SlideShare a Scribd company logo

Neighbor Node Trust Based Intrusion Detection System for WSN

Hitesh Mohapatra, profile picture
Hitesh Mohapatra

The document presents a neighbor node trust-based intrusion detection system (IDS) for wireless sensor networks (WSNs) that utilizes trust calculations to classify neighboring nodes as trustworthy, risky, or malicious. It effectively detects attacks such as hello flood, jamming, and selective forwarding by analyzing network statistics and node behaviors. The proposed system includes a trust manager, behavior classifier, and a recommendation database to aid in secure packet forwarding decisions.

Engineering
1 of 34
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Neighbour Node Trust Based Intrusion Detection System for WSN Class Seminar Nov 17 Presented by Hitesh Mohapatra (Ph.D Scholar) Subject In-Charge Dr.S.Panigrahi
Outline • Abstract • Introduction • Related Work • The proposed IDS • Result and discussion and conclusion • Reference
Abstract • This seminar presents an intrusion detection technique based on the calculation of trust of the neighbouring node. In the proposed IDS, each node observes the trust level of its neighbour nodes. • Based on these trust values , neighbour nodes may be declared as trust worthy, risky or malicious. • The proposed scheme successfully detects Hello flood attack, jamming attack and selective forwarding attack by analysing the network statistics and malicious node behaviour.
Introduction Wireless sensor networks • Wireless sensor node • power supply • sensors • embedded processor • wireless link • Many, cheap sensors • wireless  easy to install • intelligent  collaboration • low-power  long lifetime
Possible applications • Military • Asset monitoring and management, battlefield surveillance, biological attack detection • Ecological • fire detection, flood detection, agricultural uses • Health related • Medical sensing, microsurgery • General engineering • car theft detection, inventory control, residential security
Security in WSN • Main security threats in WSN are: • Radio links are insecure – eavesdropping / injecting faulty information is possible • Sensor nodes are not temper resistant – if it is compromised the attacker obtains all security information • Protecting confidentiality, integrity, and availability of the communications and computations
Why security is different? •Sensor Node Constraint •Battery •CPU power •Memory •Networking Constraints and Features •Wireless •Ad hoc •Unattended
Network defense Protect - Encryption - Firewalls - Authentication - Biometrics Detect - Intrusions - Attacks - Misuse of Resources - Data Correlation - Data Visualization - Malicious S/W - Network Status/ Topology React - Response - Terminate Connections - Block IPAddresses - Containment - Fishbowl - Recovery - Reconstitute
What is intrusion detection? • Intrusion detection is the process of discovering, analyzing, and reporting unauthorized or damaging network or computer activities • Intrusion detection discovers violations of confidentiality, integrity, and availability of information and resources
• Intrusion detection demands: • As much information as the computing resources can possibly collect and store • Experienced personnel who can interpret network traffic and computer processes • Constant improvement of technologies and processes to match pace of Internet innovation What is intrusion detection?
How useful is intrusion detection? • Provide digital forensic data to support post- compromise law enforcement actions • Identify host and network misconfigurations • Improve management and customer understanding of the Internet's inherent hostility • Learn how hosts and networks operate at the operating system and protocol levels
Intrusion detection models • All computer activity and network traffic falls in one of three categories: • Normal • Abnormal but not malicious • Malicious • Properly classifying these events are the single most difficult problem -- even more difficult than evidence collection
Intrusion detection models • Two primary intrusion detection models • Network-based intrusion detection monitors network traffic for signs of misuse • Host-based intrusion detection monitors computer processes for signs of misuse • So-called "hybrid" systems may do both • A hybrid IDS on a host may examine network traffic to or from the host, as well as processes on that host
