Attacker Evidence System in WSN

. Due to the features like distributed structure, open wireless network system etc. the Wireless Sensor Networks (WSN) are pruned to security attacks at various levels. These attacks may have signi ﬁ cant in ﬂ uence on the ef ﬁ ciency of WSN. During the anomalous attacks, attackers manage to get unauthorized accesses to the network and harm the network system and services to make them ineffective. A counter mechanism is essential to overcome the in ﬂ uence of the attacks and sustain the ef ﬁ ciency of the network. In that process it is required to ﬁ nd the evidence for the activities of the attacker in the network. In the present research work, an attempt has been made to develop and implement a mechanism or scheme to ﬁ nd the evidence for the existence of an attacker in the network and to provide security measure to the WSN system by ﬁ ltering the attacker to prevent the attacks. This is achieved by designing and implementing an Attacker Evidence System (AES) as a simple network security measure in wireless sensor networks systems. The proposed AES is designed for homogeneous and heterogeneous WSN models considering single and multiple-sensing detection schemes. The present security measure and its simulation results have been presented and discussed. The results reveal that the present AES works as per expectations for both the types WSNs and can be a proto-type for further extensions.


Introduction
Now-a-days, it has become essential for every organization to have its own security policy as per its requirements based upon its adopted technology like Communication Network, Parallel Computing System, Distributed Computing System, Cloud System, Adhoc Network, Mobile Network, Wireless Sensor Network etc. This security policy may be intended to protect organization through pro-active policy stance [1]. From the literature it is well understood that Computer Security is concerned with the loss or harm to the hardware, software or information of an organization. It also includes denial, disruption and misdirection of the services and facilities provided by the computer system [2][3][4][5][6]. The Computer Security may be considered as combination of System Security, Network Security and Data or Information Security. Data security or Information Security deals with security issues, policies and services of data under communication. Data Security provides security services for threats concerned with data confidentiality, authentication, integrity, non-repudiation, access control and availability [7][8][9][10]. As Information Systems are designed in multilayered structures, the above security issues have their influence at different layers of the systems and affect the performance of the Systems [11]. In this context, the security issue like confidentiality is becoming a challenge task in the environment of new technologies such as cloud computing, wireless communication systems etc. [12]. One aspect of the confidentiality of an Information System is unauthorized access to the network by a third party to steal important information or causing damage to the efficiency of the Information System [7][8][9][10]. An unauthorized access to the computer networking system is known as attack/hack/intrusion and is one of the most serious threats to the Computer Security. Hence, it is essential to design a security measure to detect the attacker to assess the vulnerability of the system or to protect the system from misuse [7]. An Attacker Evidence system (AES) is software and/or hardware based security scheme to detect the attempts of an attacker intended to misuse the systems such as network or the Internet [13].
A wireless sensor networks (WSN) is a wireless network consisting of spatially distributed autonomous devices using sensors to cooperatively monitor physical or environmental conditions [14]. The WSN have many applications such as military, civil, healthcare, home automation, traffic control etc. It normally constitutes a wireless adhoc network associating with a multi-hop routing algorithm [15]. A WSN is an adhoc distributed system consisting of several wirelessly connected sensor nodes and can be deployed to collect information about surrounding environment [16]. WSNs are highly vulnerable to security attacks at various levels due to various factors like distributed nature, multi-hops, open wireless medium etc. [16][17][18]. Hence an effective security measure is to be designed to overcome the attacks like intrusion or hacking in WSN. An Attacker Evidence system (AES) can be designed and implemented to detect and prevent from security attacks [19]. Survey reveals that earlier, several researchers have designed and implemented Intrusion Detection Systems for WSN in different scenarios such as Anomaly-based IDS, Signature-based IDS, and Cross layer IDS etc. [13,17,18]. The probability of creating more false alarms is a problem with Anomaly-based IDSs, even though they are lightweight in nature. Overheads like updating and inserting new signatures and suitability to larger WSN are the disadvantages with Signature-based IDSs. As the WSNs have resource limitation, the Cross layer IDSs are usually not suitable [13,17,18]. Based upon the capability the WSNs can be classified as homogeneous and heterogeneous. Large sensing range, more power and broad casting power management information are the significant features of Heterogeneous WSNs in comparison with homogeneous WSNs [13,14]. The two important conditions for ensuring detection probability in WSNs are the network connectivity and broad cast reach ability in a secured manner [14, 18,20]. A few have considered the case of IDS for heterogeneous WSN security in comparison with homogeneous one with a simple simulation method. A comparative study may be considered for both homogeneous and heterogeneous WSNs in terms of intrusion/hacker detection. Hence this is the motivation for the present work to design and implement an Attacker Evidence system (AES) for homogeneous and heterogeneous WSNs by using a simple simulation method. This simple method may be a proto-type but would be useful to extend further. To the best of our knowledge, our effort is the first to address this issue both in homogeneous and heterogeneous WSNs for a simple simulation using Attacker Evidence system (AES).

