SAID: A Self-Adaptive Intrusion Detection System in Wireless Sensor Networks

  • Jianqing Ma
  • Shiyong Zhang
  • Yiping Zhong
  • Xiaowen Tong
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4298)


Intrusion Detection System (IDS) is usually regarded as the second secure defense of network. However, traditional IDS cannot be suitable to deploy in Wireless Sensor Networks (WSN) because of the nature of WSN (e.g. self-origination, resource-constraint, etc). In this paper, we propose a kind of three-logic-layer architecture of Intrusion Detection System (IDS)-SAID by employing the agent technology and thought of immune mechanism. It has two work modes: 1) active work mode to improve the effectiveness and intelligence for unknown attacks; 2) passive work mode to detect and defend known attacks. The basic functions of these three layers, intrusion response, evolution approach of agent and knowledge base are also presented in this paper. Furthermore, we take advantages of local intrusion detection system and distributive & cooperative intrusion detection system to have a tradeoff among the security of WSN and communication overhead. We also design three kinds of light-weight agents: monitor agents, decision agents and defense agents in order to reduce communication overhead, computation complexity and memory cost. The analysis and experiment result illustrate that SAID has nice properties to defend attacks, and suitable to deploy in WSN.


Sensor Node Wireless Sensor Network Intrusion Detection Intrusion Detection System Malicious Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Karlof, C., Wagner, D.: Secure routing in wireless sensor networks: Attacks and countermeasures. In: Proceedings of the 1st IEEE International. Workshop on Sensor Network Protocols and Applications, Anchorage, AK. May 11, 2003, IEEE, Los Alamitos (2003)Google Scholar
  2. 2.
    Newsome, J., Shi, E., Song, D., Perrig, A.: The Sybil Attack in Sensor Networks: Analysis & Defenses. In: IPSN’04, April 26–27 (2004)Google Scholar
  3. 3.
    Hu, Y.-C., Perrig, A., Johnso, D.B.: Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks. In: Proc. of the Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2003), San Francisco, April, 2003, pp. 1976–1986. IEEE Computer Society Press, Los Alamitos (2003)CrossRefGoogle Scholar
  4. 4.
    Alpcan, T., Basar, T., Game, A.: Theoretic Approach to Decision and Analysis in Network Intrusion Detecion. In: Proceeding of the 42nd IEEE conference on Decision and Control, December, 2003, IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  5. 5.
    Agah, A., Das, S.K., Basu, K.: A game theory based approach for security in wireless sensor networks. In: IPCCC 2004, IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  6. 6.
    Siraj, A., Vaughn, R.B., Bridges, S.M.: Intrusion Sensor Data Fusion in an Intelligent Intrusion Detection System Architecture. In: Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS’04) - Track 9 (2004)Google Scholar
  7. 7.
    Harmer, P.K., Williams, P.D., Gunsch, G.H., Lamont, G.B.: An artificial immune system architecture for computer security applications. IEEE Trans. Evolutionary Computation 6(3), 252–280 (2002)CrossRefGoogle Scholar
  8. 8.
    Kruegel, C., Toth, T.: Applying Mobile Agent Technology to Intrusion Detection. In: Proceedings of the ICSE Workshop on Software Engineering and Mobility, Canada, May (2001)Google Scholar
  9. 9.
    Albers, P., Camp, O.: Security in Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches. In: First International Workshop on Wireless Information System, 4th International Conference on Enterprise Information System (2002)Google Scholar
  10. 10.
    Kachirski, O., Guha, R.: Elective Intrusion Detection Using Multiple Sensors in Wireless Ad Hoc Networks. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS’03), 1 January, p. 57 (2003)Google Scholar
  11. 11.
    Banerjee, S., Groşan, C., Abraham, A., Mahanti, P.K.: Intrusion Detection on Sensor Networks Using Emotional Ants. International Journal of Applied Science and Computations 12(3), 152–173 (2005)Google Scholar
  12. 12.
    Zhang, Y., Lee, W., Huang, Y.: Intrusion Detection Techniques for Mobile Wireless Networks. ACM/Kluwer Wireless Networks Journal (ACM WINET) 9(5) (2003)Google Scholar
  13. 13.
    Sterne, D., Balasubramanyam, P., Carman, D., Wilson, B., Talpade, R., Ko, C., Balupari, R., Tseng, C.-Y., Bowen, T., Levitt, K., Rowe, J.: A General Cooperative Intrusion Detection Architecture for MANETs. In: Proceedings of the 3rd IEEE International Workshop on Information Assurance (IWIA’05), March 2005, pp. 57–70. IEEE Computer Society Press, Los Alamitos (2005)CrossRefGoogle Scholar
  14. 14.
    Anantvalee, T., Wu, J.: A Survey on Intrusion Detection in Mobile Ad Hoc. In: Xiao, Y., Shen, X., Du, D.-Z. (eds.) Wireless/Mobile Network Security, pp. 170–196. Springer, Heidelberg (2006)Google Scholar
  15. 15.
    Su, C.-C., Chang, K.-M., Horng, M.-F., Kuo, Y.-H.: The New Intrusion Prevention and Detection Approaches for Clustering-based Sensor Networks. In: 2005 IEEE Wireless Communications and Networking Conference (WCNC05), New Orleans, USA, Mar. 2005, IEEE, Los Alamitos (2005)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Jianqing Ma
    • 1
  • Shiyong Zhang
    • 1
  • Yiping Zhong
    • 1
  • Xiaowen Tong
    • 2
  1. 1.Department of Computing and Information Technology, Fudan University, Shanghai, 200433China
  2. 2.School of Software, Shanghai Jiao Tong University, Shanghai, 200030China

Personalised recommendations