IDS paradigms • Anomaly Detection – look for abnormal • Misuse Detection – pattern matching • Burglar Alarms - policy based detection • Honey Pots - lure the hackers in • Hybrids - a bit of this and that
Anomaly detection(cont) • Typical anomaly detection approaches: • Neural networks - probability-based pattern recognition • Statistical analysis - modeling behavior of users and looking for deviations from the norm • State change analysis - modeling system’s state and looking for deviations from the norm
Core Part Intrusion Detection for WSN
The proposed intrusion detection 1. The system has a trust manager, which manage the direct and indirect trust (reputation) of a node. 2. The behaviour classifier classifies the behaviour of the node as attacker, trustworthy and risky based on the trust values and calculation obtained from the trust manager. 3. In case of the trustworthy behaviour, the observed node is recommended to the forwarding engine for packet forwarding. 4. When behaviour of the observed node is identified as risky, its risk factor is evaluated and updated. If the observing node is willing to take risk, it recommends the observed node having risky behaviour to the forwarding engine for forwarding. 5. If the observing node does not want to take risk, it stores the risk factor of the observed node in recommendation data base. 6. In case of attack behaviour, the attack classifier distinguishes attack pattern based on the calculation described in the following subsections. 7. The observed node is declined for forwarding purpose. The status of the observed nodes is saved in the recommendation data base.
Block Diagram of Proposed IDS
System Model and nodes Initial Observation • In the proposed IDS, a node y0 calculates the level of trust of its neighbouring nodes. • The neighbours of y0 is a set of nodes having one hop contact with node y0 and are represented as • Any node yi possesses set of attributes denoted as • The activity of the node yi is observed by the sensor node y0 by observing its individual attributes. • The observed attributes of node yi are stored by the vector with ever element explaining the node’s activities • If node yi observes its neighbouring nodes it stores the set of the corresponding attribute vectors
Attributes of WS-Nodes: • Received Signal Strength • Packet Sending Rate • Control Packet Generating Rate • Packets Delivery Ratio • Packet Dropping Rate • Packet Forwarding Rate • Packet Acknowledgment Rate
Jamming attack • The amount of power in any radio signal received is termed as Received Signal Strength. • The Received Signal Strength of the node y observed by the node y0 is represented as Ps(y). • A node is considered malicious if it has high received signal strength than the vector of received signal strength of its neighbours Nb(y0)={y1......yn}. • In this case the node is considered to have undergone a Jamming attack.
Hello Flood attack • Packet Generation Rate is the number of control packets generated in a specific interval of time. • Pg(y) is the Packet Generation Rate of node y monitored by the node y0. • A node is considered malicious if it generates high number of control packets than the vector of control packets generated by its neighbours Nb(y0)={y1......yn}. • In this case, the node is considered to have undergone a Hello Flood attack.
Selective Forwarding Attack • In a multi-hop scenario, a node forwards packets of its neighbours. The rate of packet received by a node and its subsequent forwarding to its destination node is termed as Packet Forwarding Rate. • PFrR(y) is the Packet Forwarding Rate of node y monitored by the node y0. • A node is said to be suffering selective forwarding attack if its packets forwarding rate is much less than the packets forwarding rate of its neighbour Nb(y0)={y1......yn}.
Trust Trust is calculated by taking average of the direct trust A(y) and indirect trust i.e. reputation B(y). Mathematically :
