Available via license: CC BY 4.0
Content may be subject to copyright.
Deep Learning model-based malicious node
detection system in wireless multimedia sensor
Network
AROCKIA JAYADHAS SOOSAI JOHN ( dhasjohn85@gmail.com )
Sathyabama University https://orcid.org/0000-0002-3698-9549
Emalda Roslin
Sathyabama University: Sathyabama Institute of Science and Technology (Deemed to be University)
Florin Wilfred
St Joseph University In Tanzania
Research Article
Keywords: WMSNs, Convolutional Neural Network, Intrusion detection, Black hole attack, Wormhole
attack, Deep learning technique, Random forest,
Posted Date: June 30th, 2023
DOI: https://doi.org/10.21203/rs.3.rs-3066855/v1
License: This work is licensed under a Creative Commons Attribution 4.0 International License.
Read Full License
1
Deep Learning model-based malicious node detection system
in wireless multimedia sensor Network.
S. Arockia Jayadhas1 *, S.Emalda Roslin2 and W. Florin3
1Research Scholar, Faculty of Electronics, Sathyabama Institute of Science and Technology, Chennai-600119,
India.
2Professor, Department of Electronics and Communication Engineering, Sathyabama Institute of Science and
Technology, Chennai-600119, India.
3Assistant Lecturer, Department of Electrical, Electronics and Communication Engineering, St.Joseph
University in Tanzania, Dar es Salaam, Tanzania.
* dhasjohn85@gmail.com
Abstract
Wireless sensor networks (WMSNs) are becoming increasingly popular in many fields, from academia
to transportation, environmental monitoring, wildlife preservation, and military espionage. Therefore, examining
potential threats, power consumption, vulnerability recognition, and systemic vulnerability characteristics is
essential to develop a reliable information security approach for WSNs. As a result, it is becoming increasingly
crucial for the technical community to conduct intrusion recognition method evaluations. Since this is the case,
using deep learning techniques in creating intrusion identification and mitigation systems for wireless
multimedia sensor networks is essential. This article examines how well different machine learning and deep
learning algorithms perform in attack identification systems. Testing the efficacy of different methods on the
WMSN-DS database through experimentation is essential. In this work, we combine the power of a
Convolutional Neural Network classifier with a Random forest. In order to accomplish this, a Convolutional
Neural Network with a Random Forest Classifier is used. The intrusion detection system (IDS) is a crucial
technique proposed in this study for WMSN. To address this issue, the current study proposal uses deep
Learning with a Random Forest classifier to detect and prevent attacks and to promote efficient forwarding in
WMSNs. Multiple WMSN assaults have been investigated, and the results of these investigations have been
critically evaluated.
Keywords: WMSNs; Convolutional Neural Network; Intrusion detection; Black hole attack; Wormhole attack;
Deep learning technique; Random forest;
Introduction
WMSN is a modern-day communication tool that can be applied to any technological field. As a result,
in a WMSN setting, the setup sensors hub must handle a wide variety of responsibilities, including, but not
limited to, location discovery, observation, and data transmission [1]. Wireless multimedia sensor networks
(WMSN) provide effective methods in many operational domains. These domains include defence, healthcare,
homeland security, industrial management, intelligence, green aviation, and digital highways. Encryption plays
an essential role in all of these, but especially in the military and in surveillance. Some examples of security
criteria that could be interpreted in this way are endpoint authentication, user authorization, database security,
data integrity and validity, transparency, secured localization, and trustworthy resource distribution [2]. When
utilizing WMSNs, privacy becomes paramount in preventing system intrusions. Access control, authentication,
and encryption are all viable privacy mechanisms for safeguarding wireless systems, but these systems' limited
resources and storage space mean they can't prevent every possible attack [3].Unconnected systems with
isolated nodes and gaps can be the result of using a variety of intrusion detection methods. These issues make it
harder for nodes close to the gaps to conserve power and disrupt the normal operation of the routing algorithm
and data processing. In order to determine whether or not a proposed system is completely airtight, multiple
nodes must expend more power than usual. Recognizing boundaries and openings requires no additional work
with this approach. There are a variety of WMSN hole detection and identification methods available now.
However, the methods involve hubs using more energy than necessary during the defect identification process.
Some of these techniques also require the use of other technological tools, such as global positioning systems
and compasses. This resource raises the cost, size, and energy consumption of nodes. Furthermore, they reduce
the longevity of nodes. This constrains the development of novel WSN applications [4].
2
An effective and rapid method is needed to address the interference in wireless networks from both
internal and external sources. Most sensors are vulnerable to numerous types of attacks, and adversaries can
easily spoof genuine sensors in networks without alerting any of the other nodes. In the absence of a security
mechanism built into the design of the system or topology, the network is open to a wide variety of attacks from
both inside and outside the organization. To prevent intrusions, sensor nodes placed in restricted areas must be
protected by stringent security measures.
Figure 1: Architecture of WMSN Network
WSNs are highly scalable; their size is determined by their use case, which may call for a small
network of sensors (like Earth's CNs) or a large network of sensors (for keeping an eye on traffic lights or a
particular machine's safety, respectively). Multiple sensing cluster implementations necessitate the development
of custom protocol architectures that are both scalable and region-specific. In [5], we have outlined the structure
and main components of a sensor. Due to their limited battery life, processing speed, and range, wireless sensor
nodes have limited utility. The Crossbow MICAz mote, for instance, can transmit up to 30 metres (indoors) and
100 metres (outdoors) using two AA batteries and the 2.4GHz ISM band. The outdoor version also includes an
Atmel 8-bit ATmega 128L processor. There is a serious issue with network longevity in WSN design. It can be
challenging or impractical to recharge the sensor networks. Therefore, when designing algorithms and protocols
for WSNs, it is important to keep energy efficiency in mind so as to maximize system dependability. The
primary function of many sensors is to take readings and relay them to other nodes, an access point, or some sort
of information sink via a two-way channel.
