Conference Paper

Using a leaky bucket counter as an advanced threshold mechanism for event detection in wireless sensor networks

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In this work, we show how to use a leaky bucket counter (LBC) as a sophisticated threshold mechanism for detecting events in wireless sensor networks. After introducing the LBC and elaborating on various special cases for different possibilities of event detection, we present a case study. Using varying parameters, we compare the performance of the LBC approach to that of a moving average approach and a simple threshold-only mechanism. These mechanisms are of comparable computational complexity and have similar resource demands. The comparison underlines the differences in how old measurements influence the actual detection outcome in different ways. We also explain under which conditions an LBC is suited for event detection and when it is not.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Both of our newly-devised denial-of-sleep defenses are based on leaky bucket counters (LBCs) [12]. The intuition behind an LBC is a bucket with a hole in it, as shown in Figure 2. Events drop into the bucket and increase its filling bucket with capacity leakage rate events Figure 2. Intuition behind leaky bucket counters level. ...
Conference Paper
Full-text available
Battery-powered and energy-harvesting IEEE 802.15.4 nodes are subject to so-called denial-of-sleep attacks. Such attacks generally aim at draining the energy of a victim device. Especially, session key establishment schemes for IEEE 802.15.4 security are susceptible to denial-of-sleep attacks since injected requests for session key establishment typically trigger energy-consuming processing and communication. Nevertheless, Krentz et al.’s Adaptive Key Establishment Scheme (AKES) for IEEE 802.15.4 security is deemed to be resilient to denial-of-sleep attacks thanks to its energy-efficient design and special defenses. However, thus far, AKES’ resilience to denial-of-sleep attacks was presumably never evaluated. In this paper, we make two contributions. First, we evaluate AKES’ resilience to denial-of-sleep attacks both theoretically and empirically. We particularly consider two kinds of denial-of-sleep attacks, namely HELLO flood attacks, as well as what we introduce in this paper as “yo-yo attacks”. Our key finding is that AKES’ denial-of-sleep defenses require trade-offs between denial-of-sleep resilience and the speed at which AKES adapts to topology changes. Second, to alleviate these trade-offs, we devise and evaluate new denial-of-sleep defenses. Indeed, our newly-devised denial-of-sleep defenses turn out to significantly accelerate AKES’ reaction to topology changes, without incurring much overhead nor sacrificing on security.
Thesis
With the emergence of the Internet of things (IoT), plenty of battery-powered and energy-harvesting devices are being deployed to fulfill sensing and actuation tasks in a variety of application areas, such as smart homes, precision agriculture, smart cities, and industrial automation. In this context, a critical issue is that of denial-of-sleep attacks. Such attacks temporarily or permanently deprive battery-powered, energy-harvesting, or otherwise energy-constrained devices of entering energy-saving sleep modes, thereby draining their charge. At the very least, a successful denial-of-sleep attack causes a long outage of the victim device. Moreover, to put battery-powered devices back into operation, their batteries have to be replaced. This is tedious and may even be infeasible, e.g., if a battery-powered device is deployed at an inaccessible location. While the research community came up with numerous defenses against denial-of-sleep attacks, most present-day IoT protocols include no denial-of-sleep defenses at all, presumably due to a lack of awareness and unsolved integration problems. After all, despite there are many denial-of-sleep defenses, effective defenses against certain kinds of denial-of-sleep attacks are yet to be found. The overall contribution of this dissertation is to propose a denial-of-sleep-resilient medium access control (MAC) layer for IoT devices that communicate over IEEE 802.15.4 links. Internally, our MAC layer comprises two main components. The first main component is a denial-of-sleep-resilient protocol for establishing session keys among neighboring IEEE 802.15.4 nodes. The established session keys serve the dual purpose of implementing (i) basic wireless security and (ii) complementary denial-of-sleep defenses that belong to the second main component. The second main component is a denial-of-sleep-resilient MAC protocol. Notably, this MAC protocol not only incorporates novel denial-of-sleep defenses, but also state-of-the-art mechanisms for achieving low energy consumption, high throughput, and high delivery ratios. Altogether, our MAC layer resists, or at least greatly mitigates, all denial-of-sleep attacks against it we are aware of. Furthermore, our MAC layer is self-contained and thus can act as a drop-in replacement for IEEE 802.15.4-compliant MAC layers. In fact, we implemented our MAC layer in the Contiki-NG operating system, where it seamlessly integrates into an existing protocol stack.
Conference Paper
In this paper we propose two alternative event-driven double threshold detection algorithms to be used in decentralized wireless sensor networks. The proposed approach assumes that a sensor may decide about the presence of an event of interest either directly or asking for additional data from nearby nodes. The proposed methods aim at minimizing the network energy consumption associated to the detection process. The problem is formulated associating a cost proportional to the (average) number of nodes involved in the decision. After a first activation phase, initiated by a single node, we examine two alternative approaches: a fixed sample size and a sequential detector. We show that there is a need of including an activation threshold when there is a stringent constraint on the power consumption or when the SNR on each sensor is quite low. We compare the performance of the proposed approaches showing that, also in this double threshold setup, sequential detection algorithms involve smaller average number of sensors to guarantee the same performance metrics.
Conference Paper
This paper presents a fault-tolerant event detection scheme for wireless sensor networks. Unlike others using a single threshold, the proposed scheme employs two thresholds to cope with the trade-off between event detection accuracy and false alarm rate. An extremely low false alarm rate can be achieved by using a high threshold, while high detection accuracy is obtained by using a low threshold. A sensor node is determined to be in an event region if it passes the high threshold. It can also be determined to be in the region, as long as it passes the low threshold and has a neighbor that passes the high threshold. The dissemination of a local decision to neighboring nodes is made only once to minimize the communication overhead. A moving average filter with a threshold is employed to reduce the impact of transient faults in sensor readings. Computer simulation shows that the proposed scheme also achieves acceptable performance in detecting event regions without computational overhead.
Conference Paper
Wireless Sensor Networks for surveillance systems in home, office, or factory environment require correct tracking of intruders. For such systems, passive infrared motion sensors (PIR sensors) are ideal because they do not require any signal or devices on the object to be tracked and they can work in dark environment as well. This paper first analyzes the performance and the applicability of the PIR sensors for security systems. Then, we propose a region-based human tracking algorithm with actual implementation and experiment in real environment. From the experiments, we show that the human tracking algorithm based on the PIR sensors performs very well with proper sensor deployment.
Conference Paper
Wireless sensor networks (WSN) are designed to monitor physical phenomena. The main task of WSN is to perform event detection, tracking, and classification. So, compared with traditional ad-hoc networks, WSN is event-centric. Therefore, an important question in WSN is to detect events. In this paper, we present two methods to do event detection, one is double sliding window detection, and the other one is fuzzy logic approach. The accuracy of the results is established via sensor network testbed and simulations
Article
Profiling the behavior of programs can be a useful reference for detecting potential intrusions against systems. This paper presents three anomaly detection techniques for profiling program behavior that evolve from memorization to generalization. The goal of monitoring program behavior is to be able to detect potential intrusions by noting irregularities in program behavior. The techniques start from a simple equality matching algorithm for determining anomalous behavior, and evolve to a feed-forward backpropagation neural network for learning program behavior, and finally to an Elman network for recognizing recurrent features in program execution traces. In order to detect future attacks against systems, intrusion detection systems must be able to generalize from past observed behavior. The goal of this research is to employ machine learning techniques that can generalize from past observed behavior to the problem of intrusion detection. The performance of these systems is compared b...