Conference PaperPDF Available

Security in wireless sensor networks: key intrusion detection module in SOOAWSN.

Authors:

Abstract and Figures

Due to restrictions and limited resources in wireless sensor networks, clustering for routing organization have been proposed literature to increase system throughput, decrease system delay and save energy. Although these algorithms proposed some degree of security, but because of their dynamic nature of communication, most of their security solutions are not suitable. In this paper, we propose two methods of intrusion detection techniques that can be used during wireless sensor networks communications. The proposed solution perfectly fits all kinds of wireless sensor networks that follow the clustering hierarchy distribution. In addition, it may fit many other distribution techniques. The proposed solution is integrated in a complete solution for wireless sensor network that covers all the network life cycle from the time it deployed which is called Secure Object Oriented Architecture for Wireless Sensor Networks (SOOAWSN).
Content may be subject to copyright.
Security in Wireless Sensor Networks: Key Intrusion Detection Module in
SOOAWSN
Mohammed A. Abuhelaleh and Khaled M. Elleithy
School of Engineering
University Of Bridgeport, Bridgeport, CT
{mabuhela, elleithy} @bridgeport.edu
Keywords: Wireless Sensor Networks, Security,
Intrusion Detection System, Clustering Hierarchy.
Abstract
Due to restrictions and limited resources in
wireless sensor networks, clustering for routing
organization have been proposed literature to
increase system throughput, decrease system delay
and save energy. Although these algorithms proposed
some degree of security, but because of their dynamic
nature of communication, most of their security
solutions are not suitable. In this paper, we propose
two methods of intrusion detection techniques that
can be used during wireless sensor networks
communications. The proposed solution perfectly fits
all kinds of wireless sensor networks that follow the
clustering hierarchy distribution. In addition, it may
fit many other distribution techniques. The proposed
solution is integrated in a complete solution for
wireless sensor network that covers all the network
lifecycle from the time it deployed which is called
Secure Object Oriented Architecture for Wireless
Sensor Networks (SOOAWSN).
1. INTRODUCTION
Wireless Sensor Network (WSN) is a special
kind of networks. It consists of a number of sensors
that sense the surrounding area and forward the
collected data to the main node in the network which
called a Base Station (BS).
Network monitor is a mandatory requirement in
any WSN application to guarantee network stability.
The main target for network monitoring is to detect
any misbehavior of the network communications.
Usually this misbehavior occurs from intruders in the
network that may affect the network work or affect
the privacy of this network. In this paper, we discuss
how to detect such kind of intrusion and how to
recover from it.
Our proposed solution fits special kind of WSN
distribution which is the clustering hierarchy
distribution. In this kind of distribution nodes are
grouped into clusters with cluster leaders [1]. These
leaders are responsible of forwarding the information
from all nodes in the network to the BS. The
clustering hierarchy can be categorized into two
kinds; static clustering and dynamic clustering. In
static clustering, special nodes with special abilities
work as leaders during the whole network lifecycle
[1]. In dynamic clustering, leaders are regular sensors
that change from time to time during the network
lifecycle. In both kinds, any attack involves the
cluster heads (CHs) will affect all the sensors in its
cluster. This results a need to protect these CHs and
detect any attacks that may occur [1, 2, and 3].
In this work, we introduce a novel technique to
detect any intrusion that may occur during the
network lifecycle; especially on the CHs. Prior
communication information is to be used to detect
any misbehavior in the routing path. In addition, we
adopt Public-key authentication. In the first method, a
digital signature is used for node-node authentication.
In Section 2, we will discuss some of the related
literature on intrusion detection. In Section 3, we
present our solution and we discuss criteria that may
affect the performance of our solution. In Section 4
we present conclusions.
2. RELATED WORKS
Currently, there are few studies in the area of
intrusion detection in WSN. In this section, we
present some existing literature on intrusion detection
in WSN and Ad-Hoc Networks.