Some other sensor nodes act as proxies for many others and perform both data sensing and packet
forwarding or routing. Communication methods include both direct transmission and multi-hop communication.
In the last case, sensor nodes act as routers and data forwarders, using a predetermined routing mechanism [6].
Additional details about these protocols are provided. The design for a generic sensing network infrastructure
[7] includes the primary architecture components, a class diagram, and the primary use cases. WSNs typically
have a highly dynamic architecture due to the fact that some sensors will inevitably fail due to physical damage
or energy depletion and that some sensors may switch to ultra-low power or sleep mode to conserve energy.
Quality of service (QoS) criteria for a WSN differ from those for conventional networks in that they factor in
things like the ability to detect events with a high degree of precision and the amount and quality of data that can
be gathered from monitoring devices or a given area using the available sinks [8].
The sensor data from the element is collected by the sinks, where it is processed, analysed, and made
available to the user. In a typical setup, users gain remote access to the sensed data when they are not physically
present. Modern WSN apps rely heavily on the widespread use of smartphones and web-based techniques. As a
data gateway that relays information between the acquired data and the Internet, a smartphone is a common tool
in WSN technologies. When it comes to remote access and storage, web-based tools and services are
indispensable [7]. The primary goal of this paper is to analyse and compare the performance of various intrusion
3
prevention and detection methods for WSNs that make use of deep Learning and random forest approaches [9].
Random Forest (RF) [10] is the deep learning technique used. Python is used as the analysis language, and a
WSN-DS is used as the dataset. Four different types of attacks are represented in the 19 attribute columns that
make up a WSN-DS dataset [11].
Related works
The establishment of wireless sensor networks in challenging and unsupervised environments is a
common and accepted practice. The WSN is sensitive to the physiological acquisition process as well as attack
vectors. As a result, it is absolutely necessary to make use of effective measures in order to protect the networks.
Anomaly identification is widely acknowledged to be one of the most important security measures that can be
taken to guard against the activity of malware or to prevent unauthorized devices from connecting to the
Internet. Throughout the course of the research study, they propose using a hybrid attack-detecting method for
clustering WSNs. Together with the act of detecting attacks, the support vector machine-based anomalous
identification component of the attack approach is incorporated. The results of the experiments show that the
majority of routing assaults can be identified with a very little false warnings being given. Such nodes only need
to perform the tasks of analysing and communicating a small collection of information vectors to one another
and then retraining a Classifier model afterwards. This is in contrast to the traditional method of sending all of
the information that has been gathered to a single location. This method makes use of a smaller number of
features [12].
This Controller Area Network (CAN) transit is an essential component of the real-time In-Vehicle
Network (IVN) technologies that are currently available. This is due to the fact that its configuration is
uncomplicated, suitable, and trustworthy. IVN systems continue to present a risk of being unsafe and vulnerable
because of the complicated statistical designs that substantially increase the availability of unauthorized
connections. These designs also increase the potential for a variety of attacks, which means that IVN systems
continue to be a target. As a direct consequence of this, there is a growing interest in the IVN devices' capacity
to identify malicious cyber-attacks. Because of the rapid growth of IVNs and the shifting types of risk, the
traditional machine learning-based IDS needs to be modernized in order to satisfy the privacy requirements of
the present ecosystem. These days, the development of deep learning and deep transfer learning, as well as the
numerous fields that have been impacted by the results of these two types of Learning, has helped with the
identification of network attacks. This publication proposes an intrusion detection system for IVN that is built
on deep transfer learning and has superior effectiveness in comparison to a variety of other designs that have
been developed in the past. Creating a deep transfer learning-based LeNet model, evaluating the model taking
into account real-world data, and selecting efficient characteristics that are suitable to recognize fraudulent CAN
signals and effectively determine the usual and unusual behaviours are the distinctive features of this system.
For the purpose of accomplishing that goal, a comprehensive empirical performance evaluation was carried out.
According to the architectural and experimental evaluations, the proposed IDS has demonstrated superior
performance in terms of real-time IVN privacy when compared to the mainline machine learning, deep
Learning, and benchmarking deep transfer learning systems. These comparisons were made using the same
criteria. Using this approach, further new technologies with crucial systems, where the primary challenge is
automated and secure information analysis, could also be expanded. Increasing the effectiveness of the proposed
system should be the primary focus of your efforts to optimize the hyper -parameters [13].
