Intrusion Detection in Homogeneous and Heterogeneous Wireless Sensor Networks

698 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 7, NO.
6, JUNE 2008
Intrusion Detection in Homogeneous and

Heterogeneous Wireless Sensor Networks
Yun Wang, Student Member, IEEE, Xiaodong Wang, Student Member, IEEE,
Bin Xie, Senior Member, IEEE, Demin Wang, Student Member, IEEE, and
Dharma P. Agrawal, Fellow, IEEE
Abstract—Intrusion detection in Wireless Sensor Network (WSN) is of practical interest in many applications such as detecting
an intruder in a battlefield. The intrusion detection is defined as a mechanism for a WSN to detect the existence of inappropriate,
incorrect, or anomalous moving attackers. For this purpose, it is a fundamental issue to characterize the WSN parameters such
as node density and sensing range in terms of a desirable detection probability. In this paper, we consider this issue according
to two WSN models: homogeneous and heterogeneous WSN. Furthermore, we derive the detection probability by considering
two sensing models: single-sensing detection and multiple-sensing detection. In addition, we discuss the network connectivity and
broadcast reachability, which are necessary conditions to ensure the corresponding detection probability in a WSN. Our simulation
results validate the analytical values for both homogeneous and heterogeneous WSNs.
Index Terms—Intrusion detection, node density, node heterogeneity, sensing range, Wireless Sensor Network (WSN).
1 INTRODUCTION
A Wireless Sensor Network (WSN) is a collection of

spatially deployed wireless sensors by which to
monitor various changes of environmental conditions
intruder can be immediately detected once it approaches
the network area. However, such a high-density deploy-
ment policy increases the network investment and may be
(e.g., forest fire, air pollutant concentration, and object even unaffordable for a large area. In fact, it is not necessary
moving) in a collaborative manner without relying on any to deploy so many sensors to cover the entire WSN area in
underlying infrastructure support [1]. Recently, a number many applications [3], since a network with small and
of research efforts have been made to develop sensor scattered void areas will also be able to detect a moving
hardware and network architectures in order to effectively intruder within a certain intrusion distance. In this case, the
deploy WSNs for a variety of applications. Due to a wide application can specify a required intrusion distance within
diversity of WSN application requirements, however, a which the intruder should be detected. As shown in Fig. 1,
general-purpose WSN design cannot fulfill the needs of all the intrusion distance is referred as D and defined as the
applications. Many network parameters such as sensing distance between the point the intruder enters the WSN,
range, transmission range, and node density have to be and the point the intruder is detected by the WSN system.
carefully considered at the network design stage, according This distance is of central interest to a WSN used for
to specific applications. To achieve this, it is critical to intrusion detection.
capture the impacts of network parameters on network In this paper, we derive the expected intrusion distance
performance with respect to application specifications. and evaluate the detection probability in different applica-
Intrusion detection (i.e., object tracking) in a WSN can tion scenarios. Given a maximal allowable intrusion
be regarded as a monitoring system for detecting the distance Dmax ¼ , we theoretically capture the impact on
intruder that is invading the network domain. Fig. 1 the detection probability in terms of different network
gives an example that sensors are deployed in a square parameters, including node density, sensing range, and
area ðA ¼ L LÞ for detecting the presence of a moving transmission range. For example, given an expected
intruder. Note that in Fig. 1, as well as in Figs. 3 and 4, the detection distance EðDÞ, we can derive the node density
illustration of sensors and an intruder is based on a slide for with respect to sensors’ sensing range, thereby knowing the
paper [2]. The intrusion detection application concerns total number of sensors required for WSN deployment.
how fast the intruder can be detected by the WSN. If In a WSN, there are two ways to detect an object
sensors are deployed with a high density so that the union (i.e., an intruder): single-sensing detection and multiple-sensing
of all sensing ranges covers the entire network area, the detection. In the single-sensing detection, the intruder can be
successfully detected by a single sensor. On the contrary,
. The authors are with the OBR Center of Distributed and Mobile in the multiple-sensing detection, the intruder can only be
Computing, Department of Computer Science, University of Cincinnati, detected by multiple collaborating sensors [4]. In some
Cincinnati, OH 45221-0030. applications, the sensed information provided by a
E-mail: {wany6, wangxd, xieb, wangdm, dpa}@email.uc.edu. single sensor might be inadequate for recognizing the
Manuscript received 15 May, 2007; revised 26 Oct. 2007; accepted 10 Jan. intruder. It is because individual sensors can only sense a
2008; published online 28 Jan. 2008.
For information on obtaining reprints of this article, please send e-mail to:
portion of the intruder. For example, the location of an
tmc@computer.org, and reference IEEECS Log Number TMC-2007-05-0136. intruder can only be determined from at least three sensors’
Digital Object Identifier no. 10.1109/TMC.2008.19. sensing data [5], [6], [7], [8]. In view of this, we analyze the
1536-1233/08/$25.00 ß 2008 IEEE Published by the IEEE CS, CASS, ComSoc, IES, & SPS
Authorized licensed use limited to: Green Hills Engineering College. Downloaded on July 17, 2009 at 06:14 from IEEE Xplore. Restrictions apply.
WANG ET AL.: INTRUSION DETECTION IN HOMOGENEOUS AND HETEROGENEOUS WIRELESS SENSOR NETWORKS 699
intrusion detection model. Section 4 analyzes the intrusion

detection in a homogeneous WSN, and Section 5 examines
the intrusion detection in a heterogeneous WSN. Section 6
studies the network connectivity and broadcast reachability
in a heterogeneous WSN. Simulation and verification
results are given in Section 7. Finally, the paper is
concluded in Section 8.
2 RELATED WORK
Intrusion detection is one of the critical applications in
WSNs, and recently, several approaches for intrusion
detection in homogeneous WSNs have been presented [3],
[14], [15], [16], [17]. The focus of these approaches aims at
effectively detecting the presence of an intruder. First, the
problem is investigated from the aspect of the network
Fig. 1. Intrusion detection in a WSN. architecture. Kung and Vlah [14] take advantage of a
hierarchical tree structure to effectively track the movement
intrusion detection problem under two application scenar- of an intruder. The hierarchical tree consists of connected
ios: single-sensing detection and multiple-sensing detection. sensors and is built upon expected properties of intruder
According to the capability of sensors, we consider mobility patterns such as its movement frequency over a
two network types: homogeneous and heterogeneous region. Based on the hierarchical tree, it allows an efficient
WSNs [9]. We define the sensor capability in terms of the record of an intruder’s moving information and supports
sensing range and the transmission range. In a heteroge- fast querying from the base station. Another tree structure
neous WSN [10], [11], [12] some sensors have a larger sensing for tracking an intruder, called as a logic object-tracking
range and more power to achieve a longer transmission tree, is developed by Lin et al. [15]. The logic object tracking
range. In this paper, we show that the heterogeneous WSN tree reduces the communication cost for data updating and
increases the detection probability for a given intrusion querying by taking into account the physical network
detection distance. On the other hand, a heterogeneous WSN topology. In particular, the logic object tracking tree targets
poses the challenge of network connectivity due to asym- to balance the update cost and the query cost so as to
metric wireless link. The high-capability sensors have a minimize the total communication cost.
longer transmission range while low capability sensors Second, the intrusion detection problem has been
have a shorter transmission range. Due to this, the packet considered from the constraint of saving network resources.
sent by a high-capability sensor may reach the low-capability For example, Chao et al. [16] have addressed the issue of
sensor, while the low capability sensor may not be able to tracking a moving intruder by power-conserving operations
send packets to the corresponding high-capability sensor and sensor collaboration. To achieve this, the authors
[13]. This motivates us to analyze the network connectivity defined a set of novel metrics for detecting a moving
in this paper. Furthermore, in a heterogeneous WSN, high- intruder and developed two efficient sleep-awake schemes
capability sensors usually undertake more important tasks called PECAS and MESH, to minimize the power con-
(i.e., broadcasting power management information or syn- sumption. Ren et al. [3] further studied the trade-off
chronization information to all the sensors in the network), between the network detection quality (i.e., how fast the
it is also desirable to define and examine the broadcast intruder can be detected) and the network lifetime. There-
reachability from high-capability sensors. The network fore, the sensor coverage had to be carefully designed
connectivity and broadcast reachability are important con- according to the detection probability with respect to
ditions to ensure the detection probability in WSNs. They
specific application requirements. The authors then pro-
are formally defined and analyzed in this paper. To the best
posed three wave sensing scheduling protocols to achieve
of our knowledge, our effect is the first to address this issue
the bounded worst case detection probability.
in a heterogeneous WSN.
Rather than a static WSN architecture as the above
The main contributions of this paper can be summarized approaches, Liu et al. [17] have modeled the intrusion
as follows: detection problem in a mobile WSN, where each sensor is
. Developing an analytical model for intrusion capable of moving. The authors have given the optimal
strategy for fast detection and shown that mobile WSN
detection in WSNs, and mathematically analyzing
improves its detection quality due to the mobility of sensors.
the detection probability with respect to various
In this paper, we address the intrusion detection
network parameters such as node density and
problem from the other angle. Most of the above efforts
sensing range.
consider intrusion detection and its efficiency in terms of
. Applying the analytical model to single-sensing the single-sensing model in a homogeneous WSN. Instead
detection and multiple-sensing detection scenarios of the network architecture and detecting protocol design,
for homogeneous and heterogeneous WSNs. we provide a comprehensive theoretical analysis on the
. Defining and examining the network connectivity intrusion detection in both homogeneous and heteroge-
and broadcast reachability in a heterogeneous WSN. neous WSNs [18]. The detection probability is theoretically
The remainder of the paper is organized as follows: captured by using underlying network parameters, and
Section 2 presents the related work. Section 3 describes the thus, our work is of paramount importance for a network
700 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 7, NO. 6, JUNE 2008
WSN, where both Type I and Type II sensors follow the

