An Approach for Detecting and Distinguishing Errors versus Attacks in Sensor Networks

Distributed sensor networks are highly prone to accidental errors and malicious activities, owing to their limited resources and tight interaction with the environment. Yet only a few studies have analyzed and coped with the effects of corrupted sensor data. This paper contributes with the proposal of an on-the-fly statistical technique that can detect and distinguish faulty data from malicious data in a distributed sensor network. Detecting faults and attacks is essential to ensure the correct semantic of the network, while distinguishing faults from attacks is necessary to initiate a correct recovery action. The approach uses hidden Markov models (HMMs) to capture the error/attack-free dynamics of the environment and the dynamics of error/attack data. It then performs a structural analysis of these HMMs to determine the type of error/attack affecting sensor observations. The methodology is demonstrated with real data traces collected over one month of observation from motes deployed on the Great Duck Island

[1]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[2]  Connie M. Borror,et al.  Robustness of the Markov-chain model for cyber-attack detection , 2004, IEEE Transactions on Reliability.

[3]  Dawn Xiaodong Song,et al.  SIA: secure information aggregation in sensor networks , 2003, SenSys '03.

[4]  Somesh Jha,et al.  Markov chains, classifiers, and intrusion detection , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[5]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[6]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[7]  J. C. Stiller,et al.  Online estimation of hidden Markov models , 1999, IEEE Signal Processing Letters.

[8]  Dawn Song,et al.  SIA: Secure information aggregation in sensor networks , 2007, J. Comput. Secur..

[9]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[10]  Sung-Bae Cho,et al.  Two Sophisticated Techniques to Improve HMM-Based Intrusion Detection Systems , 2003, RAID.

[11]  David E. Culler,et al.  Lessons from a Sensor Network Expedition , 2004, EWSN.

[12]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[13]  John Anderson,et al.  Wireless sensor networks for habitat monitoring , 2002, WSNA '02.

[14]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..