AN EFFICIENT HYBRID INTRUSION DETECTION SYSTEM FOR ... · A Global Hybrid Intrusion Detection System for Wireless Sensor Networks Many researchers are presently that specialize in

AN EFFICIENT HYBRID INTRUSION

DETECTION SYSTEM FOR WIRELESS

SENSOR NETWORKS

K. Indira Ms. D. UshaNandini Dr. A. Sivasangari

School of Computing.School of Computing.School of Computing.

Sathyabama University. Sathyabama University, Sathyabama University,

Chennai, India. Chennai, India. Chennai, India.

_____________________________________________________________________________________________

______

Abstract-- Now a day’s problems with wireless device networks became a noteworthy analysis subject. Since wireless

device networks area unit committed vulnerable characteristics like outside transmission and self-organizing while not a

correct infrastructure. Wireless device networks additionally known as wireless device and additionally known as

mechanism networks as they're spatially distributed autonomous sensors to notice physical or environmental changes.

Wireless device network is typically deployed in absent and unfavorable environments. Thus, it's obligatory to use

effective mechanisms to safeguard the networks. Device network includes of

multiple detection stations known as “Sensor nodes”. Every device node is of tiny, light-weight and transportable. Every

device node is embedded with a electrical device, personal computer, transceiver and power supply.

KEYWORDS: Wireless sensor networks, Intrusion Detection System, Anomaly, Signature Based Detection, low false alarm,

Security

• INTRODUCTION

A wireless sensing element network contains an outsized variety of devices operational autonomously and

connecting with each other via short-range radio transmissions. Intrusion detection system may be a code that

imbrutes the intrusion detection method. The first responsibility of IDS is to discover redundant and malicious

activities. Intrusion suggests that a collection of actions aimed to accommodate the protection targets, particularly

Integrity, confidentiality, or handiness, of a computing and networking resource. It‟s associate degree application

used for watching the network and protective against the trespasser. Malicious users can use the inner system to

gather info and to cause some vulnerabilities like code bugs. Therefore security is required for the users to secure

their systems from intruders. Associate degree Intrusion interference System may be a network security interference

technology that checks the network traffic flows to look at and avoid vulnerability exploits.

• EXISTING SYSTEM

In this existing system, they planned a hybrid, light-weight intrusion detection system for detector networks. This

model uses anomaly notice ion supported support vector machine (SVM) rule and a collection of signature rules to

detect malicious behaviors and supply international light-weight IDS. because of the character of NIDS system

there's would like for them to research protocols as they're captured.NIDS system could also be liable to same

protocol primarily based attacks that n/w host could also be vulnerable. Invalid knowledge Associate in Nursing

TCP/IP stacks attacks might cause an NIDS to crash. It incorporates a high detection rate with lower warning.

• PROPOSED MODEL

International Journal of Pure and Applied MathematicsVolume 119 No. 7 2018, 539-556ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version)url: http://www.ijpam.euSpecial Issue ijpam.eu

539

We propose Associate in nursing economical Hybrid IDS for wireless detector networks. This model uses cluster

primarily based design to cut back energy consumption and to extend network period of time. It uses Anatoly notice

ion technique and a collection of signature rules to detect malicious activity. It finally shows that the planned model

will scale back communication prices that ends up in up the period of time of the networks. It may notice surprising

attacks that contains high detection rate and low warning.

International Journal of Pure and Applied Mathematics Special Issue

540


541

Fig. 1. Flow diagram

• System Architecture

In this system architecture diagram one known node is designated as a leader of the group (cluster-head), that

forwards nodes packets (data aggregated) to the base station (BS) instead of sending their (nodes) collected data to a

remote location (base station). Cluster head acts like a local base station sensor, and then clusters elect themselves to

be a CH at any given time with a certain probability. A cluster-based architecture that divides the array of sensors

into a plurality of groups, each of which comprises a cluster-head (CH). In this architecture, every node belongs to

only one of the clusters which are distributed geographically across the whole network. Cluster head is used to

reduce network energy consumption and to increase its lifetime.

Fig. 2. System Architecture

• Related Work

• A Global Hybrid Intrusion Detection System for Wireless Sensor Networks

Many researchers are presently that specialize in the safety of wireless detector networks (WSNs). This sort of

network is related to vulnerable characteristics like out-of-door transmission and self-organizing while not a set

infrastructure. Intrusion Detection Systems (IDSs) will play a very important role in detection and preventing


542

security attacks. During this paper, we tend to propose a hybrid, light-weight intrusion detection system for detector

networks. Our intrusion detection model takes advantage of cluster-based design to cut back energy consumption.

