A hidden Markov model based intrusion detection system for wireless sensor networks

Wireless sensor network (WSN) technology is being increasingly used for data collection in critical infrastructures (CIs). This paper presents an intrusion detection system (IDS), which is able to protect a CI from attacks directed to its WSN-based parts. By providing accurate and timely detection of malicious activities, the proposed IDS solution ultimately results in a dramatic improvement in terms of protection, since opportunities are given for performing proper remediation/reconfiguration actions, which counter the attack and/or allow the system to tolerate it. The proposed solution has the important advantage of exploiting the high accuracy of hidden Markov models as an effective means of detecting malicious activities. We present the basic ideas, discuss the main implementation issues, and perform a preliminary experimental campaign, with respect to sinkhole attacks, one of the most serious attacks to WSNs.

[1]  Cristina Alcaraz,et al.  The role of Wireless Sensor Networks in the area of Critical Information Infrastructure Protection , 2007, Inf. Secur. Tech. Rep..

[2]  Philip Levis,et al.  Collection tree protocol , 2009, SenSys '09.

[3]  Andrea Bondavalli,et al.  Hidden Markov Models as a Support for Diagnosis: Formalization of the Problem and Synthesis of the Solution , 2006, 2006 25th IEEE Symposium on Reliable Distributed Systems (SRDS'06).

[4]  Bo Yu,et al.  Detecting selective forwarding attacks in wireless sensor networks , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[5]  Huirong Fu,et al.  Design and implementation of an intrusion detection system for wireless sensor networks , 2007, 2007 IEEE International Conference on Electro/Information Technology.

[6]  Peter Langendörfer,et al.  Application of wireless sensor networks in critical infrastructure protection: challenges and design options [Security and Privacy in Emerging Wireless Networks] , 2010, IEEE Wireless Communications.

[7]  Tassos Dimitriou,et al.  Launching a Sinkhole Attack in Wireless Sensor Networks; The Intruder Side , 2008, 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications.

[8]  Chunming Rong,et al.  Security Attacks in Ad Hoc, Sensor and Mesh Networks , 2009 .

[9]  Tassos Dimitriou,et al.  LIDeA: a distributed lightweight intrusion detection architecture for sensor networks , 2008, SecureComm.

[10]  Michael R. Lyu,et al.  An efficient intruder detection algorithm against sinkhole attacks in wireless sensor networks , 2007, Comput. Commun..

[11]  Gunter Bolch,et al.  Queueing Networks and Markov Chains , 2005 .

[12]  Antonio Alfredo Ferreira Loureiro,et al.  Decentralized intrusion detection in wireless sensor networks , 2005, Q2SWinet '05.

[13]  Lionel M. Ni China's national research project on wireless sensor networks , 2007, IEEE Wireless Communications.

[14]  Luigi Coppolino,et al.  Exploiting diversity and correlation to improve the performance of intrusion detection systems , 2009, 2009 International Conference on Network and Service Security.

[15]  Luigi Coppolino,et al.  An Intrusion Detection System for Critical Information Infrastructures using Wireless Sensor Network technologies , 2010, 2010 5th International Conference on Critical Infrastructure (CRIS).

[16]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[17]  Y HeZ,et al.  An Advanced Study on Fault Location System for China Railway Automatic Blocking and Continuous Transmission Line , 2008 .

[18]  Neeraj Suri,et al.  INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project , 2008, CRITIS.

[19]  Xiangzhong Meng,et al.  Design of Wireless Sensor Network in SCADA system for wind power plant , 2008, 2008 IEEE International Conference on Automation and Logistics.

[20]  Felix C. Freiling,et al.  Cooperative Intrusion Detection in Wireless Sensor Networks , 2009, EWSN.