2D Poisson point distribution. In a homogeneous or
heterogeneous WSN, a point is said to be covered by a
sensor if it is located in the sensing range of any sensor(s).
The WSN is thus divided into two regions, the covered
region, which is the union of all sensor coverage disks, and
the uncovered region, which is the complement of the
covered region within the area of interest A. In our network
model, the intruder does not know the sensing coverage
map of the WSN.
3.2 Detection Model
There are two detection models in terms of how many
sensors are required to recognize an intruder: single-
sensing detection model and multiple-sensing detection
model. It is said that the intruder is detected under the
Fig. 2. Heterogeneous WSN deployment.
single-sensing detection model if the intruder can be identified
by using the sensing knowledge from one single sensor.
planner to design WSNs for intrusion detection applica-
On the contrary, in the multiple-sensing detection model, the
tions. To the best of our knowledge, this is the first work
intruder can only be identified by using cooperative
that considers the intrusion detection problem in a
heterogeneous WSN and provides fundamental analytical knowledge from at least k sensors (k is defined by specific
results on it. The analytical results indicate the improve- application requirements). For simplicity of expression,
ment on the detection quality in a heterogeneous WSN, as multiple sensing and k-sensing are interchangeable in the
compared to a homogeneous WSN, either for the single- following discussion:
sensing detection or the multiple-sensing detection scenar- In order to evaluate the quality of intrusion detection in
ios. Furthermore, we have modeled the network connectiv- WSNs, we define three metrics as follows:
ity and broadcast reachability in a heterogeneous WSN [19],
. Intrusion distance. The intrusion distance, denoted
which serve as the necessary conditions for achieving
by D, is the distance that the intruder travels
desirable detection probability.
before it is detected by a WSN for the first time.
Specifically, it is the distance between the point
3 INTRUSION DETECTION MODEL AND DEFINITIONS where the intruder enters the WSN and the point
where the intruder gets detected by any sensor(s).
Our intrusion detection model includes a network model,
Following the definition of intrusion distance, the
a detection model, and an intrusion strategy model. The Maximal Intrusion Distance (denoted by , > 0)
network model specifies the WSN environment. The is the maximal distance allowable for the intruder
detection model defines how the intruder can be detected to move before it is detected by the WSN.
and the intrusion strategy illustrates the moving policy of . Detection probability. The detection probability is
the intruder. defined as the probability that an intruder is
detected within a certain intrusion distance (e.g.,
3.1 Network Model Maximal Intrusion Distance ).
We consider a WSN in a two-dimensional (2D) plane with . Average intrusion distance. The average intrusion
N sensors, denoted by a set N ¼ ðn1 ; n2 ; . . . ; nN Þ, where ni distance is defined as the expected distance that
is the ith sensor. These sensors are uniformly and indepen- the intruder travels before it is detected by the WSN
dently deployed in a square area A ¼ L L. Such a random for the first time.
deployment results in a 2D Poisson point distribution of
sensors. All sensors are static once the WSN has been 3.3 Intrusion Strategy Model
deployed. In particular, we consider two WSN types: As illustrated in Figs. 3 and 4, we consider two intrusion
homogeneous and heterogeneous WSNs. In a homogeneous strategies for the movement of the intruder in a WSN. If the
WSN, each sensor has the same sensing radius of rs , and the intruder (say, a panzer) already knows its destination
transmission range of rx . A sensor can only sense the intruder before entering the network domain, it follows the
within its sensing coverage area that is a disk with radius rs shortest path to approach the destination. In this case, the
centered at the sensor. Denote the node density of the intrusion path is a straight line ðD1 Þ from the entering point
homogeneous WSN as . We then focus on a heterogeneous to the destination, as illustrated in Fig. 3. The main idea
WSN with two types of sensors, as shown in Fig. 2: behind this strategy is that the straight movement causes
the least risk for the intruder due to the least area that it has
.Type I sensor that has a larger sensing range rs1 , to explore by following a straight line toward the destina-
as well as a longer transmission range rx1 , and tion. The corresponding intrusion detection area S1 is
. Type II sensor that has a smaller sensing range rs2 , determined by the sensor’s sensing range rs and intrusion
as well as a shorter transmission range rx2 . distance D1 , as shown in Fig. 3. It is because the intruder
The densities of Type I and Type II sensors are represented can be detected within the intrusion distance D1 by any
as 1 and 2 , respectively. Fig. 2 shows a heterogeneous sensor(s) situated within the area of S1 .
Fig. 3. Intrusion strategy 1.

Fig. 5. The intruder starts from the boundary of the WSN.
On the contrary, if the intruder does not know its
destination, it moves in the network domain in a 4.1 Single-Sensing Detection
random fashion. We consider that the intruder tends to In the single-sensing detection model, the intruder can be
minimize the overlapping on its path. Thus, the intrusion recognized once it moves into the sensing coverage disk
path of the intruder can be regarded as a nonoverlapping of any sensor(s). According to the intrusion strategy, the
curved line ðD2 Þ, and the intrusion area accordingly is a intruder may access the network domain from any point
curved band S2 , as illustrated in Fig. 4. of the network boundary or a random point in the
In the above two strategies, if the intruder travels the network domain. When the intruder starts from a point of
same distance, i.e., D1 ¼ D2 , the corresponding intrusion the network boundary, as shown in Fig. 5, given an
detection areas approximately satisfy S1 ¼ S2 . Therefore, intrusion distance D 0, the corresponding intrusion
we adopt a straight path in the following discussion, and detection area SD is almost an oblong area. This area
the analytical results can be directly applied to the case of includes a rectangular area with length D and width 2rs
the curved path. Furthermore, the intruder can start its and a half disk with radius rs attached to it. It has
intrusion from the network boundary or a random point
inside the network domain. For example, the intruder can r2s
SD ¼ 2 D r s þ : ð1Þ
be dropped from the air and starts from any point in the 2
network domain. According to the definition of single-sensing detection,
the intruder is detected if and only if there exists at least
4 INTRUSION DETECTION IN A HOMOGENEOUS one sensor within this area SD . Otherwise, the intruder is
not detected. Similarly, when the intruder starts from a
WIRELESS SENSOR NETWORK random point in the network domain, the corresponding
In this section, we present the analysis of intrusion intrusion detection area is SD ¼ 2 D rs þ r2s , as shown
detection in a homogeneous WSN. We derive the detection in Fig. 6. In the following analysis, we focus on the case that
probability for single-sensing detection and k-sensing the intruder starts from the boundary of the network
detection.
Fig. 4. Intrusion strategy 2. Fig. 6. The intruder starts form a random point in the WSN.
2

