Advertisement

Attacker Evidence System in WSN

  • B. Srinivasa RaoEmail author
  • P. Premchand
Open Access
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 805)

Abstract

Due to the features like distributed structure, open wireless network system etc. the Wireless Sensor Networks (WSN) are pruned to security attacks at various levels. These attacks may have significant influence on the efficiency of WSN. During the anomalous attacks, attackers manage to get unauthorized accesses to the network and harm the network system and services to make them ineffective. A counter mechanism is essential to overcome the influence of the attacks and sustain the efficiency of the network. In that process it is required to find the evidence for the activities of the attacker in the network. In the present research work, an attempt has been made to develop and implement a mechanism or scheme to find the evidence for the existence of an attacker in the network and to provide security measure to the WSN system by filtering the attacker to prevent the attacks. This is achieved by designing and implementing an Attacker Evidence System (AES) as a simple network security measure in wireless sensor networks systems. The proposed AES is designed for homogeneous and heterogeneous WSN models considering single and multiple-sensing detection schemes. The present security measure and its simulation results have been presented and discussed. The results reveal that the present AES works as per expectations for both the types WSNs and can be a proto-type for further extensions.

Keywords

Information security Network security Attack Attacker Intrusion detection Intruders WSN Heterogeneous 

1 Introduction

Now-a-days, it has become essential for every organization to have its own security policy as per its requirements based upon its adopted technology like Communication Network, Parallel Computing System, Distributed Computing System, Cloud System, Adhoc Network, Mobile Network, Wireless Sensor Network etc. This security policy may be intended to protect organization through pro-active policy stance [1]. From the literature it is well understood that Computer Security is concerned with the loss or harm to the hardware, software or information of an organization. It also includes denial, disruption and misdirection of the services and facilities provided by the computer system [2, 3, 4, 5, 6]. The Computer Security may be considered as combination of System Security, Network Security and Data or Information Security. Data security or Information Security deals with security issues, policies and services of data under communication. Data Security provides security services for threats concerned with data confidentiality, authentication, integrity, non-repudiation, access control and availability [7, 8, 9, 10]. As Information Systems are designed in multilayered structures, the above security issues have their influence at different layers of the systems and affect the performance of the Systems [11]. In this context, the security issue like confidentiality is becoming a challenge task in the environment of new technologies such as cloud computing, wireless communication systems etc. [12]. One aspect of the confidentiality of an Information System is unauthorized access to the network by a third party to steal important information or causing damage to the efficiency of the Information System [7, 8, 9, 10]. An unauthorized access to the computer networking system is known as attack/hack/intrusion and is one of the most serious threats to the Computer Security. Hence, it is essential to design a security measure to detect the attacker to assess the vulnerability of the system or to protect the system from misuse [7]. An Attacker Evidence system (AES) is software and/or hardware based security scheme to detect the attempts of an attacker intended to misuse the systems such as network or the Internet [13].

A wireless sensor networks (WSN) is a wireless network consisting of spatially distributed autonomous devices using sensors to cooperatively monitor physical or environmental conditions [14]. The WSN have many applications such as military, civil, healthcare, home automation, traffic control etc. It normally constitutes a wireless adhoc network associating with a multi-hop routing algorithm [15]. A WSN is an adhoc distributed system consisting of several wirelessly connected sensor nodes and can be deployed to collect information about surrounding environment [16]. WSNs are highly vulnerable to security attacks at various levels due to various factors like distributed nature, multi-hops, open wireless medium etc. [16, 17, 18]. Hence an effective security measure is to be designed to overcome the attacks like intrusion or hacking in WSN. An Attacker Evidence system (AES) can be designed and implemented to detect and prevent from security attacks [19]. Survey reveals that earlier, several researchers have designed and implemented Intrusion Detection Systems for WSN in different scenarios such as Anomaly-based IDS, Signature-based IDS, and Cross layer IDS etc. [13, 17, 18]. The probability of creating more false alarms is a problem with Anomaly-based IDSs, even though they are lightweight in nature. Overheads like updating and inserting new signatures and suitability to larger WSN are the disadvantages with Signature-based IDSs. As the WSNs have resource limitation, the Cross layer IDSs are usually not suitable [13, 17, 18]. Based upon the capability the WSNs can be classified as homogeneous and heterogeneous. Large sensing range, more power and broad casting power management information are the significant features of Heterogeneous WSNs in comparison with homogeneous WSNs [13, 14]. The two important conditions for ensuring detection probability in WSNs are the network connectivity and broad cast reach ability in a secured manner [14, 18, 20]. A few have considered the case of IDS for heterogeneous WSN security in comparison with homogeneous one with a simple simulation method. A comparative study may be considered for both homogeneous and heterogeneous WSNs in terms of intrusion/hacker detection. Hence this is the motivation for the present work to design and implement an Attacker Evidence system (AES) for homogeneous and heterogeneous WSNs by using a simple simulation method. This simple method may be a proto-type but would be useful to extend further. To the best of our knowledge, our effort is the first to address this issue both in homogeneous and heterogeneous WSNs for a simple simulation using Attacker Evidence system (AES).

