Intrusion detection in wireless sensor networks
This presentation is the property of its rightful owner.
Sponsored Links
1 / 28

Intrusion Detection in Wireless Sensor Networks PowerPoint PPT Presentation


  • 219 Views
  • Uploaded on
  • Presentation posted in: General

Intrusion Detection in Wireless Sensor Networks. Group Meeting Spring 2005 Presented by Edith Ngai. Outline. Wireless sensor networks (WSN) Security in WSN Background on intrusion detection Intrusion detection in WSN Types of attacks Intrusion detection components Required technologies

Download Presentation

Intrusion Detection in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Intrusion detection in wireless sensor networks

Intrusion Detection in Wireless Sensor Networks

Group Meeting

Spring 2005

Presented by Edith Ngai


Outline

Outline

  • Wireless sensor networks (WSN)

  • Security in WSN

  • Background on intrusion detection

  • Intrusion detection in WSN

    • Types of attacks

    • Intrusion detection components

    • Required technologies

    • Future directions

  • Conclusion


Technology trend

Technology trend

  • Small integrated devices

    • Smaller, cheaper, more powerful

  • PDAs, mobile phones

  • Many opportunities, and research areas

    • Power management

    • Distributed algorithms


Wireless sensor networks

Wireless sensor networks

  • Wireless sensor node

    • power supply

    • sensors

    • embedded processor

    • wireless link

  • Many, cheap sensors

    • wireless  easy to install

    • intelligent  collaboration

    • low-power  long lifetime


Possible applications

Possible applications

  • Military

    • battlefield surveillance, biological attack detection, targeting

  • Ecological

    • fire detection, flood detection, agricultural uses

  • Health related

    • human physiological data monitoring

  • Miscellaneous

    • car theft detection, inventory control, home applications


Required technologies

Required technologies

  • Efficient data routing

    • ad-hoc network

    • one or more ‘datasinks’

  • In-network data processing

    • large amounts of raw data

    • limited power and bandwidth

  • Node localization


Security in wsn

Security in WSN

  • Main security threats in WSN are:

    • Radio links are insecure – eavesdropping / injecting faulty information is possible

    • Sensor nodes are not temper resistant – if it is compromised the attacker obtains all security information

  • Protecting confidentiality, integrity, and availability of the communications and computations


Intrusion detection in wireless sensor networks

Why security is different?

  • Sensor Node Constraint

    • Battery

    • CPU power

    • Memory

  • Networking Constraints and Features

    • Wireless

    • Ad hoc

    • Unattended


Network defense

Network defense

React

- Response

- Terminate Connections

- Block IP Addresses

- Containment

- Recovery

- Reconstitute

Protect

- Encryption

- Firewalls

- Authentication

- Biometrics

Detect

- Intrusions

- Attacks

- Misuse of Resources

- Data Correlation

- Data Visualization

- Malicious Behaviors

- Network Status/ Topology


What is intrusion detection

What is intrusion detection?

  • Intrusion detection is the process of discovering, analyzing, and reportingunauthorized or damaging network or computer activities

  • Intrusion detection discovers violations of confidentiality, integrity, and availability of information and resources


What is intrusion detection1

What is intrusion detection?

  • Intrusion detection demands:

    • As much information as the computing resources can possibly collect and store

    • Experienced personnel who can interpret network traffic and computer processes

    • Constant improvement of technologies and processes to match pace of Internet innovation


How useful is intrusion detection

How useful is intrusion detection?

  • Provide digital forensic data to support post-compromise law enforcement actions

  • Identify host and network misconfigurations

  • Improve management and customer understanding of the Internet's inherent hostility

  • Learn how hosts and networks operate at the operating system and protocol levels


Intrusion detection models

Intrusion detection models

  • All computer activity and network traffic falls in one of three categories:

    • Normal

    • Abnormal but not malicious

    • Malicious

  • Properly classifying these events are the single most difficult problem -- even more difficult than evidence collection


Intrusion detection models1

Intrusion detection models

  • Two primary intrusion detection models

    • Network-based intrusion detection monitors network traffic for signs of misuse

    • Host-based intrusion detection monitors computer processes for signs of misuse

  • So-called "hybrid" systems may do both

    • A hybrid IDS on a host may examine network traffic to or from the host, as well as processes on that host


Ids paradigms

IDS paradigms

  • Anomaly Detection - the AI approach

  • Misuse Detection - simple and easy

  • Burglar Alarms - policy based detection

  • Honey Pots - lure the hackers in

  • Hybrids - a bit of this and that


Anomaly detection

Anomaly detection

  • Goals:

    • Analyze the network or system and infer what is normal

    • Apply statistical or heuristic measures to subsequent events and determine if they match the model/statistic of “normal”

    • If events are outside of a probability window of “normal” then generate an alert


Misuse detection

Misuse detection

  • Goals:

    • Know what constitutes an attack

    • Detect it

    • A database of known attack signatures should be maintained


Intrusion detection in wsn

Intrusion Detection in WSN


Network model

Network model

  • BSj: base station at location (Xj, Yj)

  • Si: sensor node at location (xi, yi)

  • R: transmission range of the base station

  • r: transmission range of the sensor node

  • k-coverage: a node covers by k BSs


Definitions

Definitions

  • Coverage of a base station

  • Number of coverage from base stations

  • p sends data to q successfully (in 1-hop)

  • p sends data to q successfully via k hops

  • p fails in sending data from p to q


Types of intrusions

Types of intrusions

  • Sinkhole SH(q), HelloFlood HF(q)

    • A region of nodes will forward packets destined for a BS through an adversary

  • Wormhole WH(q)

    • An adversary tunnels messages received in one part of the network over a low latency link and replays them in a different part


Types of intrusions1

Types of intrusions

  • Missing Data MD(p)

    • Missing data from p to BSi

  • Wrong Data WD(p)

    • Inconsistent data

  • Interference

    • Sensor p cannot send packet to its neighboring nodes


Architecture

Architecture


Intrusion detection components

Intrusion detection components

  • Neighbor monitoring

    • Watchdog

  • Data fusion

    • Local – neighboring nodes

    • Global – overlapping areas

  • Topology discovery

  • Route tracing

  • History


Intrusion classification

Intrusion classification

Attack Types: I - Sinkhole, Hello FloodII – WormholeIII – Missing Data

IV – Wrong DataV - Interference


Required technologies1

Required technologies

  • Collection of the audit data

    • Localization

    • Data fusion

    • Routing

  • Analysis on the audited data

    • Identify the intrusion characteristics

    • Detect the intrusions

    • Locate the intrusions

  • Intrusion reaction


Future direction

Future direction

  • Study how to collect the audit data effectively

  • Complete the intrusion detection architecture

  • Investigate the methods to analyze the audit data for intrusion detection

  • Explore how to locate and react to the intrusions

  • Formulate and evaluate our intrusion detection solution


Conclusion

Conclusion

  • We discussed the characteristics of WSN and its security issues

  • We studied traditional intrusion detection technologies

  • We introduced the problem of intrusion detection in WSN

  • We proposed an intrusion detection architecture and analyzed various kinds of intrusions in WSN

  • We showed our future direction


  • Login