CUSUM-Based Intrusion Detection Mechanism for Wireless Sensor Networks

Hindawi Publishing Corporation Journal of Electrical and Computer Engineering Volume 2014, Article ID 245938, 6 pages http://dx.doi.org/10.1155/2014/245938 Research Article CUSUM-Based Intrusion Detection Mechanism for Wireless Sensor Networks Bishan Ying Wasu Media Network Co., Hangzhou 310012, China Correspondence should be addressed to Bishan Ying; yingbishan Received 12 December 2013; Accepted 30 December 2013; Published 11 February 2014 Academic Editor: Xue Chen Copyright © 2014 Bishan Ying. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The nature of wireless sensor networks (WSNs) makes them very vulnerable to adversary’s malicious attacks. Therefore, network security is an important issue to WSNs. Due to the constraints of WSN, intrusion detection in WSNs is a challengeable task. In this paper, we present a novel intrusion detection mechanism for WSNs, which is composed of a secure data communication algorithm and an intrusion detection algorithm. The major contribution of this paper is that we propose an original secure mechanism to defend WSNs against malicious attacks by using the information generated during data communication. The approach is able to protect the data communication in a WSN even if some sensor nodes are compromised by adversary. The proposed approach is easy to be implemented and performed in resource-constrained WSN. We also evaluate the proposed approach by a simulation experiment and analyze the simulation results in detail. 1. Introduction Wireless sensor networks (WSNs) are systems that comprise large numbers of wirelessly connected and spatially distributed sensor nodes across a large field of interest [1]. There is a wide range of applications where the WSNs are extensively used, and their development in other applications is still growing. However, the intrinsic nature of WSNs makes them vulnerable to malicious attacks. An adversary can physically compromise a subset of sensor nodes in a WSN to eavesdrop or destroy information. The malicious nodes (or compromised nodes) become black holes in a WSN [2]. Therefore, network security is a very important issue to WSNs. Generally speaking, network security techniques can be divided into two categories: prevention-based techniques and detection-based techniques. When an intrusion takes place, prevention-based techniques are the first line of defense against attacks, while detection-based techniques aim at identifying and excluding the attacker after the fail of prevention-based techniques. Detection-based techniques can be grouped into two categories: misuse detection and anomaly detection. Misuse detection techniques match patterns of well-known attack profiles with the current changes, whereas anomaly detection uses established normal profiles and detects unusual deviations from the normal behavior as anomalies [3]. An intrusion detection system (IDS) monitors a host or network for suspicious activity patterns outside normal and expected behavior [4]. Currently, there are a number of research efforts on intrusion detection for WSN. Although intrusion detection is an important issue to WSN, the research on intrusion detection for WSNs is still preliminary [5]. Due to some intrinsic features of WSN, it is difficult to perform efficient intrusion detection in such a resource-restricted environment. Many intelligent or statistical approaches are too complex for WSNs. Therefore, due to the constraints of WSN, IDS in WSNs is challengeable and need more effort to be done in this direction. In this paper, we present a novel intrusion detection mechanism for WSNs, which is composed of a secure data communication algorithm and an intrusion detection algorithm. The major contribution of this paper is that we propose an original secure mechanism to defend WSNs against malicious attacks by using the information generated during data communication. The approach is able to protect the data communication in a WSN even if some sensor nodes are compromised by adversary. We provide a relatively simple but reliable approach to support secure data communication 2 in WSN. The remaining of the paper is organized as follows. In Section 2, we first introduce the network model for this study. Then we illustrate how to construct secure path for data communication in WSN and how to perform data communication via secure paths in Section 3. In Section 4, we propose a CUSUM-based intrusion detection algorithm for WSN by using the path information generated during data communication. In Section 5, we evaluate the performance of the proposed approach by simulation. Section 5 gives an overview of the related works. Section 6 concludes the paper with an outlook to future research directions. Journal of Electrical and Computer Engineering Wireless sensor network Local cache Sink Relay sensor nodes Normal path 2. Network Model Generally, a WSN [6, 7] is a network composed of a large number of sensor nodes that are equipped with environmental sensors for temperature, pH value, humidity, and so forth and can communicate with each other through a wireless radio device. A typical WSN consists of two types of nodes: sink nodes and sensor nodes. The sink, also known as base station, is a powerful node that behaves as an interface between the sensor nodes and the clients of the network. The sensor nodes, also known as motes or simply nodes are small and resource-constrained devices that have the ability of sensing the surrounding environment. Sensor nodes in WSN are always densely deployed either inside the phenomenon or very close to it. Although WSNs belong to the general family of wireless ad hoc networks, they have several distinctive features of their own [8]. For example, a sensor node in WSN is small and inexpensive device with constrained transmit power and energy supplies. In this paper, we consider a very simple WSN model for illustrating the approach. Assume that there are 𝑘 nodes in the network. Each sensor node in this WSN is batterypowered and has limited sensing, computation and wireless communication, capabilities. In this network, the sink is a data communication center equipped with sufficient computation and storage capabilities. Sensor nodes generate sensor data and aggregate data packets. The sink allocates the data from sensor nodes periodically. There are a small number of malicious nodes in the WSN. Assume that the number of the malicious nodes is ℎ (0 < ℎ ≪ 𝑘). We assume that malicious nodes, in order to allay suspicions, selectively drop only a small proportion of all packets passing by rather than every packet. The routing layer of WSNs is threatened by various attacks. However, due to the focus of our paper, it will not be further discussed and here we consider only selective forwarding attacks throughout this paper. 3. Norm (...truncated)