The connectivity efficiency of Wireless Multimedia Sensor Networks (WMSN) that transmit and
acquire multimedia data such as data, audio, and videos is frequently hindered by malicious networks and
leftover nodes. The parametric approach of the node is altered by an external attacker, which results in the node
becoming a malicious component of the WMSN. The operations of the networks that are in close proximity to
these attacker nodes will be disrupted, and traffic will be prevented from moving through them and the nodes
that are adjacent to them. In order to improve the effectiveness of the routing protocols utilized by WMSN, it is
4
necessary to locate and remove any rogue nodes that may exist. Traditional methods, which relied primarily on
machine learning algorithms to identify malicious nodes in WMSN, had a number of drawbacks, the most
significant of which were their low level of reliability and the length of time it took to make a diagnosis. The
technique that is suggested in this study is intended to address these shortcomings that are inherent in traditional
algorithms. The characteristic index, which is optimized by using a Genetic Algorithm, is used in this research
to propose an effective technique for identifying and counteracting hostile nodes. The goal of this research is to
improve existing methods currently in use. The modernized deep learning classification method used by LeNET
is responsible for classifying the improved feature set. Although the conventional methods have a significant
recognition accuracy, the process of identifying fraudulent nodes takes a very long time to complete. This flaw
can be fixed by converting the internal layers of the original LeNET design to parallelism and replacing the
intensive levels with the Fuzzy C Means (FCM) algorithm. The F1 score, precision, recall, and classification
errors are analysed in relation to the suggested method in order to determine how effective it is overall. In
multimedia networks, malicious behaviour sensor nodes can be difficult to distinguish from regular sensor
nodes. This makes it difficult to identify the malicious sensor nodes as part of the group of sink nodes. This
study suffers from a fundamental flaw in that there is no analysis of the effectiveness of the work or the amount
of electricity that was used [14].
The Wireless Sensor Networks (WSNs) system has made significant strides towards perfection in the
modern era. WSNs find widespread application in a variety of domains, including the military, business,
healthcare, smarter communities, and the automation of homes. All WSN applications require that the
communications that take place between the sensory nodes in the network be encrypted. As a direct
consequence of the adversarial vulnerabilities present in the sensor network, various threats have been
incorporated into WSN. Therefore, a reliable Intrusion Detection System (IDS) is essential for use in WSN in
order to protect against the threat to network security. IDS strategies for WSN can be broken down into several
categories based on the technique that is used to spot intrusions. This study presents the classification of attack
vectors, several IDS techniques for threat detection, as well as performance criteria for evaluating the IDS
algorithm for wireless sensor networks (WSNs). Additionally presented are possible lines of inquiry for further
research on IDS in WSN. In WSN, the IDS are not presented in a straightforward manner [15].
Because of the proliferation of cutting-edge technologies, such as the Internet of Things, day-to-day
life has become significantly simpler. Its development was marked by a number of challenges, including
ongoing exposures to vulnerabilities and becoming a target for attackers who exploit the flaws that are inherent
to the technology as a whole in relation to the vast quantity and variety of information that it stores. As a direct
consequence of this, analysing cyber security became an urgent necessity in order to maintain facility tracking.
Its network's defect intrusion prevention monitoring features assist in defence of the system by detecting and
preventing intrusions in the early stages of their progression. The discovery makes use of deep learning to
analyse a real data set of CSE-CIC-IDS2018 internet traffic. This analysis also takes into account natural
behaviour and threats, and it evaluates our deep model of long short-term memory (LSTM), which achieves a
precision of identification of approximately about 99 per cent. Because of its capacity to improve upon and
retrieve features with ever-increasing precision, deep Learning has proven to be of particular value in this
investigation. The inequality and complexity of the CSE-CIC-IDS2018 dataset both create problems, one of
which is the potential for a significant flaw in the precision assessment [16].
The existing electrical network is presently going through a comprehensive modernization process. The
use of smart energy technologies represents a forward-thinking approach to the improvement of the existing
electricity system. The integration of the electrical infrastructure and the communication infrastructure is
required in order to create a network of smart grids. The characteristics of a smart grid system include full
duplex connectivity, automated measuring infrastructures, the utilization of sustainable power sources,
automated transmission, and total surveillance and management of the entire electricity network. Wireless
sensor networks (WSNs) are the collective name for the small, micro-sized electromechanical devices that are
utilized in the process of gathering and transmitting environmental parameters. WSNs are a useful tool for
monitoring and administering smart energy infrastructure. Particularly concerning to investigators and other
professionals is the issue of ensuring the safety of wireless sensor-based network technologies. Because of their
limited computing power, wireless sensor networks are especially vulnerable to being breached by malicious
actors. In order to be effective, countermeasures against cyber-attacks need to be able to maintain confidentiality
while also ensuring data readiness and dependability. A paradigm shift is required to move away from the
address-oriented design and development methodology that is utilized for the creation of conventional
communication networks in order to implement an architecture for WSNs that is data-oriented. The cyber
security of the smart grid requires the inclusion of WSN security as an essential component. The results of this
study will provide a comprehensive evaluation and analysis of communication protocols, as well as concerns
regarding cyber security and potential solutions for WSN-based smart grid infrastructure. The security of
5
distributed WSN nodes is a significant challenge from a technical standpoint because WSN nodes have a limited
amount of memory and computational power. The expense trade-offs need to be carefully considered and put
into practice in order to prepare for upcoming applications in smart po wer grids that involve wireless sensor
networks. [17]
Outline of WSN encryption restrictions
Understanding the following limitations is essential before acquiring useful security solutions.
Constraints on memory and energy:
Because a sensor is a smaller item with limited keeping capacity for the codes, it is important to set a
limit to the size of the encryption application's code base. WSNs are also highly concerned about sensing
energy, and since operational expenses are very high, replacing clusters isn't a simple process.
Undependable transmission:
Communication is a requirement of the stated protocols, which in turn is a requirement of information
confidentiality.
Security requirements
The security requirements of a WSN are-
The information ought to only be disclosed to authorized parties; it shouldn't be possible for anyone
else party to learn the data by listening in on conversations or interpreting minds.
The recipient of the content wants to make sure that it hasn't been unintentionally or accidentally
altered while in transmission.