Detection of Jamming Attack The total Received Signal Strength of node y observed by node y0 during time interval T0 = Ps0(y) During time interval T1 = Ps1(y) Total packet sending rate of node y observed by node y0 during time interval Tz = Psz(y) Total Received Signal Strength of node y observed by node y0 during time interval Ti = Psi(y) Average Received Signal Strength is calculated as Now at any interval ’i’ if the Received Signal Strength is greater then the summation of average Received Signal Strength and the Received Signal Strength values of the sensor specified in its data sheets, node is suffering from jamming Attack. Mathematically, {Where Psi(y) is the Received Signal Strength of node y at any given interval i observed by node y0. C is the Received Signal Strength values of the sensor specified in its data sheets. Node for which equation 1 does not not hold true, are malicious.}
Detection of Selective Forwarding Attack •
Detection of HELLO Flood Attack Let Pg0(y) is the control packets generating rate of node y observed by node y0 during time interval T0. Pg1(y) is the packets generating rate of node y observed by node y0 during time interval T1 and Pgz(y) is the control packets generating rate of node y observed by node y0 during time interval Tz. Let Pgi(y) ) is the control packets generating rate of node y observed by node y0 during time interval Ti. Then the average control packets generating rate is given : Now at any interval ’i’ if the control packets generating rate of any node is greater then the summation of average control packets generating rate and the control packets generating rate values of the sensor specified in the standard protocol, node is suffering from Hello Flood Attack. Mathematically : Where Pgi(y) is the control packets generating rate of node y at any given interval i observed by node y0 . C is the control packets generating rate values of the sensor specified in the standard protocol it follow. Node for which equation 3 does not hold true, are malicious and higher control packets generating rate is the identification of hello flood attack.
• Detection of Trustworthy (Good) Nodes A node is said to be trustworthy or Good if its current Direct Trust value Ac(y) is greater or equal to the required trust value RTv , meaning that it satisfies the condition :
Detection of Risky Nodes There are two possibilities about the risky nature of a node. In the first case, there is no prior recommendation about the node , that is B(y)=0 and its current direct trust value Ac(y) is less that the Required Trust Value RTv. Mathematically: Ac(y) < RTv. In this case, the total trust is given as and as B(y)=0 so Then the value of risk is given as :
Detection of Risky Nodes In the second case, the recommendation value of the node is less than the value of Required Trust Value that is B(y) < RTv and its current direct trust value Ac(y) is less that the Required Trust Value RTv. Mathematically Ac(y) < RTv. In this case, the total trust is given as : Then the value of risk is given by the following equation.
Storage of Node Status for future use (Reputation) and subsequent Forwarding Decision Recommendation Data Base stores the status of the node. On the bases of calculation, a node may be found malicious, trustworthy or risky. These statistics are used in the future interaction of the nodes. A trustworthy node is recommended for interaction, a malicious node is declined, while decision about packet forwarding through risky node is made, if the node intending to send data is willing to take risk. After the successful determination of the node status as malicious, trustworthy or risky, decision about the packet forwarding through any neighbour node is taken by the packet sending node. The criteria for packet forwarding is the selection of safest path rather than selecting shortest path.
Results The proposed intrusion detection system is implemented using MATLAB .
Conclusion We propose an intrusion detection technique based on the principle that nodes in each other neighbourhood behave in a similar way. The proposed NeTMids detects hello flood, jamming and selective forwarding attack. It can be further extended by including other attacks as well. Simulation results shows that network perform better when the proposed NeTMids is deployed. Thank You to original authors and Dr.S.Panigrahi Contact: hiteshmahapatra@gmail.com Mob:9436992299
Reference 6th International Conference on Emerging Ubiquitous Systems and Pervasive Networks,EUSPN- 2015 Neighbour Node Trust Based Intrusion Detection System for WSN Syed Muhammad Sajjada, Safdar Hussain Boukb, Muhammad Yousafa Riphah Institute of Systems Engineering, Riphah International University, Islamabad, Pakistan Department of Electrical Engineering, Comsats Institute of Information Technology, Islamabad, Pakistan

