Lightweight Intrusion Detection: A Second Line of Defense for Unguarded Wireless Sensor Networks
Date of Award
Doctor of Philosophy
Wireless sensor networks (WSN) are formed of stationary nodes with stringent resources (in terms of battery power, processor speed, memory and radio range). They have specific communication and traffic patterns.
Making sensor networks secure is especially challenging because of the wireless medium and the fact that WSN is physically unguarded. The compromise of sensor nodes may lead to the loss of secret information and tampering of the software. Hence, intrusion detection techniques must be designed to detect at least some of the most dangerous attacks. Further, these techniques should be lightweight to suit resource constrained nature of WSN.
We focus on proposing lightweight detection techniques for most dangerous attacks such as masquerade, Sybil, packet dropping, sinkhole, data-forging by an aggregator, exhaustion, HELLO flood and infusing invalid information. We also propose techniques which add new nodes securely, allow sensor nodes to send anomalies or information about detected attacks/attackers to the base station and isolate detected attackers.
MG method for detecting masquerade/Sybil is based on overhearing the communication of the immediate neighbors. SRP method verifies the number of packets sent and received from nodes based on their id.
For periodic monitoring type of applications, we propose to detect packet dropping and sinkhole which estimates the number of packets a node should receive/send from/to its neighbors. Estimating the number of packets is possible because sensor nodes send data periodically to the base station using a deterministic traffic pattern. The proposed mechanism also detects exhaustion and HELLO flood attacks. Our technique (DPDSN) detects packet dropping paths and detects packet dropping nodes only if there is a need to do so.
We also propose overhearing based technique for detecting data-forging by sensor nodes and aggregator. Our work in detecting invalid source of information (IASN) is based on expecting certain kind of data from a certain neighbor.
We analyze the probability of success and overhead of these techniques. These solutions do not substitute cryptography based techniques which generally provide the first line of defense. Instead they complement the first line of defense. These solutions are necessary because physical capture of a sensor node is easily possible.
Bhuse, Vijay Subhash, "Lightweight Intrusion Detection: A Second Line of Defense for Unguarded Wireless Sensor Networks" (2007). Dissertations. 833.