In order for authorized organizations to function properly and have access to specific information, it
must be available.
Information integrity is the confirmation of the connecting nodes' credentials. Information exchange
within the network requires authorization.
Statistics have to be current, and it needs to be confirmed that no replays of prior comments have
occurred. The WMSN programs can have issues due to obsolete information.
Attacks and Security threats
Challenges could be categorized into the following categories based on adversary potential:
Threats from outside the networks:
An external threat is one that is not a component of the system and doesn't have access to any inner
internet backbone data, such as encryption credentials.
These are typical traits of this invasion:
Outside of the network
Committed by unauthorized parties.
Launch an attack without even being verified.
Internal Attacks
6
Whenever an authorized node behaves illegally, Thus should treat it as an inside threat. An inner offender
seeks to:
To pose a threat to the network's effectiveness.
To disclose hidden codes.
Sensor node access points
Passive Attacks
Since a passive attack takes place external to the network, it has no direct impact on the system.
Snooping or packet tracking are examples of passive attacks that take place within WMSNs. An unauthorized
user observes the communications channel that links 2 nodes during an eavesdropping operation in order to
collect data without interfering with the transmission. The passive Attacker's objectives are:
Snooping
Collecting
Information-stealing
Loss of effectiveness
Networks segmentation
Active Attacks:
A hacker may prevent the networks from operating normally. Additionally, it has the ability to alter
information and change its initial data. Active attackers carry out actions such as:
Modification of packets,
identity,
congestion
Introducing false data
Security Attacks
These Attacks fall into the category of
An interruption is an intrusion on the network's functionality. DoS assaults are its primary objective.
Interception is an attack on the network confidentially. An enemy might do this and acquire illegal
entry into the sensor network.
Alteration is an assault on network stability. In this, the permitted organization manipulates the
information as well as accessing it.
Fabrication is indeed an attempt to undermine authenticity. In order to undermine the information's
veracity, the Attacker injects bogus data.
Attacks Based on Layering
The types of physical layer attacks include:
Jamming
Jamming is a well-known DoS tactic. In doing so, the offender clogs the transmission frequency. Just a
few nodes are required by an operator to spread a sizable network. Transmitting pointless d ata disrupts the radio
network, and jamming can be intermittent, continuous, or persistent[18].
Tampering
In this case, the Attacker can substitute the stolen nodes, change its circuits, obtain encryption keys
from it, or all of the above. A tampering adversary may harm or replace the node in order to collect data.
Tamper-proofing the node's hardware packaging is a protection against the threat. The types of attacks on the
link layer include:
A denial-of-service attack is a collision. The receiving node will request a resend of the signal as a
result of the nodes inducing collisions, which causes the signal to violate the authentication test.
7
Exhaustion causes the power supply of the communicating entities to run out as the rogue node
continuously executes collision assaults.
Denial of Service (DoS) is brought on by an unintended node breakdown. Due to their high energy
sensitivity, sensor nodes are susceptible to denial-of-service attacks.
Network layer attacks
Black Hole attack
As seen in Figure 2, an attacker node behaves as a black hole [36] in this situation, drawing in all
transmissions. When a request for routes is made, the Attacker observes and responds that it holds the shortest
distance towards the ground station. The hostile devices could do whatever with the signals travelling between it
and the sinks once it has inserted themselves among its two.
Figure 2: Black Hole detection
Wormhole attack
One of the most serious risks in the WMSN is wormhole invasion. Typically, 2 or even more attacker
entity forms a tunnel, which is a hidden path. Thus, the hackers are in close contact with one another, allowing
them to interact quickly with other hubs across various networks. There is no restriction on wormhole attacks on
the sensor routing protocol. As a result, the majority of routing algorithms lack any safeguards regarding this. In
other term, wormhole threats discard all the signals and disrupt the networks when they happen. Additionally, it
eavesdrops on the signals and breaks any network security using the vast amount of data gathered. The Sybil
threat and selective forwarding assault are combined to create a wormhole attack. The data packet received
Node D from Node A, as illustrated in Figure 3, and conversely [19].
Figure 3: Node D from Node A was allowed in the data packet, and conversely
Proposed Methodology
The sole header used by an intrusion detection system is evaluated, and judgments are made as a result.
An attack protection system is offered as a system that analyses both the protocols and the payloads before
making a judgement. Deep learning techniques and a Random forest classifier were applied to the suggested
system's preventative intrusion protection mechanism. With more Accuracy, the suggested system will be able
8
to identify and stop attacks. The suggested construction is divided into many phases. The steps are shown in
Figure. 4 and are as described in the following:
Input offers a packet as input to the suggested mechanism. After receiving a packet as input, it will
analyse it by taking into account both headers and the content.
Pre-processing of the received packet is required after a packet arrives as input. One can think about
extracting features in pre-processing.
Learning is the next and most crucial phase in this process. In the stage of Learning, the given dataset is
split into a training sample and validation data. In order to make predictions, we will use a deep
learning model after splitting the database into 2 halves.
The findings of the learning stage are addressed in the output step. Therefore, think of the output as a
filtered packet. The received data will be compared to the database in the present scheme or utilize
real-time statistics for evaluation. To improve Accuracy for learning purposes, two or more classifiers
will be combined, and the suggested system will guard against assaults like Wormholes, black holes,
Flooding, and TDMA.
Figure 4: Proposed work’s Flow Diagram
Data Collection
The WSN-DS, a customized wireless database for vulnerability scanning, which is a customized
dataset for WSNs, was utilized to identify threats in order to acquire the findings of the observational study [20].