Silva and et. al. [4] proposed decentralized
intrusion detection in wireless sensor networks. In
[4], the authors suggest that nodes to be responsible
for monitoring other nodes behavior. Each node
listens to traffic in its radio range to detect any
abnormal behavior. These messages are provided to
an intrusion detection system. The details of how this
system works are not discussed in [4]. This should
increase the total power consumption in the network.
Onat et. al. [5] propose similar technique to
which that has been proposed by Silva and others [4].
The authors do not include details of how the real
56
intrusion-detection system works. In both [4] and [5],
there is no cooperation between monitoring nodes.
Instead the detection is executed locally in each node.
Loo et. al. [6] proposes Detection for Routing
Attacks in Sensor Networks system. The authors
assume the similarity of Ad-Hoc Network to WSN.
Similarity means that any technique that can applied
to Ad-Hoc network can also be applied to WSN. The
authors use AODV (Ad hoc On-Demand Distinct
Vector) protocol to study the behavior of the network
traffic in order to detect any misbehavior.
Bhuse and Gupta [7] present another intrusion
detection technique based on DSDV and DSR which
are also Ad-Hoc related protocols. They use these
protocols to study the network traffic and collect any
interesting information that may lead to intrusion
detection.
Mishra et. al. [8] propose another intrusion
detection system that should work smoothly on Ad-
Hoc networks applications. In [8], the authors
discussed the impact of applying distributed and
cooperative intrusion detection architectures on such
kind of network.
Marti et. al. [9] proposes a mitigating routing
misbehavior in mobile ad hoc networks. The authors
presented two techniques that can be used as tools for
intrusion detection system in Ad-Hoc networks.
These techniques are: Watchdog and Path-Rater. In
these techniques, recently sent packets are buffered
with each overhead packet. In the case of packets
matching, the packet in the buffer is erased, since the
packet has been forwarded. The main idea is to be
sure that all the packets that need to be forwarded are
actually sent. In the case the packet stays in the buffer
for long time, this should imply that the packet has
not been forwarded as it should. A specific threshold
is used and compared to the number of times the
node detects missing packets to determine the
misbehaving of the node.
Saiful et. al. [10] propose a Hierarchical Design
Based Intrusion Detection System for Wireless Ad
Hoc Sensor Network. The authors distribute the
responsibility of intrusion detection among three
types of nodes. They classified these nodes into
layers: Regular-Sensors Layer, Cluster-Heads Layer,
and Outer-layer. Each layer is assigned the
responsibility of monitoring the lower level layer. CH
monitors it group members (i.e. Regular Sensors).
Each CH is then monitored by a special node called
Regional node. Moreover, each Regional node is
controlled and monitored by the BS The main idea of
this distribution is to distribute the energy
consumption among all network parties. The target of
each layer is to study the lower-level layer behavior
all the time and notify the upper-level layer with any
misbehavior. Even though this technique distribute
the power consumption on the whole network, it is
still consumes the same power as other proposals.
3. NEW INTRUSION DETECTION MODEL
This model contains two methods for detecting
intruders in the network. Both methods can be used
together or independently.
The first method uses Public and the Private keys
to authenticate the sensor. When sensors receive
messages from other sensors they use the public and
private key technique to ensure the authenticity of the
other sensors. Anytime a sensor suspects the behavior
of any other sensor, it will report it in the message
that is going to the BS Then, the BS compares the
suspected sensor ID with the IDs in a table contains
all sensors IDs. If the ID does not exist in its table,
the BS broadcasts a warning signal to all sensors to
ignore future communication with that sensor. If the
ID exists, then there is a probability that this sensor
has been compromised. In this case, the BS stores the
sensor information in a table called Suspected-Nodes
table. If the BS receives more than one warning, then
it will react. It will send a small message to the
suspected sensor encrypted using the secret key.
The message will also include a nonce (a special
value changes in a specific way decided by the BS
prior to network deployment) that is encrypted using
the same suspected sensor public key. The nonce has
to be increased by a specific unique value stored
earlier in each sensor. Then, the sensor sends back
the signal with the modification, using the secret key.
