Hybrid Anomaly Detection using K-Means Clustering in Wireless Sensor Networks

Security is the biggest concern in Wireless Sensor Networks (WSNs) especially for the ones which are deployed for military applications and monitoring. They are prone to various attacks which degrades the network performance very rapidly. Sometimes multiple attacks are launched in the network using hybrid anomaly. In this situation it is very difficult to find out which kind of anomaly is activated. In this paper, we have proposed a hybrid anomaly detection technique with the application of k-means clustering. The analysis of the network data set consists of traffic data and end to end delay data is performed. The data set is clustered using weka 3.6.10. After clustering, we get the threshold values of various network performance parameters (traffic and delay). These threshold values are used by the hybrid anomaly detection technique to detect the anomaly. During the experimentation, it has been observed that two types of anomalies are activated in the network causing misdirection and blackhole attacks.

[1]  Jun Zhang,et al.  Internet Traffic Classification by Aggregating Correlated Naive Bayes Predictions , 2013, IEEE Transactions on Information Forensics and Security.

[2]  Hsiao-Hwa Chen,et al.  Scalable Hyper-Grid k-NN-based Online Anomaly Detection in Wireless Sensor Networks , 2012 .

[3]  S. Bose,et al.  Hybrid network intrusion detection system using expert rule based approach , 2012, CCSEIT '12.

[4]  Satyajayant Misra,et al.  BAMBi: Blackhole Attacks Mitigation with Multiple Base Stations in Wireless Sensor Networks , 2011, 2011 IEEE International Conference on Communications (ICC).

[5]  Taekyoung Kwon,et al.  An Experimental Study of Hierarchical Intrusion Detection for Wireless Industrial Sensor Networks , 2010, IEEE Transactions on Industrial Informatics.

[6]  Avita Katal,et al.  Detection and prevention mechanism for Blackhole attack in Wireless Sensor Network , 2013, 2013 International Conference on Communication and Signal Processing.

[7]  Ying Chen,et al.  Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[8]  Huang Chuanhe,et al.  Anomaly Based Intrusion Detection Using Hybrid Learning Approach of Combining k-Medoids Clustering and Naïve Bayes Classification , 2012, 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing.

[9]  W. Yassin,et al.  Intrusion detection based on K-Means clustering and Naïve Bayes classification , 2011, 2011 7th International Conference on Information Technology in Asia.

[10]  Biming Tian,et al.  Anomaly detection in wireless sensor networks: A survey , 2011, J. Netw. Comput. Appl..

[11]  D. P. Singh,et al.  Misdirection attack in WSN: Topological analysis and an algorithm for delay and throughput prediction , 2013, 2013 7th International Conference on Intelligent Systems and Control (ISCO).

[12]  H. Gharaee,et al.  A novel hybrid anomaly based intrusion detection method , 2012, 6th International Symposium on Telecommunications (IST).

[13]  K. V. Arya,et al.  Designing Intrusion Detection to Detect Black Hole and Selective Forwarding Attack in WSN Based on Local Information , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[14]  Sanjay Chakraborty,et al.  Analysis and Study of Incremental K-Means Clustering Algorithm , 2011, Grid 2011.

[15]  Namita Mittal,et al.  Hybrid Approach for Detection of Anomaly Network Traffic using Data Mining Techniques , 2012 .

[16]  K. V. Arya,et al.  A clustering based algorithm for network intrusion detection , 2012, SIN '12.

[17]  Jun Zhang,et al.  Network Traffic Classification Using Correlation Information , 2013, IEEE Transactions on Parallel and Distributed Systems.

[18]  Elsayed A. Sallam,et al.  A hybrid network intrusion detection framework based on random forests and weighted k-means , 2013 .