Transcription
Vanita B. Raut/ (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 4123-4127Intrusion Detection and Prevention inHomogenous Wireless Sensor NetworksVanita B. RautDepartment of Computer Engineering,G.H.R.I.E.T, Savitribai Phule Pune UniversityIndia, PuneAbstract— Wireless Sensor Networks (WSNs) are used for theapplications like military, health-related, ecological area.These applications include monitoring of sensitive informationsuch as enemy movement at battlefield, or the location ofpersonnel in the building. Wireless sensor nodes sense aroundthem and detect anomaly event in the industrial environment.For the industrial application it is difficult to detect theintrusion on wireless medium. Intrusion Detection is mostessential requirement for security purpose. Security issues arediscussed and apply the security algorithm on the nodes. Theproposed work to improve security of clustering basednetwork throughput, packet delivery ratio, and it optimizesenergy. In this project throughput was increased at Gate Way(GW) and Common Node (CN). Packet Delivery Ratio wasincreased at GW and CN. Delay was Decrease and Energyconsumption was done. Constructed Black Hole attackdetection algorithm in hierarchical frame work for intrusiondetection.Keywords— Ad-hoc network, Wireless Sensor Network(WSN), Attacks, ,Intrusion Detection, Intrusion Prevention,zigbee, black hole attackI. INTRODUCTIONA WSNs consists of autonomous sensors to monitorphysical or environmental sensors. WSNs is made up ofhundreds even thousands of small sensor networks [1][2].After sensor nodes are deployed they automatically routeand sense surrounding and automatically compute andtransmit the sensed data to the base station (BS) [1].Because the sensor nodes have limited energy, So in WSNenergy consumption is required. For that purpose clusteringbased routing protocol is used for WSN to save energy.WSN are used for data collection and processing in realtime environment. The required Conditions are measuredby sensors and then measurements are processed in order toassed situation accurately in area around the sensors. In alarge geographical area large numbers of Sensor nodes aredeployed accurate. There are two types of WSN one isunstructured and other is structured. The Structured WSNare the sensor nodes which are deployed in a plannedmanner. Whereas unstructured WSN are the one in whichsensor nodes deployment is in ad-hoc manner. There is nofixed basic structure and facility between WSN forcommunication.In WSNs attacks can be categorized according to thesecurity requirements in WSNs: Attacks on networkavailability that is DOS attack, Stealthy attacks againstservice integrity, Attacks on secrecy and authentication.www.ijcsit.comA. MotivationWSNs and are new communication mobile ad hocnetworks (MANETs) paradigms. MANETs do not requirewired infrastructure or expensive base stations. Nodes cancommunicate each other directly within radio range andthose which are apart use other nodes as relays. Each hostin the MANET acts as a router. The routers are mostlymulti-hop. In micro electro mechanical systems (MEMS)and wireless communications had made it feasible to builtminiature wireless sensor nodes and that data processing,integrate sensing and communicating capabilities.Fig 1: Wireless Sensor Network.The WSN is implemented in the figure. The WSN isdeploying to sense the target [6]. The collaboratively routethe data to a base station for analysis. After analysis thebase station can transmit the data further to users throughanother communications route (e.g. internet).The security solutions for WSNs have originated fromthe prevention point of view. In the WSNs many keydistribution schemes can be built based on link layersecurity architecture, prevention of DOS attacks, and securerouting protocol. The most important purpose of deployingWSNs is to collect relevant data. The WSN system shouldbe:1. Fault tolerant: The system should be robust againstnode failure (running out of energy, physical destruction,H/W, S/W issues etc). Some mechanism should beincorporated to indicate that the node is not functioningproperly.2. Scalable: The system should support large number ofsensor nodes to cater for different applications.3. Long life: The nodes life-time entirely defines thenetworks life-time and it should be high enough. The sensornode should be power efficient against the limited powerresource that it have since it is difficult to replace orrecharge thousands of nodes.4. Programmable: the reprogramming of sensor nodes inthe field should ht be necessary to improve flexibility.4123
