A Survey of Recent Intrusion Detection Systems for Wireless Sensor Network

A Survey of Recent Intrusion Detection Systems for Wireless Sensor Network
of 10
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
  A SURVEY of RECENT INTRUSION DETECTION SYSTEMS for WIRELESS SENSOR NETWORK Tapolina Bhattasali 1 , Rituparna Chaki 2   1 Techno India College of Technology,Kolkata,India tapolinab@gmailcom  2 !est Bengal "ni#ersity of Technology,Kolkata,India rituchaki@gmailcom  Abstract.   $ecurity of !ireless sensor net%ork &!$'( becomes a #ery important issue %ith the rapid de#elopment of !$' that is #ulnerable to a %ide range of attacks due to deployment in the hostile en#ironment and ha#ing limited resources   Intrusion detection system is one of the ma)or and efficient defensi#e methods against attacks in !$' * particularly de#astating attack is the sleep depri#ation attack, %here a malicious node forces legitimate nodes to %aste their energy by resisting the sensor nodes from going into lo% po%er sleep mode The goal of this attack is to ma+imie the po%er consumption of the target node, thereby decreasing its battery life -+isting %orks on sleep depri#ation attack ha#e mainly focused on mitigation using .*C based  protocols, such as $/.*C, T/.*C, B/.*C, etc In this article, a brief re#ie% of some of the recent intrusion detection systems in %ireless sensor net%ork en#ironment is presented 0inally, %e propose a frame%ork of cluster based layered countermeasure that can efficiently mitigate sleep depri#ation attack in !$' $imulation results on .*T*B e+hibit the effecti#eness of the  proposed model in detecting sleep/depri#ation attacks   Keywords  !$', $leep epri#ation *ttack, Cluster, I$, Insomnia !   I"trod#ct$o" !ireless sensor net%ork &!$'( refers to a system that consists of number of lo%/cost, resource limited sensor nodes to sense important data related to en#ironment and to transmit it to sink node that pro#ides gate%ay functionality to another net%ork, or an access point for human interface !$' is a rapidly gro%ing area as ne% technologies are emerging, ne% applications are being de#eloped, such as traffic, en#ironment monitoring, healthcare, military applications, home automation !$' is #ulnerable to #arious attacks such as )amming, battery drainage, routing cycle, sybil, cloning ue to limitation of computation, memory and po%er resource of sensor nodes, comple+ security mechanism can not be implemented in !$' Therefore energy/efficient security implementation is an important re3uirement for !$' * sleep depri#ation attack &battery drainage( is a particularly se#ere attack in !$'  because recharging or replacing node    batteries in !$' may be impossible  In this type of attack, intruder forces the sensor nodes to remain a%ake4 so that they %aste their energy This attack imposes such a large amount of energy consumption upon the limited po%er sensor nodes that they stop %orking and gi#e rise to denial of ser#ice through denial of sleep In this paper a sur#ey of on/going research acti#ity is presented This is follo%ed by a comparati#e analysis of the recent I schemes This paper concludes %ith a glimpse of the proposed model for detecting sleep depri#ation attack    % Re&ated Wor's Intrusion detection for !$' is an emerging field of research This section presents a category/%ise report of on/going research acti#ities D$str$b#ted A((roac) ·   In 516, a semantic based intrusion detection frame%ork is proposed for !$' by using multi/agent and semantic based techni3ues, %here security ontology is constructed according to the features of !$' to represent the formal semantics for intrusion detection This distributed techni3ue is based on cooperati#e mechanism In this mechanism, each selected rule of security ontology is mapped to sensing data collected from common sensor nodes to detect anomaly ·   In 526, an energy efficient learning solution for I$ in !