More Related Content

PPTX
Security of RPL in IoT
Abhishek858
 
PPTX
Functional point analysis
DestinationQA
 
PPT
Three dimensional concepts - Computer Graphics
Kongunadu College of engineering and Technology, Namakkal
 
PPT
Chapter 5 slides
lara_ays
 
PPTX
illumination model in Computer Graphics by irru pychukar
syedArr
 
PPTX
Object relationship model of software engineering,a subtopic of object orient...
julia121214
 
PPT
State Diagrams
Vaidik Trivedi
 
PPTX
Multilayer & Back propagation algorithm
swapnac12
 
Security of RPL in IoT
Abhishek858
 
Functional point analysis
DestinationQA
 
Three dimensional concepts - Computer Graphics
Kongunadu College of engineering and Technology, Namakkal
 
Chapter 5 slides
lara_ays
 
illumination model in Computer Graphics by irru pychukar
syedArr
 
Object relationship model of software engineering,a subtopic of object orient...
julia121214
 
State Diagrams
Vaidik Trivedi
 
Multilayer & Back propagation algorithm
swapnac12
 

What's hot (20)

PDF
Mobility in network
Xavient Information Systems
 
PPTX
Dynamic Itemset Counting
Tarat Diloksawatdikul
 
PPT
Guided Transmission Media
asrabatool
 
PPT
Ooad ch 4
anujabeatrice2
 
PPTX
Ch 6 development plan and quality plan
Kittitouch Suteeca
 
PPT
Unit 4
gopal10scs185
 
PPTX
Activity diagram
bhupendra kumar
 
PPT
Struts
s4al_com
 
PPTX
Notification android
ksheerod shri toshniwal
 
DOCX
Erd For Gift Shop
Abdul Aslam
 
PPTX
Random scan displays and raster scan displays
Somya Bagai
 
PPTX
Bezeir curve na B spline Curve
Pooja Dixit
 
PPTX
Back face detection
Pooja Dixit
 
PDF
Methods for handling deadlocks
A. S. M. Shafi
 
PDF
Android intents
Siva Ramakrishna kv
 
PPTX
Semi join
Alokeparna Choudhury
 
PPT
Formal Specification in Software Engineering SE9
koolkampus
 
PPTX
Component diagram
Abdul Manan
 
PPT
Illumination model
Ankur Kumar
 
PPTX
Artificial neural network
sweetysweety8
 
Mobility in network
Xavient Information Systems
 
Dynamic Itemset Counting
Tarat Diloksawatdikul
 
Guided Transmission Media
asrabatool
 
Ooad ch 4
anujabeatrice2
 
Ch 6 development plan and quality plan
Kittitouch Suteeca
 
Unit 4
gopal10scs185
 
Activity diagram
bhupendra kumar
 
Struts
s4al_com
 
Notification android
ksheerod shri toshniwal
 
Erd For Gift Shop
Abdul Aslam
 
Random scan displays and raster scan displays
Somya Bagai
 
Bezeir curve na B spline Curve
Pooja Dixit
 
Back face detection
Pooja Dixit
 
Methods for handling deadlocks
A. S. M. Shafi
 
Android intents
Siva Ramakrishna kv
 
Semi join
Alokeparna Choudhury
 
Formal Specification in Software Engineering SE9
koolkampus
 
Component diagram
Abdul Manan
 
Illumination model
Ankur Kumar
 
Artificial neural network
sweetysweety8
 
Ad

Similar to Neighbor Node Trust Based Intrusion Detection System for WSN (20)

PDF
intrution to WSN.pdf.....................
danieldencil27
 
PPTX
Black hole attack
Richa Kumari
 
PPTX
Entropy and denial of service attacks
chris zlatis
 
PPT
Lecturasdfasdfasdfadsfasdfasdfasdfasddfsdfasdfasdfasdf14.ppt
SaiRanga13
 
PPT
eabcdefghiaasjsdfasdfasdfasdfasdfas1.ppt
raosg
 
PPTX
Vampire attack in wsn
Richa Kumari
 
PPTX
Cryptography based misbehavior detection for opportunistic network
Shahana P H
 
PPT
security in wireless sensor network
RABIA ASHRAFI
 
PPTX
Computational intelligence in wireless sensor network
KratikaNigam3
 
PPTX
11011 a0449 secure routing wsn
Muqeed Abdul
 
PPTX
Secure routing in wsn-attacks and countermeasures
Muqeed Abdul
 
PDF
Overview on security and privacy issues in wireless sensor networks-2014
Tarek Gaber
 
PPTX
Security management in mobile ad hoc networks
Prof. Dr. Noman Islam
 
PPTX
Redundancy Management in Heterogeneous Wireless Sensor Networks
Saeid Hossein Pour
 