It has exactly 374,881 simple connecting matrices, each of which has 23 properties and can be classified as an
offensive or a regular relationship vector. In addition to the standard scenario, the specific sorts of network layer
attacks are divided into four main categories of attacks: Black hole, Wormhole, TDMA, and Flooding. Twenty-
three qualities (features) in the WSN-DS are used to assess each network node's current state. By choosing the
characteristics that contain the most information in the order of relevance, Principal Component Analysis
(PCA), a statistical method for dimension reductions, creates models that are simpler to understand and need
less computation time. From the 23, the most significant characteristics could be extracted as shown in Table 1
and Figure 4, and these chosen characteristics are given as follows:
Power consumption: The power used during the preceding session. Every node initially produces a random
number ranging from 0 and 1, and then the threshold T(n) is calculated utilizing the equation below. A node will
become a Cluster Head if the chosen random number is smaller than the threshold value.
(1)
Where is the collection of nodes that haven't been Cluster heads in the preceding cycles, r is the present
cycle and is the CH chance?
• Is CH: A flag that indicates if a network is a CH (value 1) or a regular node (value 0).
• ADV CH send: The quantity of communication channels advertise CH transmitted to networks.
• ADV SCH send The quantity of scheduling broadcasting signals sent to the node that promotes.
9
• Data sent to BS: The quantity of data packets sent to the RRH.
• CH to BS distance: The separation between the CH and the RRH.
• Data received: The number of packets from CHs that were received.
• The quantity of advertising CH messages that CHs have sent out.
• The quantity of join request messages that the CHs have received from the nodes.
• Time: This data type presents simulating duration.
The training set made up 60% of the WSN-DS, and the evaluation dataset made up 40%. Table I displays the
data division.
Table 1: Data sources for training and testing include a certain number of entries
Section
Entries utilized in the database
Setup for training (60 per cent)
Testing set (40 per cent)
Constant
11022
5464
Reactive
2015
987
Random
5870
4003
Deceptive
3566
2099
Normal
227014
110895
Overall Total
2,49,487
1,23,448
Feature Extraction Using Random Forest Algorithm
The history, mathematics, guiding concept, and benefits of the Random Forest classifier are addressed
in this section. Essentially, RF relied on this technique since it is straightforward, but also it can be used for both
regression and classification. For the majority of the period, RF gives excellent results with or without extreme
parameter adjustment [21]. Among learning algorithms, Random Forest is one. First, a forest is built using RF in
order to assess the outcomes. Then, Random Forest creates a variety of decision trees b y selecting "R" pieces of
data from the database and merging these to generate more precise and reliable predictions [22]. Many forecasts
are made for each "R" input element in the decision tree, followed by the mean of all the projections calculated.
RF is an algorithm for deep Learning. Multi-model combination to predict a single outcome is called ensemble
learning.
Fundamentals of Mathematics
The RF classifier is a type of additive structure that has the ability to combine judgments from a series
of base models to create some forecasts. Normally, the following Eqn. 2 was utilized to describe this concept.
(2)
Where is the eventual form, which was nothing more than the addition of a straightforward baseline ?
Algorithm 1: Random Forest
Step 1: Initially, arbitrarily choose characteristics out of the total of attributes with the criterion
Step 2: There is a necessity to determine nodes from the characteristics utilizing the optimal splitting point
approach.
Step 3: By utilizing the optimal split principle once more, node "n" must be divided into offspring nodes.
Step 4: Once "1" nodes have been achieved, repeat Steps 1 through 3 once more.
Step 5: To generate "k" trees, the user must continue Steps 1 through 4 for the necessary amount of
repetitions.
10
Step 6: Evaluation characteristics must be used along with the decision tree criteria from every periodically
generated decision tree in order to forecast the goal, which must then be stored.
Step 7: Just determine the voting results for every forecasted target.
Step 8: Finally, just use the predicted goal with the highest number of votes as your call. Python is utilized as
the programming language, and a WSN-DS is employed as the database for the execution of RF. To get the
findings, the RF classifier's operational procedures are used. The outcome is displayed in Table 2.
Table 2: RF-based threat predictions
Attack Type
Predicted Attack
0
N
N
2
Wormhole
N
4
N
Blackhole
6
N
Normal
8
N
Wormhole
40
Wormhole
N
146
N
Wormhole
162
TDMA
Black Hole
167
N
Black Hole
175
N
Flooding
189
TDMA
Black Hole
Classification using Convolutional Neural Network (CNN)
Moreover, CNN is an exclusionary Deep Learning technique that uses minimal interactions,
equivariant representations, and variable swapping to reduce the amount of information input variables needed
for a traditional artificial neural network (ANN). As a result, CNN is much more extensible and requires lesser
training. As depicted in Figure 6, a CNN has three distinct layers kinds: convolution layers, pooling layer, and
activating unit. Different kernels are used by the convolutional layers to saturate the input sources. By
downsizing sampling, the max pools reduce the sizes of successive layers. It uses two techniques: max pooling
and average pooling. Max pooling selects the maximum priority for each grouping of the prior layer by dividing
the inputs into separate segments.
