Ids presentation

ENERGY-EFFICIENT INTRUSION DETECTION IN WIRELESS SENSOR

NETWORK

Solmaz Salehian , Farzaneh Masoumiyan , Dr. Nur Izura Udzir

Department of Communication Technology and Network

Faculty of Computer Science and Information Technology,

Universiti Putra Malaysia

UPM Serdang, Malaysia

The International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec2012)

2

Introduction1

2

Simulation3

4

OUTLINE

IDS in WSN

Analysis and Conclusion

3

INTRODUCTION

Security solution

s

Misuse Detection

Anomaly Detection

prevention

Intrusion

detection

Encryption, Authentication Firewalls,…

4

INTRODUCTION

o WSNs consist of a collection of sensor nodes which are

distributed in open environment in various locations.

o Deploying sensors in open and unprotected environment and dynamic topology in WSNs raises security issues.

o IDS can be used to detect and determine whether the packets are malicious or neighbor node is anomalous.

5

ROUTING PROTOCOL CLASSIFICATION BASED ON NETWORK STRUCTURE IN WSNS:

Flat-based RP

Hierarchical RP

location-based RP

Fig1.Routing protocols classification

6

HIERARCHICAL ROUTING

• An IDS for CHs because in this routing most attackers which are the targets for attackers

•The anomaly and misuse detection techniques are used as a hybrid technique, and the rules-based analysis method is used to build anomaly detection modules and experts defined the corresponding rules.

Energy-Efficient IDS in WSN

Fig2.Hybrid tech

7

HIERARCHICAL ROUTING CONT…

Anomaly detection provides a high detection rate, but

high false positive rate. The misuse detection has high

accuracy but low detection rate, so HIDS combines of the

high detection rate of anomaly detection and the high

accuracy of misuse detection and thus increase

detection of unknown attacks.


8

FLAT-BASED ROUTING

An anomaly intrusion detection algorithm is used.

According to network structure, all nodes have the following characteristics:

1) the neighbors of a specific node do not change during the course of the analysis. This means three things:

Nodes are stationary, Transmission power levels do not change, and no new node is added after a network is deployed.

Each node can uniquely identify its neighbors (for example, using an assigned id).

Data and control packet flows are directional.


9

Each node provides neighboring nodes’ activities, and builds a simple dynamic of the statistical model neighboring nodes.

using statistic detection model detects whether the neighbor node is anomalous. In this model the anomaly detection algorithm executes at each node separately.

The nodes can identify a legitimate neighbor by comparing a small number of received packet features.

10

LOCATION-BASED ROUTING

Algorithm 1 is developed to detect intrusion on the network. Algorithms 2 will carry-out analysis on every packet sent by the sensor nodes. The implementation of the two Algorithm will achieve intrusion detection and types of intrusion on the network.

Energy consumed will be reduced during single hop data transmission from SN to BS. A careful consideration should be given to distance between a sensor and BS before the sensors were deployed, and keeping a close range of sensors to BS is important.

All traffic from sensors must pass through installed IDS in the BSs. If any attack is detected, data received from the attack node will be stopped. Mobile Agents (MAs) are used to facilitate communication among the BSs and also enhance intrusion detection and prevention. Using MAs can help address over-loading issues in the BSs.


11

Sensor

BS server

Satellite

Mobile agent

Fig3.Architecture view of D-IDS

12

SIMULATION OF IDS IN WSNS

using the KDDCup'99 dataset; as a training sample and testing dataset in experiment.KDDCup'99 dataset.

Another measure is using the JSIM platform in order to investigate whether the proposed secure routing protocol can detect the malicious nodes.

Evaluating on real data gathered for WSNs which used TMote sky wireless sensor for testing and simulation based on specified parameters.

13

ANALYSIS & CONCLUSION

In hierarchical routing protocols : Protecting the CHs in hierarchical routing not only can detect attack ,but also can help to prolong network life time and decrease energy consumption. However, in this routing protocol, finding a suitable path to the BS and avoiding route misbehavior must be considered.

In flat-based routing protocols: This routing protocol can partially

preserve energy, but selecting legitimate nodes within the network is a challenge, and the presented algorithms try to overcome this problem by detecting anomalous and malicious nodes over network with regard to maintaining the path which comprises memory resources. But this routing protocol becomes necessary when reliability is strong.

In location-based routing protocol : In this routing protocol power

loss is increased specially when the nodes are located far from the BS; hence, proposed models try to overcome this issue, for example by limiting SNs to those which have data to transmit, or by making routing decision based on location and trust information and ignoring nodes with poor trustworthiness during routing .

14

REFERENCES

[1] C. F. García-Hernández, P. H. Ibargüengoytia-González, J. García-Hernández, and J. A. Pérez-Díaz (2007). Wireless Sensor Networks and Applications: A Survey, in International Journal of Computer Science Issues (IJCSI), 7(30):264-273.

[2] P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez (2009), Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges. Computers & Security, 28(1–

2):18–28.

[3] A. Patcha and J-M. Park (2007), An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks, 51(12):3448–3470.

[4] Q. Wang, S. Wang and Z. Meng (2009), Applying an Intrusion Detection Algorithm to Wireless Sensor Networks. In Procs. Second International Workshop on Knowledge Discovery and Data Mining (WKDD 2009), pp. 284–287.

