901119899


119905 = 119905 + 119905119896


similiarity(119901119899119896 119904119894) = 119905119896

119901119899119896[] larr 119904

119894

Ontology[] larr 119901119899119896[]


le ℎ119900119901 (1199041

119894 1199042

119894)

le 3 or (119875119886119905119903119900119897119873119900119889119890 (1199041

119894 1)

cap119875119886119905119903119900119897119873119900119889119890 (1199042

119894 1) = 0)

119903119890119904119900119906119903119888119890 (1199041

119894) asymp 119903119890119904119900119906119903119888119890 (119904

2

119894)

(3)


119894has a sister








Pnl Pnl

Pn2 s2

s1

s2s1

(a) (b)



119894and Sen-


119894




1



1energy(08) hop



1 1199011198991) =

(075 + 02 + 07) (08 + 02 + 09) = 16519 = 087 Thesubclass is (119904

1 1199011198992) = (03 + 02 + 07) (03 + 08 + 08) =


1(087) and 119901119899

2(057) the numbers



1 Consider

119904119906119887119888119897119886119904119904 (119904 119901119899) =

1003816100381610038161003816119904 cap 1199011198991003816100381610038161003816

10038161003816100381610038161199011198991003816100381610038161003816

(4)





119894indicates





119904119894119898119894119897119886119903119894119905119910 (119901119899119896 119904119894) =

sum119899

119898=119896(1003816100381610038161003816119901119899119898 cap 119904

119894

1003816100381610038161003816 1003816100381610038161003816119901119899119898 cup 119904

119894

1003816100381610038161003816)

119899 (5)




119904119894119898119894119897119886119903119894119905119910 (1199011198991 1199041)

= (075 + 02 + 07

08 + 02 + 09+

02 + 07

075 + 02 + 075

+075 + 06

075 + 02 + 06) times (3)

minus1= 068

119904119894119898119894119897119886119903119894119905119910 (1199011198992 1199041)

= (03 + 02 + 07

03 + 08 + 08+

03 + 07

075 + 02 + 07) times (2)

minus1

= 047

(6)


119896and 119904


119894



119899119901119896and 119904





Patrol node number

Sensor node number

Energy(J)

Sense data type


Patrol node number

Sensor node number

Energy(J)

Sense data type


Relation type

Subclass

Hops

Hops







(119909119894 119910119894) (119909

119899 119910119899) 119909 isin 119877

119898 119910 isin +1 minus1 (7)

where (119909119894 119910119894) (119909




(119908 sdot 119909) + 119887 = 0 (8)


(119908 sdot 119909) + 119887 ge 0 if 119910119894= +1

(119908 sdot 119909) + 119887 le 0 if 119910119894= minus1

(9)








Base station


hop (08) ST (08)

hop (02)ST (07)


energy (03) ST (07)

energy (075) hop (02) ST (07)

068

047pn1

pn3

pn4

pn5

pn2

s1







ℓminus119892119909minus119910

2



WSN Domain layer


Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513


hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1


Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2


energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2


Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3


pn2 pn3



057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J


hop (03) ST (1) pn5



pn2

pn4 pn5









False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











Pnl Pnl

Pn2 s2

s1

s2s1

(a) (b)



119894and Sen-


119894




1



1energy(08) hop



1 1199011198991) =

(075 + 02 + 07) (08 + 02 + 09) = 16519 = 087 Thesubclass is (119904

1 1199011198992) = (03 + 02 + 07) (03 + 08 + 08) =


1(087) and 119901119899

2(057) the numbers



1 Consider

119904119906119887119888119897119886119904119904 (119904 119901119899) =

1003816100381610038161003816119904 cap 1199011198991003816100381610038161003816

10038161003816100381610038161199011198991003816100381610038161003816

(4)





119894indicates





119904119894119898119894119897119886119903119894119905119910 (119901119899119896 119904119894) =

sum119899

119898=119896(1003816100381610038161003816119901119899119898 cap 119904

119894

1003816100381610038161003816 1003816100381610038161003816119901119899119898 cup 119904

119894

1003816100381610038161003816)

119899 (5)




119904119894119898119894119897119886119903119894119905119910 (1199011198991 1199041)

= (075 + 02 + 07

08 + 02 + 09+

02 + 07

075 + 02 + 075

+075 + 06

075 + 02 + 06) times (3)

minus1= 068

119904119894119898119894119897119886119903119894119905119910 (1199011198992 1199041)

= (03 + 02 + 07

03 + 08 + 08+

03 + 07

075 + 02 + 07) times (2)

minus1

= 047

(6)