In contrast approach, the mean pooling establishes the median values for each group in the preceding
stage. Each character in the feature set can have a non-linear activating mechanism triggered by the activated
units. The greatest method for quickly and efficiently extracting features from unprocessed datasets is CNN,
although this method also demands a lot of computer energy. This makes it extremely difficult to use CNN on
WMSN devices with limited resources for their security. This problem is partially solved by the distributed
system, in which a lighter version of Deep NN is learned and implemented onboard with only a small number of
crucial output classes, while the full training of the algorithm is carried out using the huge computational
capacity of the clouds. An earlier study for detecting attacks that were disclosed highlighted their usage in the
security of the WMSN environment. Authors assert that their results are superior to other cutting-edge IDS in
terms of precision and recognition exactness [23].
Figure 5:
Architecture
of CNN
11
Results and Discussion
This part contains a presentation of the dataset's outcomes. Python is the programming language that is
used to do all of the duties. An Intel(R) Xeon(R) CPU E3-1225 v5, 16.00 GB RAM, Windows 10 Enterprise
2016 LTSB 64-bit Operating System, and an x64-Based Processor were used for the experiments. The overall
categorization efficiency attained for each level is shown in Table 4.
Numerous statistical techniques are utilized in deep Learning to solve categorization and extrapolation
problems with a variety of dependent and independent variables [24]. Evaluation metrics are employed in this
paper to assess the effectiveness of the indicated strategies. These success measures are calculated using the
values of the attributes obtained from the WSN-DS training and testing database. The comparison of Accuracy
for different methods is shown in Figure 7. [25].
Performance Metrics for IDS in WSN
Utilizing the evaluation methods, one can evaluate the effectiveness of an intrusion recognition system.
The binary classifier issue is linked to the intrusion prevention applications in WMSN. Regular circulation is
viewed as negative, while aberrant flow is viewed as positive. Four sections make up the confusion matrix: The
number of genuinely anomalous flows that were accurately forecasted as abnormal flows are known as True
Positives (TP). TN is the percentage of real normal flows that were accurately forecasted as normal flows. The
number of truly normal flows that were mistakenly labelled as abnormal flows is known as false positives (FP).
The proportion of truly anomalous streams that were mistakenly labelled as normal flows is known as false
negatives (FN). The metrics of detection accuracy, True Positive Rate (TPR), False Positive Rate (FPR), True
Negative Rate (TNR), False Negative Rate (FNR), F1 score, and geometric mean index were used to assess the
efficacy of the proposed method.
Accuracy
The proportion of occurrences that were properly categorized is known as Accuracy (Acc). Eqn.
(3) was used to determine the intrusion prevention system's precision.
(3)
True Positive rate
Sensitivity, recalls, and recognition performance is other names for TPR. TPR is a measure of how
many accurately recognized anomalous flows were present. The TPR calculation formula is shown in Eqn. (4).
(4)
True Negative Rate
TNR is also known as sensitivity and uniqueness. TNR is the proportion of correctly diagnosed
genuine normal instances, as shown in Eqn. (5).
(5)
False Positive Rate
`The FPR stands for the likelihood of a false alarm. The FPR measures the proportion of actual
aberrant flows that were projected to be normal flows. Eqn. (6) shows the calculation formula.
(6)
False Negative Rate
FNR is the proportion of expected abnormal flows that are normal flows. The calculation for FNR is
shown in Eqn. (7).
12
(7)
Precision
It is also known as a high prognostic accuracy. It illustrates the connection between the total positive
predictions and the TP. The TPR calculation formula is shown in Eqn. (8).
(8)
F1 score
F1 Score in Eqn. (9) is the representation of the harmonic mean of Precision and Recall. The
appropriate statistic to evaluate the effectiveness of the attack identification algorithms in relation to Accuracy
when an IDS model includes an imbalanced input database is the f1 score.
(9)
Receiver Operating Curves (ROC)
Table 3: Receiver Operating Curve
FP
TP
0.1
0.18
0.3
0.20
0.5
0.34
0.7
0.55
0.9
0.76
1
1.00
A graph called ROC illustrates the trade-off between FP and TP. The model's detection precision is
displayed by the area under the ROC curve. Any intrusion detection technique that has a larger area under the
ROC curve produces good results. The X-axis in this graph denotes the FPR, and the Y-axis the TPR. The
minimal prediction line, represented by the 450 lines on the ROC curve of the intrusion detection model, is
inaccessible. Figure 8 shows a ROC in action. Because the region under the blue line in Figure 8 is larger than
the area under the red line, the model representing the blue line produces high-quality results. Table 3 shows the
Receiver Operating Curve.
Figure 6: ROC Curve
13
Table 4: Classification accuracy of the proposed system
Proposed Work
Accuracy
Random Forest
97.08%
Deep Learning
98.33%
Deep Learning + Random Forest
99%
The contrast of the multiple-stage models with some other work that employed only Deep Learning and
Random forest method performed on the exact same datasets to assess the suggested approach confirms that our
technique is the most suited. Table 5 shows that the approach can classify attacks more accurately than the MLP
model alone.
Table 5: Overall attack Detection accuracies
Proposed Method
Accuracy of classified attacks (%)
Overall Accuracy
(%)
Black Hole Attack
Worm Hole attack
Deep Learning
96.45
94.33
94.06
Random Forest
95.32
97.55
96.23
Deep Learning +
Random Forest
98.99
97.68
99
Figure 7: Attacks Accuracy
Table 6: Classification analysis of RF
Pre
Rec
F1 Score
Black hole
0.98
0.96
0.92
Wormhole
0.97
0.95
0.93
Normal
2.00
0.78
0.90
Flooding
0.50
0.54
0.23
14
Table 2 displays the attacks that the Random Forest classification algorithm predicts. With ID numbers
146 and 167, accordingly, in Table 2, the actual attack types were Wormhole, normal and black hole, despite the
attacks being anticipated as Flooding and normal, including both. Table 6 displays the categorization report for
Random Forest, which identified TDMA, Wormhole, Black hole, Flooding, and black hole attacks. The
precision value of all threats is 97.00 %, according to Random Forest. Figure 8 displays the outcomes of a study
of the attacks' predicted effectiveness using random forest.
