Intrusion Detection in Wireless Sensor Networks - PowerPoint PPT Presentation

Loading...

PPT – Intrusion Detection in Wireless Sensor Networks PowerPoint presentation | free to view - id: 683230-OGZmO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Intrusion Detection in Wireless Sensor Networks

Description:

Intrusion Detection in Wireless Sensor Networks Group Meeting Spring 2005 Presented by Edith Ngai Outline Wireless sensor networks (WSN) Security in WSN Background on ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Date added: 4 June 2020
Slides: 29
Provided by: KoenLan7
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Intrusion Detection in Wireless Sensor Networks


1
Intrusion Detection in Wireless Sensor Networks
  • Group Meeting
  • Spring 2005
  • Presented by Edith Ngai

2
Outline
  • Wireless sensor networks (WSN)
  • Security in WSN
  • Background on intrusion detection
  • Intrusion detection in WSN
  • Types of attacks
  • Intrusion detection components
  • Required technologies
  • Future directions
  • Conclusion

3
Technology trend
  • Small integrated devices
  • Smaller, cheaper, more powerful
  • PDAs, mobile phones
  • Many opportunities, and research areas
  • Power management
  • Distributed algorithms

4
Wireless sensor networks
  • Wireless sensor node
  • power supply
  • sensors
  • embedded processor
  • wireless link
  • Many, cheap sensors
  • wireless ? easy to install
  • intelligent ? collaboration
  • low-power ? long lifetime

5
Possible applications
  • Military
  • battlefield surveillance, biological attack
    detection, targeting
  • Ecological
  • fire detection, flood detection, agricultural
    uses
  • Health related
  • human physiological data monitoring
  • Miscellaneous
  • car theft detection, inventory control, home
    applications

6
Required technologies
  • Efficient data routing
  • ad-hoc network
  • one or more datasinks
  • In-network data processing
  • large amounts of raw data
  • limited power and bandwidth
  • Node localization

7
Security in WSN
  • Main security threats in WSN are
  • Radio links are insecure eavesdropping /
    injecting faulty information is possible
  • Sensor nodes are not temper resistant if it is
    compromised the attacker obtains all security
    information
  • Protecting confidentiality, integrity, and
    availability of the communications and
    computations

8
Why security is different?
  • Sensor Node Constraint
  • Battery
  • CPU power
  • Memory
  • Networking Constraints and Features
  • Wireless
  • Ad hoc
  • Unattended

9
Network defense
React - Response - Terminate Connections
- Block IP Addresses - Containment -
Recovery - Reconstitute
Protect - Encryption - Firewalls -
Authentication - Biometrics
Detect - Intrusions - Attacks - Misuse of
Resources - Data Correlation - Data
Visualization - Malicious Behaviors - Network
Status/ Topology
10
What is intrusion detection?
  • Intrusion detection is the process of
    discovering, analyzing, and reporting
    unauthorized or damaging network or computer
    activities
  • Intrusion detection discovers violations of
    confidentiality, integrity, and availability of
    information and resources

11
What is intrusion detection?
  • Intrusion detection demands
  • As much information as the computing resources
    can possibly collect and store
  • Experienced personnel who can interpret network
    traffic and computer processes
  • Constant improvement of technologies and
    processes to match pace of Internet innovation

12
How useful is intrusion detection?
  • Provide digital forensic data to support
    post-compromise law enforcement actions
  • Identify host and network misconfigurations
  • Improve management and customer understanding of
    the Internet's inherent hostility
  • Learn how hosts and networks operate at the
    operating system and protocol levels

13
Intrusion detection models
  • All computer activity and network traffic falls
    in one of three categories
  • Normal
  • Abnormal but not malicious
  • Malicious
  • Properly classifying these events are the single
    most difficult problem -- even more difficult
    than evidence collection

14
Intrusion detection models
  • Two primary intrusion detection models
  • Network-based intrusion detection monitors
    network traffic for signs of misuse
  • Host-based intrusion detection monitors computer
    processes for signs of misuse
  • So-called "hybrid" systems may do both
  • A hybrid IDS on a host may examine network
    traffic to or from the host, as well as processes
    on that host

15
IDS paradigms
  • Anomaly Detection - the AI approach
  • Misuse Detection - simple and easy
  • Burglar Alarms - policy based detection
  • Honey Pots - lure the hackers in
  • Hybrids - a bit of this and that

16
Anomaly detection
  • Goals
  • Analyze the network or system and infer what is
    normal
  • Apply statistical or heuristic measures to
    subsequent events and determine if they match the
    model/statistic of normal
  • If events are outside of a probability window of
    normal then generate an alert

17
Misuse detection
  • Goals
  • Know what constitutes an attack
  • Detect it
  • A database of known attack signatures should be
    maintained

18
Intrusion Detection in WSN
19
Network model
  • BSj base station at location (Xj, Yj)
  • Si sensor node at location (xi, yi)
  • R transmission range of the base station
  • r transmission range of the sensor node
  • k-coverage a node covers by k BSs

20
Definitions
  • Coverage of a base station
  • Number of coverage from base stations
  • p sends data to q successfully (in 1-hop)
  • p sends data to q successfully via k hops
  • p fails in sending data from p to q

21
Types of intrusions
  • Sinkhole SH(q), HelloFlood HF(q)
  • A region of nodes will forward packets destined
    for a BS through an adversary
  • Wormhole WH(q)
  • An adversary tunnels messages received in one
    part of the network over a low latency link and
    replays them in a different part

22
Types of intrusions
  • Missing Data MD(p)
  • Missing data from p to BSi
  • Wrong Data WD(p)
  • Inconsistent data
  • Interference
  • Sensor p cannot send packet to its neighboring
    nodes

23
Architecture
24
Intrusion detection components
  • Neighbor monitoring
  • Watchdog
  • Data fusion
  • Local neighboring nodes
  • Global overlapping areas
  • Topology discovery
  • Route tracing
  • History

25
Intrusion classification
Components\Attack Types Components\Attack Types I II III IV V
Neighbor Monitoring BS Dominating intermediate node Dominating intermediate node Selective forwarding --- ---
Neighbor Monitoring Sensor --- --- Selective forwarding --- Interference (jamming with neighbors)
Data Comparison Global (may have missing or inconsistent data) (may have missing or inconsistent data) Missing data Inconsistent data (IVa malicious sensor or intermediate nodes) Missing data
Data Comparison Local (may have missing or inconsistent data) (may have missing or inconsistent data) Missing data Inconsistent data (IVb sensor failure or being compromised) Missing data
Routing (with topology info.) BS a region of nodes forward packet through the same adversary An adversary tunnels messages and replays them in a different part --- --- ---
Attack Types I - Sinkhole, Hello Flood II
Wormhole III Missing Data IV Wrong
Data V - Interference
26
Required technologies
  • Collection of the audit data
  • Localization
  • Data fusion
  • Routing
  • Analysis on the audited data
  • Identify the intrusion characteristics
  • Detect the intrusions
  • Locate the intrusions
  • Intrusion reaction

27
Future direction
  • Study how to collect the audit data effectively
  • Complete the intrusion detection architecture
  • Investigate the methods to analyze the audit data
    for intrusion detection
  • Explore how to locate and react to the intrusions
  • Formulate and evaluate our intrusion detection
    solution

28
Conclusion
  • We discussed the characteristics of WSN and its
    security issues
  • We studied traditional intrusion detection
    technologies
  • We introduced the problem of intrusion detection
    in WSN
  • We proposed an intrusion detection architecture
    and analyzed various kinds of intrusions in WSN
  • We showed our future direction
About PowerShow.com