rs
domain. The derived results can be applied to the other case 2rs þ 2
r2 p1 ½D ¼ ¼ 2rs e and
by replacing 2s with r2s . pffiffi
Z 2 L ð5Þ
We first consider the detection probability that the r2
2rs þ 2s
intruder can be immediately detected once it enters the E1 ðDÞ ¼ 2rs e dðÞ:
network domain. In other words, it has an intrusion 0
distance D ¼ 0. The corresponding intrusion detection area
r2
is S0 ¼ 2s . We then have Theorem 1 as follows: Proof. In Theorem 2, (4) gives the cumulative density
Theorem 1. The probability p1 ½D ¼ 0 that an intruder can be function (CDF) of intrusion distance such as p1 ½D .
immediately detected once it enters a homogeneous WSN with Therefore, p1 ½D ¼ can be obtained from the differential
node density and identical sensing range rs can be given by
of p1 ½D , and it can be calculated as p1 ½D ¼ ¼
r2
dðp1 ½DÞ s
p1 ½D ¼ 0 ¼ 1 e
r2s
2 : ð2Þ dðÞ ¼ 2rs eð2rs þ 2 Þ . The average intrusion distance
E1 ðDÞ can be easily derived from the PDF of the intrusion
Proof. In a uniformly distributed WSN with node density , distance (i.e., p1 ½D ¼ ). Since the intruder is assumed to
the probability of m sensors located within the area S
move in the network along a straight path, and the
follows the Poisson distribution [18]:
network domain is a square area with size A ¼ L L, the
ðSÞm S pffiffiffi
P ðm; SÞ ¼ e : ð3Þ maximum distance the intruder may travel is 2L. Then,
m!
the average intrusionpffiffi distance is given as E1 ðDÞ ¼
R pffiffi2L R 2L r2
Therefore, the probability of no sensor in the immediate s
p1 ½D ¼ dðÞ ¼ 0 2rs eð2rs þ 2 Þ dðÞ. u
t
r2 0
r2 r2 s
intrusion detection area S0 ¼ 2s is P ð0; 2s Þ ¼ e 2 . Theorems 1-3 indicate that the quality of intrusion detection
r2s
Then, the complement of P ð0; 2 Þ is the probability that in single-sensing detection scenario for a given WSN
r2
there is at least one sensor located in S0 ¼ 2s . In this improves as the sensing range or the node density
case, the intruder can be detected once it approaches the increases.
network with intrusion distance D ¼ 0. Thus, the
probability that the intruder can be detected immedi- 4.2 K-Sensing Detection
ately by the WSN once2 it enters the WSN is p1 ½D ¼ 0 ¼ In the k-sensing detection model, an intruder has to be sensed
r2 rs
1 P ð0; 2s Þ ¼ 1 e 2 . u
t by at least k sensors for intrusion detection in a WSN. The
number of required sensors depends on specific applications.
This result shows that the immediate detection prob-
For example, at least three sensors’ sensing information is
ability p1 ½D ¼ 0 is determined by the node density and the
required to determine the location of the intruder.
sensing range. By increasing the node density or enlarging
the sensing range, p1 ½D ¼ 0 can be improved. Theorem 4. Let pk ½D ¼ 0 be the probability that an intruder is
Immediate detection may need a large sensing range or a detected immediately once it enters a WSN with node density
high node density, thus increasing the WSN deployment and sensing range rs in k-sensing detection model. It has
cost. We then consider the detection probability in a relaxed 2 i
condition when the intruder is allowed to travel some X
k1
rs r2s
distance in the WSN. pk ½D ¼ 0 ¼ 1 e 2 : ð6Þ
i¼0
2i i!
Theorem 2. Suppose is the maximal intrusion distance
r2s
allowable for a given application. The probability p1 ½D Proof. According to (3), P ði; 2 Þ is the probability that
that the intruder can be detected within in the given
there are i sensors located in the immediate detection
homogeneous WSN can be derived as
r2 Pk1 r2s
area S0 ¼ 2s . i¼0 P ði; 2 Þ is therefore the probability
2 rs
2rs þ 2 that there are less than k sensors in the area S0 . Further,
p1 ½D ¼ 1 e : ð4Þ P r2s
1 k1i¼0 P ði; 2 Þ represents the probability that there
Proof. According to the definition of single-sensing detection
are at least k sensors located in the area S0 . In this case,
model, the probability that the intruder can be detected
the intruder can be sensed by at least k sensors when
within an intrusion distance of is equivalent to the
it accesses the network boundary. Consequently, it
probability that there is at least one sensor located in the P r2s
corresponding intrusion detection area S ¼ 2rs þ 2s .
r2 can be said that pk ½D ¼ 0 ¼ 1 k1 i¼0 P ði; 2 Þ ¼ 1
Pk1 ðr2s Þ r2s
i
That is, p1 ½D ¼ 1 P ð0; S Þ while P ð0; S Þ is obtained i¼0 2i i! e

2 is the probability of the intruder to
from (3). The probability p1 ½D can further be be detected immediately when it enters the WSN
r2
s
represented as p1 ½D ¼ 1 P ð0; S Þ 2¼ 1 eð2rs þ 2 Þ . domain under k-sensing detection scenarios. u
t
rs
Then, it yields p1 ½D ¼ 1 eð2rs þ 2 Þ . u
t Theorem 5. Let pk ½D be the probability that the intruder is
Theorem 3. Let p1 ½D ¼ be the probability that the intruder is detected within the maximal intrusion distance in a
detected at an intrusion distance , > 0, and E1 ðDÞ be the k-sensing detection model for the given homogeneous WSN.
average intrusion distance. Then, Then, pk ½D can be calculated as
i
X
k1
S S
pk ½D ¼ 1 e Theorems 4-6 show that the quality of intrusion detection
i!
i¼0 ð7Þ in the k-sensing detection scenario for a given WSN improves
r2
where S ¼ 2rs þ s : as the sensing range and node density increase and
2
r2s decreases as k grows. If we relax the multiple-sensing
Proof. S ¼ 2rs þ 2 is the intrusion detection area with
respect to the maximal intrusion distance . If there are at detection to single-sensing detection2 by setting k ¼ 1.
r
s
least k sensors in the area S , the intruder can be sensed Equation (8) is reduced to E1 ðDÞ ¼ e2rs 2i! , which shows (5)
R pffiffi2L r2s
by the k sensors, and the k sensors could collaborate in another way (i.e., E1 ðDÞ ¼ 0 2rs eð2rs þ 2 Þ dðÞ).
with each other i
to recognize the intruder. From (3), Note that there is no closed form solution for the integral
ðS Þ S
P ði; S Þ ¼ i! e denotes the probability that i sen-
P in (5), but it matches with (8) when L rs .
sors are located in the area of S . Then, k1 i¼0 P ði; S Þ ¼
Pk1 ðS Þi S
i¼0 i! e is the probability that less than k sensors 5 INTRUSION DETECTION IN A HETEROGENEOUS
are located in the area S . Thus, the complement of WIRELESS SENSOR NETWORK
Pk1 Pk1 ðS Þi S
i¼0 P ði; S Þ, 1 i¼0 i! e is the probability that In a heterogeneous WSN, as defined in Section 3.1, we
there are at least k sensors located in the area S . If this is consider two types of sensors: Type I and Type II with the
the case, the intruder can be sensed by at least k sensors node density of 1 and 2 , respectively. A Type I sensor
P ðS Þi S has the sensing range rs1 , and the sensing coverage is a
from the WSN with probability 1 k1 i¼0 i! e disk of area S1 ¼ r2s1 . A Type II sensor has the sensing
before it travels a distance of . Finally, the probability coverage of S2 ¼ r2s2 with the sensing range rs2 . Without
pk ½D that the intruder is detected within the maximal loss of generality, we can assume that rs1 > rs2 in our
network model. In a heterogeneous WSN, any point in the
intrusion distance in k-sensing detection model can be
Pk1 ðS Þi S network domain is said to be covered if the point is under
derived as pk ½D ¼ 1 i¼0 i! e . t
u the sensing range of any sensor (Type I, Type II, or both).
Theorem 6. Let Ek ðDÞ be the average intrusion distance in the In this section, we present the analysis of intrusion
k-sensing detection model for the given WSN with node detection probability of a heterogeneous WSN in single-
density and sensing range rs , it has sensing detection and multiple-sensing detection models.
P r2s i r2s 5.1 Single-Sensing Detection

k k1
i¼0 2 e
2
We denote the intrusion distance by Dh in the given
Ek ðDÞ ¼ : ð8Þ
2rs i! heterogeneous WSN. Again, an intruder may be detected
by the WSN once it approaches the network boundary,
Proof. Ek ðDÞ is the average intrusion distance. Then, and the corresponding intrusion distance is Dh ¼ 0. This
Sk ¼ Ek ðDÞ 2rs is the average intrusion detection area, leads to the following theorem.
and Ek ðDÞ 2rs is the average number of sensors Theorem 7. The probability p1 ½Dh ¼ 0 that an intruder can be
located in the area of Sk . Based on the definition of immediately detected once it enters the given heterogeneous
k-sensing detection model, k sensors are required to WSN in a single-sensing detection model can be represented by
identify the intruder. Thus, the average number of sensors r2
s1
r2
s2
located in the average intrusion detection area should be p1 ½Dh ¼ 0 ¼ 1 e1 2 e2 2 : ð9Þ
equal to k, that is, Ek ðDÞ 2rs ¼ k. Considering the
Proof. According to the single-sensing detection model,
case when the intruder is detected immediately once it the intruder is detected if and only if one of the following
enters the WSN domain, the average intrusion distance is conditions is satisfied:
Ek ðDÞ ¼ 0, while Ek ðDÞ 2rs ¼ 0. In this case,
. The intruder enters into the sensing coverage area
Ek ðDÞ 2rs ¼ k does not hold. Thus, it is necessary to
of any Type I sensor(s).
eliminate this boundary effect, and we get Ek ðDÞ . The intruder enters into the sensing coverage area
2rs ¼ kð1 pk ½D ¼ 0Þ. By replacing pk ½D ¼ 0 by (7) of any Type II sensor(s).
following Theorem 4, we further obtain Ek ðDÞ 2rs ¼ In the Cartesian coordinate system, as illustrated in
P r2s Pk1 r2s i r2s
k k1
i¼0 P ði; 2 Þ ¼ k i¼0 ð 2 Þ e
2 . Finally, the average
Fig. 7, suppose point (0, 0) is the starting position of the
intrusion distance in the k-sensing detection model for intruder, and y-axis is the network boundary. If a Type
the given WSN can be calculated as r2s1
Isensor is located inside the half disk S1 ¼ 2 , which is
P r2s i r2s centered at the point (0, 0) with radius rs1 , the first
k k1
i¼0 2 e
2
Ek ðDÞ ¼ : condition holds. Similarly, the second condition holds if