Figure 8: Performance analysis of RF
Conclusion
The information shown above can be used as a guide for creating a system that will prevent intrusions into a
WMSN. Anything, anytime, everywhere, and any kind of computing has greatly increased the deployment of
WSN. With so many potential threats and attacks on a wireless network, security is understandably a top
priority. Intrusion is a major issue, yet current detection measures are overwhelmed. Therefore, we need an
approachable method of providing efficient intrusion protection for WSNs. The success of an attack-detection
algorithm is measured in terms of recognition effectiveness, false positive rates, false negative rates, and the f1
score. This page also includes information on the efficiency of the WSN's attack identification mechanism.
The fundamental problem with this excessive energy usage is addressed by isolating the sensor nodes that
communicate scalar, audio, and video data in WMSN and display malicious behaviour. In order to create an
intrusion detection and prevention system for wireless sensor networks, this study examines the similarities and
differences between machine learning and deep learning. This study presents the findings from a wide variety of
deep-learning assault detection methods. When compared to other learning techniques, the results produced by
Deep Learning and random forest classifier algorithms are far superior. Therefore, the effectiveness of deep
learning systems in preventing incursion is enhanced. From the suggested research, we can infer that a WMSN
requires an attack mitigation system that is both expandable and resilient on the basis of protocol inspection.
The assault can be detected and stopped by the WSN using the deep Learning provided to it.
Abbreviations
WMSN
Wireless multimedia sensor networks
Grayhole
0.60
0.65
0.38
TDMA
0.67
0.32
0.40
Overall
0.97
0.95
0.91
15
WSN
Wireless sensor network
CNN
Convolutional neural networks
IDS
Intrusion detection system
ANN
Artificial neural network
RF
Random forest
QoS
Quality of Service
DoS
Denial of service
CAN
Controller area network
IVN
In-vehicle Network
PCA
Principal component analysis
(ROC)
Receiver Operating Curves
Declarations
Acknowledgement:
This research did not receive any specific grant from funding agencies in the public, commercial, or non-profit
sectors.
Authors contributions:
The author has proposed a deep Learning technique Convolutional Neural Network with a Random Forest
classifier to detect and prevent attacks and to promote efficient forwarding in WMSNs.
Availability of data and materials:
The de-identified data supporting the conclusions of our research are available from the corresponding authors,
without undue reservation, to qualified researchers.
Funding statement:
The authors received no specific funding for this study.
Competing Interest:
The authors declare that they have no competing interest to report regarding the present study.
References
[1] A. Naveena and M. V. Lakshmi, “A Heuristic Deep Feature System for Energy Management in Wireless
Sensor Network,” In Review, preprint, Jun. 2022. doi: 10.21203/rs.3.rs-1648588/v1.
[2] T. Zahariadis, H. C. Leligou, P. Trakadas, and S. Voliotis, “Trust management in wireless sensor
networks,” Eur. Trans. Telecommun., p. n/a-n/a, 2010, doi: 10.1002/ett.1413.
16
[3] Y. Farooq, H. Beenish, and M. Fahad, “Intrusion Detection System in Wireless Sensor Networks - A
Comprehensive Survey,” in 2019 Second International Conference on Latest Trends in Electrical
Engineering and Computing Technologies (INTELLECT), Karachi, Pakistan, Nov. 2019, pp. 1–6. doi:
10.1109/INTELLECT47034.2019.8954984.
[4] “1550147719858231.pdf.”
[5] P. Mukherjee and S. Sen, “Using Learned Data Patterns to Detect Malicious Nodes in Sensor Networks,” in
Distributed Computing and Networking, vol. 4904, S. Rao, M. Chatterjee, P. Jayanti, C. S. R. Murthy, and
S. K. Saha, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008, pp. 339–344. doi: 10.1007/978-3-
540-77444-0_35.
[6] C. Intanagonwiwat, R. Govindan, D. Estrin, J. Heidemann, and F. Silva, “Directed diffusion for wireless
sensor networking,” IEEE ACM Trans. Netw., vol. 11, no. 1, pp. 2–16, Feb. 2003, doi:
10.1109/TNET.2002.808417.
[7] M. Cardei, E. B. Fernandez, A. Sahu, and I. Cardei, “A pattern for sensor network architectures,” in
Proceedings of the 2nd Asian Conference on Pattern Languages of Programs - AsianPLoP ’11, Tokyo,
Japan, 2011, pp. 1–8. doi: 10.1145/2524629.2524641.
[8] Yuanli Wang, Xianghui Liu, and Jianping Yin, “Requirements of Quality of Service in Wireless Sensor
Network,” in International Conference on Networking, International Conference on Systems and
International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL’06),
Morne, Mauritius, 2006, pp. 116–116. doi: 10.1109/ICNICONSMCL.2006.185.
[9] M. P. Shelke, A. Malhotra, and P. Mahalle, "A packet priority intimation-based data transmission for
congestion-free traffic management in wireless sensor networks," Comput. Electr. Eng., vol. 64, pp. 248–
261, Nov. 2017, doi: 10.1016/j.compeleceng.2017.03.007.