$' has been proposed This schema is based on the concept of stochastic learning automata on packet sampling mechanism $imple earning *utomata  based I &$/*I( functions in a distributed   manner %ith each node functioning independently %ithout any kno%ledge about the ad)acent nodes *$erarc)$ca& A((roac)   ·   In 576, a location/a%are, trust/based detection and isolation mechanism of compromised nodes in %ireless sensor net%ork is proposed In this techni3ue, probabilistic model is used to define trust and reputation ·   In 586, a method using isolation table is proposed to isolate malicious nodes by a#oiding consumption of unnecessary energy by I$ &ITI$(This hierarchical structure of I$ based on cluster net%ork can detect serious attacks such as hello flooding, denial of ser#ice &o$(, denial of sleep, sinkhole and %ormhole attack In this mechanism, malicious nodes can be detected by considering remaining energy and trust #alues of sensor nodes ·   In 596, a light%eight ranger based I$ &RI$( has been proposed It combines the ranger method to reduce energy consumption and the isolation tables to a#oid detecting anomaly repeatedly This light%eight I$ model relates ontology concept mechanism about anomaly detection In this techni3ue, rough set theory &R$T( is used for preprocessing of packets and anomaly models %ill be trained by support #ector machine &$:.( ·   In 5;6, a hierarchical o#erlay design &<=( based intrusion detection system is proposed, using policy  based detection mechanism This model follo%s core defense strategy %here cluster/head is the centre point to defend intruder and concentrates on sa#ing the po%er of sensor nodes by distributing the responsibility of intrusion detection to three layer nodes ·   In 5>6, a <ybrid Intrusion etection $ystem &<I$( has been proposed in heterogeneous cluster based !$' &C!$'(The attacks such as spoofed, altered, or replayed routing information, sinkhole, sybil, %ormholes, ackno%ledgment spoofing, select for%ard, hello floods can be detected using this model ·   In 5?6, a hierarchical model &three layer architecture( is proposed based on %eighted trust e#aluation &!T-( to detect malicious nodes by monitoring its reported data ·   In 56, a dynamic model of intrusion detection &I$( has been proposed for !$' This is a hierarchical model of I$ based on clustered net%ork to battle the lo% energy It can use distributed defense %hich has the ad#antage of detecting multiple intruders, albeit, %ith an increased rate of energy consumption %ith increase in cluster sie +   Co,(arat$-e A"a&ys$s of Rece"t ID Sc)e,es Tab&e ! .   STRENT*/ WEAKNESS a"d 0UTURE SCO1E of    E2ISTIN   IDS E3$st$"4 IDS Stre"4t) Wea'"ess 0#t#re Sco(e $emantic I$516 1( *gent node stores the %hole ontology in its memory 2( -nergy efficient 1( .apping of security ontology %ith sensor data is #ague 2( ecision making function is not clearly specified *lgorithms can be impro#ed by using more comple+ semantics of security ontology  $imple earning *utomata  based I$ 526 1( istributed nature a#oids all other nodes being sacrificed %hen a single node is affected 2( -nergy efficient 7( $elf/learning nature optimies  packet sampling efficiency Computational comple+ity increases because of using dynamic topology by distributed self/learning automation techni3ue $/*I solution can be tested in different application domains of sensor net%ork ocation *%are Trust  based I$ 576 1( Reputation/based monitoring facilitates detection and isolation of malicious nodes efficiently 2( ocation a%areness enhances integrity "se of encryption algorithm consumes more energy ocation #erification  protocol can be e+tended Isolation Table  based I$ 586 Arimary e+periment pro#es that ITI$ can pre#ent attacks effecti#ely in terms of li#e nodes and transmission accuracy !hen the remaining nodes decrease, the intruders can  penetrate !