Intrusion Detection System for WSN
▶ Introduction

Wireless Sensor Networks (WSN) are composed of several tiny sensor nodes. These sensor nodes have constrained resources, such as, low memory and low computational power. In spite of these limitations, wireless sensor networks can be used in various fields. Generally sensor nodes use IEEE 802.15.4 PHY/MAC [1] and Zigbee [2] protocol stack. In a special purpose, to support IPv6, 6LoWPAN (IPv6 Low Power Wireless Personal Area Network) [3] can be used instead of Zigbee. These kinds of mechanism can be used to build an Internet of Things (IoT). However, wireless sensor networks are vulnerable against many attacks, such as sinkhole [4], wormhole, etc. 6LoWPAN also introduces IP based attacks in WSN. Moreover, WSN can be deployed in various environments, such as, nuclear plants, power station, hospital, etc. Thus security issues in WSN are becoming so important nowadays. Because sensor nodes have limited battery power, low memory capacity, and low computational power, we have to design a resource-efficient mechanism which is implementable on sensor nodes.

An IDS (Intrusion Detection System) is a basic component of network security to detect attacks. The IDS can be categorized into two classes; one uses attack signatures and the other uses abnormal states to detect attacks. Because the IDS based on abnormal states requires high memory usage for storing the state of traffic and high computation power for the traffic analysis, it is not suitable for sensor nodes. The IDS based on attack signatures requires high memory for storing attack signatures. Moreover, the performance of the IDS depends upon the number of attack signatures. If we can obtain more attack signatures, the IDS can detect more attacks. However, in a resource-constrained sensor node, it is not feasible to implement complete attack signatures. To solve this problem, several researches are ongoing.

Above figure is an example of bloom filter based IDS for WSNs. Bloom filter can compress the signature information efficiently.

▶ Research Issues

  • Bloom filter for data reduction
  • CUSUM chart to analyze the traffic behavior on WSN
  • Security threats of 6LoWPAN
  • Resource efficient IDS

  • ▶ References

    1. IEEE Computer Society, “IEEE Std. 802.15.4-2003," Oct. 2003.
    2. ZigBee Document 053474r13, “ZigBee Specification,” Dec. 2006,
    3. N. Kushalnagar, G. Montenegro, and C. Schumacher, IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals, IETF RFC 4919, Aug. 2007
    4. Edith C. H. Ngai, Jiangchuan Liu, Michael R. Lyu, "On the Intruder Detection for Sinkhole Attack in Wireless Sensor Networks", ICC 2006, Proceedings of the IEEE International Conference on Communications, Istanbul, Turkey, 2006
    5. A.Broder and M. Mizenmacher, “Network applications of bloom filters: A survey”, Internet Mathematics, vol.1, no.4, pp.485-509, 2004
    6. SNORT,
    7. Stephan Riebach, Erwin P. Rathgeb, and Birger Toedtmann, "Efficient Deployment of Honeynets for Statistical and Forensic Analysis of Attacks from the Internet," IFIP International Federation for Information Processing 2005, LNCS 3462, pp756-767, 2005

    ▶ Achievements

    1. Syed OBAID AMIN, Muhammad SHOAIB SIDDIQUI, Choong SEON HONG and Sungwon LEE, "Implementing Signature Based IDS in IP-Based Sensor Networks with the Help of Signature-Codes", IEICE Transactions on Communications, Vol.E93-B, No.02, pp.389-391, February 2010. (SCI)
    2. Syed Obaid Amin, Muhammad Shoaib Siddiqui, Choong Seon Hong and Sungwon Lee, "RIDES: Robust Intrusion DEtection System for IP-Based Ubiquitous Sensor Networks", Sensors, Vol.9, No.5, pp.3447-3468, May 2009. (SCIE)
    3. Eung Jun Cho, Choong Seon Hong and Deokjai Choi, "Distributed IDS for Efficient Resource Management in Wireless Sensor Network", The 13th Asia-Pacific Network Operations and Management Symposium(APNOMS2011) September 21-23, 2011, Taipei, Taiwan
    4. 조응준, 홍충선, "WSN에서 블룸필터를 이용한 분산된 시그니쳐 기반 IDS의 탐지율 향상 기법", 한국정보과학회 제 38회 추계학술발표회(KIISE 2011), 2011년 11월 25일~11월 26일
    5. 조응준, 홍충선, "무선 센서 네트워크를 위한 자원 효율적인 분산 IDS 프레임워크", 한국통신학회 2011년 통신망운용관리학술대회 (KNOM 2011), 2011년 4월 21일~4월 22일