[10] A. Javaid, Q. Niyaz, W. Sun, and M. Alam, “A Deep Learning Approach for Network Intrusion Detection
System,” New York City, United States, 2016. doi: 10.4108/eai.3-12-2015.2262516.
[11] I. Almomani, B. Al-Kasasbeh, and M. AL-Akhras, “WSN-DS: A Dataset for Intrusion Detection Systems
in Wireless Sensor Networks,” J. Sens., vol. 2016, pp. 1–16, 2016, doi: 10.1155/2016/4731953.
[12] H. Sedjelmaci and M. Feham, “Novel Hybrid Intrusion Detection System For Clustered Wireless Sensor
Network,” Int. J. Netw. Secure. Its Appl., vol. 3, no. 4, pp. 1–14, Jul. 2011, doi: 10.5121/ijnsa.2011.3401.
[13] J. Lansky et al., “Deep Learning-Based Intrusion Detection Systems: A Systematic Review,” IEEE Access,
vol. 9, pp. 101574–101599, 2021, doi: 10.1109/ACCESS.2021.3097247.
[14] S. A. Jayadhas and S. E. Roslin, “Performance Analysis of Malicious Node Detection in Wireless
Multimedia Sensor Networks using Modified LeNET Architecture,” Int. J. Comput. Netw. Appl., vol. 9, no.
2, p. 179, Apr. 2022, doi: 10.22247/ijcna/2022/212334.
[15] S. Godala and R. P. V. Vaddella, “A Study on Intrusion Detection System in Wireless Sensor Networks,”
Int. J. Commun. Netw. Inf. Secure. IJCNIS, vol. 12, no. 1, Apr. 2022, doi: 10.17762/ijcnis.v12i1.4429.
[16] B. I. Farhan and A. D. Jasim, “Performance analysis of intrusion detection for deep learning model based
on CSE‑CIC‑IDS2018 dataset,” Indones. J. Electr. Eng. Comput. Sci., vol. 26, no. 2, p. 1165, May 2022,
doi: 10.11591/ijeecs.v26.i2.pp1165-1172.
[17] L. Chhaya, P. Sharma, G. Bhagwatikar, and A. Kumar, “Wireless Sensor Network Based Smart Grid
Communications: Cyber Attacks, Intrusion Detection System and Topology Control,” Electronics, vol. 6,
no. 1, p. 5, Jan. 2017, doi: 10.3390/electronics6010005.
[18] L. A. Mohammed and B. Issac, “Detailed DoS attacks in wireless networks and countermeasures,” Int. J.
Ad Hoc Ubiquitous Comput., vol. 2, no. 3, p. 157, 2007, doi: 10.1504/IJAHUC.2007.012417.
[19] U. Ghugar and J. Pradhan, “A Review on Wormhole Attacks in Wireless Sensor Networks,” p. 15, 2019.
[20] M. Hachimi, G. Kaddoum, G. Gagnon, and P. Illy, “Multi-stage Jamming Attacks Detection using Deep
Learning Combined with Kernelized Support Vector Machine in 5G Cloud Radio Access Networks.”
arXiv, Apr. 14, 2020. Accessed: Jul. 29, 2022. [Online]. Available: http://arxiv.org/abs/2004.06077
[21] Y. El, A. Toumanari, A. Bouirden, and N. El, “Intrusion Detection Techniques in Wireless Sensor Network
using Data Mining Algorithms: Comparative Evaluation Based on Attacks Detection,” Int. J. Adv. Comput.
Sci. Appl., vol. 6, no. 9, 2015, doi: 10.14569/IJACSA.2015.060922.
[22] S. Chatterjee, S. Ghosh, S. Dawn, S. Hore, and N. Dey, "Forest Type Classification: A Hybrid NN-GA
Model-Based Approach," in Information Systems Design and Intelligent Applications, vol. 435, S. C.
Satapathy, J. K. Mandal, S. K. Udgata, and V. Bhateja, Eds. New Delhi: Springer India, 2016, pp. 227–236.
doi: 10.1007/978-81-322-2757-1_23.
[23] Sk. T. Mehedi, A. Anwar, Z. Rahman, and K. Ahmed, “Deep Transfer Learning Based Intrusion Detection
System for Electric Vehicular Networks,” Sensors, vol. 21, no. 14, p. 4736, Jul. 2021, doi:
10.3390/s21144736.
[24] S. Agrawal, B. Singh, R. Kumar, and N. Dey, “Machine learning for medical diagnosis: A neural network
classifier optimized via the directed bee colony optimization algorithm,” in U-Healthcare Monitoring
Systems, Elsevier, 2019, pp. 197–215. doi: 10.1016/B978-0-12-815370-3.00009-8.
17
[25] M. Zamani and M. Movahedi, “Machine Learning Techniques for Intrusion Detection.” arXiv, May 09,
2015. Accessed: Aug. 03, 2022. [Online]. Available: http://arxiv.org/abs/1312.2177
[26] C. M. Rao, Department of Computer Science and Engineering, Sri Venkateswara University (SVU)
College of Engineering, Tirupati – 517502, Andhra Pradesh, India, M. M. Naidu, and School of
Computing, Veltech Dr. RR and Dr. SR University, Avadi, Chennai – 600062, Tamil Nadu, India, “A
Model for Generating Synthetic Network Flows and Accuracy Index for Evaluation of Anomaly Network
Intrusion Detection Systems,” Indian J. Sci. Technol., vol. 10, no. 14, pp. 1–16, Apr. 2017, doi:
10.17485/ijst/2017/v10i14/106786.
