Limits...
Detecting unknown attacks in wireless sensor networks that contain mobile nodes.

Banković Z, Fraga D, Moya JM, Vallejo JC - Sensors (Basel) (2012)

Bottom Line: The data produced in the presence of an attacker are treated as outliers, and detected using clustering techniques.These techniques are further coupled with a reputation system, in this way isolating compromised nodes in timely fashion.The proposal exhibits good performances at detecting and confining previously unseen attacks, including the cases when mobile nodes are compromised.

View Article: PubMed Central - PubMed

Affiliation: Departamento de Ingeniería Electrónica, ETSI Telecomunicación, Universidad Politécnica de Madrid, Av. Complutense, 30, 28040 Madrid, Spain. zorana@die.upm.es

ABSTRACT
As wireless sensor networks are usually deployed in unattended areas, security policies cannot be updated in a timely fashion upon identification of new attacks. This gives enough time for attackers to cause significant damage. Thus, it is of great importance to provide protection from unknown attacks. However, existing solutions are mostly concentrated on known attacks. On the other hand, mobility can make the sensor network more resilient to failures, reactive to events, and able to support disparate missions with a common set of sensors, yet the problem of security becomes more complicated. In order to address the issue of security in networks with mobile nodes, we propose a machine learning solution for anomaly detection along with the feature extraction process that tries to detect temporal and spatial inconsistencies in the sequences of sensed values and the routing paths used to forward these values to the base station. We also propose a special way to treat mobile nodes, which is the main novelty of this work. The data produced in the presence of an attacker are treated as outliers, and detected using clustering techniques. These techniques are further coupled with a reputation system, in this way isolating compromised nodes in timely fashion. The proposal exhibits good performances at detecting and confining previously unseen attacks, including the cases when mobile nodes are compromised.

Show MeSH

Related in: MedlinePlus

Detection and Isolation Time.
© Copyright Policy
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC3472860&req=5

f4-sensors-12-10834: Detection and Isolation Time.

Mentions: In Figure 4 we show how the time of detection and the complete isolation of the attack depend on the total number of malicious nodes in the network. As we can observe, the attack cannot be isolated if more than 58% of the nodes are malicious, nor it can be detected if more than 80% of the nodes are malicious. On the other hand, if up to 20% of the nodes are malicious, the attack is detected and confined in the same moment, which is due to the fact that the great majority of nodes are still behaving properly and it is not complicated to distinguish the misbehaving ones. As the attack becomes more aggressive, it is harder to detect and isolate all the misbehaving nodes.


Detecting unknown attacks in wireless sensor networks that contain mobile nodes.

Banković Z, Fraga D, Moya JM, Vallejo JC - Sensors (Basel) (2012)

Detection and Isolation Time.
© Copyright Policy
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC3472860&req=5

f4-sensors-12-10834: Detection and Isolation Time.
Mentions: In Figure 4 we show how the time of detection and the complete isolation of the attack depend on the total number of malicious nodes in the network. As we can observe, the attack cannot be isolated if more than 58% of the nodes are malicious, nor it can be detected if more than 80% of the nodes are malicious. On the other hand, if up to 20% of the nodes are malicious, the attack is detected and confined in the same moment, which is due to the fact that the great majority of nodes are still behaving properly and it is not complicated to distinguish the misbehaving ones. As the attack becomes more aggressive, it is harder to detect and isolate all the misbehaving nodes.

Bottom Line: The data produced in the presence of an attacker are treated as outliers, and detected using clustering techniques.These techniques are further coupled with a reputation system, in this way isolating compromised nodes in timely fashion.The proposal exhibits good performances at detecting and confining previously unseen attacks, including the cases when mobile nodes are compromised.

View Article: PubMed Central - PubMed

Affiliation: Departamento de Ingeniería Electrónica, ETSI Telecomunicación, Universidad Politécnica de Madrid, Av. Complutense, 30, 28040 Madrid, Spain. zorana@die.upm.es

ABSTRACT
As wireless sensor networks are usually deployed in unattended areas, security policies cannot be updated in a timely fashion upon identification of new attacks. This gives enough time for attackers to cause significant damage. Thus, it is of great importance to provide protection from unknown attacks. However, existing solutions are mostly concentrated on known attacks. On the other hand, mobility can make the sensor network more resilient to failures, reactive to events, and able to support disparate missions with a common set of sensors, yet the problem of security becomes more complicated. In order to address the issue of security in networks with mobile nodes, we propose a machine learning solution for anomaly detection along with the feature extraction process that tries to detect temporal and spatial inconsistencies in the sequences of sensed values and the routing paths used to forward these values to the base station. We also propose a special way to treat mobile nodes, which is the main novelty of this work. The data produced in the presence of an attacker are treated as outliers, and detected using clustering techniques. These techniques are further coupled with a reputation system, in this way isolating compromised nodes in timely fashion. The proposal exhibits good performances at detecting and confining previously unseen attacks, including the cases when mobile nodes are compromised.

Show MeSH
Related in: MedlinePlus