Hierarchical Intrusion Detection System in Cluster Based Wireless Sensor Network Using Multiple Mobile Base Stations

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 5, Issue 6, June (2014), pp. 82-87 IAEME
82

HIERARCHICAL INTRUSION DETECTION SYSTEM IN CLUSTER BASED
WIRELESS SENSOR NETWORK USING MULTIPLE MOBILE BASE
STATIONS

Anurag

Computer Science & Information Security, Patna, Bihar

ABSTRACT

One of the recent challenges in wireless sensor networks (WSNs) is the secure data
transmission in an energy efficient manner. Secure Routing Protocols deals with secure routing of
data to the base station via tiny sensors. These sensors are being limited in power, hence being more
vulnerable to be attacked by an attacker. In this paper, we have proposed the Hierarchical Intrusion
Detection System using multiple mobile base stations, which is an improvement over threshold
hierarchical intrusion detection system (THIDS). The proposed method utilized the Monitor Nodes
to raise the alarm and alert the base station whenever an attack in the cluster head is being detected.
Using multiple mobile base stations will reduce the energy consumptions, (as compared to the
stationary base stations). Our proposed method is much more secure and energy efficient.

Keywords: Cluster-based wireless sensor network, Intrusion Detection System, Monitor Nodes,
Multiple mobile base stations, Wireless Sensor Network.

I.INTRODUCTION

Wireless sensor network is an emerging field and hot research topic nowadays due to the
varieties of target specific applications like surveillance, biological detection, home security, smart
spaces, and environmental monitoring [I], [2], [3], [4] to name a few. Numerous conferences and
seminars are being organized every year on it. Wireless sensor network mainly consists of the
following equipments like-sensor nodes, transreceiver, microcontroller, external battery, memory
and power source. The sensor motes senses the physical conditions of environment like temperature,
pressure, humidity, wind speed etc. The transceivers than convert the information to the radio signals
and vice versa and transmits the information to the other sensor node, also while receiving it convert
the radio information into the usable form. The analogue signals being sensed by the sensor is
converted to the digital signal and then sends them to the controller. The controller processes the data
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
TECHNOLOGY (IJCET)

ISSN 0976 6367(Print)
ISSN 0976 6375(Online)
Volume 5, Issue 6, June (2014), pp. 82-87
IAEME: www.iaeme.com/IJCET.asp
Journal Impact Factor (2014): 8.5328 (Calculated by GISI)
www.jifactor.com

IJCET
I A E M E
83

as well as controls the functionality of other components of the sensor nodes. These sensor nodes
after sensing the information sends it to the base station and from there, it is available to the end user
for its further utilization.
These sensors can collect environmental information within their sensing ranges and have
capability for further data processing. They can also transmit, relay, and receive information within
their communication ranges. By the recent advances in hardware miniaturization, communication
technologies and Low-Cost mass production, large scale networks with hundreds or even thousands
of small, inexpensive, battery-powered, and wirelessly connected sensors have become possible and
bring up a wide range of new applications Energy conservation is a primarily concern in wireless
sensor networks which have to operate during long periods of time based on battery power. For
instance, habitatal battlefield monitoring may require continuous operation of at least several months.
Moreover, in the second case it might be difficult to replace batteries when these are drained out
because of the inaccessible areas where these are deployed (usually sensor nodes are deployed
randomly from airplanes.
The main issue of the secure routing in wireless sensor network is to prevent interception,
injection or altering the data as it passes from sensors nodes to base station via other sensor nodes.
The main issue here is how to ensure secure data transmission in order to maximize the
network lifetime. As sensors motes are of small size, it has limited memory, and small size battery,
and thus it has minimal processing and computational power. So, judicious management of energy
resources is being very necessary for maximizing its lifetime. So, we are going to design a security
algorithm in wireless sensor network which maximizes the lifetime of the sensors with minimum
consumption of energy.
The rest of the paper is been organized as follows: In the next section, we will read the
related work done till now in this field. Section III discusses the proposed work and finally, in
section V, we will discuss the conclusion.