2 Earlier Intrusion Detection Systems (IDS) and WSN

Various attacker/intrusion/hacker detection systems have been designed and implemented in different scenario and detailed information is available in vast literature [13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29]. It is already understood that An Intrusion Detection system (IDS) is software and/or hardware based security scheme to detect the attempts of an intruder intended to misuse the systems such as network or the Internet [13]. From [14], the IDS comprise of mainly three components namely sensors, console and central engine. The security events of the WSN are produced by sensors. The WSN events and their related alerts are monitored by console. The centrals records events and set rules for generation of alerts. The intrusion detection is possible in two ways: intrusion detection by a single sensor or multiple sensors collective cooperation. As the former is ineffective in some cases, multiple sensor detection can be considered for intrusion detection. The data flow in homogeneous and heterogeneous wireless sensors is as shown in Fig. 1. S and D indicate Source and Detector and R1, R2, and R3 are receiving nodes in WSN. The directions indicate the flow of data through the networks. The intruder may be denoted by a cloud symbol.
Fig. 1.

Homogeneous and Heterogeneous WSNs

3 Attacker Evidence System (AES)

With reference to [14], the presently proposed simple Attacker Evidence System (AES) can be designed in five modules: 1. WSN construction, 2. Generation of Packets. 3. Identifying authorized and unauthorized port. 4. Inter-Domain Packet Filter construction and 5. Valid packet reception. In the first module WSN is designed such a way that each node is connected to the neighboring nodes and each port number is authorized by all nodes. In the second module a browser is designed to convert selected data into a fixed size of packet. These packets are sent from source to detector. In the third module in order to find authorized and unauthorized port a detection mechanism is designed. This module checks whether the path is authorized or unauthorized using the port number and if path is authorized the packet is send to valid destination. Otherwise the packet will be deleted. In the fourth module the Inter-Domain Packet Filter is designed. The Packet Filter filters the packets received from other than the designated port number and authorized packets will be send to destination. Finally, the valid packet reception module receives all the valid Packets. Thus only valid packets reach the destination from the source node [30]. The design logic for the Attacker Evidence System (AES) is shown in Fig. 2. The system design comprises of mainly data input and output mechanisms. 1. Input Design: (i) Source file browsing (ii) Conversion of selected data into fixed size packets. (iii) Write program to hack the packet (iv) Selection of port number to send the packet (v) Sending packet from source to detector. 2. Output Design: (i) Filtering and discarding of packet from unauthorized port (ii) Sending authorized packets to destination. The functional flow of data, data input, intruder detection, packet filtering, and reception packets are shown in data flow diagram (Fig. 2).
Fig. 2.

Data flow diagram for Attacker Evidence System (AES)

At first the user will input the data from a file and sends this packet to the detector and the detector filters the received packets. In case the packet is authorized it will be sent to a valid receiver. If the packet is an unauthorized one, then it will be discarded into the sink. Thus the design plan is implemented in four modules: Network construction module, Detector module, Packet filter module and Receive packet module. The corresponding software design plan is shown in Figs. 3 and 4. The Network Construct module is a network, with attributes Construct and with responsibilities container.add(c); The Detector module comprises the attributes analyzing and responsibilities void server(); The packet filter contains attributes Testing and responsibilites r1.server; Finally the sink module contains attributes Receive packets and responsibilites get.packet().
Fig. 3.

Software Design plan for AES

Fig. 4.

Mechanism for receiving valid packets

  1. (a)

    User Requirement Specification: The main user requirements are User Characteristics, Functional Requirements, and Non Functional Requirements. The user requirements are briefly outlined below:

     
  2. 1.

    User Characteristics: A user interface is used to search the data and services. An operational user interface can be used to add new data as and when required. Provision for operations like update/delete the data. No access rights for the user to access the system.

     
  3. 2.

    Functional Requirements: (i) Frame a packet and send the packet over the network. (ii) Write the instruction program to hack the packet over inappropriate, incorrect, anomalous attackers. (iii) This should be for both homogeneous and heterogeneous WSN models.

     
  4. 3.

