Limits...
A distributed signature detection method for detecting intrusions in sensor systems.

Kim I, Oh D, Yoon MK, Yi K, Ro WW - Sensors (Basel) (2013)

Bottom Line: In addition, the first step is modified to achieve efficient performance under limited computation resources.The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method.The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

View Article: PubMed Central - PubMed

Affiliation: School of Electrical and Electronic Engineering, Yonsei University, Seoul 120-749, Korea. ilkyu.kim19@gmail.com

ABSTRACT
Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu-Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

No MeSH data available.


Related in: MedlinePlus

The division of processes of the distributedWM algorithm.
© Copyright Policy
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC3673066&req=5

f3-sensors-13-03998: The division of processes of the distributedWM algorithm.

Mentions: The intrusion detection systems based on the Snort signature-set checks additional information of incoming packets such as port numbers and protocol types besides the payloads. In other words, the system only inspects the payload of an incoming packet when the packet comes through a specific port number and protocol type corresponding to the signatures. The packet's payload is checked by both the shift table and the prefix table before transmitting the sensing data. The result of the inspection is inserted into the original payload. The base station is responsible for the remaining detection work (i.e., the exact matching). Using the additional data from the sensor node, the attack attempts can be quickly determined by the base station, which has more computing resources than the sensor nodes. The sensor nodes and base stations notify other nodes of an intrusion if the packet is revealed as a malicious attack. Each sensor node has the same algorithm for consistent intrusion detection. Figure 3 shows how the general WM steps are divided and performed by the sensor nodes and the base stations.


A distributed signature detection method for detecting intrusions in sensor systems.

Kim I, Oh D, Yoon MK, Yi K, Ro WW - Sensors (Basel) (2013)

The division of processes of the distributedWM algorithm.
© Copyright Policy
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC3673066&req=5

f3-sensors-13-03998: The division of processes of the distributedWM algorithm.
Mentions: The intrusion detection systems based on the Snort signature-set checks additional information of incoming packets such as port numbers and protocol types besides the payloads. In other words, the system only inspects the payload of an incoming packet when the packet comes through a specific port number and protocol type corresponding to the signatures. The packet's payload is checked by both the shift table and the prefix table before transmitting the sensing data. The result of the inspection is inserted into the original payload. The base station is responsible for the remaining detection work (i.e., the exact matching). Using the additional data from the sensor node, the attack attempts can be quickly determined by the base station, which has more computing resources than the sensor nodes. The sensor nodes and base stations notify other nodes of an intrusion if the packet is revealed as a malicious attack. Each sensor node has the same algorithm for consistent intrusion detection. Figure 3 shows how the general WM steps are divided and performed by the sensor nodes and the base stations.

Bottom Line: In addition, the first step is modified to achieve efficient performance under limited computation resources.The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method.The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

View Article: PubMed Central - PubMed

Affiliation: School of Electrical and Electronic Engineering, Yonsei University, Seoul 120-749, Korea. ilkyu.kim19@gmail.com

ABSTRACT
Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu-Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

No MeSH data available.


Related in: MedlinePlus