2. RELATED WORK

Various research works has been done on secure routing protocol, but here we will discuss
some few of them. In [5], energy efficient multipath routing protocol has been proposed which
increase the lifetime of the wireless sensor node and network. The multipath routing uses multiple
paths for data transmission which spread the number of nodes which saves the energy. It provides the
effective load sharing to meet the Quality of service. The sink initiated proactive protocol secure
Energy Efficient Node Disjoint Multipath Routing Protocol (EENDMRP) is being proposed which
finds the multiple paths between the source and destination based on the rate of energy consumption.
It uses a crypto system which uses the MD5 hash function and RSA public key algorithm. The public
key distributed freely and private key distributed for each node. It has Route construction phase,
Data transmission phase and transmits the data in wireless sensor network. It does not measure
energy and QoS with link reliability while transferring the data. In [7], researches are much more
oriented to the development of logical intrusion detection systems. An intrusion detection system
(IDS) is by definition a system that handles the detection and the isolation of intruders present in the
network through a collection of monitor nodes (MNs). A MN is a sensor node which has to control
networks traffic and to transmit alarm messages on detecting misbehaviors. Intrusion detection
systems have been proposed in [8] which can detect different types of malicious behaviors targeting
different levels in OSI model, using conventional or special techniques. In [9], energy efficient
hybrid IDS (eHIDS) is introduced. The detection scheme combines both misuse and anomaly rules in
order to identify abnormal communications in HWSNs. eHIDS agents are implanted only on clusters
heads, which reduces significantly its energy consumption. The anomaly detection model includes
general attacks on integrity, delay and transmission range. Whenever an intrusion is detected, MNs
84

generate alarm. Authors claim that the proposed IDS has high detection rate, while it hasnt been
evaluated with specific and various attacks. In [10] OSPF has been proposed for secure efficient
dynamic routing in wireless sensor network. This project provides secure efficient dynamic routing
in wireless sensor network. The protocols that are being used just provide a data packet transfer
without any proper time. With the implementation of open shortest path first protocol we can get a
better routing path for with least cost path. Thus the implementation of this can give a better view in
the data packet transferring. The Simulation of Secure Efficient Dynamic Routing in Wireless sensor
network has been implemented using dijkstras algorithm for finding shortest path between the
nodes. For providing security to the messages DES algorithm is used. The messages are encrypted
and decrypted using this algorithm in order to provide security. User can be able to create number of
nodes in the network. User can be able to send the packets using shortest path so that it reaches fast.
User can also able to view the Routing Table at each node. User can also be able to view different
nodes placed with their Node location and Node id. So from the Implementation it can be conclude
that this technique is very cost effective, secure and simpler to configure. In [11], Threshold
Hierarchical Intrusion Detection system has been proposed in which Mobile Node has the
responsibility of sending alarm to the base station when the no. of blacklisted sensor nodes reaches
the threshold. The suggested approach of this paper is based on this method, which will be explained
in brief in the next section.

3. THRESHOLD HIERARCHICAL INTRUSION DETECTION SYSTEM

This method attempts to detect the blacklisted nodes in the respective CHs by the help of
Monitor Nodes to alert the other sensors and the Base station. In this system, each sensor node
(including MNs) has a local list called the isolation list (or blacklist).Selective forwarding and black
hole attacks are detected after that member node relay their data messages. MNs in each cluster start
monitoring their CH, by hearing exchanged messages, during a period of time. If the MN finds that
there is no data message sent by its CH, this last is henceforth considered as attacker. Consequently,
the MN puts CHs identifier in its blacklist, and diffuses a local alert message, containing the related
ID to the neighboring nodes (which may be part of adjacent clusters). On the reception of the alert
message, nodes update their blacklists by adding attacker ID. The monitoring and detection
algorithm is detailed as follows: Detected attackers, whose IDs appear in nodes blacklist, will never
be chosen as CHs in the future clusters reconstructions. This allows then sinkhole prevention. Insider
malicious nodes finding themselves isolated from being CHs, may transmit falsified reports to the
BS. So, for a complete isolation, MNs as well as the legitimate sensor nodes should send general
alarms carrying their blacklists, to the BS.
On account of the important energy cost of direct communications with the BS, general alert
messages are sent only if the number of the detected intruders, in the blacklist, rises by a step equal
to a specified threshold. On each time it receives such a general alert message, the BS updates its
proper black list by adding the new intruders, allowing it to revoke the susceptible incoming
malicious messages.
The consumed energy
by THIDS on a monitor node is calculated as:

Where
is the consumed energy to detect the intrusion on the CHs

, is the processing energy on the blacklist (the checking and updating operations).
, is the needed energy for the alerting mechanism; the sending of both local and general alarms.