2rs i! there is a Type II sensor inside the half disk S2 ¼
r2s2
,
t
u 2
which is centered at the point (0, 0) with radius rs2 . Then,
Fig. 7. Intrusion detection at the start point ðDh ¼ 0Þ. Fig. 8. Intrusion detection in the heterogeneous WSN ðDh ¼ Þ.
0
from (3), the probability that no2 Type I sensor lies inside Note that P1 ð0; S10 Þ ¼ e1 S1 is the probability of no Type I
r 0
S1 is P1 ð0; S1 Þ ¼ e1 S1 ¼ e 1 2s1
, and the probability of sensor in the area of S10 , and P2 ð0; S20 Þ ¼ e2 S2 is the
2 r
no Type II sensor inside S2 is P2 ð0; S2 Þ ¼ e2 S2 ¼ e2
s2
2 . probability of no Type II sensor in the area of S20 . The
Considering Type I and Type II, sensors are indepen- first condition can be satisfied with the probability of
dently deployed according to our heterogeneous WSN 1 P1 ð0; S10 Þ, and the second condition holds with the
model, the probability of neither Type I sensor nor Type probability of P1 ð0; S10 Þð1P2 ð0; S20 ÞÞ. Thus, 1P1 ð0; S10 Þ þ
II sensor that senses the intruder is P1 ð0; S1 ÞP2 ð0; S2 Þ ¼ P1 ð0; S10 Þð1 P2 ð0; S20 ÞÞ ¼ 1 P1 ð0; S10 ÞP2 ð0; S20 Þ represents
2 r 2 r
s1 s2 the probability of at least one sensor (either Type I or
e1 2 e2 2 . Thus, the probability of at least one sensor
Type II) that can detect the intruder within the maximal
(either Type I or Type II) around the boundary that can
2 r
s1 intrusion detection area S0 . Finally, the probability
sense2 the intruder is 1 P1 ð0; S1 ÞP2 ð0; S2 Þ ¼ 1 e1 2
r
s2 that the intrusion distance Dh is less than can be derived
e2 2 . Therefore, the probability that the intruder is 0 0
a s p1 ½Dh ¼ 1 P1 ð0; S10 ÞP2 ð0; S20 Þ ¼2 1 e1 S1 e 2 S2
.
detected immediately once it enters the network domain r r2
s1 s2
2 2 r
s1
r
s2
Further, we get p1 ½Dh ¼ 1e1 ð2rs1 þ 2 Þ e2 ð2rs2 þ 2 Þ . t u
can be represented as p1 ½Dh ¼ 0 ¼ 1 e1 2 e2 2 . u
t
Theorem 9. The probability p1 ½Dh ¼ that the intruder is

Theorem 8. Suppose is the maximal intrusion distance detected at an intrusion distance ð > 0Þ when it travels
allowable for the intruder to travel within the given within the given heterogeneous WSN in single-sensing
heterogeneous WSN in single-sensing detection. The prob- detection can be derived as
ability p1 ½Dh that the intrusion distance Dh is less than 0 0
can be calculated as p1 ½Dh ¼ ¼ 2ð1 rs1 þ 2 rs2 Þeð1 S1 þ2 S2 Þ ;
0 0 r2si ð11Þ
p1 ½Dh ¼ 1 e1 S1 e2 S2 ; where Si0 ¼ 2rsi þ ; ði ¼ 1; 2Þ:
2
r2si ð10Þ
where Si0 ¼ 2rsi þ ; ði ¼ 1; 2Þ: Proof. Equation (10) gives the CDF of intrusion distance in a
2
single-sensing detection scheme. Therefore, the probabil-
Proof. The probability of an intruder to be detected within
the maximal intrusion distance is equivalent to the ity p1 ½Dh ¼ that the intruder is detected at an intrusion
probability of at least one sensor (either Type I or distance can be derived by the differential of p1 ½Dh .
Type II) inside the corresponding intrusion detection ½Dh Þ 0 0
area S0 . For Type I sensors, the intrusion detection It has p1 ½Dh ¼ ¼ dðp1dðÞ ¼ 2ð1 rs1 þ 2 rs2 Þeð1 S1 þ2 S2 Þ ¼
1 r2 þ2 r2
area S10 is the region that includes a rectangular area 2ð1 rs1 þ 2 rs2 Þe ð21 rs1 þ22 rs2 þ s1
2
s2 Þ
. Then, based on
with length and width 2rs1 , as well as a half disk with
r2 the PDF of an intrusion detection distance such as
radius rs1 , as shown in Fig. 8. It gives S10 ¼ 2rs1 þ 2s1 .
Similarly, the intrusion detection area for Type II sensors p1 ½Dh ¼ , it is easy to obtain the expected intrusion
r2
is S20 ¼ 2rs2 þ 2s2 . Then, we obtain the maximal intru- distance as
S
sion detection area with respect to as S0 ¼ S10 S20 . The pffiffi
intruder can be detected within the intrusion distance if Z 2L
0 0
one of the following conditions is satisfied: E1 ðDh Þ ¼ 2ð1 rs1 þ 2 rs2 Þeð1 S1 þ2 S2 Þ dðÞ:
0
. At least one Type I sensor is located in the area
of S10 . This is because the maximum intrusion distance that the
. If condition 1 does not hold, at least one Type II intruder
pffiffiffi could travel in the square network domain is
sensor is located in the area of S20 . 2L by following a straight path. u
t
Xk1 hXm i
Theorems 7-9 indicate that the quality of intrusion pk ½Dh ¼ 0 ¼ 1 m¼0 j¼0
P1 ðj; S 1 ÞP2 ðm j; S 2 Þ
detection in single-sensing detection scenario for a given Xk1 Xm r2s1 r2

heterogeneous WSN increases with the increasing of ¼1 P ðj;