This model uses anomaly notice ion supported support vector machine (SVM) rule and a group of signature rules to

detect malicious behaviors and supply world light-weight IDS. Simulation results show that the projected model will

notice abnormal events with efficiency and incorporates a high detection rate with lower warning.

• HEED- A Hybrid, Energy-Efficient, Distributed Clustering Approach for Ad Hoc Sensor Networks

Topology management during a detector network balances load on detector nodes and will increase network

measurability and lifelong. Agglomeration detector nodes is an efficient topology management approach. During

this paper, we tend to propose a completely unique distributed agglomeration


543


544

approach for long-lasting spontaneous detector networks. Our projected approach doesn't create any assumptions

regarding the presence of infrastructure or regarding node capabilities, apart from the supply of multiple power

levels in detector nodes. We tend to gift a protocol, HEED (Hybrid Energy-Efficient Distributed clustering), that

sporadically selects cluster heads consistent with a hybrid of the node residual energy and a secondary parameter,

like node proximity to its neighbors or node degree. HEED terminates in Oð1Þ iterations, incurs low message

overhead, and achieves fairly uniform cluster head distribution across the network. We tend to prove that, with

applicable bounds on node density and intracluster and intercluster transmission ranges, HEED will asymptotically

nearly certainly guarantee property of clustered networks. Simulation results demonstrate that our projected

approach is effective in prolonging the network time period and supporting ascendible knowledge aggregation.


545


546

• An Efficient Cluster-based Power Saving Scheme for Wireless Sensor Networks

In this article, economical power saving theme and corresponding rule should be developed and designed so as to

produce affordable energy consumption and to enhance the network time period for wireless detector network

systems. The cluster-based technique is one in every of the approaches to cut back energy consumption in wireless

detector networks. During this article, we tend to propose a saving energy agglomeration rule to produce economical

energy consumption in such networks. The most plan of this text is to cut back knowledge transmission distance of

detector nodes in wireless detector networks by victimization the uniform cluster ideas. so as to form a perfect

distribution for detector node clusters, we tend to calculate the common distance between the detector nodes and

take under consideration the residual energy for choosing the acceptable cluster head nodes. The time period of

wireless detector networks is extended by victimization the uniform cluster location and leveling the network

loading among the clusters. Simulation results indicate the superior performance of our projected rule to strike the

acceptable performance within the energy consumption and network time period for the wireless detector networks.

• A Hybrid Intrusion Detection System for Cluster-based Wireless Sensor Networks

Recent advances in Wireless detector Networks (WSNs) have created them very helpful in numerous applications.

WSNs are prone to attack, as a result of their low-cost, tiny devices and are deployed in open and unprotected

environments. During this paper, we tend to propose associate Intrusion Detection System (IDS) created in Cluster-

based Wireless detector Networks (CWSNs). Consistent with the aptitude of Cluster Head (CH) is best than

different detector Nodes (SNs) in CWSN. Therefore, a Hybrid Intrusion Detection System (HIDS) is designed

during this analysis. The CH is employed to notice intruders that not solely decreases the consumption of energy,

however additionally with efficiency reduces the quantity of knowledge within the entire network. However, the

time period of network are often prolonged by the projected HIDS.

• METHODOLOGY

• Network Construction

First of all, you need to create a simulator object. Now we open a file for writing that is going to be used for the nam

trace data. The first line opens the file 'out.nam' for writing and gives it the file handle 'nf'. In the second line we tell

the simulator object that we created above to write all simulation data that is going to be relevant for nam into this

file. The next step is to add a 'finish' procedure that closes the trace file and starts nam. Define a very simple

topology with two nodes that are connected by a link. A new node object is created with the command '$ns node„.

Now, the simulator object will connect the nodes with a duplex link with the bandwidth, a delay of and a Drop Tail

queue. Next is to send some data from node to another node by creating an agent object that sends data from node

[udp agent] to other agent object that receives the data on node. A constant bit rate [CBR] traffic generator is

attached to udp and set packet size, time interval. Create a Null agent which acts as traffic sink and attach it to node.

Connect two agents each other. Now, tell the CBR agent when to send data and when to stop sending. The simulator

object should give time


547

interval for simulation to execute the 'finish' procedure. At last it finally starts the simulation.