85

4. HIERARCHICAL INTRUSION DETECTION SYSTEM USING MULTIPLE MOBILE
BASE STATIONS

4.1. Working
This approach tries to improve the THIDS method and alarms the base station about the
blacklisted nodes. The proposed MHIDS follows certain assumptions which are as follows:

1. It is destined to cluster based WSNs, especially those where clusters are dynamically and
periodically formed.
2. Each cluster should have a certain number of MNs that control the behavior of their CH. The
number of MNs that should be defined in each cluster is determined according to a tradeoff
between detection effectiveness and energy saving.
3. Each time clusters change, the selected MNs change as well.

The cryptographic solution in the sensor nodes become infeasible when the there is an
internal attack in the sensor network, as each of the sensor nodes already knows the key. So IDS
approaches have been proposed which detects and isolate the inside malicious nodes present in the
network.
In THIDS, the alarm was being raised and sends to the base station only after the threshold
value was being reached. The major drawback in this case is that the blacklisted nodes could still
communicate with the base station and could still send the falsified message. Till the time the
threshold value is being reached it may happen that base station receives and computes falsified
messages which may be prove fatal (especially in some mission critical tasks). So, in this
approaches, as soon as the malicious node is being detected by the Monitor Nodes ,the information
will be send to the Base station and hence it will stops receiving information from that node.
In this approach, we use three sink nodes which are mobile and change its position with
respect to time. Mobile sink nodes will reduces the energy being consumed by the network. So, to
prevent it, whenever MN detects the blacklisted CH, it sends the general alarm to the nearest Base
station. The base station then stops receiving message from the blacklisted CHs.

4.2. Monitor and Detection Algorithm

BL : the blacklist.
T : time of intrusion detection beginning.
Slot-time : time of TDMA slot.
msg : message.
CHid : cluster head ID.

Begin
T _ (length (TDMA) * Time-slot) + random delay.
if ((time = T) and (ID != CHid)) then
Wakeup ().
if ( isMONITOR = true ) then
listening ().
if (no data message of CH is heard ) then
Add_in_list (BL , CHid ).
msg [data] = CHid.
Send_local_ alert (msg).
Send_general_alert(msg)://to nearest base station via MNs
86

msg [data] = BL.
end if.
end if.
end if.
end if.
End.

In this technique, we have used three mobile base stations. Using the mobile base station will
reduces the energy consumption to some extent. The alert message passes to the nearest Base station
via nearest Monitor nodes and hence much energy is being saved .The blacklisted node will also be
isolated from the CHs and hence could not send falsified information and hence secured data could
be transmitted by this method.

5. CONCLUSION

The presented approach of this paper tries to eradicate some problems in THIDS method and
ensures the secure data transmission .The malicious node will be isolated and being removed from
the network as soon as it being detected and hence is being much more secure. Using multiple
mobile base station will reduces the energy consumption and will increase the network lifetime. We
will simulate our result and will compare the result with existing THIDS. We have use IDS in the
work. In the future, we will extend the use IDS for other types of attack as well and also we will use
more number of Monitor Node for making it more efficient. However more work needed to be done
in this field so that global solution could be achieved.