The BS then checks the updated value after
decrypting the message, and compares it with the
expected value. If it does not match, then it considers
this sensor a compromised sensor and it informs all
other sensors with the compromised one. Any
transaction from that compromised sensor will be
ignored and any sharing key with that sensor will be
terminated or renewed.
In the second method we consider when any
sensor sends a report to the BS It includes the
previous activities for itself (i.e. the previous CH ID
and the sequence number of the message). These
activities contain the ID of the CH who was
responsible for forwarding the previous message
from that sensor. The serial number of the message is
also included in the activity part of the report. BS
stores all activities in the network. Each time the BS
receives new information, it compares it with the
information it has regarding the activities. Any
missing or mismatching information will conclude
that there is a problem that may involve two parties,
the sensor itself and its previous CH. To be sure that
the BS reacts efficiently to this problem, it doesn’t
react until the mismatching relates to the same CH or
57
the same sensor is repeated more than once.
Accordingly, it will decide if the node is
compromised or there is an intruder.
Recovery from intrusion detection depends
on the reaction of the BS to such detection. The most
important part is to isolate this intruder or the
compromised node from the whole network. The
second part is to deactivate all keys that could be
known by the intruder.
3.1 Digital Signature Method
In this Method, Public and the Private keys are
used to authenticate the sensor. The algorithm works
as follows (Figure1):
1) Sensor A send a message to sensor B. Part
of this message (i.e. signature) is encrypted
using A’s private key. The signature part
consists of A’s ID and a nonce.
2) Sensor B decrypt the signature part using
A’s public key. It then compares this part
with the external part that consists of A’s ID
and the nonce. If they are not matched, then
A’s is considered as a suspected node.
3) If sensor B detects any suspected node, it
informs the BS of that node. In order not to
consume extra energy, sensor B sends this
information as part of its regular report.
4) The BS compares the suspected sensor ID
with the IDs in a table contains all sensors
IDs. a. If the ID does not exist in its table
then go to step6.
b. If the ID exists then the BS stores
the sensor information in a table
called Suspected-Nodes table.
5) If suspected sensor ID’s is found in the
suspected table then go to step6.
6) The BS broadcasts a warning signal to all
sensors to ignore future communication with
that sensor and terminate or renew all the
keys that are shared with that sensor
This method provides powerful detection
mechanism to detect any intruder trying to attack the
network.
This method results in few data overhead that is
produced from the addition part added to the original
message, which is the digital signature. However, we
try to reduce the attributes needed to build this
signature using only the sensor ID and the nonce.
This will decrease the data overhead required to build
such signature compared to traditional Public key
authentication that is used in the traditional networks.
Figure1. Using Digital Signature for node
authentication
3.2 Routing Attack Method
This method provides an ability to detect any
attack that may affect the information forwarded to
the BS. The algorithm works as follows:
1) Sensor A includes its previous activity in the
report forwarded to the BS This activity
contains the ID of the CH who was
responsible of forwarding the previous
message from that sensor. The serial number
of the message is also included in the
activity part of the report (Figure2. a.).
2) The BS stores all activities (i.e. nodes IDs
with their related CHs and sequence
numbers of the messages) in the network,
and each time it receives new information, it
compares it with the information it has
regarding the activities. Any missing or
mismatching information will indicate a
problem that may involve two parties, the
sensor itself and its previous CH (Figure2.
b.). The activities table size should be
determined depends on the network size and
nature of the application. When the data
stored in the table reach the size, then the
new data will overwrite the old data.
3) If the BS finds a frequent information
mismatching related to the same CH or the
same sensor, it will decide the compromised
node or the intruder.
4) The BS broadcasts a warning signal to all
sensors to ignore future communication with
that sensor and terminate or renew all the
keys that are shared with that sensor.
58
Figure2. Filling Suspected node table in Routing
Attack Method
In this method, the number of sensors compares
to the number of CHs in the network will determine
the efficiency of its function.
