Research on the intrusion detection model based on improved cumulative summation and evidence theory for wireless sensor network
- 63 Downloads
In this paper, a new hybrid intrusion detection model which combines the distributed and centralized strategies is proposed in this paper as follows. Firstly, considering the network anomalies, situation cannot be captured in real time on the base station; by introducing the CUSUM (cumulative summation) GLR (generalized likelihood ratio), an anomaly detection model which runs on the node is given. It can conduct real-time network monitoring. Based on the “link quality” and “majority rule,” a new algorithm to detect the “Sinkhole attack” in the base station is proposed, and a new model CUSUM_MV to detect intrusion is given. Secondly, the evidence theory is introduced to detect intrusion in wireless sensor network. We give the redundant information process mechanism in the relay node, an evidence-based intrusion detection model deployed on the base station and the intrusion detection model CUSUM_HDST. The hybrid model can detect not only Sinkhole and DoS attacks, but also other specific vulnerabilities. A simulation experiment on Castalia simulator is carried out, and results show that the proposed method has better performance than the traditional Sinkhole attacks detection method.
KeywordsWireless sensor networks Intrusion detection CUSUM GLR Castalia D–S evidence theory
The work has been supported by the National Natural Science Foundation of China (No. 61672004), the Chongqing Research Program of Basic Research and Frontier Technology under Grant No. cstc2016jcyjA0590, and the CERNET Innovation Project. The author would like to thank the Program for Innovation Team Building at Institutions of Higher Education in Chongqing (CXTDX201601021) and Chongqing Municipal Engineering Research Center of Institutions of Higher Education.
- 3.Karlof, D.W.: Secure routing in wireless sensor networks: attacks and countermeasures. Ad Hoc Netw. J. Special Issue Sens. Netw. Appl. Protoc. 8(3), 293–315 (2003)Google Scholar
- 6.Yadav, H., Tak, M.S.: A surevy on detection of sinkhole attack in wireless sensor network. Int. J. Eng. Techn. Res. V6, (11) (2017)Google Scholar
- 8.Krontiris, I., Benenson, Z., Giannetsos, T., Dimitriou, T., et al.: Cooperative intrusion detection in wireless sensor networks. In: Roedig, U., Screenan, C.J. (Eds.) EWSN, pp. 263–278 (2009)Google Scholar
- 13.Ozcelik, M.M., Irmak, E., Ozdemir, S.: A hybrid trust based intrusion detection system for wireless sensor networks. In: International Symposium on Networks, Computers and Communications. IEEE, pp. 1–6 (2017)Google Scholar
- 15.Zang, T., Yun, X., Zhang, Y., Men, C., Cui, X.: Botnets’ similarity analysis based on communication features and D–S evidence theory. J. Commun. 32(4), 66–76 (2011)Google Scholar
- 16.Yang, K., Ma, J., Yang, C.: Trusted routing based on D–S evidence theory in wireless mesh network. J. Commun. 32(5), 89–103 (2011)Google Scholar
- 17.Zhao, X., Liu, Y., Sun, J.: New network anomaly detection using transfer learning and D–S theory. Appl. Res. Comput. 33(4), 1137–1140 (2016)Google Scholar
- 18.Chen, Y., Liu, Y.: Application of extended D–S evidence theory in intrusion detection. Comput. Eng. Sci. 36(1), 83–87 (2014)Google Scholar
- 19.Chang, Y., Liu, F.: Wireless sensor intrusion detection system based on the theory of evidence. In: IEEE International Conference on Communication Software and Networks, pp. 2811–2814. IEEE (2016)Google Scholar
- 20.Super User: Wireless Sensor Network Simulator User Manual. NICTA, Australia (2013)Google Scholar
- 23.Wang, G., Huang, C.: Energy-efficient beaconless real-time routing protocol for wireless sensor networks. Comput. Syst. Sci. Eng. 26(3) (2011)Google Scholar