j¼0 1
ÞP2 ðm j; s2 Þ :
m¼0 2 2
sensing range and node density. In addition, the existence
of high-capability sensors improves the network detection u
t
probability further due to a larger sensing range. Theorem 11. Let pk ðDh Þ be the probability that the intrusion
distance is less than ð > 0Þ in the k-sensing detection
5.2 K-Sensing in a Heterogeneous WSN model, is the maximal intrusion distance allowable for an
In the k-sensing detection model of a heterogeneous WSN intruder to move in the given heterogeneous WSN. It has
with two types of sensors, at least k sensors are required to " #
detect an intruder. These k sensors can be any combination k1 X
X m
0 0
pk ½Dh ¼ 1 P1 j; S1 P2 m j; S2 ;
of Type I and Type II sensors. For instance, if three sensors m¼0 j¼0 ð13Þ
are required to detect an intruder for a specific application, 2
r
the intruder can be detected by any of the following sensor where Si0 ¼ 2rsi þ si ; ði ¼ 1; 2Þ:
2
combinations:
Proof. From (3), P1 ðj; S10 Þ is the probability that j Type I
1. three Type I sensors,
2. three Type II sensors, sensors are located in the intrusion detection area
r2s1
3. one Type I sensor and two Type II sensors, and S10 ¼ 2rs1 þ 2 . P2 ðm j; S20 Þ is the probability of
4. two Type I sensors and one Type II sensor. ðmjÞ Type II sensors located in the corresponding
r2s2
intrusion detection area S20 and S20 ¼ 2rs2 þ 2 . Then,
Theorem 10. Let pk ðDh ¼ 0Þ be the probability that an intruder
P1 ðj; S10 ÞP2 ðm j; S20 Þ represents the probability of
can be immediately detected once it enters the given
heterogeneous WSN in the k-sensing detection model. It has m sensors, consisting of j Type I sensors and ðm jÞ
" # Type II sensors can sense the intruder within the intrusion
k1 X
X m
r2s1 r2s2 S
pk ½Dh ¼ 0 ¼ 1 P1 j; P2 m j; : detection area S10 S20 with respect to . If m ¼ k,
2 2
m¼0 j¼0
P1 ðj; S10 ÞP2 ðm j; S20 Þ stands for the probability that the
ð12Þ intruder can be detected by the WSN within intrusion
Proof. According to k-sensing detection model, an intruder distance . Since these m sensors can be any combination
P
is detected immediately once it enters the network if and of sensor types, m 0 0
j¼0 P1 ðj; S1 ÞP2 ðm j; S2 Þ is the prob-
only if at least k sensors are located within their half ability that there are totally m sensors can sense the
P Pm
sensing disk centered at the intrusion start point (as intruder. Then, k1 0 0
m¼0 ½ j¼0 P1 ðj; S1 ÞP2 ðm j; S2 Þ is the
j
illustrated in Fig. 7). Based on (3), P1 ðj; S1 Þ ¼ ðS1j!Þ eS1 is probability that there are at most ðk 1Þ (i.e., less than k)
the probability of j Type I sensors that can sense the sensors that can sense the intruder within the intrusion
S
intruder within the corresponding intrusion detection detection area S10 S20 . Consequently, the probability
ðmjÞ
r2s1
area S1 ¼ 2 , and P2 ðm j; S2 Þ ¼ ðSðmjÞ!
2 Þ
eS2 is the pk ðDh Þ that the intruder travels with distance less
probability of ðm jÞ Type II sensors that can sense the than before being detected by the given heterogeneous
r2s2
intruder within the area of S2 ¼ 2 . Consequently, WSN in the k-sensing detection model can be derived
P hP i
P1 ðj; S1 ÞP2 ðm j; S2 Þ represents the probability of as pk ðDh Þ ¼ 1 k1 m 0 0
m¼0 j¼0 1 ðj; S1 ÞP2 ðm j; S2 Þ ¼
P
m sensors (j Type I sensors plus m j Type II sensors) Pk1 hPm r2s1 r2s2
i
1 m¼0 j¼0 P1 ðj; 2r s1 þ 2 ÞP2 ðmj; 2r s2 þ 2 Þ . tu
that can sense the intruder at the start point. Since these
Theorem 12. Let Ek ðDh Þ be the average intrusion distance under
m sensors can be any combination of sensor types,
Pm the k-sensing detection model in the given heterogeneous
j¼0 P1 ðj; S1 ÞP2 ðm j; S2 Þ is the probability that there WSN. Then
are totally m sensors that can sense the intruder in P hP i
S r2s1 r2s2
the intrusion detection area of S1 S2 . Therefore, k k1
m¼0
m
j¼0 P1 j; 2 P2 m j; 2
Pk1 Pm Ek ðDh Þ ¼ : ð14Þ
2rs1 1 þ 2rs2 2
m¼0 ½ j¼0 P1 ðj; S1 ÞP2 ðm j; S2 Þ is the probability of
at most ðk 1Þ (less than k) sensors that can sense the Proof. Ek ðDh Þ is the average intrusion distance in the
intruder when it approaches the WSN. Finally, the heterogeneous WSN. Then, the corresponding average
probability that the intruder can be immediately detected intrusion detection areas for Type I and Type II sensors
are S1 ¼ 2rs1 Ek ðDh Þ and S2 ¼ 2rs2 Ek ðDh Þ, respectively.
once it enters the heterogeneous WSN in the k-sensing
While the node densities of Type I and Type II sensors
detection model is equivalent to the complement of are 1 and 2 . The average number of Type I sensors
Pk1 Pm
m¼0 ½ j¼0 P1 ðj; S1 ÞP2 ðm j; S2 Þ, yielding that with the intruder during its invasion is N1 ¼ 1 S1 .
At the same time, the average number of Type II sensors For instance, in Theorem 1, the probability p1 ½D ¼ 0 that
that hit the intruder in its intrusion is N2 ¼ 2 S2 . In the the intruder can be immediately detected once it enters a
k-sensing detection model, k sensors are required to homogeneous WSN with node density , sensing range rs ,
detect the intruder, it has N1 þ N2 ¼ 1 S1 þ 2 S2 ¼ and node availability pa can be given by
2rs1 Ek ðDh Þ1 þ 2rs2 Ek ðDh Þ2 ¼ k. The only exception is r2
s
2rs1 Ek ðDh Þ1 þ 2rs2 Ek ðDh Þ2 ¼ 0 while Ek ðDh Þ ¼ 0 in the p1 ½D ¼ 0 ¼ 1 epa 2 : ð15Þ
case of immediate intrusion detection. In view of this, we
It is clear that (15) is reduced to (2) for pa ¼ 1.
eliminate this boundary effect (i.e., Ek ðDh Þ ¼ 0) and
obtain kð1 pk ½Dh ¼ 0Þ ¼ 2Ek ðDh Þrs1 1 þ 2Ek ðDh Þrs2 2 .
Substituting pk ½Dh ¼ 0 with (12), iwe further obtain 6 NETWORK CONNECTIVITY AND BROADCAST
Pk1 hPm r2s1 r2s2 REACHABILITY IN A HETEROGENEOUS
k m¼0 j ¼ 0 P1 ðj; 2 ÞP2 ðm j; 2 Þ ¼ 2Ek ðDh Þrs1 1 þ
2Ek ðDh Þrs2 2 . Consequently, the average intrusion dis-
WIRELESS SENSOR NETWORK
tance for k-sensing model in the heterogeneous WSN can Based on our network model, Theorems 1-12 statistically
be derived as characterize the intrusion detection probability in terms of the
P hP i intrusion distance, the node density, the sensing range, and
r2s1 r2s2
k k1m¼0
m
j¼0 P1 j; 2 P2 m j; 2 the node heterogeneity. Given a maximal allowable intrusion
Ek ðDh Þ ¼ : distance, a predefined detection probability, and the sensor
2rs1 1 þ 2rs2 2
capability (i.e., sensing range), the network planner can
u
t calculate the required node density by using Theorems 1-12.
Hereafter, the network planner knows the number and type
Theorems 10-12 indicate that the quality of intrusion of sensors that have to be deployed in the WSN.
detection in the k-sensing detection scenario for a given However, detecting the intruder is the first step in
heterogeneous WSN improves with the increase in the intrusion detection. To operate successfully, a WSN must
sensing range and the node density and decreases as k grows. provide satisfactory connectivity so that sensors can com-
In addition, the existence of high-capability sensors further municate for data collaboration and reporting to the
improves the network detection quality due to the enlarged administrative center (i.e., base station). The sensing data
sensing coverage. may have to be reported to the base station, which may be in
any location of the network [25]. If the network connectivity
5.3 Incorporating Node Availability
is not assured, it is meaningless even the sensor(s) detect the
It should be noted that the above analytical results
presence of the intruder. Zhang and Hou [26] have proven
(Theorems 1-12) can be extended to the scenario that a
power management scheme is adopted as follows: A power that in a homogeneous WSN, if the transmission range is
management scheme in WSNs is greatly desirable due to equal to or higher than twice of the sensing range, a given
power constraint on common sensors. Sensor power can be coverage probability guarantees a connectivity probability.
put on/off periodically to save energy in most of the In this manner, when the coverage is satisfied in the
WSN applications [16], [21], [22]. Thus, it is appropriate to homogeneous WSN, the network connectivity is also
take the node availability rate into consideration in our statistically guaranteed so that it allows two sensors to
analysis. communicate with each other. However, in a heterogeneous
The most basic prescheduled independent sleeping WSN, the deployment of sensors with different capability
approach can be implemented by a Random Independent
complicates the network operation with the asymmetric
Sleeping (RIS) scheme. In this scheme, time is divided into
cycles based on a time synchronization method. At the links. Specifically, a sensor with longer transmission range
beginning of a cycle, each sensor independently decides (i.e., Type I sensor) might reach some sensors with shorter
whether to become active with probability p or go to sleep transmission range (i.e., Type II sensors), while the Type II
with probability 1 p. Thus, the network lifetime is sensors may not be able to reach the Type I sensor. The
increased by a factor up to 1=p [23]. Here, we incorporate network connectivity has to be reconsidered.
this RIS scheme in our analysis of intrusion detection in In a heterogeneous WSN, sensors mainly use a broadcast
terms of node availability. We assume all sensors have the paradigm for communication [12] and high-capacity sensors
same availability probability, denoted by pa , which means usually undertake more important tasks (i.e., for broad-
each sensor has the probability of 1 pa to be off in every casting power management information or synchronization
sensing period. Note that the Poisson stream has its
information to all the sensors). This motivates us to examine
characteristics. If a Poisson stream with mean rate is split
into k substreams such that the probability of a job that is two fundamental characteristics of a heterogeneous WSN.
going to be the ith substream is pi , each substream is also The definitions are listed below:
Poisson distributed with a mean rate of pi [24]. In our
. Network connectivity. The probability that a packet
network model, all sensors are randomly deployed and
broadcasted from any sensor (either Type I or
conform to a Poission distribution. Therefore, our above
analysis can be extended to incorporate RIS scheme with a Type II sensor) can reach all the other sensors in
node availability rate pa by replacing the previous node the network.
densities , 1 , and 2 with pa , pa 1 , and pa 2 , respectively, . Broadcast reachability. The probability that a packet
in the above derivation of Theorems 1-12 for either broadcasted from any Type I sensor can reach all the
homogeneous or heterogeneous WSN. other sensors in the network.
sensors has at least one neighbor in the relatively smaller

