1. Intrusion Detection System for
Wireless Sensor Networks:
Design, Implementation and Evaluation
Dr. Huirong Fu
2. Outline
• Overview of Wireless Sensor Network
(WSN)
• Project Objective:
– how to detect attacks on WSN?
• Project Tasks:
– Intrusion detection system
• More Information
UnCoRe 2007
3. 3
WSN Overview
• Applications of WSNs
• Components of a Sensor
• WSN Communication Models
• Attacks on WSN
UnCoRe 2007
4. 4
Overview: Applications of WSNs
• Military
• Disaster Detection and Relief
• Industry
• Agriculture
• Environmental Monitoring
• Intelligent Buildings
• Health/Medical
• Law Enforcement
• Transportation
• Space Exploration
UnCoRe 2007
5. 5
Overview: Components of a Sensor
• Sensing Unit
• Processing Unit
• Storage Unit
• Power Unit
• Wireless
Transmitter/Receiver
UnCoRe 2007
7. Overview: Attacks on WSN (1/3)
• DoS, DDoS attacks which affect network
availability
• Eavesdropping, sniffing which can threaten
confidential data
• Man-in-the-middle attacks which can affect
packet integrity
• Signal jamming which affects communication
UnCoRe 2007
10. Project Objective
• How to detect attacks on WSN?
– Intrusion Detection System (IDS): Design,
implementation and evaluation
UnCoRe 2007
11. Project Tasks
• Literature survey on IDS for WSN
– What have been proposed?
– Have they been implemented and evaluated?
– What are the Pros and Cons of each?
UnCoRe 2007
12. Project Tasks
• Make decision
– Shall we extend some of the works, or
– Design a novel IDS?
• Design, implementation and evaluation
– What are the requirements for an ideal IDS?
– What are the challenges?
– What are the hardware and software
available?
UnCoRe 2007
13. Existing security measures
• 2Intrusion detection based on AODV (Ad hoc
On-Demand Distance Vector Routing
Protocol)
– Pros
• Sophisticated algorithm for detecting and reacting to
a great variety of potential wireless network attacks
using an anomaly detection pattern
• Works well for ad-hoc wireless networks
– Cons
• Computationally expensive
• Currently not deployed on wireless sensor networks
UnCoRe 2007
14. Existing security measures
• 4Effective Intrusion Detection using Multiple Sensors
in Wireless Ad Hoc Networks
– Pros
• Mobile agent based intrusion detection
• Intelligent routing of intrusion data throughout the
network
• Lightweight implementation
– Cons
• Agent only deployed on a fraction of the network nodes
• Not deployed on completely wireless sensor networks
UnCoRe 2007
15. Existing security measures
• 3INSENS (Intrusion Tolerant Routing
Protocol for Wireless Sensor Networks)
– Pros
• Allows an alternative network route to be
established between non-malicious nodes
– Cons
• Does not provide intrusion detection, but rather
intrusion tolerance
• Still requires the sacrifice of a small number of
wireless sensor nodes
UnCoRe 2007
16. Our IDS System
• Uses Motelv’s TMote wireless sensors.
• Developed using MoteIv’s proprietary
software--TMote Tools
– Cygwin
– Java
– TinyOS programming language
– Enhanced with a plug-in for the Eclipse IDE
for programming and compiling the TinyOS
modules
UnCoRe 2007
18. Our IDS System Design
• Uses anomaly detection pattern
• Establishes a baseline of “normal” traffic
between wireless sensor nodes over a
specified time interval
• Compares current traffic against this
baseline traffic over the same specified
time interval
• Makes a determination as to whether or
not a DoS attack is occurring
UnCoRe 2007
19. Our IDS System Design
• Communication
between wireless
sensor nodes
•Activity diagram for
Wireless Sensor Node
communication
UnCoRe 2007
20. Our IDS System Design cont’d
• Emulation of a DoS
attack
• Activity design for
Emulation of a DoS
attack
UnCoRe 2007
21. References
• 1Denial of Service in Sensor Networks
• 2Wireless Sensor Networks for Intrusion
Detection: Packet Traffic Modeling
• 3INSENS: Intrusion-Tolerant Routing in
Wireless Sensor Networks
• 4Effective Intrusion Detection Using
Multiple Sensors in Wireless Ad Hoc
Networks
UnCoRe 2007