View
3
Download
0
Category
Preview:
Citation preview
AN EFFICIENT HYBRID INTRUSION
DETECTION SYSTEM FOR WIRELESS
SENSOR NETWORKS
K. Indira Ms. D. UshaNandini Dr. A. Sivasangari
School of Computing.School of Computing.School of Computing.
Sathyabama University. Sathyabama University, Sathyabama University,
Chennai, India. Chennai, India. Chennai, India.
_____________________________________________________________________________________________
______
Abstract-- Now a day’s problems with wireless device networks became a noteworthy analysis subject. Since wireless
device networks area unit committed vulnerable characteristics like outside transmission and self-organizing while not a
correct infrastructure. Wireless device networks additionally known as wireless device and additionally known as
mechanism networks as they're spatially distributed autonomous sensors to notice physical or environmental changes.
Wireless device network is typically deployed in absent and unfavorable environments. Thus, it's obligatory to use
effective mechanisms to safeguard the networks. Device network includes of
multiple detection stations known as “Sensor nodes”. Every device node is of tiny, light-weight and transportable. Every
device node is embedded with a electrical device, personal computer, transceiver and power supply.
KEYWORDS: Wireless sensor networks, Intrusion Detection System, Anomaly, Signature Based Detection, low false alarm,
Security
• INTRODUCTION
A wireless sensing element network contains an outsized variety of devices operational autonomously and
connecting with each other via short-range radio transmissions. Intrusion detection system may be a code that
imbrutes the intrusion detection method. The first responsibility of IDS is to discover redundant and malicious
activities. Intrusion suggests that a collection of actions aimed to accommodate the protection targets, particularly
Integrity, confidentiality, or handiness, of a computing and networking resource. It‟s associate degree application
used for watching the network and protective against the trespasser. Malicious users can use the inner system to
gather info and to cause some vulnerabilities like code bugs. Therefore security is required for the users to secure
their systems from intruders. Associate degree Intrusion interference System may be a network security interference
technology that checks the network traffic flows to look at and avoid vulnerability exploits.
• EXISTING SYSTEM
In this existing system, they planned a hybrid, light-weight intrusion detection system for detector networks. This
model uses anomaly notice ion supported support vector machine (SVM) rule and a collection of signature rules to
detect malicious behaviors and supply international light-weight IDS. because of the character of NIDS system
there's would like for them to research protocols as they're captured.NIDS system could also be liable to same
protocol primarily based attacks that n/w host could also be vulnerable. Invalid knowledge Associate in Nursing
TCP/IP stacks attacks might cause an NIDS to crash. It incorporates a high detection rate with lower warning.
• PROPOSED MODEL
International Journal of Pure and Applied MathematicsVolume 119 No. 7 2018, 539-556ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version)url: http://www.ijpam.euSpecial Issue ijpam.eu
539
We propose Associate in nursing economical Hybrid IDS for wireless detector networks. This model uses cluster
primarily based design to cut back energy consumption and to extend network period of time. It uses Anatoly notice
ion technique and a collection of signature rules to detect malicious activity. It finally shows that the planned model
will scale back communication prices that ends up in up the period of time of the networks. It may notice surprising
attacks that contains high detection rate and low warning.
International Journal of Pure and Applied Mathematics Special Issue
540
International Journal of Pure and Applied Mathematics Special Issue
541
Fig. 1. Flow diagram
• System Architecture
In this system architecture diagram one known node is designated as a leader of the group (cluster-head), that
forwards nodes packets (data aggregated) to the base station (BS) instead of sending their (nodes) collected data to a
remote location (base station). Cluster head acts like a local base station sensor, and then clusters elect themselves to
be a CH at any given time with a certain probability. A cluster-based architecture that divides the array of sensors
into a plurality of groups, each of which comprises a cluster-head (CH). In this architecture, every node belongs to
only one of the clusters which are distributed geographically across the whole network. Cluster head is used to
reduce network energy consumption and to increase its lifetime.
Fig. 2. System Architecture
• Related Work
• A Global Hybrid Intrusion Detection System for Wireless Sensor Networks
Many researchers are presently that specialize in the safety of wireless detector networks (WSNs). This sort of
network is related to vulnerable characteristics like out-of-door transmission and self-organizing while not a set
infrastructure. Intrusion Detection Systems (IDSs) will play a very important role in detection and preventing
International Journal of Pure and Applied Mathematics Special Issue
542
security attacks. During this paper, we tend to propose a hybrid, light-weight intrusion detection system for detector
networks. Our intrusion detection model takes advantage of cluster-based design to cut back energy consumption.