transmission range Sx2 , the network is connected.
Assuming all the other N 1 sensors except A are
2
connected, with probability 1P ð0; Sx2 Þ ¼ 1eð1 þ2 Þrx2 ,
there is at least one sensor located in the smaller
transmission range Sx2 . Then, sensor A can broadcast its
packet to at least one of the other N 1 sensors, and the
packet can further be broadcasted to all the sensors in
the network. Thus, we obtain the conditional probability
2
A
Pcon ¼ 1 eð1 þ2 Þrx2 . Due to the fact that sensor A
Fig. 9. Transmission range in heterogeneous case.
is chosen arbitrarily and the statistical independence
for all the sensors, the probability that the other
Given node densities and the transmission ranges of
N 1 sensors
h are connected
i can be calculated as
different sensors deployed in a WSN, we can calculate the 2
ðN1Þ
network connectivity or the broadcast reachability. On the
N1
Pcon ¼ 1 eð1 þ2 Þrx2 . Finally, the upper bound
other hand, if the required network connectivity (or broad- of the network connectivity
h caniN be derived as
cast reachability) is specified, we can compute the required N
Pcon A
¼ Pcon N1
Pcon
2
¼ 1 eð1 þ2 Þrx2 . u
t
transmission ranges in terms of node density. Thus, the
minimal transmission power can be obtained for the
Theorem 14. Consider a heterogeneous WSN consisting of
purpose of power efficiency.
independently deployed Type I and Type II sensors, with
In [27], Bettstetter has proved the following lemma on
node densities 1 and 2 and transmission range rx1 and
the network connectivity of WSNs using sensors with
rx2 ðrx1 > rx2 Þ, respectively. The upper bound of the network
different transmission ranges.
broadcast reachability is
Lemma 1. Given is a WSN with N uniformly distributed

N
sensors. These N sensors consist of J different sensor types, 2 2
i.e., there are Nj sensors of type j with transmission range rxj , PbrN ¼ 1 e1 rx1 e2 rx2 : ð18Þ
P
such that N ¼ Jj¼1 Nj for j ¼ 1; . . . ; J, and Nj 1 for 8j.
Let P ðconÞ be the probability that the WSN is connected, and Proof. Different from the network connectivity, broadcast
P ðnoiÞ be the probability that no sensor is isolated in the reachability is the probability that a packet broadcasted
WSN. It has from any Type I sensor can reach all the other sensors
P ðconÞ ffi P ðnoiÞ; ð16Þ in the WSN. As illustrated in Fig. 9, A 2 N is an
arbitrary sensor in the WSN. It has the responsibility to
for P ðnoiÞ close to 1.
receive the packet broadcasting from any Type I
Based on Lemma 1, we then have Theorem 13 and 14 sensor(s). In order for A to receive the packet, it has
as follows: to be in the transmission range of at least one of the
Theorem 13. Consider a heterogeneous WSN consisting of other N 1 sensors. In other words, sensor A should
independently deployed Type I and Type II sensors with not be isolated from the rest of the network, and at least
node densities 1 and 2 and transmission range rx1 and one sensor can reach A in its transmission range. The
rx2 ðrx1 > rx2 Þ, respectively. The upper bound of the network probability of no Type I sensor in its transmission range
connectivity is 2
from A is P1 ð0; r2x1 Þ ¼ e1 rx1 . The probability that no

N type II sensor lies in its transmission range from A
2
N
Pcon ¼ 1 eð1 þ2 Þrx2 : ð17Þ 2
is P2 ð0; r2x2 Þ ¼ e2 rx2 . Then, P1 ð0; r2x1 ÞP2 ð0; r2x2 Þ ¼
2 2
e1 rx1 e2 rx2 is the probability that neither Type I
Proof. In a heterogeneous WSN, network connectivity sensors nor Type II sensors can reach sensor A.
requires that a packet broadcasted from any sensor Therefore, the probability that at least one sensor can
(either Type I or Type II) can reach all the other sensors 2 2
reach A is 1 e1 rx1 e2 rx2 . Due to statistical inde-
of the network. Note an arbitrary sensor A, as illustrated
pendence among all sensors, the probability that the
in Fig. 9. If there is one Type I sensor (e.g., B) located in
the area of Sx1 ¼ r2x1 while outside of the area other ðN 1Þ sensors are reachable from the broadcast
h 2 2
iðN1Þ
Sx2 ¼ r2x2 , a packet generated from sensor A may not can be calculated as PbrN1 ¼ 1e1 rx1 e2 rx2 .
be able to reach sensor B. This is because sensor B may Consequently, we obtain the upper bound of broadcast
be out of sensor A’s transmission range if sensor A is a h 2 2
iN
Type II sensor with transmission range rx2 , and rx2 < rx1 . reachability as PbrN ¼ 1 e1 rx1 e2 rx2 . u
t
In view of this, for a packet generated from sensor A to The results in this section indicate that for a given
be received by all the other sensors in WSN, at least one heterogeneous WSN, the network connectivity and broad-
sensor (either Type I or Type II) should lie in the area of cast reachability is enhanced with the increase of node
the smaller transmission range Sx2 . Further, if all the density and transmission range. Furthermore, the broadcast
Fig. 10. Intrusion detection probability (single and three-sensing) in the Fig. 11. Average intrusion distance (single and three-sensing in the
homogeneous WSN. homogeneous WSN.
reachability is always higher than the network connectivity approaches 1 when the sensing range increases to a certain
under the same network parameters. threshold. For example, in the single-sensing detection, the
intruder can be detected with probability 1 if the sensing
7 SIMULATION AND VERIFICATION range exceeds 50, whereas in three-sensing detection, the
intruder can be almost surely detected if the sensing range
We have performed a simulation-based verification of our exceeds 90. In addition, we can see that the detection
analytical results in both homogeneous and heterogeneous probability grows fast when the sensing range is far from
WSNs. The simulation is carried out for single-sensing and the threshold and grows slowly when it approaches the
k-sensing detection models. The analytical and simulation threshold. Fig. 10 shows that the sensing range significantly
results are compared by varying the sensing range, impacts the detection probability of a homogeneous WSN.
transmission range, node density, and node availability. To investigate the influence of a sensor’s sensing range on
In the simulation, sensors are deployed in accordance with an average intrusion distance of a WSN, we fix the number
a uniform distribution in a squared network domain. The of sensors as N ¼ 500 and vary the sensing range from 0 to
intruder moves into the network domain from a randomly 30 meters. Fig. 11 presents the average intrusion distance in
selected point on the network boundary. Monte-Carlo single-sensing and three-sensing detection scenarios. It can
simulation is performed, and each data point shown in be observed that the average intrusion distance drops
the following figures is the average of 500 simulation dramatically with an increase of the sensing range. This is
results. The analytical results are calculated by using because the increase of sensing range significantly enhances
Theorems 1-14. For successive simulation runs, the sensors the network coverage. Fig. 11 also shows that under the
are uniformly redistributed in the network domain. same network parameters, the average intrusion distance
7.1 Verification for Homogeneous WSNs in single-sensing detection decreases more quickly than in
three-sensing detection. This is because with the increase in
We simulate the intrusion detection in a homogeneous
a sensor’s sensing range, more area can be monitored by
WSN. There are 500 sensors uniformly deployed in a
one sensor than by three sensors.
1,000 1,000 square meters, and the node density is ¼
In the simulation, we also show how to improve the
0:0005 per square meter. The sensing range changes from 0
detection efficiency by assuring the network connectivity so
to 100 meters and the maximal allowable intrusion distance
that the sensor can adjust its sleep period. In the normal
is set as 50 meters. Fig. 10 illustrates the detection
state, each sensor keeps awake for 80 percent of a cycle
probability of the analytical and simulation results. ðpa ¼ 0:8Þ. If an intruder is detected by a sensor, an
It can be seen in Fig. 10 that the analytical results match
alarming message is broadcasted by the sensor over the
the simulation results pretty well, which indicates the entire network. Then, all the sensors receiving the massage
correctness of our analytical model. The detection prob- keep awake for 100 percent of a cycle ðpa ¼ 1:0Þ. The results
ability increases with the increase of the sensors’ sensing in Figs. 10 and 11 show a similar trend that for a given
range. It is because the increase of sensing range improves sensing range, the average intrusion distance drops if the
the network coverage. At the same time, the single-sensing waking time of the sensor is longer ð1:0 > 0:8Þ.
detection probability is higher than that of three-sensing
detection. This is because the k-sensing detection imposes 7.2 Verification for Heterogeneous WSNs
a more strict requirement on detecting the intruder The purpose of the simulation in this part is to verify the
(e.g., at least k ¼ 3 sensors are required). analytical results on intrusion detection in heterogeneous
Fig. 10 also demonstrates that the detection probability WSNs. To examine the effect of introducing high-capability
in single-sensing detection or three-sensing detection sensors (e.g., Type I sensors) on the network intrusion
Fig. 13. Effects of transmission range on the broadcast reachability in

