Transcript Slide 1

Intrusion Detection System for
Wireless Sensor Networks:
Design, Implementation and Evaluation
Dr. Huirong Fu
Outline
• Overview of Wireless Sensor Network
(WSN)
• Project Objective:
– how to detect attacks on WSN?
• Project Tasks:
– Intrusion detection system
• More Information
UnCoRe 2007
WSN Overview
•
•
•
•
Applications of WSNs
Components of a Sensor
WSN Communication Models
Attacks on WSN
UnCoRe 2007
3
Overview: Applications of WSNs
•
•
•
•
•
•
•
•
•
•
Military
Disaster Detection and Relief
Industry
Agriculture
Environmental Monitoring
Intelligent Buildings
Health/Medical
Law Enforcement
Transportation
Space Exploration
UnCoRe 2007
4
Overview: Components of a Sensor
•
•
•
•
•
Sensing Unit
Processing Unit
Storage Unit
Power Unit
Wireless
Transmitter/Receiver
UnCoRe 2007
5
Overview: Communication Models
• Hierarchical WSN
– Sensor Nodes
– Cluster Nodes
– Base Stations
• Distributed WSN
UnCoRe 2007
6
Overview: Attacks on WSN (1/3)
• DoS, DDoS attacks which affect network
availability
• Eavesdropping, sniffing which can threaten
confidential data
• Man-in-the-middle attacks which can affect
packet integrity
• Signal jamming which affects communication
UnCoRe 2007
Overview: Attacks on WSN (2/3)
UnCoRe 2007
Overview: Attacks on WSN (3/3)
UnCoRe 2007
Project Objective
• How to detect attacks on WSN?
– Intrusion Detection System (IDS): Design,
implementation and evaluation
UnCoRe 2007
Project Tasks
• Literature survey on IDS for WSN
– What have been proposed?
– Have they been implemented and evaluated?
– What are the Pros and Cons of each?
UnCoRe 2007
Project Tasks
• Make decision
– Shall we extend some of the works, or
– Design a novel IDS?
• Design, implementation and evaluation
– What are the requirements for an ideal IDS?
– What are the challenges?
– What are the hardware and software
available?
UnCoRe 2007
Existing security measures
• 2Intrusion detection based on AODV (Ad hoc
On-Demand Distance Vector Routing
Protocol)
– Pros
• Sophisticated algorithm for detecting and reacting to
a great variety of potential wireless network attacks
using an anomaly detection pattern
• Works well for ad-hoc wireless networks
– Cons
• Computationally expensive
• Currently not deployed on wireless sensor networks
UnCoRe 2007
Existing security measures
• 4Effective Intrusion Detection using Multiple Sensors
in Wireless Ad Hoc Networks
– Pros
• Mobile agent based intrusion detection
• Intelligent routing of intrusion data throughout the
network
• Lightweight implementation
– Cons
• Agent only deployed on a fraction of the network nodes
• Not deployed on completely wireless sensor networks
UnCoRe 2007
Existing security measures
• 3INSENS (Intrusion Tolerant Routing
Protocol for Wireless Sensor Networks)
– Pros
• Allows an alternative network route to be
established between non-malicious nodes
– Cons
• Does not provide intrusion detection, but rather
intrusion tolerance
• Still requires the sacrifice of a small number of
wireless sensor nodes
UnCoRe 2007
Our IDS System
• Uses Motelv’s TMote wireless sensors.
• Developed using MoteIv’s proprietary
software--TMote Tools
– Cygwin
– Java
– TinyOS programming language
– Enhanced with a plug-in for the Eclipse IDE
for programming and compiling the TinyOS
modules
UnCoRe 2007
IDS Wireless Sensor Setup
UnCoRe 2007
Our IDS System Design
• Uses anomaly detection pattern
• Establishes a baseline of “normal” traffic
between wireless sensor nodes over a
specified time interval
• Compares current traffic against this
baseline traffic over the same specified
time interval
• Makes a determination as to whether or
not a DoS attack is occurring
UnCoRe 2007
Our IDS System Design
• Communication
between wireless
sensor nodes
UnCoRe 2007
•Activity diagram for
Wireless Sensor Node
communication
Our IDS System Design cont’d
• Emulation of a DoS
attack
UnCoRe 2007
• Activity design for
Emulation of a DoS
attack
References
• 1Denial of Service in Sensor Networks
• 2Wireless Sensor Networks for Intrusion
Detection: Packet Traffic Modeling
• 3INSENS: Intrusion-Tolerant Routing in
Wireless Sensor Networks
• 4Effective Intrusion Detection Using
Multiple Sensors in Wireless Ad Hoc
Networks
UnCoRe 2007
References
• MoteIv
– http://www.moteiv.com/community/Moteiv_Co
mmunity
• TMote Tutorial
– http://cents.cs.berkeley.edu/tinywiki/index.php/
Tmote_Windows_install
• TinyOS
– http://www.tinyos.net/tinyos1.x/doc/tutorial/index.html
UnCoRe 2007