548


549

Fig. 3. Node construction

• Cluster Formation

The cluster formation process eventually leads to two-level hierarchy where cluster head nodes form the higher level

and cluster member nodes form the lower level. The sensor nodes periodically transmit there data to the

corresponding CH nodes. The CH nodes aggregate the data and transmit them to the Base station

either directly or through the intermediate communication with other CH nodes. Because the CH nodes send all the

time data to higher distances than the common nodes, they naturally spend energy at higher rates.A common

solution in order to balance the energy consumption among all the network nodes, is to periodically re-elect new

CHs in each cluster.

Fig. 4. Cluster formation


550

Fig. 5. Base station formation

• Anomaly Detection

An anomaly based intrusion detection system, is an intrusion detection system referred as a base line or pattern of

normal system activity to identify active intrusion attempts it is effective to detect new attacks, however it

sometimes misses to detect well-known security attacks. Because it doesn‟t maintain any database, but they

continuously monitor traffic patterns or system activities. The deviations from this pattern may cause alarm to be

triggered. Anomaly detection consists of various approaching methods, under this we are using support vector

machine algorithm. SVM techniques separate the data belonging to different classes by fitting a hyper plane between

them, which maximizes the separation. The data is mapped in to higher dimensional feature space where it can be

easily separated by a hyper plane.

• SVM Algorithm

A SVM (Support Vector Machine) algorithm is used in Anomaly detection for clustering wireless sensor nodes.

SVM algorithm for linearly separable binary sets. The goal is to design a hyper plane that classifies all training

vectors in two classes i.e., a1, a2. The best choice will be the hyper plane that leaves the maximum margin from

both classes. The SVM method is suited to classify the high-dimension data in IDS. During the training phase,

which takes place offline at a system with abundant resources, data are collected from the physical, medium access

control


551

(MAC) and network layers. Then the collected training data are pre-processed using a data reduction process, which

aims at reducing their size in order to be processed by SVM. Classification hyper plane of training data which may

be divided by linear classification plane or not via mapping the training data vector to higher dimensional space with

some function and transferring the problem to an linear classification problem in that space. After the mapping

procedure, SVM finds out a linear separating hyper plane with the maximum margin in the space.

𝒘.𝒙+𝒃=𝟎

Where w is a normal vector and the parameter b is offset. The training samples on the hyper plane are called Support

Vectors, because they support the optimal classify hyper plane. So our problem can be formulated as

𝒎𝒊𝒏∅(𝒘)=𝟏𝟐||𝒘||𝟐=𝟏𝟐(𝒘.𝒘)

• Signature Rule Based Detection

Signature based is also referred as Knowledge based/Misbehavior based intrusion detection system. It allows

detecting known attacks which means new attacks cannot be detected. It refers database of previous attacks,

signatures and known system vulnerabilities which means recorded evidence of an intrusion or attack. Signature

database must be continuously updated and maintained. Failed to identify a unique attacks.

Fig. 6. Signature rule based detection

• RESULT AND ANALYSIS

Wireless sensor networks are connected with different deployment schemes. Intrusion detection systems are

composed of number of independent agents. Every sensor nodes runs IDS agents. IDS are used to detect malicious

nodes in the sensor network. Here it shows, an IDS model of cluster-based wsn integrating anomaly detection inside

clusters and mis-use detection of sink nodes. In the proposed architecture, the wireless sensor network is divided in

to the small clusters. The hierarchal clustering is used to divide the sensor nodes. After the clustering process

finished the cluster head have been selected dynamically according to the current status of the nodes and formed the

cluster based wireless sensor networks

Generally, the node having highest energy left will be elected as a cluster head. Nodes are deployed randomly. The

node closest to the center of the deployment area is selected as Sink (or) Base Station, where resources are not

limited, secure and safety for any advisory attackers and acts as an administrator for taking appropriate action on the

intruder nodes. The network has been simulated with AODV routing protocol with Mac layer 802.11 nodes are

taken in the network within the simulation area and constant bit rate (CBR) of traffic type is used. The network

performance is observed for the simulation time 200


552

seconds. The standard packet size is used i.e., 100 bytes.

The below diagram explains how the nodes, cluster heads and base station are constructed. In this figure nodes

contain some information and the information is send to cluster head which are in nearby range and the cluster head

pass the information to the base station and again the base station passes the data to the next cluster head and that

cluster head passes the data to its nearby base station and this process will be continued until the message is reached

to its final destination.

