Documente Academic
Documente Profesional
Documente Cultură
They are composed of a collection of sensor and sink that are connected using wireless
communication in a multi-hop network and distributed over several areas. A sensor node has a
role to gather various data from surrounding area and send the data to central sink server. Many
WSNs are used for detecting climate changed, monitoring environments and habitats,
surveillance and military applications and monitoring power plant resources. Due WSNs
unintended access. An intrusion can be a serious problem in WSNs when there is an unauthorized
(unwanted) activity in a network that wants to damage network resources or sensor nodes.
In network security area, there are two mechanisms to protect network resources. The
first mechanism or first line of defense is used to prevent intrusion such as; authorization,
encryption, and filtering. If these mechanisms failed to prevent intrusion, then the second
mechanism is needed. The second mechanism or second line of defense has the responsibility to
detect an intrusion. Intrusion Detection System (IDS) can be used as second line defense that has
the capability to recognizing malicious activity from normal behavior. In order to detect an
intrusion, Most of the IDS are composed of monitoring components, analysis & detection
In IDS Implementation for WSN, ….. it can be classify into several types, Sensor
is the easy way to gain the information that flow from sensor node to a sink server. This reason
make IDS deployment in network level can be useful. Meanwhile another research by Da Silva, Li
Gourou and Goumit have another approach, they deploy the IDS sensor into sensor node. This
approach consider nature deployment of WSN that distributed across several area. Da silva
proposed an IDS implementation that gather interference of the network behavior from sensor
node. The sensor node monitor event in network such as : data message that not intended to it
Similar approach are used by Gourou Li and Doumit, with some modification. In Gourou
Li research, group of sensor used to detect outlier in network behavior. Delta grouping algorithm
is used to decide group of sensor that physically closed and sense similar message pattern.
However, doumit has another way to cluster the sensor node into leader and worker
architecture. Each of cluster consist several workers that close to the most powerful node or
leader. This cluster organization make IDS sensor placed at workers and let leader to be a IDS
decision module.
Basically, there are three types of IDS; Signature Based IDS, Anomaly Based IDS, and a
Hybrid IDS that combine Signature & Anomaly Based IDS. A Signature-Based IDS uses predefined
rules of attack pattern to detect intrusion. It is better solution to detect well-known intrusions,
however it becomes useless if there are new attack patterns. In contrary, an Anomaly-Based IDS
is introduced to monitor user behavior and create classifiers to differentiate a normal behavior
and malicious activity using a heuristic algorithm. This type of IDS can learn new and unknown
attack pattern, but in many cases, it may fail to detect well-known attack pattern and raise a false
behavior in order to detect attacks, but they are based on manually defined specifications
that describe what a correct operation is and monitor any behavior with respect to these
constraints. This is the technique we use in our approach. It is easier to apply in sensor
networks, since normal behavior cannot easily be defined by machine learning techniques
and training.
IDS detection module can be cost a lot of resources for Sensor Node. Each of detection
method can be useful for certain IDS deployment. In gourou li and doumit research that used
grouping and hierarchical types, they can used anomaly detection, because there are some node
that act as processing node. Doumit use the leader node as processing node while gourou li
detect the intrusion in group based scheme and let another decision node to raise alarm.
Another approach is used by da silva, he proposed signature based detection that is not
burden the sensor node. Each message processed and compared to some rules, if the result is
run specification based detection. This detection uses predefined rules same as signature based