REFERENCES

[1] B. Badrinath, M. Srivastava, K. Mills, J. Scholtz, and K. S. Eds., "Special issue on smart
spaces and environments," IEEE Personal Communications vol. 7, no. 5, 2000.
[2] I.F.Akyildiz, W. Su, Y.Sankarasubramaniam, and E.Cayirci, "Wireless sensor networks: a
survey," Computer Networks , 2002.
[3] D. Li, K. Wong, Y. Hu, and A. Sayeed,""detection, classification and tracking of targets in
distributed sensor networks"," IEEE Signal Processing Magazine, vol. 19, 2002.
[4] P. Varshney., "Distributed detection and data fusion," Spinger-Verlag, New York, 1996.
[5] Shiva Murthy G, Robert John DSouza, and Golla Varaprasad. : Digital Signature-Based
Secure Node Disjoint Multipath Routing Protocol for Wireless Sensor Networks, IEEE
SENSORS JOURNAL, VOL. 12, NO. 10, (2012).
[6] Shiva Murthy G, Robert John DSouza and Golla Varaprasad, "Digital Signature-Based
Secure Node Disjoint Multipath Routing Protocol for Wireless Sensor Networks", IEEE
SENSORS JOURNAL, VOL. 12, NO. 10, OCTOBER 2012.
[7] A. Abduvaliyev, et al, On the Vital areas of Intrusion Detection Systems in Wireless Sensor
Networks, IEEE Communications Surveys & Tutorials, Vol. 15, No. 3, pp. 1223-1237,
2013.
[8] E. Darra, S. K. Katsikas, Attack Detection Capabilities of Intrusion Detection Systems for
Wireless Sensor Networks, IEEE Fourth International Conference on Information,
Intelligence, Systems and Applications (IISA), Piraeus, 10-12 July 2013.
[9] A. Abduvaliyev, S. Lee, Y. K. Lee, Energy efficient hybrid intrusion detection system for
wireless sensor networks, International Conference on Electronics and Information
Engineering (ICEIE), Vol. 2, pp. 25-29, Kyoto, 2010.
87

[10] Shobha.K, Mamatha Jadhav.V, Simulation of a Secure Efficient Dynamic Routing In
Wireless Sensor Network, International Journal of Engineering and Advanced Technology
(IJEAT) ISSN: 2249 8958, Volume-2, Issue-5, June 2013.
[11] Somia Sahraoui, Souheila Bouam, International Journal of Communication Networks and
Information Security (IJCNIS) Secure Routing Optimization in Hierarchical Cluster-Based
Wireless Sensor Networks, Vol. 5, No. 3, December 2013.
[12] Neeraj Tiwari, Rahul Anshumali and Prabal Pratap Singh, Wireless Sensor Networks:
Limitation, Layerwise Security Threats, Intruder Detection, International Journal of
Electronics and Communication Engineering & Technology (IJECET), Volume 3, Issue 2,
2012, pp. 22 - 31, ISSN Print: 0976- 6464, ISSN Online: 0976 6472.
[13] S.R.Shankar and Dr.G.Kalivarathan, Feasibility Studies of Wireless Sensor Network and its
Implications, International Journal of Electrical Engineering & Technology (IJEET),
Volume 4, Issue 2, 2013, pp. 105 - 111, ISSN Print : 0976-6545, ISSN Online: 0976-6553.
[14] Revathi Venkataraman, K.Sornalakshmi, M.Pushpalatha and T.Rama Rao, Implementation
of Authentication and Confidentiality in Wireless Sensor Network, International Journal of
Computer Engineering & Technology (IJCET), Volume 3, Issue 2, 2012, pp. 553 - 560, ISSN
Print: 0976 6367, ISSN Online: 0976 6375.
[15] Anurag, Energy Efficient K-Target Coverage in Wireless Sensor Network, International
Journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 3, 2013,
pp. 254 - 259, ISSN Print: 0976 6367, ISSN Online: 0976 6375.
[16] Yogesh V Patil, Pratik Gite and Sanjay Thakur, Automatic Cluster Formation and Assigning
Address for Wireless Sensor Network, International Journal of Computer Engineering &
Technology (IJCET), Volume 4, Issue 4, 2013, pp. 116 - 121, ISSN Print: 0976 6367,
ISSN Online: 0976 6375.

Hierarchical Intrusion Detection System in Cluster Based Wireless Sensor Network Using Multiple Mobile Base Stations

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Hierarchical Intrusion Detection System in Cluster Based Wireless Sensor Network Using Multiple Mobile Base Stations

Uploaded by

Copyright:

Available Formats

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),

by THIDS on a monitor node is calculated as:

is the consumed energy to detect the intrusion on the CHs

You might also like