$' more easily *nomaly detection techni3ue can be e+tended for impro#ement Ranger based I$ 596 1( Intruder can not attack !$' through isolated anomalous nodes 2( ight%eight model %orks in energy/efficient manner It mainly focuses on $ybil attack It can be implemented through standard  protocols &eg igbee( for performance e#aluation <ierarchical =#erlay esign  based I$ 5;6 1( Reliability, efficiency and effecti#eness are high for a large geographical area 2( istributed four le#el hierarchy results in highly energy sa#ing structure 7( I becomes #ery fast and effecti#e 1( I$ needs to %ait for intruders to reach the core area %hereas nodes can be captured at any area %ithout any notice 2( Total cost of net%ork set up is increased for using  policy based mechanism -lection procedure can  be implemented4 I$ scalability and definition of detection policy need to be determined, more specifically <ybrid I$ 5>6 1( Its detection rate and accuracy are high for using hybrid approach ecision making model is #ery simple and fast 2( Cluster head is used to reduce energy consumption, amount of data in the entire net%ork and to increase net%ork lifetime Rules in the anomaly detection model are defined manually, so performance can not be #erified through simulation 0eature selection in anomaly detection can be done by data mining4 Rule based approach can  be e+tended to pro#ide anomaly detection model %ith better performance and fle+ibility !eighted Trust -#aluation  based I$ 5?6 1( It detects misbeha#ed nodes accurately %ith #ery short delay 2( ight/%eight algorithm incurs little o#erhead It gi#es rise to high misdetection rate .ore detailed analysis regarding the  performance %ill be studied in the ongoing research ynamic .odel of I$ 56 1( It has remarkable impro#ement in security, stability and robustness as compared to static I$ istributed nature of this model increases security and net%orks lifetime 2( "pgradation of defense structure increases fle+ibility .  1( It needs more time to detect all intrusions 2( istributed detection consumes more energy   It can be tested %ith real life applications to ensure perfectness of the model   Tab&e %.   A"a&ys$s of So,e of t)e Rece"t IDS for WSN   5 1ro(osed Mode& =ur ob)ecti#e is to detect the sleep depri#ation attack in sensor net%ork In this section, a light%eight model, INSOMNIA MITIATIN INTRUSION   DETECTION SYSTEM 6IMIDS7 is proposed for heterogeneous %ireless sensor net%ork &<!$'-T( to detect insomnia of stationary sensor nodes It uses cluster based mechanism in an energy efficient manner to build a fi#e layer hierarchical net%ork to enhance net%ork scalability, fle+ibility and lifetime The lo% energy constraints of !$' necessitate the use of a hierarchical model for I$ !e di#ide sensor net%ork into clusters %hich are again partitioned into sectors I"tr#s$o" Detect$o" Syste, 0eat#rew$se d$ffere"ces Node De"s$ty Detect$o" Rate E"er4y co"s#,(t$o" $/*I$ 526  'ode density medium Aenalty threshold of D2 detects ;7 to >1E malicious  packets, that of D? is able to detect 29 to 77E malicious  packets   Both the re%ard and the  penalty functions are calculated on basis of the residual energy Remo#al of malicious node re3uires less energy ocation a%are trust  based I$ 576  'umber of sensor nodes %ithin 9 to 1DD are deployed randomly in 9D m 2  area Arobability of compromised node detection is certain %hen the number of neighboring nodes is 19 or less *s the number of neighboring nodes increases, the probability of  blacklisting decreases  'o e#aluation regarding energy consumption is found ITI$5 86 2DD sensor nodes are deployed uniformly %ithin 1DDDD s3uare meters area 9E detection accuracy is achie#ed %hen number of monitor nodes e3uals   to 1DD   -nergy consumption is less for !