Abstract
This paper proposes a methodology for detecting network-layer anomalies in wireless sensor networks using weak process models (WPM). Weak process models are a non-parametric version of Hidden Markov models (HMM), wherein state transition probabilities are reduced to rules of reachability. Specifically, we present an intrusion detection system based on anomaly detection logic. It identifies any observable event correlated to a threat by applying a set of anomaly rules to the incoming traffic. Attacks are classified into low and high potential attacks according to its final state. Alarms are issued as soon as one or more high potential attacks are detected.
We model hello flooding, sinkhole and wormhole. We introduced single threat models and aggregated models and study how effective they are to detect each attack.
We present the design approach for the proposed WPM-based detection technique using mobile agents. Early implementations of the agent based secure platform have already been implemented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Roosta, T., Shieh, S., Sastry, S.: Taxonomy of security attacks in sensor networks. In: First IEEE International Conference on System Integration and Reliability Improvements, Hanoi, Vietnam, vol. 1, pp. 529–536 (2006)
Debar, H., Dacier, M., Wespi, A.: Towards a Taxonomy of Intrusion-Detection Systems. Computer Networks: The International Journal of Computer and Telecommunications Networking 31(9), 805–822 (1999)
Forney, G.: The Viterbi Algorithm. Proc. IEEE 61(3), 268–278 (1973)
Pugliese, M., Giani, A., Santucci, F.: A Weak Process Approach to Anomaly Detection in Wireless Sensor Networks. In: First International Workshop on Sensor Networks (SN 2008), Virgin Islands (2008)
Ephraim, Y., Merhav, N.: Hidden Markov Processes. IEEE Trans. Informormation Theory 48(6) (2002)
Loo, C., Ng, M., Leckie, C., Palaniswami, M.: Intrusion Detection for Routing Attacks in Sensor Networks. International Journal of Distributed Sensor Networks (2005)
Doumit, S., Agrawal, D.: Self Organized Critically and Stochastic Learning Based Intrusion Detection System for Wireless Sensor Networks. In: Military Communications Conference, MILCOM (2003)
Jiang, G.: Robust process detection using nonparametric weak models. International Journal of Intelligent Control and Systems 10 (2005)
Yin, Q., Shen, L., Zhang, R., Li, X., Wang, H.: Intrusion Detection Based on Hidden Markov Model. In: International Conference on Machine Learning and Cybernetics, vol. 5, pp. 3115–3118 (2003)
Khanna, R., Liu, H.: System Approach to Intrusion Detection Using Hidden Markov Model. In: Proceedings of the international conference on Wireless communications and mobile computing, vol. 5, pp. 349–354 (2006)
Sheng, Y., Cybenko, G.: Distance Measures for Nonparametric Weak Process Models. In: IEEE International Conference on Systems, Man and Cybernetics, vol. 1, pp. 722–727 (2005)
Giani, A.: Detection of Attacks on Cognitive Channels. Ph.D. Thesis, Dartmouth College, Hanover, NH, USA (2006)
Silva, A., Martins, M., Rocha, B., Loureiro, A., Ruiz, L., Wong, H.: Decentralized Intrusion Detection in wireless sensor networks. In: Proceedings of the 1st ACM International Workshop on Quality of service and security in wireless and mobile Networks (2005)
Karlof, C., Wagner, D.: Secure routing in wireless sensor networks: Attacks and countermeasures. In: 1st IEEE International Workshop on Sensor Network Protocols and Applications, vol. 10 (2003)
Rabiner, L., Juang, B.: An Introduction to Hidden Markov Models. IEEE ASSP Magazine, 4–16 (1986)
Pugliese, M., Santucci, F.: Pair-wise Network Topology Authenticated Hybrid Cryptographic Keys for Wireless Sensor Networks using Vector Algebra. In: 4th IEEE International Workshop on Wireless Sensor Networks Security (WSNS 2008), Atlanta (2008)
