This document outlines the design, implementation, and evaluation of an intrusion detection system for wireless sensor networks. It begins with an overview of wireless sensor networks, including their applications, components, and communication models. It then discusses the objective of the project, which is to design an IDS to detect attacks on wireless sensor networks. The document reviews existing IDS approaches and their limitations before describing the design of the proposed anomaly-based IDS, which establishes a baseline of normal traffic and detects deviations that could indicate denial of service attacks. It provides details on using MoteIV sensors and its programming tools to implement and test the IDS.

1. Intrusion Detection System for
Wireless Sensor Networks:
Design, Implementation and Evaluation
Dr. Huirong Fu

2. Outline
• Overview of Wireless Sensor Network
(WSN)
• Project Objective:
– how to detect attacks on WSN?
• Project Tasks:
– Intrusion detection system
• More Information
UnCoRe 2007

3. 3
WSN Overview
• Applications of WSNs
• Components of a Sensor
• WSN Communication Models
• Attacks on WSN
UnCoRe 2007

4. 4
Overview: Applications of WSNs
• Military
• Disaster Detection and Relief
• Industry
• Agriculture
• Environmental Monitoring
• Intelligent Buildings
• Health/Medical
• Law Enforcement
• Transportation
• Space Exploration
UnCoRe 2007

5. 5
Overview: Components of a Sensor
• Sensing Unit
• Processing Unit
• Storage Unit
• Power Unit
• Wireless
Transmitter/Receiver
UnCoRe 2007

6. 6
Overview: Communication Models
• Hierarchical WSN
– Sensor Nodes
– Cluster Nodes
– Base Stations
• Distributed WSN
UnCoRe 2007

7. Overview: Attacks on WSN (1/3)
• DoS, DDoS attacks which affect network
availability
• Eavesdropping, sniffing which can threaten
confidential data
• Man-in-the-middle attacks which can affect
packet integrity
• Signal jamming which affects communication
UnCoRe 2007

8. Overview: Attacks on WSN (2/3)
UnCoRe 2007

9. Overview: Attacks on WSN (3/3)
UnCoRe 2007

10. Project Objective
• How to detect attacks on WSN?
– Intrusion Detection System (IDS): Design,
implementation and evaluation
UnCoRe 2007

11. Project Tasks
• Literature survey on IDS for WSN
– What have been proposed?
– Have they been implemented and evaluated?
– What are the Pros and Cons of each?
UnCoRe 2007

12. Project Tasks
• Make decision
– Shall we extend some of the works, or
– Design a novel IDS?
• Design, implementation and evaluation
– What are the requirements for an ideal IDS?
– What are the challenges?
– What are the hardware and software
available?
UnCoRe 2007

13. Existing security measures
• 2Intrusion detection based on AODV (Ad hoc
On-Demand Distance Vector Routing
Protocol)
– Pros
• Sophisticated algorithm for detecting and reacting to
a great variety of potential wireless network attacks
using an anomaly detection pattern
• Works well for ad-hoc wireless networks
– Cons
• Computationally expensive
• Currently not deployed on wireless sensor networks
UnCoRe 2007

14. Existing security measures
• 4Effective Intrusion Detection using Multiple Sensors
in Wireless Ad Hoc Networks
– Pros
• Mobile agent based intrusion detection
• Intelligent routing of intrusion data throughout the
network
• Lightweight implementation
– Cons
• Agent only deployed on a fraction of the network nodes
• Not deployed on completely wireless sensor networks
UnCoRe 2007

15. Existing security measures
• 3INSENS (Intrusion Tolerant Routing
Protocol for Wireless Sensor Networks)
– Pros
• Allows an alternative network route to be
established between non-malicious nodes
– Cons
• Does not provide intrusion detection, but rather
intrusion tolerance
• Still requires the sacrifice of a small number of
wireless sensor nodes
UnCoRe 2007

16. Our IDS System
• Uses Motelv’s TMote wireless sensors.
• Developed using MoteIv’s proprietary
software--TMote Tools
– Cygwin
– Java
– TinyOS programming language
– Enhanced with a plug-in for the Eclipse IDE
for programming and compiling the TinyOS
modules
UnCoRe 2007

17. IDS Wireless Sensor Setup
UnCoRe 2007

18. Our IDS System Design
• Uses anomaly detection pattern
• Establishes a baseline of “normal” traffic
between wireless sensor nodes over a
specified time interval
• Compares current traffic against this
baseline traffic over the same specified
time interval
• Makes a determination as to whether or
not a DoS attack is occurring
UnCoRe 2007

19. Our IDS System Design
• Communication
between wireless
sensor nodes
•Activity diagram for
Wireless Sensor Node
communication
UnCoRe 2007

20. Our IDS System Design cont’d
• Emulation of a DoS
attack
• Activity design for
Emulation of a DoS
attack
UnCoRe 2007

21. References
• 1Denial of Service in Sensor Networks
• 2Wireless Sensor Networks for Intrusion
Detection: Packet Traffic Modeling
• 3INSENS: Intrusion-Tolerant Routing in
Wireless Sensor Networks
• 4Effective Intrusion Detection Using
Multiple Sensors in Wireless Ad Hoc
Networks
UnCoRe 2007

22. References
• MoteIv
– http://www.moteiv.com/community/Moteiv_Co
mmunity
• TMote Tutorial
– http://cents.cs.berkeley.edu/tinywiki/index.php/
Tmote_Windows_install
• TinyOS
– http://www.tinyos.net/tinyos-
1.x/doc/tutorial/index.html
UnCoRe 2007