Security solutions in the network : prevention and detection Prevention techniques: The first line of defense like encryption, authentication, firewalls,… Intrusion detection: The second line of defense is that when preventive .Two important modules of intrusion detection : Anomaly detection and misuse detection
WSN can be used for different applications such as medical monitoring, military applications, environment monitoring, and healthy applications . The use of WSNs has developed rapidly in the last decade and the traditional way of protecting networks is no longer sufficient for these types of networks. Attack can occur from any direction and any node in WSNs, so one significant security problem is the networks’ intrusion detection.
In flat-based routing protocols, each node plays the same roles in routing procedure . In large networks, Base Station (BS) specifies certain regions and sends queries to them, and then waits for data from nodes in that region. This routing is data-centric and saves energy through data negotiation and elimination of data redundancy . In hierarchical routing protocols nodes play different roles and this routing are based on clustering, and Cluster Heads (CHs) are responsible to collect data from neighbors in each cluster and sends collected data to the BS. This routing protocol is scalable and energy-efficient , because nodes with higher energy can be CHs. In location-based routing protocol, the transmission route for a node is based on the localization of the final destination and the other node positions . In this routing, some location-based scheme in order to save energy demand nodes go to sleep mode when there is no activity . In this paper several works for building IDS are presented with regard to energy consumption as a crucial resource for sensors as well as being the key challenge in WSNs. These papers are grouped based on three types of WSNs routing protocols.
As shown in Fig.1, the anomaly detection module checks a large number of packets, and then the misuse detection module judges the abnormal packets. The final decision is made in the decision making module. The outputs of the anomaly detection and misuse detection modules are integrated and the types of attacks are reported to the network administrator. The decision making model uses the following rules in order to make the final decision: 1. If the anomaly detection module detects an attack but the misuse detection module does not detect an attack, then it is not an attack and it is an erroneous classification. 2. If both anomaly detection module and misuse detection module detect an attack, then it is an attack and the class of attack is determined. A three-layer Back Propagation Network (BPN) is adopted for misuse detection module, which is used to classify the attacks and evaluate the performance of the misuse detection.
2>low-complexity cooperation algorithm may improve the detection and containment process .
TMote sky wireless sensors which are programmable, to allow intelligent communication between the SNs and the BSs
The entire network may be vulnerable to various attacks. Algorithm 1 is developed to detect intrusion on the network. The BS has the power to detect the frequency at which sensor node is sending captured data. For Example, if a sensor node sending data 5s is being programmed to send every 30s interval. This becomes abnormal behavior to the BS and the BS can broadcast to other BSs within the networks to alert them. In this case the details of such a sensor node will be made available to other BSs. The data from this sensor node will not be considered pending the time it will be recovered. Algorithms 2 will carry-out analysis on every packet being sent by the sensor nodes to determine character by character the content of the packet. This will assist in detecting the false and true alerts (detection) on the network. Conclusions can then be drawn using results being generated. The implementation of the two Algorithm will achieve intrusion detection and types of intrusion on the network. Each sensor can be uniquely identified. The sensor would have being programmed before any deployment.
1>which was arranged from intrusions simulated in a military network environment, consists of 34 types of numerical features and 7 types of symbolic features, regard to different attack properties. This dataset considers many attack behaviors catagorized into four groups and one kind of normal communication,then recorded data are classified based on these four groups and normal group.2>JSim is a Java-based simulation which is for building quantitative numeric models and analyze these models regarding to experimental reference data.computational engine is quite general and it can be used in a wide range of scientific domains.3>TMoteplatform.TMote platform used the CC2420 radio communication chip which designd for low-power and low-voltage wireless applications.
