Tesis doctoral de Zorana Bankovic
The objective of this work is to design an autonomous intrusion detection system for wireless sensor networks that would be able to detect wide range of attacks, including the previously unseen ones. The existing solutions have limited scope, in a sense they provide protection against already identified attacks, which renders the system vulnerable to unknown attacks. Furthermore, in those that can be adjusted in order to expand their scope, the modification has to be done through human interaction. we deal with this problem by proposing an artificial intelligence approach for detecting and confining attacks on the core protocols of wireless sensor networks: aggregation, routing and time synchronization. The approach is based on four main contributions. First of all, the attacks are treated as data outliers. To this end, the spaces of sensed values and the routing information of each node are mapped into vector spaces, which enable definition of distance-based analysis for outlier detection. Second, we develop unsupervised machine learning techniques for detecting outliers using defined distance based analysis. Third, we further envision distributed intrusion detection system, given the distributed nature of wsns. Every node is being examined by agents that reside on the nodes in its vicinity and listen to its communication in a promiscuous manner, where each agent executes one of the unsupervised algorithms. Considering the optimal algorithm parameters cannot be guessed from the start, the immune system paradigm is used to obtain a set of high quality agents. And finally forth, the system of agents is coupled with a reputation system, in a way the output of an agent assigns lower reputation to the nodes where it detects adversarial activities and vice versa. It is further advocated to avoid any contact with low reputation nodes, which provides implicit response to adversarial activities, since compromised nodes remain isolated from the network. A prototype of the approach is implemented and connected to the sensor network simulator called amisim developed by our research group. the approach has been tested on the mentioned simulator on a group of representative attacks on each of the core network protocols. The detection and complete confinement of all the attacks was observed, while maintaining low level of false positives. It is also important to mention that the algorithms have been trained on both clean and unclean (i.E. Data with traces of attack presence) data, being able to detect and confine the attacks in both cases, which provides its robustness. Moreover, it has been proven that the resulting reputation system has advantages over the conventional ones in the terms of lower redundancy necessary for correct operations, as well as its robustness to attacks on reputation systems, such as bad mouthing or ballot stuffing, given that it does not use any second hand information. finally, we have proposed various ways of embedding the approach into a realistic environment, which adapts it to the environment resources, both computational and power, and we have proven its viability. We have provided estimations of resource consumption, which can help in choosing processors that can support the implementation. to summarize, the proposed approach can be expanded and adapted in an easy and rapid way in order to detect new attacks. Furthermore, with the intelligence and the level of uncertainty introduced by the proposed techniques, the solution offers possibilities to address the security problem in a more profound way. Thus, although in the current state this solution does not detect attacks that make no change in sensed value that is forwarded to the base station, nor in the routing paths used to send the values to the base station, it can be used to complement the conventional techniques, which will permit better detection of new attacks and react more rapidly to security incidents.
Datos académicos de la tesis doctoral «Unsupervised intrusion detection for wireless sensor networks based on artificial intelligence techniques«
- Título de la tesis: Unsupervised intrusion detection for wireless sensor networks based on artificial intelligence techniques
- Autor: Zorana Bankovic
- Universidad: Politécnica de Madrid
- Fecha de lectura de la tesis: 24/05/2011
Dirección y tribunal
- Director de la tesis
- José Manuel Moya Fernández
- Tribunal
- Presidente del tribunal: koen Bertels
- david Villa alises (vocal)
- pavel Laskov (vocal)
- Juan ramón Velasco pérez (vocal)