Increasing the number of sensors for a constant
number of CHs will result that each CH has higher
number of sensors in its group. In case that this CH
has been compromised or in case that it is an intruder,
then the number of reports that are going to be sent to
the BS in the next round will be higher. This will
help the BS to make a quick decision regarding this
attack. On the other hand, this will lead to more
damage to the network in that specific cycle where
the attack occurs. This concluded from the high
number of the sensors connected with that CH. It is
the responsibility of the BS to choose a typical
percentage of desired CHs which is to be changed
during the network lifecycle depends on the number
of sensors in the network.
Figure 3 shows the relation between the number
of reports sent to the BS and the number of CH in an
N size network. It shows different values ranging
from 100 sensors network size to a 1000 sensors
network size with different percentages of the desired
CHs ranging from 0.01 to 0.1. It shows that from a
specific network size, the increase of the desired
percentage of CHs will decrease the number of the
nodes involved in the attack which will also decrease
the number of the reports that sent to the BS in the
next round.
Figure3. Number of reports send to the BS depends
on the number of sensors compared to the number of
CHs.
a) BS analyzes the messages received from
the sensors via their CHS
b) BS checks the accuracy of the received
information
59
Figure4 shows the same relation with more details for
different network sizes with different percentages of
CHs. It shows the average number of reports sent to
the base station under different values of network
sizes and desired percentage of CHs.
Figure4. Average number of reports sent to the BS
under different network sizes with different
percentages of CHs
4. CONCLUSION
In this paper we propose a new model
for intrusion detection in WSN. The method
contains of two methods that cover the
detection of unauthenticated nodes and the
detection of routing attack. This model is
integrated in SOOAWSN framework. The
simulation shows how performance
parameters are affected by the network size
and the desired percentage of CHs in such
network. This flexibility allows our
proposed protocols to be adopted in different
applications for WSN.
References
[1] W. Heinzelman, A. Chandrakasan, and H.
Balakrishnan., “Energy-efficient
communication protocol for wireless
microsensor networks”, in IEEE Hawaii Int.
Conf. on System Sciences, pages 47,
january 2000.
[2] S. Selvakennedy, and S. Sinnappan., “A
Configurable Time-Controlled Clustering
Algorithm for Wireless Networks”, 11th
International Conference on Parallel and
Distributed Systems (ICPADS’05), 2005.
[3] Manjeshwar and D. Agrawal., “Teen: A
routing protocol for enhanced efficiency in
wireless sensor networks”, in 1st
International Workshop on Parallel and
Distributed Computing Issues in Wireless
Networks and Mobile Computing, 2001.
[4] P. Silva, M. Martins, B. Rocha, A. Loureiro,
L. Ruiz, and H. Wong, “Decentralized
intrusion detection in wireless sensor
networks,” in Proceedings of the 1st ACM
international workshop on Quality of service
& security in wireless and mobile network
(Q2SWinet ’05). ACM Press, October 2005,
pp. 1623.
[5] Onat and A. Miri, “An intrusion detection
system for wireless sensor networks,” in
Proceeding of the IEEE International
Conference on Wireless and Mobile
Computing, Networking and
Communications, vol. 3, Montreal, Canada,
August 2005, pp. 253259.
[6] E. Loo, M. Ng, C. Leckie, and M.
Palaniswami, “Intrusion detection for
routing attacks in sensor networks,”
International Journal of Distributed Sensor
Networks, 2005.
[7] V. Bhuse and A. Gupta, “Anomaly intrusion
detection in wireless sensor networks,”
Journal of High Speed Networks, vol. 15,
no. 1, pp. 3351, 2006.
[8] Mishra, K. Nadkarni, and A. Patcha,
“Intrusion detection in wireless ad hoc
networks,” IEEE Wireless Communications,
vol. 11, no. 1, pp. 4860, February 2004.