PPTX
Trust Based Routing In wireless sensor Network
Anjan Mondal
 
PPTX
Wireless Sensor Network
Muhammad Farooq Hussain
 
PDF
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
vtunotesbysree
 
PPTX
A_Seyedolhosseini_Tir_95_1
atefesadat Seyedolhosseini
 
PDF
A Study on Security in Wireless Sensor Networks
ijtsrd
 
PPTX
Intrusion detection in wireless sensor network
Vinayak Raja
 
intrution to WSN.pdf.....................
danieldencil27
 
Black hole attack
Richa Kumari
 
Entropy and denial of service attacks
chris zlatis
 
Lecturasdfasdfasdfadsfasdfasdfasdfasddfsdfasdfasdfasdf14.ppt
SaiRanga13
 
eabcdefghiaasjsdfasdfasdfasdfasdfas1.ppt
raosg
 
Vampire attack in wsn
Richa Kumari
 
Cryptography based misbehavior detection for opportunistic network
Shahana P H
 
security in wireless sensor network
RABIA ASHRAFI
 
Computational intelligence in wireless sensor network
KratikaNigam3
 
11011 a0449 secure routing wsn
Muqeed Abdul
 
Secure routing in wsn-attacks and countermeasures
Muqeed Abdul
 
Overview on security and privacy issues in wireless sensor networks-2014
Tarek Gaber
 
Security management in mobile ad hoc networks
Prof. Dr. Noman Islam
 
Redundancy Management in Heterogeneous Wireless Sensor Networks
Saeid Hossein Pour
 
Trust Based Routing In wireless sensor Network
Anjan Mondal
 
Wireless Sensor Network
Muhammad Farooq Hussain
 
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
vtunotesbysree
 
A_Seyedolhosseini_Tir_95_1
atefesadat Seyedolhosseini
 
A Study on Security in Wireless Sensor Networks
ijtsrd
 
Intrusion detection in wireless sensor network
Vinayak Raja
 
Ad

More from Hitesh Mohapatra (20)

PDF
Introduction to Edge and Fog Computing.pdf
Hitesh Mohapatra
 
PDF
Amazon Web Services (AWS) : Fundamentals
Hitesh Mohapatra
 
PDF
Resource Cluster and Multi-Device Broker.pdf
Hitesh Mohapatra
 
PDF
Failover System in Cloud Computing System
Hitesh Mohapatra
 
PDF
Resource Replication & Automated Scaling Listener
Hitesh Mohapatra
 
PDF
Storage Device & Usage Monitor in Cloud Computing.pdf
Hitesh Mohapatra
 
PDF
Networking in Cloud Computing Environment
Hitesh Mohapatra
 
PDF
Uniform-Cost Search Algorithm in the AI Environment
Hitesh Mohapatra
 
PDF
Logical Network Perimeter in Cloud Computing
Hitesh Mohapatra
 
PPT
Software Product Quality - Part 1 Presentation
Hitesh Mohapatra
 
PDF
Multitenancy in cloud computing architecture
Hitesh Mohapatra
 
PDF
Server Consolidation in Cloud Computing Environment
Hitesh Mohapatra
 
PDF
Web Services / Technology in Cloud Computing
Hitesh Mohapatra
 
PDF
Resource replication in cloud computing.
Hitesh Mohapatra
 
PDF
Software Measurement and Metrics (Quantified Attribute)
Hitesh Mohapatra
 
PDF
Software project management is an art and discipline of planning and supervis...
Hitesh Mohapatra
 
PDF
Software project management is an art and discipline of planning and supervis...
Hitesh Mohapatra
 
PDF
The life cycle of a virtual machine (VM) provisioning process
Hitesh Mohapatra
 
PDF
BUSINESS CONSIDERATIONS FOR CLOUD COMPUTING
Hitesh Mohapatra
 
PDF
Traditional Data Center vs. Virtualization – Differences and Benefits
Hitesh Mohapatra
 
