Incorporating unsupervised learning into intrusion detection for wireless sensor networks with structural co-evolvability

Abstract Wireless sensor networks (WSNs) are vulnerable to many security threats because of the open and unreliable communication channels, the highly dynamic network structure as well as the decentralized management scheme. It is therefore, quite challenging to build an intrusion detection system that can detect various unknown attacks, reach better balance between detection rate and false alarm rate and increase the adaptivity to network dynamics, particularly for a resource-constraint WSN. In this paper, we proposed a knowledge-based intrusion detection strategy (KBIDS) to bridge the gap. We firstly used the Mean Shift Clustering Algorithm (MSCA), an unsupervised learning scheme to distinguish undefined abnormal patterns which reflect the abnormal behavior of a WSN being attacked from the normal context; then we employed a support vector machine to maximize the margin between abnormal and normal features so that the classification error can be minimized, which in turn to effectively enhance the detection accuracy; finally, we adopted a feature updating strategy to reflect network dynamics so that the system can co-evolve with the network change. Then, the validation of KBIDS in both network emulator and the real environment were conducted and analyzed. Results showed that KBIDS had achieved the highest detection rate and the lowest false alarm rate among several state-of-the-art intrusion models. In addition to that, we also conducted some parameter sensitivity analyses to help identifying the optimal configuration which can be used to parameterize KBIDS in real applications.

[1]  Tim Watson,et al.  Packet Header Intrusion Detection with Binary Logistic Regression Approach in Detecting R2L and U2R Attacks , 2015, 2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec).

[2]  Hassan H. Soliman,et al.  A comparative performance evaluation of intrusion detection techniques for hierarchical wireless sensor networks , 2012 .

[3]  Azeddine Bilami,et al.  Hierarchical energy efficient intrusion detection system for black hole attacks in WSNs , 2013, 2013 World Congress on Computer and Information Technology (WCCIT).

[4]  Rodrigo Roman,et al.  On the Vital Areas of Intrusion Detection Systems in Wireless Sensor Networks , 2013, IEEE Communications Surveys & Tutorials.

[5]  Christin Schäfer,et al.  Learning Intrusion Detection: Supervised or Unsupervised? , 2005, ICIAP.

[6]  Ping Wang,et al.  A Lightweight Intrusion Detection Method Based on Fuzzy Clustering Algorithm for Wireless Sensor Networks , 2018, Adv. Fuzzy Syst..

[7]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[8]  Mahdi Abadi,et al.  A PCA-based distributed approach for intrusion detection in wireless sensor networks , 2011, 2011 International Symposium on Computer Networks and Distributed Systems (CNDS).

[9]  Luci Pirmez,et al.  Intrusion Detection System for Wireless Sensor Networks Using Danger Theory Immune-Inspired Techniques , 2012, International Journal of Wireless Information Networks.

[10]  Valerio Formicola,et al.  Enhancing Intrusion Detection in Wireless Sensor Networks through Decision Trees , 2013, EWDC.

[11]  Anazida Zainal,et al.  Adaptive and online data anomaly detection for wireless sensor systems , 2014, Knowl. Based Syst..

[12]  Biming Tian,et al.  Anomaly detection in wireless sensor networks: A survey , 2011, J. Netw. Comput. Appl..

[13]  Dorin Comaniciu,et al.  Mean Shift: A Robust Approach Toward Feature Space Analysis , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[14]  Francesco Palmieri,et al.  An uncertainty-managing batch relevance-based approach to network anomaly detection , 2015, Appl. Soft Comput..

[15]  Cesario Di Sarno,et al.  Energy-Based Detection of Multi-layer Flooding Attacks on Wireless Sensor Network , 2014, SAFECOMP Workshops.

[16]  Slawomir Wesolkowski,et al.  A Review of the Use of Computational Intelligence in the Design of Military Surveillance Networks , 2016, Recent Advances in Computational Intelligence in Defense and Security.

[17]  Yskandar Hamam,et al.  Hidden Markov Model for Shortest Paths Testing to Detect a Wormhole Attack in a Localized Wireless Sensor Network , 2012, ANT/MobiWIS.

[18]  Yanqing Zhang,et al.  SVMs Modeling for Highly Imbalanced Classification , 2009, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[19]  G. Sandhya,et al.  Intrusion detection in wireless sensor network using genetic K-means algorithm , 2014, 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies.

[20]  Nei Kato,et al.  A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks , 2009, IEEE Transactions on Vehicular Technology.

[21]  Shahaboddin Shamshirband,et al.  Cooperative game theoretic approach using fuzzy Q-learning for detecting and preventing intrusions in wireless sensor networks , 2014, Eng. Appl. Artif. Intell..

[22]  Sunho Lim,et al.  Hop-by-Hop cooperative detection of selective forwarding attacks in energy harvesting wireless sensor networks , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[23]  Anamika Yadav,et al.  Performance analysis of NSL-KDD dataset using ANN , 2015, 2015 International Conference on Signal Processing and Communication Engineering Systems.

[24]  Shahaboddin Shamshirband,et al.  Co-FAIS: Cooperative fuzzy artificial immune system for detecting intrusion in wireless sensor networks , 2014, J. Netw. Comput. Appl..

[25]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[26]  Arputharaj Kannan,et al.  Decision tree based light weight intrusion detection using a wrapper approach , 2012, Expert Syst. Appl..

[27]  Ravi Sankar,et al.  A Survey of Intrusion Detection Systems in Wireless Sensor Networks , 2014, IEEE Communications Surveys & Tutorials.

[28]  Fatemeh Barani,et al.  A hybrid approach for dynamic intrusion detection in ad hoc networks using genetic algorithm and artificial immune system , 2014, 2014 Iranian Conference on Intelligent Systems (ICIS).

[29]  Ozgur Koray Sahingoz,et al.  A survey of intrusion detection systems in wireless sensor networks , 2015, 2015 6th International Conference on Modeling, Simulation, and Applied Optimization (ICMSAO).

[30]  Ahmad Khonsari,et al.  Detection and mitigation of sinkhole attacks in wireless sensor networks , 2014, J. Comput. Syst. Sci..

[31]  Chung-Ming Ou,et al.  Agent-Based Artificial Immune Systems (ABAIS) for Intrusion Detections: Inspiration from Danger Theory , 2013 .

[32]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[33]  Nello Cristianini,et al.  Controlling the Sensitivity of Support Vector Machines , 1999 .