[9] S. Marti, T. Giuli, K. Lai, and M. Baker,
“Mitigating routing misbehavior in mobile
ad hoc networks”, in Proceedings of the 6th
Annual International Conference on Mobile
Computing and Networking (MobiCom
2000) August 6-11, 2000, Boston, USA.
Boston, MA, ACM Press, pages 255-265.
[10] M. Saiful, I. Mamun and S. Kabir,
“HIERARCHICAL DESIGN BASED
INTRUSION DETECTION SYSTEM FOR
WIRELESS AD HOC SENSOR
NETWORK”, International Journal of
Network Security & Its Applications
(IJNSA), Vol.2, No.3, July 2010.
60
Biography Dr. Elleithy is the
Associate Dean for
Graduate Studies in the
School of Engineering at
the University of
Bridgeport. He has
research interests are in the
areas of network security,
mobile communications,
and formal approaches for
design and verification. He has published more than
one hundred twenty research papers in international
journals and conferences in his areas of expertise.
Dr. Elleithy is the co-chair of the International
Joint Conferences on Computer, Information, and
Systems Sciences, and Engineering (CISSE). CISSE
is the first Engineering/Computing and Systems
Research E-Conference in the world to be completely
conducted online in real-time via the internet and was
successfully running for four years.
Dr. Elleithy is the editor or co-editor of 10 books
published by Springer for advances on Innovations
and Advanced Techniques in Systems, Computing
Sciences and Software.
Dr. Elleithy received the B.Sc. degree in
computer science and automatic control from
Alexandria University in 1983, the MS Degree in
computer networks from the same university in 1986,
and the MS and Ph.D. degrees in computer science
from The Center for Advanced Computer Studies in
the University of Louisiana at Lafayette in 1988 and
1990, respectively.
Mohammed Abuhelaleh is
a full-time Ph.D. student of
Computer Science and
Engineering at the
University of Bridgeport.
He worked as a lecturer for
Alhusein Bin Talal
University/Jordan; He
taught some computer
science courses, in addition
to college courses, like Data Structure, C++, and
Computer Skills for three years.
Mohammed has master degree in Computer
Science from University of Bridgeport/ CT, USA,
and graduated with a GPA of 3.48. Mohammed
worked as Graduate Assistant for many times under
Prof. Elleithy. Mohammed now is at the end of the
Ph.D. program. He is currently working as an
administration assistant and a teaching assistant with
Prof. Elleithy.
61
... The following methods were used for this purpose: the support vector machine, k -nearest neighbors, neural networks, and the decision tree method. These methods have been discussed, among others in [12,13,14,15,16]. ...
Conference Paper
Full-text available
The paper presents the results of research on improving the security of medical information systems. It begins with a presentation of the specific features of such systems in terms of functionality and potential risks. It was assumed that the features distinguishing medical systems from other information systems are: patient orientation, confidentiality of the information processed, state interference in the functioning of medical entities and the need to ensure maximum availability of system resources. The last requirement results from treating medical IT systems as elements of critical infrastructure, for which business continuity is one of the key features. The work focused on limiting the systems’ sensitivity to cyber-attacks limiting their availability. A software and hardware platform dedicated for attack detection is presented. The system uses parallel processing and artificial intelligence and is distinguished by several alternative detection methods, the use of expert system to make decisions about protection measures and the ability to independently identify unknown attacks. Paper ends with an evaluation of prototype testing results and directing further work in this area. The work is address to people involved in the operation of medical information systems.
... This section describes some of the existing IDS models for WSNs [39]. The different models use several methods and architectures to build the IDS. ...