This model uses anomaly notice ion supported support vector machine (SVM) rule and a group of signature rules to
detect malicious behaviors and supply world light-weight IDS. Simulation results show that the projected model will
notice abnormal events with efficiency and incorporates a high detection rate with lower warning.
• HEED- A Hybrid, Energy-Efficient, Distributed Clustering Approach for Ad Hoc Sensor Networks
Topology management during a detector network balances load on detector nodes and will increase network
measurability and lifelong. Agglomeration detector nodes is an efficient topology management approach. During
this paper, we tend to propose a completely unique distributed agglomeration
International Journal of Pure and Applied Mathematics Special Issue
543
International Journal of Pure and Applied Mathematics Special Issue
544
approach for long-lasting spontaneous detector networks. Our projected approach doesn't create any assumptions
regarding the presence of infrastructure or regarding node capabilities, apart from the supply of multiple power
levels in detector nodes. We tend to gift a protocol, HEED (Hybrid Energy-Efficient Distributed clustering), that
sporadically selects cluster heads consistent with a hybrid of the node residual energy and a secondary parameter,
like node proximity to its neighbors or node degree. HEED terminates in Oð1Þ iterations, incurs low message
overhead, and achieves fairly uniform cluster head distribution across the network. We tend to prove that, with
applicable bounds on node density and intracluster and intercluster transmission ranges, HEED will asymptotically
nearly certainly guarantee property of clustered networks. Simulation results demonstrate that our projected
approach is effective in prolonging the network time period and supporting ascendible knowledge aggregation.
International Journal of Pure and Applied Mathematics Special Issue
545
International Journal of Pure and Applied Mathematics Special Issue
546
• An Efficient Cluster-based Power Saving Scheme for Wireless Sensor Networks
In this article, economical power saving theme and corresponding rule should be developed and designed so as to
produce affordable energy consumption and to enhance the network time period for wireless detector network
systems. The cluster-based technique is one in every of the approaches to cut back energy consumption in wireless
detector networks. During this article, we tend to propose a saving energy agglomeration rule to produce economical
energy consumption in such networks. The most plan of this text is to cut back knowledge transmission distance of
detector nodes in wireless detector networks by victimization the uniform cluster ideas. so as to form a perfect
distribution for detector node clusters, we tend to calculate the common distance between the detector nodes and
take under consideration the residual energy for choosing the acceptable cluster head nodes. The time period of
wireless detector networks is extended by victimization the uniform cluster location and leveling the network
loading among the clusters. Simulation results indicate the superior performance of our projected rule to strike the
acceptable performance within the energy consumption and network time period for the wireless detector networks.
• A Hybrid Intrusion Detection System for Cluster-based Wireless Sensor Networks
Recent advances in Wireless detector Networks (WSNs) have created them very helpful in numerous applications.
WSNs are prone to attack, as a result of their low-cost, tiny devices and are deployed in open and unprotected
environments. During this paper, we tend to propose associate Intrusion Detection System (IDS) created in Cluster-
based Wireless detector Networks (CWSNs). Consistent with the aptitude of Cluster Head (CH) is best than
different detector Nodes (SNs) in CWSN. Therefore, a Hybrid Intrusion Detection System (HIDS) is designed
during this analysis. The CH is employed to notice intruders that not solely decreases the consumption of energy,
however additionally with efficiency reduces the quantity of knowledge within the entire network. However, the
time period of network are often prolonged by the projected HIDS.
• METHODOLOGY
• Network Construction
First of all, you need to create a simulator object. Now we open a file for writing that is going to be used for the nam
trace data. The first line opens the file 'out.nam' for writing and gives it the file handle 'nf'. In the second line we tell
the simulator object that we created above to write all simulation data that is going to be relevant for nam into this
file. The next step is to add a 'finish' procedure that closes the trace file and starts nam. Define a very simple
topology with two nodes that are connected by a link. A new node object is created with the command '$ns node„.
Now, the simulator object will connect the nodes with a duplex link with the bandwidth, a delay of and a Drop Tail
queue. Next is to send some data from node to another node by creating an agent object that sends data from node
[udp agent] to other agent object that receives the data on node. A constant bit rate [CBR] traffic generator is
attached to udp and set packet size, time interval. Create a Null agent which acts as traffic sink and attach it to node.
Connect two agents each other. Now, tell the CBR agent when to send data and when to stop sending. The simulator
object should give time
International Journal of Pure and Applied Mathematics Special Issue
547
interval for simulation to execute the 'finish' procedure. At last it finally starts the simulation.
International Journal of Pure and Applied Mathematics Special Issue
548
International Journal of Pure and Applied Mathematics Special Issue
549
Fig. 3. Node construction
• Cluster Formation
The cluster formation process eventually leads to two-level hierarchy where cluster head nodes form the higher level
and cluster member nodes form the lower level. The sensor nodes periodically transmit there data to the
corresponding CH nodes. The CH nodes aggregate the data and transmit them to the Base station
either directly or through the intermediate communication with other CH nodes. Because the CH nodes send all the
time data to higher distances than the common nodes, they naturally spend energy at higher rates.A common
solution in order to balance the energy consumption among all the network nodes, is to periodically re-elect new
CHs in each cluster.
Fig. 4. Cluster formation
International Journal of Pure and Applied Mathematics Special Issue
550
Fig. 5. Base station formation
• Anomaly Detection
An anomaly based intrusion detection system, is an intrusion detection system referred as a base line or pattern of
normal system activity to identify active intrusion attempts it is effective to detect new attacks, however it
sometimes misses to detect well-known security attacks. Because it doesn‟t maintain any database, but they
continuously monitor traffic patterns or system activities. The deviations from this pattern may cause alarm to be
triggered. Anomaly detection consists of various approaching methods, under this we are using support vector
machine algorithm. SVM techniques separate the data belonging to different classes by fitting a hyper plane between
them, which maximizes the separation. The data is mapped in to higher dimensional feature space where it can be
easily separated by a hyper plane.
• SVM Algorithm
A SVM (Support Vector Machine) algorithm is used in Anomaly detection for clustering wireless sensor nodes.
SVM algorithm for linearly separable binary sets. The goal is to design a hyper plane that classifies all training
vectors in two classes i.e., a1, a2. The best choice will be the hyper plane that leaves the maximum margin from
both classes. The SVM method is suited to classify the high-dimension data in IDS. During the training phase,
which takes place offline at a system with abundant resources, data are collected from the physical, medium access
control
International Journal of Pure and Applied Mathematics Special Issue
551
(MAC) and network layers. Then the collected training data are pre-processed using a data reduction process, which
aims at reducing their size in order to be processed by SVM. Classification hyper plane of training data which may
be divided by linear classification plane or not via mapping the training data vector to higher dimensional space with
some function and transferring the problem to an linear classification problem in that space. After the mapping
procedure, SVM finds out a linear separating hyper plane with the maximum margin in the space.
𝒘.𝒙+𝒃=𝟎
Where w is a normal vector and the parameter b is offset. The training samples on the hyper plane are called Support
Vectors, because they support the optimal classify hyper plane. So our problem can be formulated as
𝒎𝒊𝒏∅(𝒘)=𝟏𝟐||𝒘||𝟐=𝟏𝟐(𝒘.𝒘)
• Signature Rule Based Detection
Signature based is also referred as Knowledge based/Misbehavior based intrusion detection system. It allows
detecting known attacks which means new attacks cannot be detected. It refers database of previous attacks,
signatures and known system vulnerabilities which means recorded evidence of an intrusion or attack. Signature
database must be continuously updated and maintained. Failed to identify a unique attacks.
Fig. 6. Signature rule based detection
• RESULT AND ANALYSIS
Wireless sensor networks are connected with different deployment schemes. Intrusion detection systems are
composed of number of independent agents. Every sensor nodes runs IDS agents. IDS are used to detect malicious
nodes in the sensor network. Here it shows, an IDS model of cluster-based wsn integrating anomaly detection inside
clusters and mis-use detection of sink nodes. In the proposed architecture, the wireless sensor network is divided in
to the small clusters. The hierarchal clustering is used to divide the sensor nodes. After the clustering process
finished the cluster head have been selected dynamically according to the current status of the nodes and formed the
cluster based wireless sensor networks
Generally, the node having highest energy left will be elected as a cluster head. Nodes are deployed randomly. The
node closest to the center of the deployment area is selected as Sink (or) Base Station, where resources are not
limited, secure and safety for any advisory attackers and acts as an administrator for taking appropriate action on the
intruder nodes. The network has been simulated with AODV routing protocol with Mac layer 802.11 nodes are
taken in the network within the simulation area and constant bit rate (CBR) of traffic type is used. The network
performance is observed for the simulation time 200
International Journal of Pure and Applied Mathematics Special Issue
552
seconds. The standard packet size is used i.e., 100 bytes.
The below diagram explains how the nodes, cluster heads and base station are constructed. In this figure nodes
contain some information and the information is send to cluster head which are in nearby range and the cluster head
pass the information to the base station and again the base station passes the data to the next cluster head and that
cluster head passes the data to its nearby base station and this process will be continued until the message is reached
to its final destination.
Fig. 7. Analysis
Fig. 8. Throughput Analysis
International Journal of Pure and Applied Mathematics Special Issue
553
Fig. 9. Packet deliver ratio
Conclusion and future work This paper offers info regarding intrusion detection for wireless device networks. Owing to nominal resources in
Wireless device Networks, the above-reviewed strategies cannot prolong the network period of time and can't sight
abnormal events with efficiency and energy consumption are a lot of. To beat this we have a tendency to square
measure getting to propose associate economical Hybrid IDS for Cluster-based wireless device networks. This
model uses cluster primarily based design to scale back energy consumption by electing cluster head this node
collect the knowledge from all alternative device nodes and it‟s solely getting to communicate with the bottom
station rather than all device nodes communicate with base station and it'll conjointly increase the network period of
time. It uses each the combination of Anomaly sightion methodology and a group of signature rules to detect
malicious activity in economical manner.
In the future work, further research on this topic will be performed in finding what type of attack it is and solution to
this attack will be found out. The results will be available in the near future.
References [1] Ana Paula R. da Silva, Antonio A.F. Loureir , Marcelo H.T. Martins, Linnyer B. Ruiz, Bruno P.S.
International Journal of Pure and Applied Mathematics Special Issue
554
Rocha, Hao Chi Wong, “Decentralized Intrusion Detection in Wireless Sensor Networks”, Q2SWinet‟05, Montreal, Quebec, Canada, October 13,
2005, pp.16-23. [2]AndriyStetsko, Vaclav Matyas, Lukas Folkman, “Neighbor Based Intrusion Detection Networks”, IEEE, Spain, 2010, Vol.00, Sep 20, 2010,
PP.420-425.
[3] HosseinJadidoleslamy, “A Hierarchical Intrusion Detection Architecture For Wireless Sensor Networks”, International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.5, Sep 2011, pp.131-154.
[4]Dr. S.Vijayarani and Ms. Maria Sylviaa.S, “Intrusion Detection System- A Study”, International Journal of Security, Privacy and Trust
Management (IJSPTM) Vol 4, No 1, February 2015,pp.31-44. [5] Corinne Lawrence-IPS- “The Future of Intrusion Detection”-University of Auckland, oct 26,2004.
[6] Asmaa Shaker Ashoor.Prof.Sharad Gore-“Importance of Intrusion Detection System”-International Journal of Scientific and Engineering
Research.Vol.2.Issue 1.1.2011. [7] K.ILgun. R. A. KEMMERER. AND P.PORRAS, “State transition Analysis: A Rule-Based Intrusion Detection Approach”. IEEE Trans on
Software Engineering, 21(1995)-pp.181-199.
[8] M.-Y.Huang, R.J.Jasper, And T.M. Wicks, “A Large Scale Distributor Intrusion Detection FrameWork Based on Attack Strategy Analysis”, Computer Networks, 31(1999), pp.2465-2475.
[9] K.ILgun, Ustat: “A Real-time Intrusion Detection System for Unix”, in Proc of IEEE Computer Society Symposium on Research in Security
and Privacy. May 1993.
[10] A.Sivasangari and J.Martin Leo Mani ckam, “RC6 based security in wireless body area networks”, Journal of Theoretical and applied
information technology, Vol. 74, No. 1, pp. 31-34
[11] A.Sivasangari and J.Martin Leo Mani ckam, “A lightweight cryptography analysis for wireless based healthcare applications”, Journal of computer science, Vol.10, No.5, pp.2088-2094.
[12]Jau-yang chang, pei-haoju,”An efficient cluster based power saving scheme for wireless sensor networks, EURASIP, 2012, pp.no:1-10.
[13]Kanungo.T, DM Mount, NS Netanyahu, CD Piatko, R Silverman, AY Wu, An efficient k-means clustering algorithm: analysis and implementation. IEEE Trans Pattern Anal Mach Intell. 24(7), 881–892 (2002).Doi: 10.1109.
[14]Karlof.C and D. Wagner, “Secure routing in wireless sensor networks: attacks and countermeasures,” Ad Hoc Networks, 1(2-3), 2003, pp.
293-315. [15]Ossamayouris, soniafahmy,”Hybrid energy efficient distributed clustering for ad-hoc sensor networks”, IEEE CS, CASS, Comsoc, IES&SPS,
2004, pp.no:166-179.
[16]Qiao.Y and X. Weixin, “A network IDS with low false positive rate,” Proceedings of the 2002 Congress on Evolutionary Computation, 2,
2002, pp. 1121-1126.
International Journal of Pure and Applied Mathematics Special Issue
555
556
Recommended