119896and 119904


119894



119899119901119896and 119904





Patrol node number

Sensor node number

Energy(J)

Sense data type


Patrol node number

Sensor node number

Energy(J)

Sense data type


Relation type

Subclass

Hops

Hops







(119909119894 119910119894) (119909

119899 119910119899) 119909 isin 119877

119898 119910 isin +1 minus1 (7)

where (119909119894 119910119894) (119909




(119908 sdot 119909) + 119887 = 0 (8)


(119908 sdot 119909) + 119887 ge 0 if 119910119894= +1

(119908 sdot 119909) + 119887 le 0 if 119910119894= minus1

(9)








Base station


hop (08) ST (08)

hop (02)ST (07)


energy (03) ST (07)

energy (075) hop (02) ST (07)

068

047pn1

pn3

pn4

pn5

pn2

s1







ℓminus119892119909minus119910

2



WSN Domain layer


Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513


hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1


Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2


energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2


Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3


pn2 pn3



057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J


hop (03) ST (1) pn5



pn2

pn4 pn5









False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Patrol node number

Sensor node number

Energy(J)

Sense data type


Patrol node number

Sensor node number

Energy(J)

Sense data type


Relation type

Subclass

Hops

Hops







(119909119894 119910119894) (119909

119899 119910119899) 119909 isin 119877

119898 119910 isin +1 minus1 (7)

where (119909119894 119910119894) (119909




(119908 sdot 119909) + 119887 = 0 (8)


(119908 sdot 119909) + 119887 ge 0 if 119910119894= +1

(119908 sdot 119909) + 119887 le 0 if 119910119894= minus1

(9)








Base station


hop (08) ST (08)

hop (02)ST (07)


energy (03) ST (07)

energy (075) hop (02) ST (07)

068

047pn1

pn3

pn4

pn5

pn2

s1







ℓminus119892119909minus119910

2



WSN Domain layer


Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513


hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1


Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2


energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2


Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3


pn2 pn3



057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J


hop (03) ST (1) pn5



pn2

pn4 pn5









False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














Base station


hop (08) ST (08)

hop (02)ST (07)


energy (03) ST (07)

energy (075) hop (02) ST (07)

068

047pn1

pn3

pn4

pn5

pn2

s1







ℓminus119892119909minus119910

2



WSN Domain layer


Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513


hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1


Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2


energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2


Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3


pn2 pn3



057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J


hop (03) ST (1) pn5



pn2

pn4 pn5









False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










WSN Domain layer


Patrol nodes layer

Belong-to Belong-to

Sensor nodelayer

086

082

Instance of

Sensor node 2513


hop (02) ST (05)

Instance of

092

Instance of

Sensor node 3152

Temperature

hop (03) ST(1)

086

Instance of091

Instance of042

Patrol node 1


Sensor node 3241

Patrol node 4


Sensor node 0231

Patrol node 2


energy (088 ) hop (03) ST (05)

Sensor node 0092

Patrol node 3

Temperature

energy (098) hop (05) ST (1)

Sensor node 2541

Patrol node 5

Temperature

Sensor node 1576

Patrol node 2


Sensor node 4561

Sensor node 1254


hop (017) ST (05)

Patrol node 4

Patrol node 4

Sensor node 6829


hop (025) ST (05)

Patrol node 2

Patrol node 3


pn2 pn3



057

Hop = 1

Hop = 3

Hop = 10

Hop = 6Hop = 3

Hop = 5 Hop = 4

Hop = 3

Hop = 3 Hop = 2

E = 2J E = 176J

E = 126J

E = 186J

E = 076JE = 2J

E = 094J E = 196j

E = 164J

E = 196J


hop (03) ST (1) pn5



pn2

pn4 pn5









False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation
















False Positive Rate



Accuracy Rate



(10)













10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












10 5 9835 8520 10 9573 9330 15 8952 9440 20 8703 94



10 15 9605 8120 30 9495 9630 45 8864 9640 60 8518 97



10 30 9598 7920 60 9468 9630 90 8867 9740 120 8361 97



0

10

20

30

40

50

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








50

100

150

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)








100140180220260300

0 600 1200 1800 2400 3000 3600

Sens

or n

odes

(s)























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation























Acknowledgments


References

























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation





























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









Documents

Research Article Applying an Ontology to a Patrol …downloads.hindawi.com/journals/ijdsn/2014/634748.pdfResearch Article Applying an Ontology to a Patrol Intrusion Detection System