$' ha#ing 9D nodes compared to 1DD or 2DD nodes <I$ 5>6 'ode density is not specified ?1E detection rate, D9>E  phantom intrusion rate and >9E accuracy are achie#ed Indi#idual detection rate is #ery lo% %hen the training sample is not substantial Its energy consumption is #ery lo% !T- based I$ 5?6  'umber of nodes are %ithin a range from  to DD It has high scalability etection is terminated after more than 29E of all nodes are detected as malicious nodes !eight penalties #alues in the range of DD8 /D1 can impro#e detection rate %ith lo% misdetection rate  'o e#aluation regarding energy consumption is found I$ 5 6 >D nodes %ithin transmission range of 8 to 19 m, ha#ing cluster sie e3uals to 1D for the o#erall area of ?Dm F1DDm !hen number of nodes e3uals to 2D, all types of defenses can detect intrusion, but %hen number of nodes is greater than or e3ual to 8D, only distributed defense can detect intrusion I$ detection rate is higher %ithin smaller range &DE %ith a range of at least 19m( If consumed energy in any node is greater than or e3ual to 7DE  before acti#ation of I$, it can not be selected   istributed defense results in high energy consumption The lo%est energy in I$ is about 9>E, %hich is 1>E higher than that in $I$ I$ can prolong the lifetime of net%ork by ?E on a#erage     It %ill minimie the energy consumption by a#oiding   all the nodes needing to send data to a distant sink node It uses anomaly detection techni3ue in such a %ay so that phantom intrusion detection can be a#oided logically 5.! Ass#,(t$o"s    * sensor can be in any one of the follo%ing statesG NEW8MEM9ER8 SUS1ECTED8MALICIOUS8ISOLATED : ; : ENUINE 8 DEAD    -ach sensor node has a uni3ue id in the net%ork    -ach member node has authentic %ake/up token    *    protocol is used to assign a secure %akeup and sleep schedule for the sensor nodes    $ink node is honest gate%ay to another net%ork    The threshold #alues are pre/calculated and set for the entire net%ork    If any of cluster coordinator, for%arding sector head, sector monitor or sector coordinator is found to  be compromised, reconfiguration procedure takes place dynamically    $ensor nodes e+cluding leaf nodes and for%arding sector heads in the system participate in intrusion detection process    Henerally, sector coordinator is responsible for anomaly detection and sector monitor is responsible for detection of intrusion    Initially, probability of sleeping schedule and %ake/up schedule are same &   D9( for any normal node    Initially, trust #alue of each node is represented by a nibble             containing all 1s, belief is set to 1    $. may be more than one %ithin a sector    $' selects CC and CC selects $C, $., 0$<    *nomaly can be detected on the basis of energy consumption rate, allotted %akeup schedule, authentic %akeup token, number of packets recei#ed %ithin a time inter#al Reputation of sensor node needs to  be considered during intrusion detection 5.% Data Def$"$t$o" J       ' * node ' is defined to be a     if Child  ' L M =  L Æ M *' Aarent  '  L M N L Æ M Its detection po%er&A( OD J            * node ' is defined to be a     if RemPeng  '   .*QP-'H L0'5 6M, %here 0'56  follo%er nodes J         /   * node ' is defined to be a     if A  ' .*QP-T-CT L' 5 6M, %here ' Ï  LCC k  , $'M *' A  '  po%er re3uired by a node for intrusion detection J        / * node ' is defined to be a         !" # $!      $  CC k  M,%here ' Ï CC k   Its detection po%er &A( OD   J   % &'   (  * node ' is defined to be a Cluster Coordinator, if RemPeng  '   .*QP-'HL'5 6M*' C*A*CITS  ' .*Q&C*A*CITS  ' (,%here ' Ï $' *' C*A*CITS  '   &-HR--  '    I'ITI*P-'H  ' (FRemP-ng  ',  -HR--  ' number of nodes %ithin its radio range J   ) *   (  * node ' is defined to be a *   if Child  ' L M N L Æ M *' Aarent  '  L M  L Æ M 5.+ Syste, Mode& 0igure 1 describes the main building block of the system model <ere $' -> $I'K '=-4 CC -> C"$T-R C==RI'*T=R4 $. - U$-CT=R .='IT=R4 0$< -> 0=R!*RI'H $-CT=R <-*4 $C -> $-CT=R C==RI'*T=R  < ' ->  -*0 '=-4
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks