Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on theWu–Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.
References
[1]
Sun, B.; Osborne, L.; Xiao, Y.; Guizani, S. Intrusion detection techniques in mobile ad hoc and wireless sensor networks. IEEE Wirel. Commun. 2007, 14, 56–63.
[2]
Geer, D. Users make a Beeline for ZigBee sensor technology. Computer 2005, 38, 16–19.
[3]
Zhang, Y.; Lee, W.; Huang, Y.A. Intrusion detection techniques for mobile wireless networks. Wirel. Netw. 2003, 9, 545–556.
[4]
Baig, Z. Pattern recognition for detecting distributed node exhaustion attacks in wireless sensor networks. Comput. Commun. 2011, 34, 468–484.
[5]
Xie, M.; Han, S.; Tian, B.; Parvin, S. Anomaly detection in wireless sensor networks: A survey. J. Netw. Comput. Appl. 2011, 34, 1302–1325.
[6]
Wood, A.; Stankovic, J. Denial of service in sensor networks. Computer 2002, 35, 54–62.
[7]
Chandola, V.; Banerjee, A.; Kumar, V. Anomaly detection: A survey. ACM Comput. Surv. 2009, 41, 15:1–15:58.
[8]
Bahrepour, M.; Zhang, Y.; Meratnia, N.; Havinga, P. Use of Event Detection Approaches for Outlier Detection in Wireless Sensor Networks. Proceedings of 2009 5th International Conference on the Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), Melbourne, Australia, 7– 10 December 2009; pp. 439–444.
[9]
Coit, C.; Staniford, S.; McAlerney, J. Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort. Proceedings of the DARPA Information Survivability Conference Exposition II (DISCEX 2001), Anaheim, CA, USA, 12– 14 June 2001; Volume 1, pp. 367–373.
[10]
Denning, D. An intrusion-detection model. IEEE Trans. Softw. Eng. 1987, SE-13, 222–232.
Szor, P. The Art of Computer Virus Research and Defense; Addison-Wesley Professional: Indianapolis: Indiana, USA, 2005.
[13]
Cheng, S.T.; Li, S.-Y.; Chen, C.M. Distributed Detection in Wireless Sensor Networks. Proceedings of Seventh IEEE/ACIS International Conference on the Computer and Information Science (ICIS 08), Portland, OR, USA, 14– 16 May 2008; pp. 401–406.
[14]
Amin, S.O.; Siddiqui, M.S.; Hong, C.S.; Lee, S. RIDES: Robust intrusion detection system for IP-based ubiquitous sensor networks. Sensors 2009, 9, 3447–3468.
[15]
Wang, Q. Packet traffic: A good data source for wireless sensor network modeling and anomaly detection. IEEE Netw. 2011, 25, 15–21.
[16]
Martynov, D.; Roman, J.; Vaidya, S.; Fu, H. Design and Implementation of an Intrusion Detection System for Wireless Sensor Networks. Proceedings of 2007 IEEE International Conference on the Electro/Information Technology, Chicago, IL, USA, 17– 20 May 2007; pp. 507–512.
[17]
Amin, S.; Young, Y.J.; Siddiqui, M.; Hong, C.S. A Novel Intrusion Detection Framework for IP-Based Sensor Networks. Proceedings of International Conference on the Information Networking (ICOIN 2009), Chiang Mai, Thailand, 20– 23 January 2009; pp. 1–3.
[18]
Wang, Q.; Zhang, T. Detecting Anomaly Node Behavior in Wireless Sensor Networks. Proceedings of 21st International Conference on the Advanced Information Networking and Applications Workshops (AINAW 2007), Niagara Falls, Canada, 21– 23 May 2007; Volume 1, pp. 451–456.
[19]
Norton, M.; Roelker, D. Snort 2.0: Hi-Performance Multi-Rule Inspection Engine; Sourcefire Network Security Inc.: Columbia, MD, USA, 2004.
[20]
Zaidi, A.; Agoulmine, N.; Kenaza, T. Piecewise Classification of Attack Patterns for Efficient Network Intrusion Detection. Proceedings of the 2010 International Conference on the Security and Cryptography (SECRYPT), Athens, Greece, 26– 28 July 2010; pp. 1–5.
[21]
Choi, Y.H.; Jung, M.Y.; Seo, S.W. A fast pattern matching algorithm with multi-byte search unit for high-speed network security. Comput. Commun. 2011, 34, 1750–1763.
[22]
Wu, S.; Manber, U. A Fast Algorithm for Multi-Pattern Searching. TR-94-17; University of Arizona: Tucson, AZ, USA, 1994.
[23]
Boyer, R.S.; Moore, J.S. A fast string searching algorithm. ACM Commun. 1977, 20, 762–772.
[24]
Antonatos, S.; Polychronakis, M.; Akritidis, P.; Anagnostakis, K.; Markatos, E. Piranha: Fast and Memory-Efficient Pattern Matching for Intrusion Detection. Proceedings of 20th IFIP International Information Security Conference (SEC), Chiba, Japan, 30 May– 1 June 2005; pp. 393–408.
[25]
Sy, D.; Bao, L. CAPTRA: Coordinated Packet Traceback. Proceedings of The Fifth International Conference on the Information Processing in Sensor Networks (IPSN 2006), Nashville, TN, USA, 19– 21 April 2006; pp. 152–159.
[26]
Kim, I.Y.; Kim, K.C. A Resource-Efficient IP Traceback Technique for Mobile Ad-hoc Networks Based on Time-Tagged Bloom Filter. Proceedings of Third International Conference on the Convergence and Hybrid Information Technology (ICCIT '08), Busan, Korea, 11– 13 November 2008; Volume 2, pp. 549–554.
[27]
Roesch, M. Snort-Lightweight Intrusion Detection for Networks. In Proceedings of the 13th USENIX conference on System Administration; Seattle, WA, USA, 1999; pp. 229–238.
[28]
Zoumboulakis, M.; Roussos, G. Efficient Pattern Detection in Extremely Resource-Constrained Devices. Proceedings of 6th Annual IEEE Communications Society Conference on the Sensor, Mesh and Ad Hoc Communications and Networks (SECON 2009), Rome, Italy, 22– 26 June 2009; pp. 1–9.
[29]
PCRE: Perl Compatible Regular Expression. Available online: http://www.pcre.org/ (accessed on 30 November 2012).
[30]
Karp, R.M.; Rabin, M.O. Efficient randomized pattern-matching algorithms. IBM J. Res. Dev. 1987, 31, 249–260.
[31]
Polastre, J.; Szewczyk, R.; Culler, D. Telos: Enabling Ultra-low Power Wireless Research. Proceedings of Fourth International Symposium on the Information Processing in Sensor Networks (IPSN 2005), Los Angeles, CA, USA, 25– 27 April 2005; pp. 364–369.