According to the security level standard, protocols must be as light as possible with regard to limited sensor energy in WSNs. Therefore, IDS in WSNs need to detect intrusion in a way that does not threat sensor energy dissipation. The goal of a secure routing protocol for a WSN is to ensure the integrity, authentication, and availability of messages . Most of the routing protocols for WSNs are vulnerable to various types of attacks like advertising routes by an adversary node to non-existent nodes. To handle these problems different mechanisms, for example appropriate authentication or creating trust table in each node can be used to ensure that only legitimate group nodes receive broadcast and multicast communication,
ENERGY-EFFICIENT INTRUSION DETECTION IN WIRELESS SENSOR NETWORK Solmaz Salehian , Farzaneh Masoumiyan , Dr. Nur Izura Udzir Department of Communication Technology and Network Faculty of Computer Science and Information Technology, Universiti Putra Malaysia UPM Serdang, MalaysiaThe International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec2012)
OUTLINE 1 Introduction 2 IDS in WSN 3 Simulation 4 Analysis and Conclusion 2
INTRODUCTIONo WSNs consist of a collection of sensor nodes which aredistributed in open environment in various locations.o Deploying sensors in open and unprotected environment and dynamic topology in WSNs raises security issues.o IDS can be used to detect and determine whether the packets are malicious or neighbor node is anomalous. 4
ROUTING PROTOCOL CLASSIFICATION BASED ON NETWORKSTRUCTURE IN WSNS: location-based RP Flat-based RP 5 Hierarchical RP Fig1.Routing protocols classification
Energy-Efficient IDS in WSN HIERARCHICAL ROUTING• An IDS for CHs because in thisrouting most attackers which are thetargets for attackers•The anomaly and misuse detectiontechniques are used as a hybridtechnique, and the rules-based analysismethod is used to build anomalydetection modules and experts definedthe corresponding rules. Fig2.Hybrid tech 6
Energy-Efficient IDS in WSN HIERARCHICAL ROUTING CONT… Anomaly detection provides a high detection rate, but high false positive rate. The misuse detection has high accuracy but low detection rate, so HIDS combines of the high detection rate of anomaly detection and the high accuracy of misuse detection and thus increase detection of unknown attacks. 7
Energy-Efficient IDS in WSN FLAT-BASED ROUTING An anomaly intrusion detection algorithm is used. According to network structure, all nodes have the following characteristics: 1) the neighbors of a specific node do not change during the course of the analysis. This means three things: Nodes are stationary, Transmission power levels do not change, and no new node is added after a network is deployed. Each node can uniquely identify its neighbors (for example, using an assigned id). Data and control packet flows are directional. 8
Each node provides neighboring nodes’ activities, and builds a simple dynamic of the statistical model neighboring nodes. using statistic detection model detects whether the neighbor node is anomalous. In this model the anomaly detection algorithm executes at each node separately. The nodes can identify a legitimate neighbor by comparing a small number of received packet features. 9
Energy-Efficient IDS in WSN LOCATION-BASED ROUTING Algorithm 1 is developed to detect intrusion on the network. Algorithms 2 will carry-out analysis on every packet sent by the sensor nodes. The implementation of the two Algorithm will achieve intrusion detection and types of intrusion on the network. Energy consumed will be reduced during single hop data transmission from SN to BS. A careful consideration should be given to distance between a sensor and BS before the sensors were deployed, and keeping a close range of sensors to BS is important. All traffic from sensors must pass through installed IDS in the BSs. If any attack is detected, data received from the attack node will be stopped. Mobile Agents (MAs) are used to facilitate communication among the BSs and also enhance intrusion detection and prevention. Using MAs can help address over- 10 loading issues in the BSs.
Satellite BS serverSensor Mobile agent 11 Fig3.Architecture view of D-IDS
SIMULATION OF IDS IN WSNS using the KDDCup99 dataset; as a training sample and testing dataset in experiment.KDDCup99 dataset. Another measure is using the JSIM platform in order to investigate whether the proposed secure routing protocol can detect the malicious nodes. Evaluating on real data gathered for WSNs which used TMote sky wireless sensor for testing and simulation based on specified parameters. 12
ANALYSIS & CONCLUSION In hierarchical routing protocols : Protecting the CHs in hierarchical routing not only can detect attack ,but also can help to prolong network life time and decrease energy consumption. However, in this routing protocol, finding a suitable path to the BS and avoiding route misbehavior must be considered. In flat-based routing protocols: This routing protocol can partially preserve energy, but selecting legitimate nodes within the network is a challenge, and the presented algorithms try to overcome this problem by detecting anomalous and malicious nodes over network with regard to maintaining the path which comprises memory resources. But this routing protocol becomes necessary when reliability is strong. In location-based routing protocol : In this routing protocol power loss is increased specially when the nodes are located far from the BS; hence, proposed models try to overcome this issue, for example by limiting SNs to those which have data to transmit, or by making routing decision based on location and trust information and ignoring nodes with poor trustworthiness during routing . 13
REFERENCES C. F. García-Hernández, P. H. Ibargüengoytia-González, J. García-Hernández, and J. A. Pérez-Díaz (2007). Wireless Sensor Networks and Applications: A Survey, in International Journal of Computer Science Issues (IJCSI), 7(30):264-273. P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez (2009), Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges. Computers & Security, 28(1–2):18–28. A. Patcha and J-M. Park (2007), An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks, 51(12):3448–3470. Q. Wang, S. Wang and Z. Meng (2009), Applying an Intrusion Detection Algorithm to Wireless Sensor Networks. In Procs. Second International Workshop on Knowledge Discovery and Data Mining (WKDD 2009), pp. 284–287. K.Q. Yan, S. C. Wang., S.S. Wang and C.W. Liu (2010), Hybrid Intrusion Detection System for Enhancing the Security of a Cluster-based Wireless Sensor Network. In Proceedings of the Computer Science and Information Technology (ICCSIT), July 2010, vol.1, pp.114-118. J. N. Al-Karaki and A. E. Kamal (2004), Routing Techniques in Wireless Sensor Networks: A Survey. IEEE Wireless Communications, 11(6):6–28. L. J. G. Villalba, A. L. S. Orozco, A. T. Cabrera, and C. J. B. Abbas (2009), Routing Protocols in Wireless Sensor Networks, Sensors, 9(11):8399–8421. D. Liu and Q. Dong (2007), Detecting misused keys in wireless sensor networks. In Procs. IPCCC 2007, April 2007, pp. 272 - 280. M-W. Park, J-M. Kim, Y-J. Han, and T-M. Chung (2008), A Misused Key Detection Mechanism for Hierarchical Routings in Wireless Sensor Network. In Fourth International Conference on Networked Computing and 14 Advanced Information Management 2008 (NCM’08), pp. 47–52.