Fig. 12. Intrusion detection probability under heterogeneous case.
heterogeneous WSN.
detection probability, we fix the number of Type II nodes at
200, and the number of Type I nodes varies from 10 to 150. random Type I sensor as the broadcast initiator. The
The sensing range rs1 and rs2 are set as 120 meters and simulation considers 200 Type I sensors and 300 Type II
40 meters, respectively. Again, the maximal allowable sensors. In the homogeneous WSN, the transmission range
intrusion distance is set as ¼ 50 meters. of Type I sensors is set equally to that of Type II sensor
Fig. 12 demonstrates the analytical and simulation (i.e., rx1 ¼ rx2 ). While in the heterogeneous WSN, the
results on the intrusion detection probability and clearly transmission range of Type I sensors is set twice as
shows the verification of our analytical expressions with much as that of Type II sensors (i.e., rx1 ¼ 2rx2 ). The
simulation results. Note that we also plot the results in transmission range of Type II sensor rx2 is varied from
homogeneous WSN (marked as “homo”) by reducing the 40 meters to 100 meters in both homogeneous and hetero-
more powerful Type I nodes to normal Type II nodes, geneous cases.
in contrast to the performance of heterogeneous case Fig. 13 shows that the network connectivity and broad-
(marked as “heter”). cast reachability increase rapidly with the increase of
As expected, Fig. 12 shows that the intrusion detection sensors’ transmission range and approach 1 after certain
probability in the heterogeneous WSN increases at a much threshold. In addition, it can be observed that the broadcast
faster rate than in the homogeneous WSN, as the number of
reachability increases much faster than the network con-
Type I sensors is increased. Especially in the more
nectivity as the transmission range of sensors grows. This is
demanding multiple-sensing (i.e., three-sensing) detection
because the network broadcast reachability considers the
case, the intrusion detection probability increases even
broadcast from Type I sensors, while the network con-
more quickly in heterogeneous WSN than in homogeneous
case. This substantiates our intuition that the introduction nectivity takes broadcast from both Type I and Type II
of high-capability sensors can dramatically improve the sensors into account. Note that in homogeneous WSN, the
intrusion detection quality of WSNs.
It is also shown in Fig. 12 that the intrusion detection
probability increases as the node density grows (e.g., by
increasing the number of Type I sensors) under all simulation
scenarios. This is because the node density plays a critical role
in the intrusion detection quality of WSNs. In addition,
for a given parameter k and sensor capabilities, the figure
indicates how to choose the number and the type of sensors
to achieve a certain intrusion detection probability.
7.3 Verification for Network Connectivity and
Broadcast Reachability
In this part, we verify our analysis on the network
connectivity and broadcast reachability. The analytical
results shown in Figs. 13 and 14 are calculated by using
Theorems 13 and 14. In the simulation, an adjacency matrix is
constructed to represent the digraph of the network topology.
The depth-first-search algorithm is employed to check the
network connectivity by selecting a random sensor as the Fig. 14. Effects of Type I sensors on the broadcast reachability in
starting node and the broadcast reachability by choosing a heterogeneous WSN.
broadcast reachability is equivalent to the network con- [6] N. Bulusu, J. Heidemann, and D. Estrin, “Gps-Less Low Cost
Outdoor Localization for Very Small Devices,” IEEE Personal
nectivity since there are no asymmetric links. Comm. Magazine, special issue on smart spaces and environments,
Next, the simulation is carried out to see the effect of Type I 2000.
sensors on the network connectivity and broadcast reach- [7] D. Niculescu, “Positioning in Ad Hoc Sensor Networks,” IEEE
ability. We fix the number of Type II sensors as n2 ¼ 300 Network, vol. 18, no. 4, pp. 24-29, July-Aug. 2004.
[8] Y. Wang, X. Wang, D. Wang, and D.P. Agrawal, “Localization
and vary the number of Type I sensors from 10 to 300. Algorithm Using Expected Hop Progress in Wireless Sensor
The transmission ranges are set as rx1 ¼ 140 meters and Networks,” Proc. Third IEEE Int’l Conf. Mobile Ad hoc and Sensor
rx2 ¼ 70 meters for Type I and Type II sensors, respectively. Systems (MASS ’06), Oct. 2006.
[9] P. Traynor, R. Kumar, H. Choi, G. Cao, S. Zhu, and T.L. Porta,
Similar to the results shown in Fig. 12, we compare the “Efficient Hybrid Security Mechanisms for Heterogeneous
results in homogeneous WSN with that in heterogeneous Sensor Networks,” IEEE Trans. Mobile Computing, vol. 6, no. 6,
WSN by reducing Type I sensors to Type II sensors. June 2007.
Fig. 14 shows the analytical and simulation results, and [10] J.-J. Lee, B. Krishnamachari, and C.J. Kuo, “Impact of Hetero-
geneous Deployment on Lifetime Sensing Coverage in Sensor
they match with each other closely. From the figure, Networks,” Proc. First Ann. IEEE Comm. Soc. Conf. Sensor and
network connectivity and broadcast reachability are im- Ad Hoc Comm. and Networks, pp. 367-376, Oct. 2004.
proved while increasing Type I sensors. This is because [11] V.P. Mhatre, C. Rosenberg, D. Kofman, R. Mazumdar, and
N. Shroff, “A Minimum Cost Heterogeneous Sensor Network
some sensors that are originally isolated or unreachable with a Lifetime Constraint,” IEEE Trans. Mobile Computing,
from the rest of the network are now connected or reachable vol. 4, no. 1, pp. 4-15, 2005.
in the network after the introduction of Type I sensors. In [12] M. Yarvis, N. Kushalnagar, H. Singh, A. Rangarajan, Y. Liu, and
S. Singh, “Exploiting Heterogeneity in Sensor Networks,” Proc.
addition, the results indicate that even a small increase of IEEE INFOCOM, 2005.
Type I sensor significantly improves the broadcast reach- [13] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci,
ability, while network connectivity only improves gradu- “A Survey on Sensor Networks,” IEEE Comm. Magazine, vol. 40,
ally. This also implies that the node heterogeneity does no. 8, pp. 102-114, Aug. 2002.
[14] H. Kung and D. Vlah, “Efficient Location Tracking Using Sensor
affect the broadcast reachability much more dramatically Networks,” Proc. IEEE Wireless Comm. and Networking Conf., vol. 3,
than it does to the network connectivity. pp. 1954-1961, Mar. 2003.
[15] C.-Y. Lin, W.-C. Peng, and Y.-C. Tseng, “Efficient in-Network
Moving Object Tracking in Wireless Sensor Networks,”
8 CONCLUSION IEEE Trans. Mobile Computing, vol. 5, no. 8, pp. 1044-1056,
2006.
This paper analyzes the intrusion detection problem in both [16] C. Gui and P. Mohapatra, “Power Conservation and Quality of
homogeneous and heterogeneous WSNs by characterizing Surveillance in Target Tracking Sensor Networks,” Proc. 10th
Ann. Int’l Conf. Mobile Computing and Networking (MobiCom ’04),
intrusion detection probability with respect to the pp. 129-143, 2004.
intrusion distance and the network parameters (i.e., [17] B. Liu, P. Brass, O. Dousse, P. Nain, and D. Towsley, “Mobility
node density, sensing range, and transmission range). Improves Coverage of Sensor Networks,” Proc. Sixth ACM Int’l
Two detection models are considered: single-sensing Symp. Mobile Ad Hoc Networking and Computing (MobiHoc ’05),
pp. 300-308, 2005.
detection and multiple-sensing detection models. The [18] X. Wang, Y. Yoo, Y. Wang, and D.P. Agrawal, “Impact of
analytical model for intrusion detection allows us to Node Density and Sensing Range on Intrusion Detection in
analytically formulate intrusion detection probability with- Wireless Sensor Networks,” Proc. 15th Int’l Conf. Computer Comm.
and Networks (ICCCN ’06), Oct. 2006.
in a certain intrusion distance under various application [19] Y. Wang, X. Wang, D.P. Agrawal, and A.A. Minai, “Impact
scenarios. Moreover, we consider the network connectivity of Heterogeneity on Coverage and Broadcast Reachability in
and the broadcast reachability in a heterogeneous WSN. Wireless Sensor Networks,” Proc. 15th Int’l Conf. Computer Comm.
and Networks (ICCCN ’06), Oct. 2006.
Our simulation results verify the correctness of the
[20] C. Bettstetter, “On the Minimum Node Degree and Connectivity of