Introduction to Edge and Fog Computing.pdf
Hitesh Mohapatra
 
Amazon Web Services (AWS) : Fundamentals
Hitesh Mohapatra
 
Resource Cluster and Multi-Device Broker.pdf
Hitesh Mohapatra
 
Failover System in Cloud Computing System
Hitesh Mohapatra
 
Resource Replication & Automated Scaling Listener
Hitesh Mohapatra
 
Storage Device & Usage Monitor in Cloud Computing.pdf
Hitesh Mohapatra
 
Networking in Cloud Computing Environment
Hitesh Mohapatra
 
Uniform-Cost Search Algorithm in the AI Environment
Hitesh Mohapatra
 
Logical Network Perimeter in Cloud Computing
Hitesh Mohapatra
 
Software Product Quality - Part 1 Presentation
Hitesh Mohapatra
 
Multitenancy in cloud computing architecture
Hitesh Mohapatra
 
Server Consolidation in Cloud Computing Environment
Hitesh Mohapatra
 
Web Services / Technology in Cloud Computing
Hitesh Mohapatra
 
Resource replication in cloud computing.
Hitesh Mohapatra
 
Software Measurement and Metrics (Quantified Attribute)
Hitesh Mohapatra
 
Software project management is an art and discipline of planning and supervis...
Hitesh Mohapatra
 
Software project management is an art and discipline of planning and supervis...
Hitesh Mohapatra
 
The life cycle of a virtual machine (VM) provisioning process
Hitesh Mohapatra
 
BUSINESS CONSIDERATIONS FOR CLOUD COMPUTING
Hitesh Mohapatra
 
Traditional Data Center vs. Virtualization – Differences and Benefits
Hitesh Mohapatra
 

Recently uploaded (20)

PPTX
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
IOT PPTs Week 10 Lecture Material.pptx of NPTEL Smart Cities contd
ssusera400e8
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Construction Project Organization Group 2.pptx
vj5agdales
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Well-logging-methods_new................
ZafriFarid
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 

