The document discusses energy-efficient intrusion detection techniques for wireless sensor networks. It summarizes routing protocols used in WSNs and proposes using hybrid anomaly and misuse detection at cluster heads in hierarchical routing to increase detection rates while reducing energy consumption. For flat-based routing, it suggests using statistical anomaly detection at each node. For location-based routing, it proposes detecting intrusions based on location and trust information to limit communication between distant nodes and the base station. Simulation results on real sensor network data show the approaches can effectively detect intrusions while preserving energy.

1. ENERGY-EFFICIENT INTRUSION DETECTION IN
WIRELESS SENSOR NETWORK
Solmaz Salehian , Farzaneh Masoumiyan , Dr. Nur Izura Udzir
Department of Communication Technology and Network
Faculty of Computer Science and Information Technology,
Universiti Putra Malaysia
UPM Serdang, Malaysia
The International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec2012)

2. OUTLINE
1 Introduction
2 IDS in WSN
3 Simulation
4 Analysis and Conclusion
2

3. INTRODUCTION
Encryption, Authentication
prevention Firewalls,…
Security
solutions Anomaly
Detection
Intrusion
detection
Misuse
Detection
3

4. INTRODUCTION
o WSNs consist of a collection of sensor nodes which are
distributed in open environment in various locations.
o Deploying sensors in open and unprotected environment and
dynamic topology in WSNs raises security issues.
o IDS can be used to detect and determine whether the
packets are malicious or neighbor node is anomalous.
4

5. ROUTING PROTOCOL CLASSIFICATION BASED ON NETWORK
STRUCTURE IN WSNS:
location-based RP Flat-based RP
5
Hierarchical RP
Fig1.Routing protocols classification

6. Energy-Efficient IDS in WSN
 HIERARCHICAL ROUTING
• An IDS for CHs because in this
routing most attackers which are the
targets for attackers
•The anomaly and misuse detection
techniques are used as a hybrid
technique, and the rules-based analysis
method is used to build anomaly
detection modules and experts defined
the corresponding rules.
Fig2.Hybrid tech
6

7. Energy-Efficient IDS in WSN
 HIERARCHICAL ROUTING CONT…
 Anomaly detection provides a high detection rate, but high false
positive rate. The misuse detection has high accuracy but low
detection rate, so HIDS combines of the high detection rate of
anomaly detection and the high accuracy of misuse detection
and thus increase detection of unknown attacks.
7

8. Energy-Efficient IDS in WSN
 FLAT-BASED ROUTING
 An anomaly intrusion detection algorithm is used.
 According to network structure, all nodes have the following
characteristics:
1) the neighbors of a specific node do not change during the course
of the analysis. This means three things:
 Nodes are stationary, Transmission power levels do not change,
and no new node is added after a network is deployed.
 Each node can uniquely identify its neighbors (for example, using
an assigned id).
 Data and control packet flows are directional.
8

9.  Each node provides neighboring nodes’ activities, and builds
a simple dynamic of the statistical model neighboring
nodes.
 using statistic detection model detects whether the neighbor
node is anomalous. In this model the anomaly detection
algorithm executes at each node separately.
 The nodes can identify a legitimate neighbor by comparing a
small number of received packet features.
9

10. Energy-Efficient IDS in WSN
 LOCATION-BASED ROUTING
 Algorithm 1 is developed to detect intrusion on the network.
Algorithms 2 will carry-out analysis on every packet sent by the
sensor nodes. The implementation of the two Algorithm will
achieve intrusion detection and types of intrusion on the
network.
 Energy consumed will be reduced during single hop data
transmission from SN to BS. A careful consideration should be
given to distance between a sensor and BS before the sensors
were deployed, and keeping a close range of sensors to BS is
important.
 All traffic from sensors must pass through installed IDS in
the BSs. If any attack is detected, data received from the attack
node will be stopped. Mobile Agents (MAs) are used to facilitate
communication among the BSs and also enhance intrusion
detection and prevention. Using MAs can help address over- 10
loading issues in the BSs.

