Limits...
A distributed signature detection method for detecting intrusions in sensor systems.

Kim I, Oh D, Yoon MK, Yi K, Ro WW - Sensors (Basel) (2013)

Bottom Line: In addition, the first step is modified to achieve efficient performance under limited computation resources.The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method.The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

View Article: PubMed Central - PubMed

Affiliation: School of Electrical and Electronic Engineering, Yonsei University, Seoul 120-749, Korea. ilkyu.kim19@gmail.com

ABSTRACT
Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu-Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

No MeSH data available.


Related in: MedlinePlus

The non-zero probability and required memory occupation for the patterns.
© Copyright Policy
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC3673066&req=5

f7-sensors-13-03998: The non-zero probability and required memory occupation for the patterns.

Mentions: Using a simple probabilistic approach, we evaluate the performance of MinWM. Setting Σ to be the number of alphabets, a matching probability of only one pattern that equals the probability of zero shifting is simply derived as (1/ΣB). In addition, no pattern is matched with a substring of the text if actual shifting would occur. From the derivation, the non-zero shifting probability equals (1 − 1/ΣB)∊. This equation shows that the performance is strongly related to the number of patterns to be detected. Figure 7 reveals the relationship between the signature size and the non-zero probability. In the proposed approach, each signature only requires one additional byte in the prefix table. Although the memory is sufficient to contain all signatures in Snort, the general WM algorithm restricts the appropriate number of patterns. Only 500 signatures drop the non-zero probability below 20% and definitely decrease the throughput of the algorithm. However, MinWM is still considered a reasonable method because the DoS attack signatures are limited in number and overlap with each other. Moreover, the problems of detecting a large number of patterns are solved by the distributed processing of multiple sensor nodes.


A distributed signature detection method for detecting intrusions in sensor systems.

Kim I, Oh D, Yoon MK, Yi K, Ro WW - Sensors (Basel) (2013)

The non-zero probability and required memory occupation for the patterns.
© Copyright Policy
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC3673066&req=5

f7-sensors-13-03998: The non-zero probability and required memory occupation for the patterns.
Mentions: Using a simple probabilistic approach, we evaluate the performance of MinWM. Setting Σ to be the number of alphabets, a matching probability of only one pattern that equals the probability of zero shifting is simply derived as (1/ΣB). In addition, no pattern is matched with a substring of the text if actual shifting would occur. From the derivation, the non-zero shifting probability equals (1 − 1/ΣB)∊. This equation shows that the performance is strongly related to the number of patterns to be detected. Figure 7 reveals the relationship between the signature size and the non-zero probability. In the proposed approach, each signature only requires one additional byte in the prefix table. Although the memory is sufficient to contain all signatures in Snort, the general WM algorithm restricts the appropriate number of patterns. Only 500 signatures drop the non-zero probability below 20% and definitely decrease the throughput of the algorithm. However, MinWM is still considered a reasonable method because the DoS attack signatures are limited in number and overlap with each other. Moreover, the problems of detecting a large number of patterns are solved by the distributed processing of multiple sensor nodes.

Bottom Line: In addition, the first step is modified to achieve efficient performance under limited computation resources.The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method.The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

View Article: PubMed Central - PubMed

Affiliation: School of Electrical and Electronic Engineering, Yonsei University, Seoul 120-749, Korea. ilkyu.kim19@gmail.com

ABSTRACT
Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu-Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

No MeSH data available.


Related in: MedlinePlus