Vanita B. Raut/ (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 4123-41275. Secure: The node should support the following:a] Access Control: to prevent unauthorized attempts toaccess the node.b] Message Integrity: to detect and prevent unauthorizedchanges to the message.c] Confidentiality: to assure that sensor node shouldencrypt messages so only those nodes would listen whohave the secret key.6. Affordable: the system should use low cost devicessince the network comprises of thousand of sensor nodes,tags and apparatus. Installation and maintenance of systemelements should also be significantly low to make itsdeployment realistic.B. ZigBee SensorZigbee is the set of specs built in the region of the IEEE802.15.4 wireless protocol. Zigbee is designed to providehighly efficient connectivity between small packet devices.This sensor supports the symmetric key encryption [1]using Cipher Block Chaining (CBC) security protocols areused as basic security mechanisms and authentication usingMessageAuthentication Code (MAC). The Zigbee is designed fora low cost, flexible and standard-based wireless networktechnology, which requires low power consumption,interoperability, reliability, and security for control andmonitoring the applications. Zigbee support the AdvancedEncryption Standard (AES) with 128 bit data and keyintegrity using MAC. In zigbee all sensor nodes share onesecret key and the whole network can be cooperated if anattacker reached.Fig 2. Zigbee sensorII. LITERATURE SURVEYA. An Intrusion Detection and PreventionThe two level hierarchy of the framework [1], in thispaper author use the intrusion prevention protocol andintrusion detection protocol. In this method they give thesecurity to every node. In this they can use the one hop andtwo hop strategies. In this strategies if a node is misbehavesmeans that node drops the packets.Hierarchical intrusion detection protocol: In hierarchicalbased intrusion detection method data is flow from lower tohigher level. Gateway (GW), Cluster Head (CH), MemberNode (MN) these nodes have two basic attributes datawww.ijcsit.comaggregation and event sensing. Member node (MN) deliversthe data to the cluster head and cluster head (CH) sends it tothe gateway (GW). Each node has IDS module. IDSmodule contains ID rules and ID handling techniques. If thecondition of rules in the module of intrusion detection issatisfied then the sensor node concludes that the maliciousintrusion occurs. Using that intrusion can be detected. Afterdetection prevention can be taken for that LocalizedEncryption and Authentication protocol (LEAP) is suitable.Advantages:・ Security to the WSN applications・ Detect malicious node・ Performance of packet transmission increase.Disadvantages:・ The System is not useful for heterogeneous network・ Energy consumption is done・ Unnecessary Traffic generated at CH and GWB. Energy Efficient Hierarchical Clustering Algorithm forWSNThe wireless network consists of a large number of smallsensors which having low power transceivers for gatheringa data in a different environments [4]. The data collected byeach sensors is communicated through the network to asingle processing center that uses all reported data to detectthe data. Clustering sensors are in group so that they cansend information to the cluster head or they cancommunicate to the cluster head. The cluster head sends theaggregated information to the processing center. In thispaper they extend the Energy Efficient algorithm toorganize the sensors in a wireless sensor network intoclusters. Energy Efficient, Single Level ClusteringAlgorithm.Advantages:・ Energy Optimization done・ Contention free environment・ This is suitable for large number of nodesDisadvantages:・ It require large number of keysC. Intrusion prevention and detection approaches forclustering based sensor networksIn this paper they are using two approaches to improvethe security of clustering based sensor networks [2]1. Authentication Based intrusion Prevention2. Energy Saving or intrusion detection.Different types of mechanism are also need to monitorcluster heads and member nodes according to theimportance of them. When monitoring CH that is clusterheads member nodes of these cluster head take turns tomonitor this cluster head. This mechanism reduce time, sothat it saves energy of member node, cluster head havemechanism to change the property.Clustering based routing protocol (CBRP) is importantprotocol for WSN to save the node energy. It is a routingprotocol proposed for WSN to save node energy. At regularintervals, a set of cluster heads is selected and the othersensor nodes that are member nodes are clustered withcluster head according to the clustering algorithm. WSN isdeployed in the battle field for museum surveillance,military purposes, or in hospital for monitoring patient4124
Vanita B. Raut/ (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 4123-4127condition, here secure data delivery is required. Theunsecure data delivery damages the security of applications.The security in CBRP is distinctive from others becauseCHs demands security assurance than the sensor nodes. Thegeneric approaches are proposed to secure clustering-basedsensor network (CBSN). The planned intrusion detectionapproach understands the compromised nodes within athreshold in a local cluster. The nodes including clusterhead and member nodes which are identical in the initialenergy, communication power, storage and the unlimitedenergy. The base station has powerful computation power,unlimited energy and storage. When sensor node isdeployed it fixes its location. In WSN packets are classifiedin to two types that is control message and sensed data. Inthis paper time key chains are used.Advantages:・ Energy optimization is done・ Detection of attacks・ Prevention on them・ Increase packet delivery ratioDisadvantages:・ The network lifetime is extended when WSN is underattack.