    Non-Functional Requirements: (i) Usability: A procedure is designed to establish connection between a sender and a receiver with no third party intervention. (ii) Reliability: The java platform makes the system more reliable. (iii) Performance: The system performance depends on the high level languages and the advanced network technologies. (iv) Supportability: A cross platform supported system is to be designed. (v) Implementation: The system is implemented in java network programming environment with Windows xp professional platform.

     
  5. (b)

    System Requirements: The system requirements for the AES are: Hardware: Pentium IV 2.6 GHz Processor, 512 MB DD RAM, 20 GB Hard Disk, LG 52X CD Drive, Standard Keyboard, Mouse, Internet/Networking. Software: Java, JFrameBuilder and Window’s Xp.

     

4 AES Implementation

The architecture of a WSN node is as shown in Fig. 5. According to the networking principles each node contains the data of authorized ports of all other nodes in the network. Each node can verify whether a packet is from an authorized port or not by running a suitable algorithm and accordingly takes the decision for next action. All the operations, respective screen display operations and screen displays involved in the simulation at source, detector and receiver level are presented in Table 1. Predefined authorized and unauthorized ports data has been stored in files and the files have been browsed to select the ports for communicating packets through the WSN. The present AES has been simulated in the environment of Java, JFrame Builder and Window’s XP operation system using the specified hardware and software. The simulated results that have been obtained by implementing the operations as per the Table 1 have been reported in Table 2. Also important screen shots have been presented for better understanding of the simulated results and the process of AES in Fig. 6.
Fig. 5.

Architecture of a WSN node

Table 1.

Operations and Result displays on Computer during the simulations

Source

Detector

Receiver

Operations

Screen display operation

Operations

Screen displays operation

Operations

Screen displays

1. Double click on source batch file

2. Click on browse button to select the file

3. Select the port number

4. Click the send button

5. Click on the OK button

1. Displays selected file information

2. Displays the selected port information

3. After clicking the send button, displays an alert window

4. After clicking the OK button the packet is sent to the Detector

1. The detector checks the validity of port of the received packet

2. If the packet is from an authorized port, detector sends it to a valid receiver

Else, it discords the packet and reports the intrusion

1. Displays that the port is a valid port in case of a valid port

2. In case of invalid port, displays that arrived port is an intruder port

3. Also displays that which detector has detected

1. It receives the packet from the Detector, if the packet is from an authorized port

2. It has to display on the screen that from which port the packet has been received

1. Displays on the screen that from which port the packet has been received

Table 2.

Simulated results of attacker evidence scheme for both Homogeneous and Heterogeneous WSN

Source

Selected port

Port Authorized/Unauthorized

Detector

Hacking detection

Packet receiver/sink

Packet status

Homogeneous network

S

R-101

Authorized

D

NO

R1

Received

S

I-104

Unauthorized

D

YES

deleted

Heterogeneous network

S1

R-101

Authorized

D1

NO

R1

Received

S1

I-102

Unauthorized

D1

YES

deleted

S1

I-105

Unauthorized

D2

YES

deleted

S2

R-106

Authorized

D3

NO

R3

Received

S2

I-109

Unauthorized

D3

YES

deleted

Fig. 6.

Screenshot for Homogeneous and Heterogeneous WSN

5 Conclusions

In the present research work we have designed and implemented an Attacker Evidence system (AES) as a simple network security measure in a wireless networks system considering both a homogeneous and heterogeneous structures. Also we considered the two sensing detection models: single-sensing detection and multiple-sensing detection. The implemented security measure scheme and its simulated results have been presented and discussed. From Tables 1 and 2, it is evident that the AES is working as per the expectations. The attacker is being detected and reported properly. The screening of the packets from unauthorized ports and at the same time allowing the valid packets to the receiver are also executed as per the expectations. Thus the present AES can be useful to send information in a secured manner through the WSN. By using multiple sensors network in the present scheme we could not only detect the presence of malicious elements but also preventing the attacks by filtering and discarding them. A comparison can be done from the results for both homogeneous and heterogeneous WSNs in terms of attacker detection and it is inferred that the mechanism is more effective in later one. Thus the present Attacker Evidence System (AES) shows the existence of the attacker and also prevents the attack and in turn acts as security measure for a wireless network system which is the objective of the present research work. In scope, the present Attacker Evidence System (AES) may be a proto-type, but the simulation can be extended to study intrusion detection probability within a certain intrusion distance under various application scenarios. The model can be further improved for a larger and more realistic WSN by characterizing attacker detection probability with respect to the intrusion distance and the network parameters like node density, sensing range, transmission range etc. The model can be further enhanced for attacker/hacker/intrusion detections in internet applications and parallel computer interconnection networks.