REFERENCES CONT… M. K. Watfa, and S. Commuri (2006), Energy-efficient Approaches to Coverage Holes Detection inWireless Sensor Networks. In IEEE International Symposium on Intelligent Control, 4-6 Oct. 2006, Munich, Germany, pp. 131–136. C-F. Hsieh, Y-F. Huang, and R-C. Chen (2011), A Light-Weight Ranger Intrusion Detection System on Wireless Sensor Networks. In 2011 Fifth International Conference on Genetic and Evolutionary Computing (ICGEC), pp. 49–52. L. Guorui, J. He, and Y. Fu (2008), Group-based Intrusion Detection System in Wireless Sensor Networks, Computer Communications, 31(18):4324–4332. I. Onat and A. Miri (2005), An intrusion detection system for Wireless sensor networks, in Procs. IEEE International Conference on Wireless And Mobile Computing, Networking and Communications (WiMob2005), 22-24 Aug. 2005, pp. 253–259. S. Janakiraman, S. Rajasoundaran, and P. Narayanasamy (2012). The Model #x2014: Dynamic and Flexible Intrusion Detection Protocol forHigh Error Rate Wireless Sensor Networks Based on Data Flow. In 2012 International Conference on Computing, Communication andApplications (ICCCA), pp. 1 –6. M.A. Rassam, M.A. Maarof, and A. Zainal (2011). A Novel Intrusion Detection Framework for Wireless Sensor Networks. In 2011 7thInternational Conference on Information Assurance and Security (IAS), pp. 350 –353. T. Zahariadis, P. Trakadas, S. Maniatis, P. Karkazis, H. C. Leligou, and S. Voliotis (2009), Efficient Detection of Routing Attacks in WirelessSensor Networks. In 16th International Conference on Systems, Signals and Image Processing (IWSSIP 2009), pp. 1–4. S. I. Eludiora, O. O. Abiona, A. O. Oluwatope, S. A. Bello, M.L. Sanni, D. O. Ayanda, C.E. Onime, E. R. Adagunodo, and L.O. Kehind (2011), A Distributed Intrusion Detection Scheme for Wireless Sensor Networks, in Procs. IEEE International Conference on Electro/Information Technology (EIT) 2011, pp.1-5. 15 SmartDetect WSN Team (2010), SmartDetect: An Efficient WSN Implementation for Intrusion Detection in 2010 Second International Conference on Communication Systems and Networks (COMSNETS), pp. 1 –2.
REFERENCES CONT…  M. Khan, G. Pandurangan, and V. S. Anil Kumar (2009). Distributed algorithms for constructing approximate minimum spanning trees in wireless sensor networks, IEEE Transactions on Parallel and Distributed Systems, 20:124–139, Jan. 2009.  R. Subramanian, P.V. Kumar, S. Krishnan, B. Amrutur, J. Sebastian, M. Hegde, S.V.R. Anand (2009). A low-complexity algorithm for intrusion detection in a pir-based wireless sensor network, in International Conference Series on Intelligent Sensors, Sensor Networks and Information Processing.  F. Ye, G. Zhong, S. Lu, and L. Zhang (2005). Gradient broadcast: a robust data delivery protocol for large scale sensor networks, Wirel. Netw., 11(3):285–298.  http://www.wsn-roup.org/comment/13#comment-13  J. Yick, B. Mukherjee, and D. Ghosal (2008), Wireless Sensor Network Survey. Computer Networks , 52(12): 2292–2330.  W. Seah and Y. K. Ta, (2010). Chapter 12: Routing Security Issues in Wireless Sensor Networks: Attacks and Defenses, in Sustainable Wireless Sensor networks, pp. 279-308.  Bc. L. Honus (2009). Design, Implementation and simulation of intrusion detection system for wireless sensor networks, M.S. Thesis, Masarykova Univerzita, Czech. 16