・ Sensor nodes cannot move and you cannot add newsensor node.C. Intrusion Detection Techniques In Mobile Ad-hoc andWSNMobile ad-hoc networks and WSN have wide varietyapplications. They cannot be readily deployed without firstaddressing security challenges. Intrusion detection providenecessary layer of in detail security in wired location. Themobile Ad-hoc networks (MANET) and WSN are the twocommunication paradigms. MANET do not require wiredinfrastructure or expensive base stations. Within radio rangenodes can communicate directly over wireless links, and thenodes which are out of radio range they can use other nodesas relays. Routers are multi hop that’s why each host in theMANET acts as router. MANET could be deployed quicklyin scenarios such as meeting room, fire fighting, and citytransportation wireless networks and so on. To form acooperative network every mobile node should be friendlynode and willing to send the messages to others.D. Decentralized intrusion detection in wireless sensornetworks・ Data repetation attack and delayThe detection of the delay a is directly related to thebuffer sizes. If buffer size was small the IDS receives thedelayed message at the beginning of the buffer more often[5].・ Data AlterationThe effectiveness and the number of false positives forthis attack. The data alteration attack is confused with dataalteration occasional failures. There can be observed atradeoff between detection effectiveness and the number offalse positives.・ JammingThe jamming attack can be confused with the messagecollision occasional failure. It is one of the attacks withwww.ijcsit.combetter detection results. The number of false positives is low,similar to the results obtained from the data alteration attacksimulation. Like the attacks confused with message loss,detection levels were proportional to buffer levels.・ An intrusion detection system for wireless sensornetworksDifferent routing, medium-access and distributed controlalgorithms used for detection The wireless channel does notchange during the transmission of a whole packet, however,it is random and independent from packet to packet [7].A model for distributed intrusion detection in sensornetworks which is designed to work with only partial andlocalized information available at each node of the network.Nodes collaborate and exchange this information with theirneighbors in order to make a correct decision on whether anattack has been launched. How IDS system can be used todetect black hole and selective forwarding attacks,producing very low false-negative and false-positive rates.E.Detecting Misbehaving Nodes in MANETsIn this paper they proposed IDS scheme designed forMANET. In this each node in network require bothtransmitter and receiver [6]. MANETs are two types, singlehop and multi hop. For single hop network nodes are free todirectly communicate with other node that is out of its radiorange. In multi hop nodes are communicate out of its ownradio range. The cooperation of the node in the network isneeded. Node blives on other node to send the packets. Inthis paper they study the watchdog attack and parthraterattack.AdvantagesThe watchdog is capable of detecting misbehavior at theforwarding level instead of just on link level.DisadvantagesIt may fail to detect a misbehaving node in the presenceof a) ambiguous collisions b) receiver collision c) Limitedtransmission power d) false misbehavior report e) collusionf) partial droppingF.An Experimental Study of Hierarchical IntrusionDetection for Wireless Industrial Sensor NetworksIf in network there were no malicious node at that timepacket delivery ratio for each scheme were all at 100%.However, when the percentage of malicious nodesincreased to 10%, sender sends message to the second nodethrough other node at that time that second node or receiversend acknowledgement to the sent node is called Twoacknowledgement (TWOACK), After Multiple number ofnodes acknowledgement send to the sender from receivercalled AACK and Enhanced Adaptive Acknowledgment(EAACK) outperformed Watchdog scheme. And thedelivery ratio of the proposed scheme EAACK toped at thisscenario. This is because the introduction of MRA schemeimproved the detection performance and thus deliveredmore packets than all the other competitors. However, thePDR of EAACK turned out to be slightly lower than AACKand TWOACK when the malicious nodes reached. This islikely due to the fact that almost half the nodes in thenetwork are malicious; it’s much harder for the source nodeto find another valid route to the destination node to carryon the MRA scheme.4125