Neighbor Node Trust Based Intrusion Detection System for WSN

  • 1. Neighbour Node Trust Based Intrusion Detection System for WSN Class Seminar Nov 17 Presented by Hitesh Mohapatra (Ph.D Scholar) Subject In-Charge Dr.S.Panigrahi
  • 2. Outline • Abstract • Introduction • Related Work • The proposed IDS • Result and discussion and conclusion • Reference
  • 3. Abstract • This seminar presents an intrusion detection technique based on the calculation of trust of the neighbouring node. In the proposed IDS, each node observes the trust level of its neighbour nodes. • Based on these trust values , neighbour nodes may be declared as trust worthy, risky or malicious. • The proposed scheme successfully detects Hello flood attack, jamming attack and selective forwarding attack by analysing the network statistics and malicious node behaviour.
  • 4. Introduction Wireless sensor networks • Wireless sensor node • power supply • sensors • embedded processor • wireless link • Many, cheap sensors • wireless  easy to install • intelligent  collaboration • low-power  long lifetime
  • 5. Possible applications • Military • Asset monitoring and management, battlefield surveillance, biological attack detection • Ecological • fire detection, flood detection, agricultural uses • Health related • Medical sensing, microsurgery • General engineering • car theft detection, inventory control, residential security
  • 6. Security in WSN • Main security threats in WSN are: • Radio links are insecure – eavesdropping / injecting faulty information is possible • Sensor nodes are not temper resistant – if it is compromised the attacker obtains all security information • Protecting confidentiality, integrity, and availability of the communications and computations
  • 7. Why security is different? •Sensor Node Constraint •Battery •CPU power •Memory •Networking Constraints and Features •Wireless •Ad hoc •Unattended
  • 8. Network defense Protect - Encryption - Firewalls - Authentication - Biometrics Detect - Intrusions - Attacks - Misuse of Resources - Data Correlation - Data Visualization - Malicious S/W - Network Status/ Topology React - Response - Terminate Connections - Block IPAddresses - Containment - Fishbowl - Recovery - Reconstitute
  • 9. What is intrusion detection? • Intrusion detection is the process of discovering, analyzing, and reporting unauthorized or damaging network or computer activities • Intrusion detection discovers violations of confidentiality, integrity, and availability of information and resources
  • 10. • Intrusion detection demands: • As much information as the computing resources can possibly collect and store • Experienced personnel who can interpret network traffic and computer processes • Constant improvement of technologies and processes to match pace of Internet innovation What is intrusion detection?
  • 11. How useful is intrusion detection? • Provide digital forensic data to support post- compromise law enforcement actions • Identify host and network misconfigurations • Improve management and customer understanding of the Internet's inherent hostility • Learn how hosts and networks operate at the operating system and protocol levels
  • 12. Intrusion detection models • All computer activity and network traffic falls in one of three categories: • Normal • Abnormal but not malicious • Malicious • Properly classifying these events are the single most difficult problem -- even more difficult than evidence collection
  • 13. Intrusion detection models • Two primary intrusion detection models • Network-based intrusion detection monitors network traffic for signs of misuse • Host-based intrusion detection monitors computer processes for signs of misuse • So-called "hybrid" systems may do both • A hybrid IDS on a host may examine network traffic to or from the host, as well as processes on that host
  • 14. IDS paradigms • Anomaly Detection – look for abnormal • Misuse Detection – pattern matching • Burglar Alarms - policy based detection • Honey Pots - lure the hackers in • Hybrids - a bit of this and that
  • 15. Anomaly detection(cont) • Typical anomaly detection approaches: • Neural networks - probability-based pattern recognition • Statistical analysis - modeling behavior of users and looking for deviations from the norm • State change analysis - modeling system’s state and looking for deviations from the norm
  • 17. The proposed intrusion detection 1. The system has a trust manager, which manage the direct and indirect trust (reputation) of a node. 2. The behaviour classifier classifies the behaviour of the node as attacker, trustworthy and risky based on the trust values and calculation obtained from the trust manager. 3. In case of the trustworthy behaviour, the observed node is recommended to the forwarding engine for packet forwarding. 4. When behaviour of the observed node is identified as risky, its risk factor is evaluated and updated. If the observing node is willing to take risk, it recommends the observed node having risky behaviour to the forwarding engine for forwarding. 5. If the observing node does not want to take risk, it stores the risk factor of the observed node in recommendation data base. 6. In case of attack behaviour, the attack classifier distinguishes attack pattern based on the calculation described in the following subsections. 7. The observed node is declined for forwarding purpose. The status of the observed nodes is saved in the recommendation data base.
  • 18. Block Diagram of Proposed IDS
  • 19. System Model and nodes Initial Observation • In the proposed IDS, a node y0 calculates the level of trust of its neighbouring nodes. • The neighbours of y0 is a set of nodes having one hop contact with node y0 and are represented as • Any node yi possesses set of attributes denoted as • The activity of the node yi is observed by the sensor node y0 by observing its individual attributes. • The observed attributes of node yi are stored by the vector with ever element explaining the node’s activities • If node yi observes its neighbouring nodes it stores the set of the corresponding attribute vectors
  • 20. Attributes of WS-Nodes: • Received Signal Strength • Packet Sending Rate • Control Packet Generating Rate • Packets Delivery Ratio • Packet Dropping Rate • Packet Forwarding Rate • Packet Acknowledgment Rate
