As wireless sensor networks are usually deployed in unattended areas, security policies cannot be updated in a timely fashion upon identification of new attacks. This gives enough time for attackers to cause significant damage. Thus, it is of great importance to provide protection from unknown attacks. However, existing solutions are mostly concentrated on known attacks. On the other hand, mobility can make the sensor network more resilient to failures, reactive to events, and able to support disparate missions with a common set of sensors, yet the problem of security becomes more complicated. In order to address the issue of security in networks with mobile nodes, we propose a machine learning solution for anomaly detection along with the feature extraction process that tries to detect temporal and spatial inconsistencies in the sequences of sensed values and the routing paths used to forward these values to the base station. We also propose a special way to treat mobile nodes, which is the main novelty of this work. The data produced in the presence of an attacker are treated as outliers, and detected using clustering techniques. These techniques are further coupled with a reputation system, in this way isolating compromised nodes in timely fashion. The proposal exhibits good performances at detecting and confining previously unseen attacks, including the cases when mobile nodes are compromised.
References
[1]
Krontiris, I.; Giannetsos, T.; Dimitriou, T. LIDeA: A Distributed Lightweight Intrusion Detection Architecture for Sensor Networks. Proceedings of the 4th International Conference on Security and Privacy for Communication Networks (SECURECOMM 2008), Istanbul, Turkey, 22–25 September 2008.
[2]
Hai, T.H.; Khan, F.I.; Huh, E. Hybrid Intrusion Detection System for Wireless Sensor Networks. Proceedings of International Conference on Computer Science and Applications, San Francisco, CA, USA, October 2007.
[3]
Onat, I.; Miri, A. A Real-Time Node-Based Traffic Anomaly Detection Algorithm for Wireless Sensor Networks. Proceedings of Systems Communications 2005 (ICW/ICHSN/ICMCS/ SENET 2005), Montreal, QC, Canada, 14–17 August 2005.
[4]
Wallenta, C.; Kim, J.; Bentley, P.J.; Hailes, S. Detecting interest cache poisoning in sensor networks using an artificial immune algorithm. Appl. Intell 2008, 32, 1–26.
[5]
Kaplantzis, S.; Shilton, A.; Mani, N.; Sekercioglu, Y.A. Detecting Selective Forwarding Attacks in WSNs using Support Vector Machines. Proceedings of 3rd International Conference on Intelligent Sensors, Sensor Networks and Information, Melbourne, Australia, 3–6 December 2007; pp. 335–340.
[6]
Loo, C.E.; Ng, M.Y.; Leckie, C.; Palaniswami, M. Intrusion detection for routing attacks in sensor networks. Int. J. Dist. Sens. Netw. 2006, 2, 313–332.
[7]
Adaptive Security Analyzer. Available online: http://www.privacyware.com/index_ASAPro.html (accessed on 27 February 2012).
Yu, Z.; Tsai, J. A Framework of Machine Learning Based Intrusion Detection for Wireless Sensor Networks. Proceedings of IEEE International Conference on Sensor Networks, Ubiquitous and Trustworthy Computing (SUTC '08), Taichung, Taiwan, 11– 13 June 2008.
[10]
Roosta, T.G. Attacks and Defenses of Ubiquitous Sensor Networks. Ph.D. Thesis, EECS Department, University of California, Berkeley, CA, USA, May 2008.
[11]
Bankovi?, Z.; Fraga, D.; Moya, J.M.; Vallejo, J.C.; Malagón, P.; Araujo, á.; De Goyeneche, J.-M.; Romero, E.; Blesa, J.; Villanueva, D. Bio-inspired enhancement of reputation systems for intelligent environments. Inf. Sci. 2011, doi:10.1016/j.ins.2011.07.032.
[12]
Bankovi?, Z.; Moya, J.M.; Araujo, A.; Fraga, D.; Vallejo, J.C.; de Goyeneche, J.M. Distributed intrusion detection system for wireless sensor networks based on a reputation system coupled with kernel self-organizing maps. Integr. Comput.-Aided Eng. 2010, 17, 87–102.
[13]
Rieck, K.; Laskov, P. Linear-time computation of similarity measures for sequential data. J. Mach. Learn. Res. 2008, 9, 23–48.
[14]
Bankovi?, Z.; Fraga, D.; Vallejo, J.C.; Moya, J.M. Improving Reputation Systems for Wireless Sensor Networks Using Genetic Algorithms. Proceedings of the 13th Annual Conference on Genetic and Evolutionary Computation (GECCO'11), Dublin, Ireland, 12–16 July 2011.
[15]
Bankovi?, Z.; Fraga, D.; Vallejo, J.C.; Moya, J.M. Self-Organizing Maps versus Growing Neural Gas in Detecting Data Outliers for Security Applications. To be published at HAIS'. , 12.
[16]
Mu?oz, A.; Muruzábal, J. Self-organizing maps for outlier detection. Neurocomputing 1998, 8, 33–60.
[17]
Studeny, M.; Vejnarová, J. The Multiinformation Function as a Tool for Measuring Stochastic Dependence. In Learning in Graphical Models; Kluwer Academic Publishers: Norwell, MA, USA, 1998; pp. 261–297.
[18]
Campo, C.; Almenárez, F.; Díaz, D.; García-Rubio, C.; Marín López, A. Secure Service Discovery based on Trust Management for ad-hoc Networks. J. Univers. Comput. Sci. 2006, 12, 340–356.
[19]
Greenberg, M.; Byington, J.; Harper, D. Mobile agents and security. IEEE Commun. Mag. 1998, 36, 76–85.
[20]
Ganeriwal, S.; Balzano, L.K.; Srivastava, M.B. Reputation-based framework for high integrity sensor networks. ACM Trans. Sens. Netw. 2008, 4, 1–37.
[21]
Varadhan, K. The ns Manual (formerly ns Notes and Documentation); Bell Labs, Lucent Technologies: Berkeley Heights, NJ, USA, 2003.
[22]
Boulis, A. Castalia: Revealing Pitfalls in Designing Distributed Algorithms in WSN. Proceedings of the 5th International Conference on Embedded Networked Sensor Systems (SenSys), Sydney, Australia, 6–9 November 2007.
[23]
Varga, A.; Hornig, R. An overview of the OMNeT++ Simulation Environment. Proceedings of the 1st International Conference on Simulation Tools and Techniques for Communications, Networks and Systems & Workshops, Bruselles, Belguim, 3–7 March 2008.
[24]
Cai, Y. Mobile Intelligence. J. Univers. Comput. Sci. 2010, 16, 1650–1665.