Vanita B. Raut/ (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 4123-4127Advantages:・ Provide Security to the data・ Prevention from attacksDisadvantages:・ Each node send and receive acknowledgement・ It consumes Time・ It consumes Energy・ Delivery ratio decrease when node maliciousIII. SYSTEM INFORMATIONBy implementing hierarchical framework andconsidering intrusion detection and data processing andconstruct hierarchical intrusion detection and preventionprotocol.A. Intrusion Detection and preventionIn this paper we have constructed hierarchical networkon the basis of two level clustering. taking logical protocolsin this hierarchical framework; an intrusion detection andintrusion prevention protocol. WISNs should be robust andself-repairing. For satisfying these requirements, everysensor node in detection protocol estimates intrusions byitself using its IDS module and handles them by using agateway and cluster head. In WSN real-time, reliableCommunication was considered. The detection protocolwith the hierarchical framework enables WSNs to serve atimely and reliable warning on their industrial applicationsand systems. In the hierarchical intrusion preventionprotocol, it is feasible to transmit sensing and detectingresults in a timely and reliable manner through in-networkprocessing and prevention mechanisms such as encryptionand message authentication codes, respectively. Besides,both detection techniques and symmetric cryptographyalgorithms adopted for intrusion detection and preventionspend less time for executing them. Thus, our protocolsmay satisfy the typical requirements.a) Event Sensing Data AggregationA MN delivers the sensed data to its higher level or tothe cluster head (CH). Each GW and CH collect andprocess the data delivered from the lower levels (CHs orMNs, respectively) and then transmit it to a higher level itmay be Gateway or the base station (the BS or GW,respectively).b) IDS ModuleEach node also has a IDS module. IDS module has twosub modules:・ Intrusion Detection Rules: that decides an intrusionthrough applying detection rules and threshold to theneighbor’s traffic・ Intruder Handling: The work of intruder is to handlesthe intrusion. Each industrial application can employdifferent detection techniques to the module of intrusiondetection rules according to its security requirements.c) Intrusion Prevention Based on Two-Level ClusteringIntrusion detection within each level and between levelsoperates by eavesdropping traffic one-hop, and byevaluating the transmitted control and sensing messages. Aswe mentioned, two-level clustering generates four levels:base station (BS), gateway (GW), cluster head (CH) andwww.ijcsit.commember node (MN). Eeach level detects intrusions with thesimilar detection rules, each level performs a differenthandling method.B. Algorithm:Step 1. Shortest Path Algorithm1.Take the inpute as nodes and arrenge it hierarchicalmanner calculate CH Cluster Head (No. Of Nodes*10/100)2.Remaining nodes are common nodes.Step 2. Secure Key Algorithm1.Sent data through common node sent and receivepacket both are set 1, Keys are generated Randomly. At thetime of sending packets Use the secret Key for Encryption.2. After receiving by receiver decrypt the same datausing Decryption. In this case Sender and receiver musthave the same key.3. Repeat same for CH and GW.IV. EXPERIMENTAL RESULTSFigure 3 shows the scenario of hierarchical topology inthis scenario 0 represents the sink node, 1 represents theGate Way, 2,3,4,5,6 are the cluster Heads. Others are thecommon nodes. Blue common nodes have cluster head 2.Meaning of this is common nodes have to send data to thecluster head. Red Clusters having node 3 as a cluster head.Dark green clusters have node 4 as a cluster head. Greennodes have cluster head 5. Blue cluster heads have 6 ascluster head.Fig 3. Hierarchal clustering of fixed nodesFig 4. Throughput at Gate WayThroughput is calculated using (total bytes *8)/(finaltime -start time). At gate way and cluster head throughput isincreased.4126
Vanita B. Raut/ (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (4) , 2015, 4123-4127V. CONCLUSIONSIn this project we are using the Hierarchical Frame workand one hop Technique, Hierarchical Frame work and onehop technique. Attack detection algorithm implemented.After simulation, performance will be compared fornetwork throughput, packet delivery ratio, packet loss ratioand average energy consumed by the network. In thisrandom topology, we varied Reporting Rates andperformance is evaluated for different parameters. So, forrandom topology with 30 nodes, values of PDR, Delay,total number of packets received by the network i.e.network throughput are calculated. Better performance mS. M. Sooyeon Shin, Taekyoung Kwon, Gil-Yong Jo, YoungmanPark, and Haekyu Rhy, “An Experimental Study of HierarchicalIntrusion Detection for Wireless Industrial Sensor Networks”, IEEE2010.M Chien-Chung Su, Ko-Ming Chang, Yau-Hwang Kuo, MongFong Horng,“The New Intrusion Prevention and DetectionApproaches for Clustering-based Sensor Networks” IEEE 2005.Ilker Onat, Ali Miri, “Intrusion Detection System for WirelessSensor Network”, IEEE 2005.S. Bandyopadhyay and E. J. Coyle, “An energy efficienthierarchical clustering algorithm for wireless sensor networks”,2003Bo Sun and Lawarance Osborne, “Intrusion Detection Techniquesin Mobile Ad Hoc Wireless Sensor Networks” , IEEE 2007Nan Kang, Elhadi M. Shakshuki, Tarek R. Sheltami “DetectingMisbehaving Nodes in MANETs” , 2010.I. Onat and A. Miri, “An intrusion detection system for wirelesssensor networks,” 20054127
A. An Intrusion Detection and Prevention The two level hierarchy of the framework [1], in this paper author use the intrusion prevention protocol and intrusion detection protocol. In this method they give the security to every node. In this they can use the one hop and two hop strategies. In this strategies if a node is misbehaves
