SAID: A Self-Adaptive Intrusion Detection System in Wireless Sensor Networks

Intrusion Detection System (IDS) is usually regarded as the second secure defense of network. However, traditional IDS cannot be suitable to deploy in Wireless Sensor Networks (WSN) because of the nature of WSN (e.g. self-origination, resource-constraint, etc). In this paper, we propose a kind of three-logic-layer architecture of Intrusion Detection System (IDS)-SAID by employing the agent technology and thought of immune mechanism. It has two work modes: 1) active work mode to improve the effectiveness and intelligence for unknown attacks; 2) passive work mode to detect and defend known attacks. The basic functions of these three layers, intrusion response, evolution approach of agent and knowledge base are also presented in this paper. Furthermore, we take advantages of local intrusion detection system and distributive & cooperative intrusion detection system to have a tradeoff among the security of WSN and communication overhead. We also design three kinds of light-weight agents: monitor agents, decision agents and defense agents in order to reduce communication overhead, computation complexity and memory cost. The analysis and experiment result illustrate that SAID has nice properties to defend attacks, and suitable to deploy in WSN.

[1]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[2]  Ricardo Staciarini Puttini,et al.  Security in Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches , 2002, Wireless Information Systems.

[3]  Yau-Hwang Kuo,et al.  The new intrusion prevention and detection approaches for clustering-based sensor networks [wireless sensor networks] , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[4]  David A. Wagner,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Ad Hoc Networks.

[5]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[6]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[7]  T. Basar,et al.  A game theoretic approach to decision and analysis in network intrusion detection , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[8]  Christopher Krügel,et al.  Applying Mobile Agent Technology to Intrusion Detection , 2001 .

[9]  Ratan K. Guha,et al.  Effective intrusion detection using multiple sensors in wireless ad hoc networks , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[10]  A. Perrig,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[11]  Sajal K. Das,et al.  A game theory based approach for security in wireless sensor networks , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[12]  Rayford B. Vaughn,et al.  Intrusion sensor data fusion in an intelligent intrusion detection system architecture , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[13]  Karl N. Levitt,et al.  A general cooperative intrusion detection architecture for MANETs , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).