21-05-2012, 03:36 PM
An Isolation Intrusion Detection System forHierarchical Wireless Sensor Networks
An Isolation Intrusion.pdf (Size: 603.13 KB / Downloads: 50)
ABSTRACT
A wireless sensor network (WSN) is a
wireless network consisting of spatially distributed
autonomous devices using sensors to cooperatively monitor
environmental conditions, such as battlefield data and
personal health information, and some environment limited
resources. To avoid malicious damage is important while
information is transmitted in wireless network. Thus,
Wireless Intrusion Detection Systems are crucial to safe
operation in wireless sensor networks. Wireless networks
are subject to very different types of attacks compare to
wired networks. In this paper, we propose an isolation table
to detect intrusion by hierarchical wireless sensor networks
and to estimate the effect of intrusion detection. The
primary experiment proves that isolation table intrusion
detection can prevent attacks effectively.
INTRODUCTION
Wireless Sensor Networks (WSNs) is a novel
technology involving the deployment of hundreds of
low-cost, micro-hardware, and resource-limited sensor
nodes. It uses sensor nodes to sense important
information. The applications of WSNs include military
sensing, disaster response, health care, and intelligent
house control [3]; can be configured to suit a wide variety
of personal requirements. Once sensor nodes are
deployed, they are self-organized and establish routes
automatically. Information concerning surroundings is
transmitted to a Base Station (BS). A WSN is typically
deployed in an uncontrolled or unreachable environment.
Each sensor node carries a limited, generally
irreplaceable energy source. Therefore, energy
conservation is the most important performance
consideration for extending network lifetime.
As a result of reduced energy consumption, extended
network coverage, and increased lifetime, Heinzelman et
al. proposed a cluster-based, hierarchical WSN (CWSN)
[9][16]. In a given period of time, CWSN will pick out a
set of cluster heads (CHs). The CHs becomes the center
of a cluster, while the other sensor nodes in this cluster
are the member nodes. The member nodes (MNs) deliver
sensed data to the BS through their cluster head. The data
from member nodes is aggregated to high-level
information by CHs for energy conservation. We use this
architecture to construct an intrusion detection system.
THE ISOLATION TABLE INTRUSION DETECTION
SYSTEM (ITIDS)
The features of wireless sensor networks are limited
resources and low computation. Thus an intruder will
exhaust all WSNs energy to cause disconnection. The
energy consumption of IDS is an important issue for
system design. The WSNs consumes energy through
sensing, transmitting, and computing data. Hence,
intrusion detection must avoid consuming dispensable
energy to detect malicious nodes. To continually isolate
malicious nodes, we propose a method using isolation
tables to avoid IDS consuming unnecessary energy.
There are four characteristics of ITIDS: one BS, one
Primary Cluster Head (PCH), several Secondary Cluster
Heads (SCHs), and the remaining sensor nodes are MNs.
The definitions are shown as follows:
BS: The administrator uses BS to control whole WSN.
The BS receives sensing data and isolation tables.
PCH: The duty of PCH is to gather sensing data and
isolation tables from SCHs to BS. The PCH also
divides its duty-cycle to SCHs of MGs to monitor it.
SCHs: SCHs calculate trust values to find malicious MNs.
SCHs monitor PCH with MNs in MGs.
MNs: The MNs sense data to SCH. The MNs are divided
into several MGs to monitor PCH in rotation.
The proposed method is divided into four stages: First,
the system predefines IDS; next, the SCH monitors MNs;
and then the SCHs and MNs monitor PCH; finally, the
IDS backups the isolation table in BS. The related
parameters of ITIDS are shown in Table 1.
CONCLUSIONS AND FUTURE WORKS
We have proposed a method to combine routing tables
and isolation tables to detect anomalies. The IDS depends
on attack behaviors to detect malicious nodes. When the
WSN is intruded by malicious nodes, IDS detects a
malicious node through its unusual behavior. The IDS
compares sensor node behaviors with attack behaviors to
determine anomalous information. If the node is
anomalous, it will be isolated and recorded in the
isolation table. The SCHs send an isolation table to PCH
for integration. If there is no anomaly, the SCHs
periodically send information to avoid nodes being
infiltrated. Finally PCH updates the isolation table to BS
periodically. When the PCH is changed, the new PCH
can receive the isolation table from BS to continuously
isolate anomalous nodes. The IDS must consider that
WSNs has limited resources; thus, the estimation method
is different between WSNs and wired networks. We have
listed estimation IDS performance methods that were
used in our performance evaluation. The CID method
focuses on energy consumption and remaining resources
to determine live nodes. The RTID method uses the
number of monitored nodes to calculate transmission
accuracy. Our primary experiment compares live nodes
with CID, and compares transmission accuracy with
RTID. The primary experiment proves our ITIDS can
prevent attacks effectively.
When the remaining nodes decrease, the intruders can
infiltrate WSN more easily. In this case, the intruders
capture a few MNs that can depose our PCH because the
alarm threshold decreases. A further study will be done
on different detection methods to improve IDS using a
few nodes to detect anomaly. In addition, we will find the
balance between performance consumption and
information security.