Earlier Intrusion Detection Systems (IDS) and WSN
Various attacker/intrusion/hacker detection systems have been designed and implemented in different scenario and detailed information is available in vast literature [13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29]. It is already understood that An Intrusion Detection system (IDS) is software and/or hardware based security scheme to detect the attempts of an intruder intended to misuse the systems such as network or the Internet [13]. From [14], the IDS comprise of mainly three components namely sensors, console and central engine. The security events of the WSN are produced by sensors. The WSN events and their related alerts are monitored by console. The centrals records events and set rules for generation of alerts. The intrusion detection is possible in two ways: intrusion detection by a single sensor or multiple sensors collective cooperation. As the former is ineffective in some cases, multiple sensor detection can be considered for intrusion detection. The data flow in homogeneous and heterogeneous wireless sensors is as shown in Fig. 1. S and D indicate Source and Detector and R1, R2, and R3 are receiving nodes in WSN. The directions indicate the flow of data through the networks. The intruder may be denoted by a cloud symbol. With reference to [14], the presently proposed simple Attacker Evidence System (AES) can be designed in five modules: 1. WSN construction, 2. Generation of Packets. 3. Identifying authorized and unauthorized port. 4. Inter-Domain Packet Filter construction and 5. Valid packet reception. In the first module WSN is designed such a way that each node is connected to the neighboring nodes and each port number is authorized by all nodes. In the second module a browser is designed to convert selected data into a fixed size of packet. These packets are sent from source to detector. In the third module in order to find authorized and unauthorized port a detection mechanism is designed. This module checks whether the path is authorized or unauthorized using the port number and if path is authorized the packet is send to valid destination. Otherwise the packet will be deleted. In the fourth module the Inter-Domain Packet Filter is designed. The Packet Filter filters the packets received from other than the designated port number and authorized packets will be send to destination. Finally, the valid packet reception module receives all the valid Packets. Thus only valid packets reach the destination from the source node [30]. The design logic for the Attacker Evidence System (AES) is shown in Fig. 2. The system design comprises of mainly data input and output mechanisms. 1. Input Design: (i) Source file browsing (ii) Conversion of selected data into fixed size packets. (iii) Write program to hack the packet (iv) Selection of port number to send the packet (v) Sending packet from source to detector. 2. Output Design: (i) Filtering and discarding of packet from unauthorized port (ii) Sending authorized packets to destination. The functional flow of data, data input, intruder detection, packet filtering, and reception packets are shown in data flow diagram (Fig. 2).

Sensor Network
Find authorized and unauthorized port At first the user will input the data from a file and sends this packet to the detector and the detector filters the received packets. In case the packet is authorized it will be sent to a valid receiver. If the packet is an unauthorized one, then it will be discarded into the sink. Thus the design plan is implemented in four modules: Network construction module, Detector module, Packet filter module and Receive packet module. The corresponding software design plan is shown in Figs. 3 and 4. The Network Construct module is a network, with attributes Construct and with responsibilities container.add(c); The Detector module comprises the attributes analyzing and responsibilities void server(); The packet filter contains attributes Testing and responsibilites r1.server; Finally the sink module contains attributes Receive packets and responsibilites get.packet().
(a) User Requirement Specification: The main user requirements are User Characteristics, Functional Requirements, and Non Functional Requirements. The user requirements are briefly outlined below: 1. User Characteristics: A user interface is used to search the data and services. An operational user interface can be used to add new data as and when required. Provision for operations like update/delete the data. No access rights for the user to access the system. 2. Functional Requirements: (i) Frame a packet and send the packet over the network.
(ii) Write the instruction program to hack the packet over inappropriate, incorrect, anomalous attackers. (iii) This should be for both homogeneous and heterogeneous WSN models. 3. Non-Functional Requirements: (i) Usability: A procedure is designed to establish connection between a sender and a receiver with no third party intervention.
(ii) Reliability: The java platform makes the system more reliable. (iii) Performance: The system performance depends on the high level languages and the advanced network technologies. (iv) Supportability: A cross platform supported system is to be designed. (v) Implementation: The system is implemented in java network programming environment with Windows xp professional platform.

AES Implementation
The architecture of a WSN node is as shown in Fig. 5. According to the networking principles each node contains the data of authorized ports of all other nodes in the network. Each node can verify whether a packet is from an authorized port or not by running a suitable algorithm and accordingly takes the decision for next action. All the operations, respective screen display operations and screen displays involved in the simulation at source, detector and receiver level are presented in Table 1. Predefined authorized and unauthorized ports data has been stored in files and the files have been browsed to select the ports for communicating packets through the WSN. The present AES has been simulated in the environment of Java, JFrame Builder and Window's XP operation system using the specified hardware and software. The simulated results that have been obtained by implementing the operations as per the Table 1 have been reported in Table 2. Also important screen shots have been presented for better understanding of the simulated results and the process of AES in Fig. 6.

Conclusions
In the present research work we have designed and implemented an Attacker Evidence system (AES) as a simple network security measure in a wireless networks system considering both a homogeneous and heterogeneous structures. Also we considered the two sensing detection models: single-sensing detection and multiple-sensing detection. The implemented security measure scheme and its simulated results have been presented and discussed. From Tables 1 and 2, it is evident that the AES is working as per the expectations. The attacker is being detected and reported properly. The screening of the packets from unauthorized ports and at the same time allowing the valid packets to the receiver are also executed as per the expectations. Thus the present AES can be useful to send information in a secured manner through the WSN. By using multiple sensors network in the present scheme we could not only detect the presence of malicious elements but also preventing the attacks by filtering and discarding them. A comparison can be done from the results for both homogeneous and heterogeneous WSNs in terms of attacker detection and it is inferred that the mechanism is more effective in later one. Thus the present Attacker Evidence System (AES) shows the existence of the attacker and also prevents the attack and in turn acts as security measure for a wireless network system which is the objective of the present research work. In scope, the present Attacker Evidence System (AES) may be a proto-type, but the simulation can be extended to study intrusion detection probability within a certain intrusion distance under various application scenarios. The model can be further improved for a larger and more realistic WSN by characterizing attacker detection probability with respect to the intrusion distance and the network parameters like node density, sensing range, transmission range etc. The model can be further enhanced for attacker/hacker/intrusion detections in internet applications and parallel computer interconnection networks.