Notes

Acknowledgements

B. Srinivasa Rao is very much thankful to Dr. L. Pratap Reddy, Professor, Department of ECE, JNTUH, Hyderabad, for his valuable suggestions. Also thankful to the Management of GRIET for their encouragement and cooperation for pursuing his Ph.D. work.

References

  1. 1.
  2. 2.
  3. 3.
    New firewall can protect your phone from security threat. http://www.deccanchronicle.com/technology/in-other-news/060717 (2017)
  4. 4.
  5. 5.
  6. 6.
  7. 7.
    Stallings, W.: Cryptography and Network Security-Principles and Practices, 4th edn. Pearson Education (2006)Google Scholar
  8. 8.
    Stallings, W.: Data and Computer Communications, 5th edn. PHI (1999)Google Scholar
  9. 9.
    Forouzan, B.A. : Cryptography and Network Security, Special Indian Edition, TMH (2007)Google Scholar
  10. 10.
    Forouzan, B.A.: TCP/IP Protocol Suite, TMH (2000)Google Scholar
  11. 11.
    Kisielnicki, A., Sroka, H.: Systemy informacyjne biznesu, Warszawa: Placet, S. 17 (2005). ISBN 83-85428-94-1Google Scholar
  12. 12.
    Wawak, S.: The importance of information security management in crisis prevention in the company. In: Proceedings of ISBAGECC-2017 (2017). http://www.academia.edu/1649676
  13. 13.
    Alrajeh, N.A., Khan, S., Shams, B.: A review -intrusion detection systems in wireless sensor networks. Int. J. Distrib. Sens. Netw. 2013, 1–9 (2013).  https://doi.org/10.1155/2013/304628CrossRefGoogle Scholar
  14. 14.
  15. 15.
  16. 16.
  17. 17.
    Agrawal, D.P., Zeng, Q.A.: Intrusion detection in wireless ad-hoc networks. In: Introduction to Wireless and Mobile Systems, 4th edn., p. 28 (2014)Google Scholar
  18. 18.
    Sharma, U., Bahl, N.: A review on security issues and attacks in wireless sensor networks. Int. J. Adv. Res. Comput. Sci. (IJARCS) 8(4), 387–391 (2017)Google Scholar
  19. 19.
  20. 20.
    Zheng, J., Jamalipour, A. (eds.): Wireless Sensor Networks: A Networking Perspective. John Wiley, Hoboken (2009)zbMATHGoogle Scholar
  21. 21.
    Butun, I., Morgera, S.D., Shankar, R.: A survey of intrusion detection system in wireless sensor networks. IEEE Commun. Surv. Tutorials 16(1), 266–282 (2014)CrossRefGoogle Scholar
  22. 22.
    Simenthy, J.R., Vijayan, K.: Advanced intrusion detection system for wireless sensor networks. IJAREEIE 3(3), 167–172 (2014)Google Scholar
  23. 23.
    Amita, G., Subir, H.: A survey on energy efficient intrusion detection in wireless sensor networks. JAISE 9(2), 239–261 (2017)Google Scholar
  24. 24.
    Mitche, R., Chen, I.R.: A survey on intrusion detection in wireless sensor network applications. Comput. Commun. 42, 1–23 (2014)CrossRefGoogle Scholar
  25. 25.
    Singh, J., Thaper, V.: Intrusion detection system in wireless sensor networks. IJCSCE 1, 2 (2012)Google Scholar
  26. 26.
    Kamaev, A., Finogeev, A.G., Finogeev, A.A., Parygin, D.S.: Journal of Physics: Conference Series, vol. 803(1) (2017)Google Scholar
  27. 27.
    Sathya, D., Krishneswari, K.: A Novel Cross Layer Rule Based Intrusion Detection System to Detect the Attacks Coming from Different Layers in WSN (2016). http://nopr.niscair.res.in/handle/123456789/34052
  28. 28.
    Yarvis, M., Kushalnagar, N., Singh, H., Rangarajan, A., Liu, Y., Singh, S.: Exploiting Heterogeneity in Sensor Networks, 5th edn., vol. 8. AK Press (2007)Google Scholar
  29. 29.
    Wang, X., Yoo, Y., Wang, Y., Agrawal, D.P.: Impact of Node Density and Sensing Range on Intrusion Detection in Wireless Sensor Networks, 6th edn., vol. 2. ECW Press (2006)Google Scholar
  30. 30.

Copyright information

© The Author(s) 2018

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringGokaraju Rangaraju Institute of Engineering and Technology (Autonomous) (Affiliated to Jawaharlal Nehru Technological University Hyderabad, Hyderabad 500072, India)HyderabadIndia
  2. 2.Department of Computer Science Engineering, University College of EngineeringOsmania UniversityHyderabadIndia

Personalised recommendations