  • 21. Jamming attack • The amount of power in any radio signal received is termed as Received Signal Strength. • The Received Signal Strength of the node y observed by the node y0 is represented as Ps(y). • A node is considered malicious if it has high received signal strength than the vector of received signal strength of its neighbours Nb(y0)={y1......yn}. • In this case the node is considered to have undergone a Jamming attack.
  • 22. Hello Flood attack • Packet Generation Rate is the number of control packets generated in a specific interval of time. • Pg(y) is the Packet Generation Rate of node y monitored by the node y0. • A node is considered malicious if it generates high number of control packets than the vector of control packets generated by its neighbours Nb(y0)={y1......yn}. • In this case, the node is considered to have undergone a Hello Flood attack.
  • 23. Selective Forwarding Attack • In a multi-hop scenario, a node forwards packets of its neighbours. The rate of packet received by a node and its subsequent forwarding to its destination node is termed as Packet Forwarding Rate. • PFrR(y) is the Packet Forwarding Rate of node y monitored by the node y0. • A node is said to be suffering selective forwarding attack if its packets forwarding rate is much less than the packets forwarding rate of its neighbour Nb(y0)={y1......yn}.
  • 24. Trust Trust is calculated by taking average of the direct trust A(y) and indirect trust i.e. reputation B(y). Mathematically :
  • 25. Detection of Jamming Attack The total Received Signal Strength of node y observed by node y0 during time interval T0 = Ps0(y) During time interval T1 = Ps1(y) Total packet sending rate of node y observed by node y0 during time interval Tz = Psz(y) Total Received Signal Strength of node y observed by node y0 during time interval Ti = Psi(y) Average Received Signal Strength is calculated as Now at any interval ’i’ if the Received Signal Strength is greater then the summation of average Received Signal Strength and the Received Signal Strength values of the sensor specified in its data sheets, node is suffering from jamming Attack. Mathematically, {Where Psi(y) is the Received Signal Strength of node y at any given interval i observed by node y0. C is the Received Signal Strength values of the sensor specified in its data sheets. Node for which equation 1 does not not hold true, are malicious.}
  • 27. Detection of HELLO Flood Attack Let Pg0(y) is the control packets generating rate of node y observed by node y0 during time interval T0. Pg1(y) is the packets generating rate of node y observed by node y0 during time interval T1 and Pgz(y) is the control packets generating rate of node y observed by node y0 during time interval Tz. Let Pgi(y) ) is the control packets generating rate of node y observed by node y0 during time interval Ti. Then the average control packets generating rate is given : Now at any interval ’i’ if the control packets generating rate of any node is greater then the summation of average control packets generating rate and the control packets generating rate values of the sensor specified in the standard protocol, node is suffering from Hello Flood Attack. Mathematically : Where Pgi(y) is the control packets generating rate of node y at any given interval i observed by node y0 . C is the control packets generating rate values of the sensor specified in the standard protocol it follow. Node for which equation 3 does not hold true, are malicious and higher control packets generating rate is the identification of hello flood attack.
  • 28. • Detection of Trustworthy (Good) Nodes A node is said to be trustworthy or Good if its current Direct Trust value Ac(y) is greater or equal to the required trust value RTv , meaning that it satisfies the condition :
  • 29. Detection of Risky Nodes There are two possibilities about the risky nature of a node. In the first case, there is no prior recommendation about the node , that is B(y)=0 and its current direct trust value Ac(y) is less that the Required Trust Value RTv. Mathematically: Ac(y) < RTv. In this case, the total trust is given as and as B(y)=0 so Then the value of risk is given as :
  • 30. Detection of Risky Nodes In the second case, the recommendation value of the node is less than the value of Required Trust Value that is B(y) < RTv and its current direct trust value Ac(y) is less that the Required Trust Value RTv. Mathematically Ac(y) < RTv. In this case, the total trust is given as : Then the value of risk is given by the following equation.
  • 31. Storage of Node Status for future use (Reputation) and subsequent Forwarding Decision Recommendation Data Base stores the status of the node. On the bases of calculation, a node may be found malicious, trustworthy or risky. These statistics are used in the future interaction of the nodes. A trustworthy node is recommended for interaction, a malicious node is declined, while decision about packet forwarding through risky node is made, if the node intending to send data is willing to take risk. After the successful determination of the node status as malicious, trustworthy or risky, decision about the packet forwarding through any neighbour node is taken by the packet sending node. The criteria for packet forwarding is the selection of safest path rather than selecting shortest path.
  • 32. Results The proposed intrusion detection system is implemented using MATLAB .
  • 33. Conclusion We propose an intrusion detection technique based on the principle that nodes in each other neighbourhood behave in a similar way. The proposed NeTMids detects hello flood, jamming and selective forwarding attack. It can be further extended by including other attacks as well. Simulation results shows that network perform better when the proposed NeTMids is deployed. Thank You to original authors and Dr.S.Panigrahi Contact: hiteshmahapatra@gmail.com Mob:9436992299
  • 34. Reference 6th International Conference on Emerging Ubiquitous Systems and Pervasive Networks,EUSPN- 2015 Neighbour Node Trust Based Intrusion Detection System for WSN Syed Muhammad Sajjada, Safdar Hussain Boukb, Muhammad Yousafa Riphah Institute of Systems Engineering, Riphah International University, Islamabad, Pakistan Department of Electrical Engineering, Comsats Institute of Information Technology, Islamabad, Pakistan