Fig. 7. Analysis

Fig. 8. Throughput Analysis


553

Fig. 9. Packet deliver ratio

Conclusion and future work This paper offers info regarding intrusion detection for wireless device networks. Owing to nominal resources in

Wireless device Networks, the above-reviewed strategies cannot prolong the network period of time and can't sight

abnormal events with efficiency and energy consumption are a lot of. To beat this we have a tendency to square

measure getting to propose associate economical Hybrid IDS for Cluster-based wireless device networks. This

model uses cluster primarily based design to scale back energy consumption by electing cluster head this node

collect the knowledge from all alternative device nodes and it‟s solely getting to communicate with the bottom

station rather than all device nodes communicate with base station and it'll conjointly increase the network period of

time. It uses each the combination of Anomaly sightion methodology and a group of signature rules to detect

malicious activity in economical manner.

In the future work, further research on this topic will be performed in finding what type of attack it is and solution to

this attack will be found out. The results will be available in the near future.

References [1] Ana Paula R. da Silva, Antonio A.F. Loureir , Marcelo H.T. Martins, Linnyer B. Ruiz, Bruno P.S.


554

Rocha, Hao Chi Wong, “Decentralized Intrusion Detection in Wireless Sensor Networks”, Q2SWinet‟05, Montreal, Quebec, Canada, October 13,

2005, pp.16-23. [2]AndriyStetsko, Vaclav Matyas, Lukas Folkman, “Neighbor Based Intrusion Detection Networks”, IEEE, Spain, 2010, Vol.00, Sep 20, 2010,

PP.420-425.

[3] HosseinJadidoleslamy, “A Hierarchical Intrusion Detection Architecture For Wireless Sensor Networks”, International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.5, Sep 2011, pp.131-154.

[4]Dr. S.Vijayarani and Ms. Maria Sylviaa.S, “Intrusion Detection System- A Study”, International Journal of Security, Privacy and Trust

Management (IJSPTM) Vol 4, No 1, February 2015,pp.31-44. [5] Corinne Lawrence-IPS- “The Future of Intrusion Detection”-University of Auckland, oct 26,2004.

[6] Asmaa Shaker Ashoor.Prof.Sharad Gore-“Importance of Intrusion Detection System”-International Journal of Scientific and Engineering

Research.Vol.2.Issue 1.1.2011. [7] K.ILgun. R. A. KEMMERER. AND P.PORRAS, “State transition Analysis: A Rule-Based Intrusion Detection Approach”. IEEE Trans on

Software Engineering, 21(1995)-pp.181-199.

[8] M.-Y.Huang, R.J.Jasper, And T.M. Wicks, “A Large Scale Distributor Intrusion Detection FrameWork Based on Attack Strategy Analysis”, Computer Networks, 31(1999), pp.2465-2475.

[9] K.ILgun, Ustat: “A Real-time Intrusion Detection System for Unix”, in Proc of IEEE Computer Society Symposium on Research in Security

and Privacy. May 1993.

[10] A.Sivasangari and J.Martin Leo Mani ckam, “RC6 based security in wireless body area networks”, Journal of Theoretical and applied

information technology, Vol. 74, No. 1, pp. 31-34

[11] A.Sivasangari and J.Martin Leo Mani ckam, “A lightweight cryptography analysis for wireless based healthcare applications”, Journal of computer science, Vol.10, No.5, pp.2088-2094.

[12]Jau-yang chang, pei-haoju,”An efficient cluster based power saving scheme for wireless sensor networks, EURASIP, 2012, pp.no:1-10.

[13]Kanungo.T, DM Mount, NS Netanyahu, CD Piatko, R Silverman, AY Wu, An efficient k-means clustering algorithm: analysis and implementation. IEEE Trans Pattern Anal Mach Intell. 24(7), 881–892 (2002).Doi: 10.1109.

[14]Karlof.C and D. Wagner, “Secure routing in wireless sensor networks: attacks and countermeasures,” Ad Hoc Networks, 1(2-3), 2003, pp.

293-315. [15]Ossamayouris, soniafahmy,”Hybrid energy efficient distributed clustering for ad-hoc sensor networks”, IEEE CS, CASS, Comsoc, IES&SPS,

2004, pp.no:166-179.

[16]Qiao.Y and X. Weixin, “A network IDS with low false positive rate,” Proceedings of the 2002 Congress on Evolutionary Computation, 2,

2002, pp. 1121-1126.


555

556

Documents

AN EFFICIENT HYBRID INTRUSION DETECTION SYSTEM FOR ... · A Global Hybrid Intrusion Detection System for Wireless Sensor Networks Many researchers are presently that specialize in