proposed analytical model. This work provides insights in a Wireless Multihop Network,” Proc. Third ACM Int’l symposium on
designing homogeneous and heterogeneous WSNs and Mobile ad hoc Networking and Computing (MobiHoc ’02), pp. 80-91,
helps in selecting critical network parameters so as to meet 2002.
[21] A. Ephremides, “Energy Concerns in Wireless Networks,” IEEE
the application requirements. Wireless Comm., vol. 9, no. 4, pp. 48-59, Aug. 2002.
[22] L. Wang and Y. Xiao, “A Survey of Energy-Efficient Scheduling
Mechanisms in Sensor Networks,” Mobile Network Applications,
REFERENCES vol. 11, no. 5, pp. 723-740, 2006.
[1] D.P. Agrawal and Q.-A. Zeng, Introduction to Wireless and Mobile [23] S. Kumar, T.H. Lai, and J. Balogh, “On K-Coverage in a Mostly
Systems. Brooks/Cole Publishing, Aug. 2003. Sleeping Sensor Network,” Proc. 10th Ann. Int’l Conf. Mobile
[2] B. Liu and D. Towsley, “Coverage of Sensor Networks: Funda- Computing and Networking (MobiCom ’04), pp. 144-158, 2004.
mental Limits,” Proc. Third IEEE Int’l Conf. Mobile Ad Hoc and [24] R. Jain, The Art of Computer Systems Performance Analysis:
Sensor Systems (MASS), Oct. 2004. Techniques for Experimental Design, Measurement, Simulation and
[3] S. Ren, Q. Li, H. Wang, X. Chen, and X. Zhang, “Design Modeling. Wiley-Interscience, 1991.
and Analysis of Sensing Scheduling Algorithms under Partial [25] A. Durresi, P.V.K. , S. Iyengar, and R. Kannan, “Optimized
Coverage for Object Detection in Sensor Networks,” IEEE Broadcast Protocol for Sensor Networks,” IEEE Trans. Computers,
Trans. Parallel and Distributed Systems, vol. 18, no. 3, pp. 334-350, vol. 54, no. 8, pp. 1013-1024, Aug. 2005.
Mar. 2007. [26] H. Zhang and J. Hou, “On Deriving the Upper Bound of
[4] S. Banerjee, C. Grosan, A. Abraham, and P. Mahanti, -lifetime for Large Sensor Networks,” Proc. Fifth ACM Int’l
“Intrusion Detection on Sensor Networks Using Emotional Symp. Mobile Ad Hoc Networking and Computing (MobiHoc ’04),
Ants,” Int’l J. Applied Science and Computations, vol. 12, no. 3, pp. 121-132, 2004.
pp. 152-173, 2005. [27] C. Bettstetter, “On the Connectivity of Wireless Multihop
[5] S. Capkun, M. Hamdi, and J. Hubaux, “GPS-Free Positioning in Networks with Homogeneous and Inhomogeneous Range As-
Mobile Ad-Hoc Networks,” Proc. 34th Ann. Hawaii Int’l Conf. signment,” Proc. IEEE Vehicular Technology Conf. (VTC ’02), vol. 3,
System Sciences, Jan. 2001. pp. 1706-1710, Sept. 2002.
Yun Wang received the BS degree in computer Demin Wang received the BS degree in
science and engineering in 2001 at Wuhan computer science and the MS degree in safety
University, Hubei, China, and then entered the technology and engineering from the University
PhD program in computer science and engineer- of Science and Technology of China, Hefei,
ing at Wuhan University, where she specialized China, in 2000 and 2003, respectively. He is
in multimedia communication. She joined the currently working toward the PhD degree in
Center for Distributed and Mobile Computing, computer science and engineering at the
Department of Electrical and Computer Engi- University of Cincinnati, Cincinnati, Ohio. His
neering and Computer Science, University of research interests include coverage and energy
Cincinnati, Ohio, in 2004, as a PhD student. Her problems in wireless sensor networks, imple-
research activities include fundamental design issues in wireless sensor mentation of wireless sensor networks, and wireless mesh networks. He
networks such as sensor deployment, energy efficiency, positioning, is an IEEE student member.
and network security. She also performs research on wireless MAC
protocol design in wireless ad hoc networks and audio and video Dharma P. Agrawal is the Ohio board of
processing in multimedia communication. She is a student member of regents distinguished professor of computer
the IEEE. science and the founding director for the Center
for Distributed and Mobile Computing, Depart-
Xiaodong Wang received the BS degree in ment of ECECS, University of Cincinnati, Ohio.
communication engineering in 1995, the MS He was a visiting professor of ECE at the
degree in electric engineering in 1998, and the Carnegie Mellon University, where he was on
PhD degree in computer engineering from the sabbatical leave during the Autumn 2006 and
University of Cincinnati, Cincinnati, Ohio, in Winter 2007 Quarters. He has been a faculty
2005. He joined China Telecom in 1998, where member at the North Carolina State University,
he worked on communication protocols for Raleigh, North Carolina, from 1982 to 1998) and the Wayne State
telecommunication. From June 2000 to July University, Detroit, from 1977 to 1982). His recent research interests
2002, he worked on GSM base station software include resource allocation and security in mesh networks, efficient
development at Bell-labs China, Beijing. His query processing and security in sensor networks, and heterogeneous
research activities included wireless MAC protocols and energy saving wireless networks. He is a coauthor of an introductory textbook on
for wireless sensor networks. He joined Motorola in 2005. He is currently wireless and mobile computing that has been widely accepted
with the OBR Center of Distributed and Mobile Computing, Department throughout the world, and a second edition was published in 2006.
of Computer Science, University of Cincinnati. He is a student member The book has been has been reprinted both in China and India and
of the IEEE. translated to Korean and Chinese languages. He is also a coauthor of a
book on ad hoc and sensor networks published in the spring of 2006 and
Bin Xie received the BSc degree from Central has been named as a best seller by the publisher. He has given tutorials
South University, Changsha, China, the MSc and extensive training courses in various conferences in the USA and
and PhD degrees (with honors) in computer numerous institutions in Taiwan, Korea, Jordan, Malaysia, and India on
science and computer engineering from the ad hoc and sensor networks and mesh networks. He is an editor for the
University of Louisville, Kentucky. As a research Journal on Parallel and Distributed Systems, International Journal on
associate, he is currently with the Department of Distributed Sensor Networks, International Journal of Ad Hoc and
Computer Science, University of Cincinnati. He Ubiquitous Computing, and International Journal of Ad Hoc and Sensor
is the author of the book entitled Heterogeneous Wireless Networks. He served as an editor of the IEEE Computer
Wireless Networks—Networking Protocol to magazine, the IEEE Transactions on Computers, and the International
Security and published more than 30 papers in Journal of High Speed Computing. He has been the program chair and
international conference proceedings and journals. His research general chair for many international conferences and meetings. He has
interests are focused on ad hoc networks, sensor networks, wireless received numerous certificates and awards from the IEEE Computer
mesh networks, integrated WLAN/MANET/cellular with Internet, in Society. He was awarded a “Third Millennium Medal” by the IEEE for his
particular the fundamental aspects of mobility management, perfor- outstanding contributions. He has also delivered the keynote speech for
mance evaluation, Internet/wireless infrastructure security, and wireless five international conferences. He also has five patents in wireless
network capacity. In addition to his academic experience, he has networking area. He has also been named as an ISI Highly Cited
six years of industry experience, including ISDN, 3G, and Lucent Excel Researcher in Computer Science. He is a fellow of the IEEE, the ACM,
programmable switching systems. He is an IEEE senior member. the AAAS, and the WIF.
. For more information on this or any other computing topic,

please visit our Digital Library at www.computer.org/publications/dlib.

Intrusion Detection in Homogeneous and Heterogeneous Wireless Sensor Networks

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Intrusion Detection in Homogeneous and Heterogeneous Wireless Sensor Networks

Încărcat de

Drepturi de autor:

Formate disponibile

698 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 7, NO.