Chapter
Full-text available
Wireless sensor networks (WSNs) have generated immense interest among researches for the last few years motivated by several theoretical and practical challenges. The increase in interest is mainly attributed to new applications designed with large scale networks consisting of devices capable of performing computations on the sensed data and finally processing the data for transmitting to remote locations. Providing security to WSNs plays a major role as these networks are generally deployed in inaccessible terrain and also for their communication being in the wireless domain. These reasons impose security mechanisms to be employed on the highly vulnerable sensor networks that are robust enough to handle attacks from adversaries. WSNs consist of nodes having limited resources and therefore classical security measures applicable in traditional networks cannot be applied here. So the need of the hour is using systems that lie within the boundary of the sensor nodes resource potential as well competent enough to handle attacks. Intrusion detection is one such defense used in sensor networks having the ability to detect unknown attacks and finding means to thwart them. Researches have found intrusion detection system (IDS) to be very much compatible in sensor networks. Therefore intrusion detection holds a very prominent research area for researchers. So familiarity with this promising research field will surely benefit the researchers. Keeping this in mind we survey the major topics of intrusion detection in WSNs. The survey work presents topics such as the architectural models used in the different approaches for intrusion detection, different intrusion detection techniques and highlights intrusion detection methods applicable for the different layers in sensor networks. The earlier achievements in intrusion detection in WSNs are also summarized along with more recent works and existing problems are discussed. We also give an insight into the possible directions for future work in intrusion detection involving different aspects in sensor networks.
Article
Full-text available
O crescente registro de incidentes de segurança em redes de computadores tem motivado o desenvolvimento de estudos em detecção de intrusão, as principais técnicas de identificação de uma intrusão são baseadas em anomalias e assinaturas. Atualmente, a comunidade acadêmica explora preferencialmente pesquisas em redes baseadas em anomalias, entretanto, não existe um modelo comum de desenvolvimento destas propostas de modo que muitos autores descrevem, implementam e validam seus sistemas do modo heterogêneo. Neste artigo foi realizado uma pesquisa que investigou a produção científica de 112 publicações relacionadas a sistemas de detecção de intrusão. Alguns dos critérios utilizados para avaliação destes artigos foram fator de impacto, características de detecção utilizadas e a base de dados implementado. Os resultados obtidos demonstram que ocorreu um aumento da compreensão deste tema, entretanto futuros estudos serão necessários para explorar a validade dos novos métodos de avaliação em detecção de intrusão.
Conference Paper
Full-text available
Wireless sensor networks (WSNs) have many potential applications. Furthermore, in many scenarios WSNs are of interest to adversaries and they become susceptible to some types of attacks since they are deployed in open and unprotected environments and are constituted of cheap small devices. Preventive mechanisms can be applied to protect WSNs against some types of attacks. However, there are some attacks for which there is no known prevention methods. For these cases, it is necessary to use some mechanism of intrusion detection. Besides preventing the intruder from causing damages to the network, the intrusion detection system (IDS) can acquire information related to the attack techniques, helping in the development of prevention systems. In this work we propose an IDS that fits the demands and restrictions of WSNs. Simulation results reveal that the proposed IDS is efficient and accurate in detecting different kinds of simulated attacks.
Article
Full-text available
We propose lightweight methods to detect anomaly intrusions in wireless sensor networks (WSNs). The main idea is to reuse the already available system information that is generated at various layers of a network stack. To the best of our knowledge, this is the first such approach for anomaly intrusion detection in WSNs.
Article
Full-text available
Security is a critical challenge for creating robust and re liable sensor networks. For example, routing attacks have the ability to disconnect a sens or network from its central base station. In this paper, we present a method for intrusion detection in wireless sensor networks. Our intrusion detection scheme uses a clustering algorithm to build a model of normal traffic behaviour, and then uses this m odel of normal traffic to detect abnormal traffic patterns. A key advantag e of our approach is that it is able to detect attacks that have not previously been seen. Moreov er, our detection scheme is based on a set of traffic features that can pote ntially be applied to a wide range of routing attacks. In order to evaluate our intrusion detec tion scheme, we have extended a sensor network simulator to generate routing attacks in wireless sensor networks. We demonstrate that our intrusion detection scheme i s able to achieve high detection accuracy with a low false positive rate for a va riety of simulated routing attacks.