11. Satellite
BS server
Sensor
Mobile agent
11
Fig3.Architecture view of D-IDS

12. SIMULATION OF IDS IN WSNS
 using the KDDCup'99 dataset; as a training sample and testing
dataset in experiment.KDDCup'99 dataset.
 Another measure is using the JSIM platform in order to
investigate whether the proposed secure routing protocol can
detect the malicious nodes.
 Evaluating on real data gathered for WSNs which used TMote sky
wireless sensor for testing and simulation based on specified
parameters.
12

13. ANALYSIS & CONCLUSION
 In hierarchical routing protocols : Protecting the CHs in hierarchical
routing not only can detect attack ,but also can help to prolong network life
time and decrease energy consumption. However, in this routing protocol,
finding a suitable path to the BS and avoiding route misbehavior must be
considered.
 In flat-based routing protocols: This routing protocol can partially preserve
energy, but selecting legitimate nodes within the network is a challenge, and
the presented algorithms try to overcome this problem by detecting
anomalous and malicious nodes over network with regard to maintaining the
path which comprises memory resources. But this routing protocol becomes
necessary when reliability is strong.
 In location-based routing protocol : In this routing protocol power loss is
increased specially when the nodes are located far from the BS; hence,
proposed models try to overcome this issue, for example by limiting SNs to
those which have data to transmit, or by making routing decision based on
location and trust information and ignoring nodes with poor trustworthiness
during routing .
13

14. REFERENCES
[1] C. F. García-Hernández, P. H. Ibargüengoytia-González, J. García-Hernández, and J. A. Pérez-Díaz (2007).
Wireless Sensor Networks and Applications: A Survey, in International Journal of Computer Science Issues
(IJCSI), 7(30):264-273.
[2] P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez (2009), Anomaly-based
Network Intrusion Detection: Techniques, Systems and Challenges. Computers & Security, 28(1–
2):18–28.
[3] A. Patcha and J-M. Park (2007), An Overview of Anomaly Detection Techniques: Existing Solutions
and Latest Technological Trends. Computer Networks, 51(12):3448–3470.
[4] Q. Wang, S. Wang and Z. Meng (2009), Applying an Intrusion Detection Algorithm to Wireless Sensor
Networks. In Procs. Second International Workshop on Knowledge Discovery and Data Mining (WKDD
2009), pp. 284–287.
[5] K.Q. Yan, S. C. Wang., S.S. Wang and C.W. Liu (2010), Hybrid Intrusion Detection System for
Enhancing the Security of a Cluster-based Wireless Sensor Network. In Proceedings of the Computer
Science and Information Technology (ICCSIT), July 2010, vol.1, pp.114-118.
[6] J. N. Al-Karaki and A. E. Kamal (2004), Routing Techniques in Wireless Sensor Networks: A Survey. IEEE
Wireless Communications, 11(6):6–28.
[7] L. J. G. Villalba, A. L. S. Orozco, A. T. Cabrera, and C. J. B. Abbas (2009), Routing Protocols in Wireless
Sensor Networks, Sensors, 9(11):8399–8421.
[8] D. Liu and Q. Dong (2007), Detecting misused keys in wireless sensor networks. In Procs. IPCCC 2007, April
2007, pp. 272 - 280.
[9] M-W. Park, J-M. Kim, Y-J. Han, and T-M. Chung (2008), A Misused Key Detection Mechanism for Hierarchical
Routings in Wireless Sensor Network. In Fourth International Conference on Networked Computing and
14
Advanced Information Management 2008 (NCM’08), pp. 47–52.