[5] K.Q. Yan, S. C. Wang., S.S. Wang and C.W. Liu (2010), Hybrid Intrusion Detection System for Enhancing the Security of a Cluster-based Wireless Sensor Network. In Proceedings of the Computer Science and Information Technology (ICCSIT), July 2010, vol.1, pp.114-118.

[6] J. N. Al-Karaki and A. E. Kamal (2004), Routing Techniques in Wireless Sensor Networks: A Survey. IEEE Wireless Communications, 11(6):6–28.

[7] L. J. G. Villalba, A. L. S. Orozco, A. T. Cabrera, and C. J. B. Abbas (2009), Routing Protocols in Wireless Sensor Networks, Sensors, 9(11):8399–8421.

[8] D. Liu and Q. Dong (2007), Detecting misused keys in wireless sensor networks. In Procs. IPCCC 2007, April 2007, pp. 272 - 280.

[9] M-W. Park, J-M. Kim, Y-J. Han, and T-M. Chung (2008), A Misused Key Detection Mechanism for Hierarchical Routings in Wireless Sensor Network. In Fourth International Conference on Networked Computing and Advanced Information Management 2008 (NCM’08), pp. 47–52.

15

REFERENCES CONT…

[10] M. K. Watfa, and S. Commuri (2006), Energy-efficient Approaches to Coverage Holes Detection inWireless Sensor Networks. In IEEE International Symposium on Intelligent Control, 4-6 Oct. 2006, Munich, Germany, pp. 131–136.

[11] C-F. Hsieh, Y-F. Huang, and R-C. Chen (2011), A Light-Weight Ranger Intrusion Detection System on Wireless Sensor Networks. In 2011 Fifth International Conference on Genetic and Evolutionary Computing (ICGEC), pp. 49–52.

[12] L. Guorui, J. He, and Y. Fu (2008), Group-based Intrusion Detection System in Wireless Sensor Networks, Computer Communications, 31(18):4324–4332.

[13] I. Onat and A. Miri (2005), An intrusion detection system for Wireless sensor networks, in Procs. IEEE International Conference on Wireless And Mobile Computing, Networking and Communications (WiMob'2005), 22-24 Aug. 2005, pp. 253–259.

[14] S. Janakiraman, S. Rajasoundaran, and P. Narayanasamy (2012). The Model #x2014: Dynamic and Flexible Intrusion Detection Protocol for

High Error Rate Wireless Sensor Networks Based on Data Flow. In 2012 International Conference on Computing, Communication and

Applications (ICCCA), pp. 1 –6.

[15] M.A. Rassam, M.A. Maarof, and A. Zainal (2011). A Novel Intrusion Detection Framework for Wireless Sensor Networks. In 2011 7th

International Conference on Information Assurance and Security (IAS), pp. 350 –353.

[16] T. Zahariadis, P. Trakadas, S. Maniatis, P. Karkazis, H. C. Leligou, and S. Voliotis (2009), Efficient Detection of Routing Attacks in Wireless

Sensor Networks. In 16th International Conference on Systems, Signals and Image Processing (IWSSIP 2009), pp. 1–4.

[17] S. I. Eludiora, O. O. Abiona, A. O. Oluwatope, S. A. Bello, M.L. Sanni, D. O. Ayanda, C.E. Onime, E. R. Adagunodo, and L.O. Kehind (2011), A Distributed Intrusion Detection Scheme for Wireless Sensor Networks, in Procs. IEEE International Conference on Electro/Information Technology (EIT) 2011, pp.1-5.

[18] SmartDetect WSN Team (2010), SmartDetect: An Efficient WSN Implementation for Intrusion Detection in 2010 Second International Conference on Communication Systems and Networks (COMSNETS), pp. 1 –2.

16

REFERENCES CONT…

[19] M. Khan, G. Pandurangan, and V. S. Anil Kumar (2009). Distributed algorithms for constructing approximate minimum spanning trees in wireless sensor networks, IEEE Transactions on Parallel and Distributed Systems, 20:124–139, Jan. 2009.

[20] R. Subramanian, P.V. Kumar, S. Krishnan, B. Amrutur, J. Sebastian, M. Hegde, S.V.R. Anand (2009). A low-complexity algorithm for intrusion detection in a pir-based wireless sensor network, in International Conference Series on Intelligent Sensors, Sensor Networks and Information Processing.

[21] F. Ye, G. Zhong, S. Lu, and L. Zhang (2005). Gradient broadcast: a robust data delivery protocol for large scale sensor networks, Wirel. Netw., 11(3):285–298.

[22] http://www.wsn-roup.org/comment/13#comment-13

[23] J. Yick, B. Mukherjee, and D. Ghosal (2008), Wireless Sensor Network Survey. Computer Networks , 52(12): 2292–2330.

[24] W. Seah and Y. K. Ta, (2010). Chapter 12: Routing Security Issues in Wireless Sensor Networks: Attacks and Defenses, in Sustainable Wireless Sensor networks, pp. 279-308.

[25] Bc. L. Honus (2009). Design, Implementation and simulation of

intrusion detection system for wireless sensor networks, M.S. Thesis,

Masarykova Univerzita, Czech.

17

June.26.2012