Conference Paper
Full-text available
Future large-scale sensor networks may comprise thousands of wirelessly connected sensor nodes that could provide an unimaginable opportunity to interact with physical phenomena in real time. These nodes are typically highly resource-constrained. Since the communication task is a significant power consumer, there are various attempts to introduce energy-awareness at different levels within the communication stack. Clustering is one such attempt to control energy dissipation for sensor data routing. Here, we propose the time-controlled clustering algorithm to realise a network-wide energy reduction by the rotation of clusterhead role, and the consideration of residual energy in its election. A realistic energy model is derived to accurately quantify the network's energy consumption using the proposed clustering algorithm
Article
Full-text available
This paper describes two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this problem, we propose categorizing nodes based upon their dynamically measured behavior. We use a watchdog that identies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes. Through simulation we evaluate watchdog and pathrater using packet throughput, percentage of overhead (routing) transmissions, and the accuracy of misbehaving node detection. When used together in a network with moderate mobility, the two techniques increase throughput by 17% in the presence of 40% misbehaving nodes, while increasing the percentage of overhead transmissions from the standard routing protocol's 9% to 17%. During extreme mobility, watchdog and pathrater can increase network throughput by 27%, while increasing the overhead transmissions from the standard routing protocol's 12% to 24%. 1. INTRODUCTION T...
Conference Paper
Wireless distributed microsensor systems will enable the reliable monitoring of a variety of environments for both civil and military applications. In this paper, we look at communication protocols, which can have significant impact on the overall energy dissipation of these networks. Based on our findings that the conventional protocols of direct transmission, minimum-transmission-energy, multi-hop routing, and static clustering may not be optimal for sensor networks, we propose LEACH (Low-Energy Adaptive Clustering Hierarchy), a clustering-based protocol that utilizes randomized rotation of local cluster based station (cluster-heads) to evenly distribute the energy load among the sensors in the network. LEACH uses localized coordination to enable scalability and robustness for dynamic networks, and incorporates data fusion into the routing protocol to reduce the amount of information that must be transmitted to the base station. Simulations show the LEACH can achieve as much as a factor of 8 reduction in energy dissipation compared with conventional outing protocols. In addition, LEACH is able to distribute energy dissipation evenly throughout the sensors, doubling the useful system lifetime for the networks we simulated.
Conference Paper
In this paper we introduce a detection based security scheme for wireless sensor networks. Although sensor nodes have low computation and communication capabilities, they have specific properties such as their stable neighborhood information that allows for detection of anomalies in networking and transceiver behaviors of the neighboring nodes. We show that such characteristics can be exploited as key enablers for providing security to large scale sensor networks. In many attacks against sensor networks, the first step for an attacker is to establish itself as a legitimate node within the network. To make a sensor node capable of detecting an intruder a simple dynamic statistical model of the neighboring nodes is built in conjunction with a low-complexity detection algorithm by monitoring received packet power levels and arrival rates.
Article
Intrusion detection has, over the last few years, assumed paramount importance within the broad realm of network security, more so in the case of wireless ad hoc networks. These are networks that do not have an underlying infrastructure; the network topology is constantly changing. The inherently vulnerable characteristics of wireless ad hoc networks make them susceptible to attacks, and it may be too late before any counter action can take effect. Second, with so much advancement in hacking, if attackers try hard enough they will eventually succeed in infiltrating the system. This makes it important to constantly (or at least periodically) monitor what is taking place on a system and look for suspicious behavior. Intrusion detection systems (IDSs) do just that: monitor audit data, look for intrusions to the system, and initiate a proper response (e.g., email the systems administrator, start an automatic retaliation). As such, there is a need to complement traditional security mechanisms with efficient intrusion detection and response. In this article we present a survey on the work that has been done in the area of intrusion detection in mobile ad hoc networks.
Intrusion routing attacks in
  • E Loo
  • M Ng
  • C Leckie
  • M Palaniswami
E. Loo, M. Ng, C. Leckie, and M. Palaniswami, “Intrusion routing attacks in International Journal of Distributed Sensor Networks, 2005.