Embed Size (px)
Citation preview
Intrusion Detection System for Wireless Sensor Networks:
Design, Implementation and Evaluation
Dr. Huirong Fu
Outline
• Overview of Wireless Sensor Network (WSN)
• Project Objective: – how to detect attacks on WSN?
• Project Tasks: – Intrusion detection system
• More Information
UnCoRe 2007
3
WSN Overview
• Applications of WSNs
• Components of a Sensor
• WSN Communication Models
• Attacks on WSN
UnCoRe 2007
4
Overview: Applications of WSNs• Military• Disaster Detection and Relief• Industry• Agriculture• Environmental Monitoring• Intelligent Buildings• Health/Medical• Law Enforcement• Transportation• Space Exploration
UnCoRe 2007
5
Overview: Components of a Sensor
• Sensing Unit• Processing Unit• Storage Unit• Power Unit• Wireless
Transmitter/Receiver
UnCoRe 2007
6
Overview: Communication Models
• Hierarchical WSN– Sensor Nodes– Cluster Nodes– Base Stations
• Distributed WSN
UnCoRe 2007
Overview: Attacks on WSN (1/3)
• DoS, DDoS attacks which affect network availability• Eavesdropping, sniffing which can threaten confidential data• Man-in-the-middle attacks which can affect packet integrity• Signal jamming which affects communication
UnCoRe 2007
Overview: Attacks on WSN (2/3)
UnCoRe 2007
Overview: Attacks on WSN (3/3)
UnCoRe 2007
Project Objective
• How to detect attacks on WSN?– Intrusion Detection System (IDS): Design,
implementation and evaluation
UnCoRe 2007
Project Tasks
• Literature survey on IDS for WSN– What have been proposed?– Have they been implemented and evaluated?– What are the Pros and Cons of each?
UnCoRe 2007
Project Tasks
• Make decision– Shall we extend some of the works, or – Design a novel IDS?
• Design, implementation and evaluation– What are the requirements for an ideal IDS?– What are the challenges?– What are the hardware and software
available?
UnCoRe 2007
Existing security measures
• 2Intrusion detection based on AODV (Ad hoc On-Demand Distance Vector Routing Protocol)– Pros
• Sophisticated algorithm for detecting and reacting to a great variety of potential wireless network attacks using an anomaly detection pattern
• Works well for ad-hoc wireless networks
– Cons• Computationally expensive
• Currently not deployed on wireless sensor networks
UnCoRe 2007
Existing security measures
• 4Effective Intrusion Detection using Multiple Sensors in Wireless Ad Hoc Networks– Pros
• Mobile agent based intrusion detection• Intelligent routing of intrusion data throughout the
network• Lightweight implementation
– Cons• Agent only deployed on a fraction of the network nodes• Not deployed on completely wireless sensor networks
UnCoRe 2007
Existing security measures
• 3INSENS (Intrusion Tolerant Routing Protocol for Wireless Sensor Networks)– Pros
• Allows an alternative network route to be established between non-malicious nodes
– Cons• Does not provide intrusion detection, but rather
intrusion tolerance• Still requires the sacrifice of a small number of
wireless sensor nodes
UnCoRe 2007
Our IDS System
• Uses Motelv’s TMote wireless sensors.
• Developed using MoteIv’s proprietary software--TMote Tools– Cygwin– Java– TinyOS programming language– Enhanced with a plug-in for the Eclipse IDE
for programming and compiling the TinyOS modules
UnCoRe 2007
IDS Wireless Sensor Setup
UnCoRe 2007
Our IDS System Design
• Uses anomaly detection pattern• Establishes a baseline of “normal” traffic
between wireless sensor nodes over a specified time interval
• Compares current traffic against this baseline traffic over the same specified time interval
• Makes a determination as to whether or not a DoS attack is occurring
UnCoRe 2007
Our IDS System Design
• Communication between wireless sensor nodes
•Activity diagram for Wireless Sensor Node communication
UnCoRe 2007
Our IDS System Design cont’d
• Emulation of a DoS attack
• Activity design for Emulation of a DoS attack
UnCoRe 2007
References
• 1Denial of Service in Sensor Networks
• 2Wireless Sensor Networks for Intrusion Detection: Packet Traffic Modeling
• 3INSENS: Intrusion-Tolerant Routing in Wireless Sensor Networks
• 4Effective Intrusion Detection Using Multiple Sensors in Wireless Ad Hoc Networks
UnCoRe 2007
References
• MoteIv– http://www.moteiv.com/community/Moteiv_Co
mmunity
• TMote Tutorial– http://cents.cs.berkeley.edu/tinywiki/index.php
/Tmote_Windows_install
• TinyOS– http://www.tinyos.net/tinyos-1.x/doc/tutorial/in
dex.html
UnCoRe 2007