15. REFERENCES CONT…
[10] M. K. Watfa, and S. Commuri (2006), Energy-efficient Approaches to Coverage Holes Detection inWireless Sensor
Networks. In IEEE International Symposium on Intelligent Control, 4-6 Oct. 2006, Munich, Germany, pp. 131–136.
[11] C-F. Hsieh, Y-F. Huang, and R-C. Chen (2011), A Light-Weight Ranger Intrusion Detection System on Wireless Sensor
Networks. In 2011 Fifth International Conference on Genetic and Evolutionary Computing (ICGEC), pp. 49–52.
[12] L. Guorui, J. He, and Y. Fu (2008), Group-based Intrusion Detection System in Wireless Sensor Networks,
Computer Communications, 31(18):4324–4332.
[13] I. Onat and A. Miri (2005), An intrusion detection system for Wireless sensor networks, in Procs. IEEE International
Conference on Wireless And Mobile Computing, Networking and Communications (WiMob'2005), 22-24 Aug.
2005, pp. 253–259.
[14] S. Janakiraman, S. Rajasoundaran, and P. Narayanasamy (2012). The Model #x2014: Dynamic and Flexible Intrusion
Detection Protocol for
High Error Rate Wireless Sensor Networks Based on Data Flow. In 2012 International Conference on Computing,
Communication and
Applications (ICCCA), pp. 1 –6.
[15] M.A. Rassam, M.A. Maarof, and A. Zainal (2011). A Novel Intrusion Detection Framework for Wireless Sensor Networks.
In 2011 7th
International Conference on Information Assurance and Security (IAS), pp. 350 –353.
[16] T. Zahariadis, P. Trakadas, S. Maniatis, P. Karkazis, H. C. Leligou, and S. Voliotis (2009), Efficient Detection of Routing
Attacks in Wireless
Sensor Networks. In 16th International Conference on Systems, Signals and Image Processing (IWSSIP 2009), pp. 1–4.
[17] S. I. Eludiora, O. O. Abiona, A. O. Oluwatope, S. A. Bello, M.L. Sanni, D. O. Ayanda, C.E. Onime, E. R. Adagunodo, and L.O.
Kehind (2011), A Distributed Intrusion Detection Scheme for Wireless Sensor Networks, in Procs. IEEE
International Conference on Electro/Information Technology (EIT) 2011, pp.1-5.
15
[18] SmartDetect WSN Team (2010), SmartDetect: An Efficient WSN Implementation for Intrusion Detection in 2010
Second International Conference on Communication Systems and Networks (COMSNETS), pp. 1 –2.

16. REFERENCES CONT…
[19] M. Khan, G. Pandurangan, and V. S. Anil Kumar (2009). Distributed algorithms for constructing
approximate minimum spanning trees in wireless sensor networks, IEEE Transactions on Parallel
and Distributed Systems, 20:124–139, Jan. 2009.
[20] R. Subramanian, P.V. Kumar, S. Krishnan, B. Amrutur, J. Sebastian, M. Hegde, S.V.R. Anand (2009).
A low-complexity algorithm for intrusion detection in a pir-based wireless sensor network, in
International Conference Series on Intelligent Sensors, Sensor Networks and Information Processing.
[21] F. Ye, G. Zhong, S. Lu, and L. Zhang (2005). Gradient broadcast: a robust data delivery protocol
for large scale sensor networks, Wirel. Netw., 11(3):285–298.
[22] http://www.wsn-roup.org/comment/13#comment-13
[23] J. Yick, B. Mukherjee, and D. Ghosal (2008), Wireless Sensor Network Survey. Computer Networks , 52(12):
2292–2330.
[24] W. Seah and Y. K. Ta, (2010). Chapter 12: Routing Security Issues in Wireless Sensor Networks: Attacks
and Defenses, in Sustainable Wireless Sensor networks, pp. 279-308.
[25] Bc. L. Honus (2009). Design, Implementation and simulation of
intrusion detection system for wireless sensor networks, M.S. Thesis,
Masarykova Univerzita, Czech.
16

17. 17
June.26.2012