Detecting Anomaly Node Behavior in Wireless Sensor Networks

Wireless sensor networks are usually deployed in a way "once deployed, never changed". The actions of sensor nodes are either pre-scheduled inside chips or triggered to respond outside events in the predefined way. This relatively predictable working flow make it easy to build accurate node profiles and detect any violation of normal profiles. In this paper, traffic patterns observed are used to model node behavior in wireless sensor networks. Firstly, selected traffic related features are used to translate observed packets into different events. Following this, unique patterns based on the arriving order of different packet events are extracted to form the normal profile for each sensor node during the profile learning stage. Finally, real time anomaly detection can be achieved based on the profile matching.

[1]  A. Perrig,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[2]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[3]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[4]  Karl N. Levitt,et al.  A specification-based intrusion detection system for AODV , 2003, SASN '03.

[5]  Issa M. Khalil,et al.  DICAS: Detection, Diagnosis and Isolation of Control Attacks in Sensor Networks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Shiyong Zhang,et al.  Distributed Intrusion Detection for Mobile Ad Hoc Networks , 2005, 2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops).

[7]  Hayder Radha,et al.  Using signal processing techniques to model worm propagation over wireless sensor networks , 2006 .

[8]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[9]  Marc Dacier,et al.  Intrusion Detection Using Variable-Length Audit Trail Patterns , 2000, Recent Advances in Intrusion Detection.

[10]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[11]  Ali Miri,et al.  A real-time node-based traffic anomaly detection algorithm for wireless sensor networks , 2005, 2005 Systems Communications (ICW'05, ICHSN'05, ICMCS'05, SENET'05).

[12]  Adrian Perrig,et al.  Security and Privacy in Sensor Networks , 2003, Computer.

[13]  Mukesh Singhal,et al.  Security in wireless sensor networks , 2008, Wirel. Commun. Mob. Comput..

[14]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.