intrusion detection in wireless sensor networks n.
Skip this Video
Loading SlideShow in 5 Seconds..
Intrusion Detection in Wireless Sensor Networks PowerPoint Presentation
Download Presentation
Intrusion Detection in Wireless Sensor Networks

Intrusion Detection in Wireless Sensor Networks

184 Vues Download Presentation
Télécharger la présentation

Intrusion Detection in Wireless Sensor Networks

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Intrusion Detection in Wireless Sensor Networks Presented by… Sathish kumar . P 009 07 046

  2. Introduction Wireless sensor networks (WSNs) have become a hot research topic in recent years. Applications include military, rescue, environment monitoring, and smart homes. A WSN is composed of hundreds or even thousands of small, cheap sensors nodes which communicate with one another wirelessly. Sensor nodes typically do not have very much computational power, limiting the kinds of networking protocols and security mechanisms they can employ. Because WSNs are composed of so many nodes, which may be deployed in a hostile environment, replacing batteries is not feasible. Sensor nodes must therefor survive on the small amount of energy in the batteries they are deployed with (typically about 6 amp-hours [5]). This creates a need to conserve energy. Because of the wireless nature of WSNs, security is a fairly difficult issue. Adversaries can easily listen to all the traffic and inject their own, especially if the WSN is deployed in a hostile environment. It is also important that the WSN be robust to losing some of the sensor nodes, because it can be very easy for an adversary to capture any given node.

  3. WSNs Two types of Wireless Sensor Networks • Homogeneous • WSNs in 2000 • Single (uniform) platform per research group • Peer design: All nodes in the network share the same functionality • Heterogeneous • WSNs in 2006 • Tier-1: mote-class devices • Tier-2: microservers • Discrete tasks: nodes in the network treated differently

  4. what is Intrusion Detection ? “intrusion detection”. This is defined as identifying an intruder, which is an attacker who has gained control of a node, or injected falsified or repeated packets into the network. This is not to be confused with other “intrusion detection” systems using WSNs, which monitor a physical environment, looking for intruders using a WSN for sensing and collecting information.

  5. a game theory-based approach to Intrusion Detection In this framework, intrusion-detection is looked at in the form of a 2-player non-cooperative nonzero-sum game. The two players are the intrusion detection system (IDS) of the WSN, and the attacker. The IDS wants to maintain functionality of the network by preventing attacks, while the attacker wants to disturb normal operation. The model for the WSN is a large network of nodes sorted into clusters. When the IDS defends, it defends a cluster. Due to system limitations, the IDS can only defend one cluster at a time. The attacker can also only attack one cluster at a time.

  6. some key notations U(t): the Utility of the WSN’s on-going sessions. • Ck: the average cost of defending cluster k. • ALk: the average loss by losing cluster k. • PI(t): the attacker’s profit for intruding • CI: the attacker’s cost to intrude • CW: the attacker’s cost to wait (opportunity cost) Some important assumptions to note: • PI is Pall k ALk • CW < PI − CI • Ck k where k is the number of previous attacks to k.

  7. Payoff Matrix then go on to look at a particular cluster k in order to make a simple 2 × 3 payoff matrix

  8. the modified game This game formulation is rather unsatisfying. There are a few obvious problems with it. First, the attacker benefit is independent of what the IDS does. But if the attacker’s goal is to cause harm to the network, it should derive greater utility if the IDS does not defend against the attack. Secondly, the IDS should not have to defend only one cluster. If only one cluster could be defending at any given time, many extra control messages would have to be sent to coordinate the clusters. Plus, there could be a benefit to defending more than one cluster. It would just cost more resources. In the earlier discussion of cluster-based security using CHs as suggested in [4], we had assumed that all potential IDS nodes were always on. That is, all packets were checked initially at the CH.

  9. the modified game In the modified game, each cluster will have to act independently of the others, but they are restricted to playing the strategy decided by the IDS. (Since nodes are not real people, they have no desire to put their individual utility above the rest of the 6 network.) Each cluster is also assigned its own utility, Uk(t). Each cluster also has an associated cost to defend it (i.e. energy consumption spent on defense), which we will call Ck(t). We can also ignore the average loss for losing a cluster, because we can count this into the cluster utility. That is, Uk(t) represents the difference in utility between having a cluster and losing it. This simplification costs us nothing as long as we assume the network is already deployed. (We never have to consider the case where a given cluster never existed.)

  10. the modified game We will call the payoff of the IDS A and that of the attacker B. We will also begin by looking at the one-shot game, and I will suppress the time dependence for notational brevity.We will also assume full information. IDS payoff at cluster k: • If we defend cluster k, we assume the attack is repelled, and our payoff is Uk − Ck. • If we do not defend k and the attacker does not attack k, our payoff is Uk. • If we do not defend k and the attacker attacks k, our payoff is 0. As we have seen before, the attacker will always attack, so we can say his payoff is always proportional to the loss of the IDS less a constant: Uattacker = Uk × 1{k not defended} − CI (4) where 1{} is an indicator function.

  11. conclusion We have seen that WSNs have special vulnerabilities that do not exist in wire-line networks. We cannot, therefore, simply transfer all our protocols for wire-line networks to WSNs. Protocols must be designed with low computational power and low energy requirements in mind. In this paper we have seen some of the protocols that are used, as well as some ways to determine where to check packets, including a new game theoretic approach in which we saw that by allowing the attack to have some utility, we are able to increase ours through energy saving for sufficiently large, resource constrained networks.

  12. references • Agah, Das, and Basu, “A game theory based approach for security in wirelss sensor networks” • Afrand Agah, Sajal K. Das and Kalyan Basu, “A Non-cooperative Game Approach for Intrusion Detection in Sensor Networks” • Afrand Agah, Kalyan Basu and Sajal K. Das, “Preventing DoS attack in Sensor Networks: A Game Theoretic Approach” • Farooq Anjum, Dhanant Subhadrabandhu, Saswati Sarkar *, Rahul Shetty, “On Optimal Placement of Intrusion Detection Modules in Sensor Networks”, Proceedings of the First International Conference on Broadband Networks (BROADNETS04). • Michael Brownfield, “Wireless Sensor Network Denial of Sleep Attack”, Proceedings of the 2005 IEEE Workshop on Information • Assurance and Security United States Military Academy, West Point, NY.