Whitman, M., Mattord, H.: Principles of Information Security, 3rd edn. Thomson (2009)
Ross, A.: Security Engineering. Wiley, New York (2001)
Baker, Z., Prasanna, V.: Computationally-efficient engine for flexible intrusion detection (2005)
Dainotti, A., Pescape, A., Rossi, P., Palmieri, F., Ventre, G.: Internet Traffic modeling by means of Hidden Markov Models. Computer Networks 54, 2645–2662 (2008)
Al-Subaie, M., Zulkernine, M.: Efficacy of Hidden Markov Models Over Neural Networks in Anomaly Intrusion Detection. In: Proceedings of the 30th Annual International Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 325–332 (2006)
Wang, W., Guan, X., Zhang, X.: Modeling program behaviors by hidden Markov models for intrusion detection. In: Proceedings of 2004 International Conference on Machine Learning and Cybernetics, vol. 5, pp. 2830–2835 (2004)
Luk, M., Mezzour, G., Perrig, A., Gligor, V.: MiniSec: A Secure Sensor Network Communication Architecture. In: Proceedings of the Sixth International Conference on Information Processing in Sensor Networks (IPSN) (April 2007)
Hu, Y., Perrig, A., Johnson, D.: Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks. In: Proceedings of the INFOCOM 2003 (2003)
Law, Y., Havinga, P., Johnson, D.: How to Secure a Wireless Sensor Network. In: Proc. of the International Conference on Intelligent Sensors, Sensor Networks and Information Processing Conference (2005)
Ngai, E., Liu, J., Lyu, M.: On the Intruder Detection for Sinkhole Attack in Wireless Sensor Networks. In: Proc. of the IEEE International Conference on Communications, ICC 2006 (2006)
Krontiris, I., Dimitriou, T., Giannetsos, T., Mpasoukos, M.: Intrusion Detection of Sinkhole Attacks in Wireless Sensor Networks. In: Proc. 3rd International Workshop on Algorithmic Aspects of Wireless Sensor Networks, AlgoSensors 2007 (2007)
Dallas, D., Leckie, C., Ramamohanarao, K.: Hop-Count Monitoring: Detecting Sinkhole Attacks in Wireless Sensor Networks. In: Proc. of the 15th IEEE International Conference on Networks, ICON 2007 (2007)
Brust, M.R., Andronache, A., Rothkugel, S., Benenson, Z.: Topology-based Clusterhead Candidate Selection in Wireless Ad-hoc and Sensor Networks. In: 2nd International Conference on Communication Systems Software and Middleware, COMSWARE 2007, pp. 1–8 (2007)
Fok, C.-L., Roman, G.C., Lu, C.: Agilla: A Mobile Agent Middleware for Sensor Networks. Tech. Report, Washington University in St. Louis, WUCSE-2006-16 (2006)
Balasubramainyan, J., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni, D.: An architecture of Intrusion Detection using Autonomous Agents, Department of Computer Science, Purdue University TR 98-05 (1998)
Vahid Dastjerdi, A., Abu Bakar, K.: A Novel Hybrid Mobile Agent Based Distributed Intrusion Detection System. Proc. of World Academy of Science Engineering and Technology 35 (November 2008)
Ramachandran, G., Hart, D.: A P2P Intrusion Detection System based on Mobile Agents. ACM, New York (2004)
Zhou, C.V., Karunasekera, S., Leckie, C.: A Peer-to-Peer Collaborative Intrusion Detection System. In: Proc. of 13th IEEE International Conference on Communications, ICC 2005 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Pugliese, M., Giani, A., Santucci, F. (2010). Weak Process Models for Attack Detection in a Clustered Sensor Network Using Mobile Agents. In: Hailes, S., Sicari, S., Roussos, G. (eds) Sensor Systems and Software. S-CUBE 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 24. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11528-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-11528-8_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11527-1
Online ISBN: 978-3-642-11528-8
eBook Packages: Computer ScienceComputer Science (R0)