A Survey of Intrusion Detection Systems in Wireless Sensor Networks

Download Full-Text PDF Cite this Publication
Text Only Version


A Survey of Intrusion Detection Systems in Wireless Sensor Networks

Shilvi Wilson Neelankavil Department of computer science St. Josephs college (Autonomous) Irinjalakuda, Thrissur, Kerala

Minla K S Department of computer science St. Josephs college (autonomous)

Irinjalakuda, Thrissur, Kerala

Abstract – Wireless Sensor Networking is a standout amongst the most promising advancements that have applications running from medicinal services to strategic military. Wireless Sensor Networks (WSNs) are made out of sensor center points and sinks. Despite the fact that Wireless Sensor Networks (WSNs) have engaging highlights (e.g., low establishment cost, unattended system task), because of the absence of a physical line of guard (i.e., there are no doors or changes to screen the data stream), the security of such systems is a major concern, particularly for the applications where security has prime significance. For the most part sensor center points are used in such districts where wired frameworks are hard to be passed on. Various security-related responses for WSNs have been proposed, for instance, check, key exchange, and secure coordinating or security frameworks for specific ambushes. These security instruments are prepared for ensuring security at some measurement; at any rate they can’t wipe out by far most of the security ambushes An IDS is one possible response for area a broad assortment of security strikes in WSNs. In this article, Intrusion Detection Systems (IDSs) that are proposed for WSNs is given. This is sought after by the examination and relationship of each arrangement alongside their positive conditions and burdens

Keywords – Wireless Sensor Networks (WSNs), Intrusion Detection System (IDS)


Wireless detector Networks (WSNs1) are applied to numerous fields of science and technology: to collect info relating to human activities and behavior, like health care, military police investigation and intelligence activity, route traffic; to observe physical and environmental phenomena, like ocean and life, earthquake, pollution, wild fire, water quality; to observe industrial sites, like building safety, producing machinery performance, so on [1]. On the opposite hand, security in WSNs is a very important issue particularly if they need mission-critical tasks [2]. for example, a confidential patient health record mustn’t be free to 3rd parties during a heath care application. Securing WSNs is critically necessary in military science (military) applications wherever a security gap within the network would cause causalities of the friendly forces during a field of honor. Readers World Health Organization have an interest additional on security in WSNs, might confer with [3], [4] and [5] for additional info.

Security attacks against WSNs are categorized into 2 main branches: Active and Passive. In passive attacks, attackers are generally invisible (hidden) and either faucet the communication link to gather data; or destroy the functioning

components of the network. Passive attacks is classified into eavesdropping, node bad, node tampering/ destruction and traffic analysis sorts. In active attacks, AN resister truly affects the operations within the attacked network. This impact could also be the target of the attack and might be detected. as an example, the networking services could also be degraded or terminated as a results of these attacks. Active attacks is classified into Denial-of-Service (DoS), jamming, hole attacks (blackhole, wormhole, sinkhole, etc.), flooding and Sybil sorts. Readers World Health Organization have an interest additional on security attacks against WSNs, might confer with [4], [5] and [6] for additional details.

The rest of the paper is organized as follows: Section II contains a quick introduction of AN IDS. in Section III contains Detection methodology and Intrusion interference. Finally, Section IV concludes the paper.


    In a network or a system, any reasonably unauthorized or unapproved activities are referred to as intrusions. associate Intrusion Detection System (IDS) may be a assortment of the tools, methods, and resources to assist determine, assess, and report intrusions. Intrusion detection is often one a part of associate overall protection system that’s put in around a system or device and it’s not a complete protection live [7]. In [8], intrusion is outlined as: any set of actions that arrange to compromise the integrity, confidentiality, or convenience of a resource and intrusion interference techniques2 (such as coding, authentication, access management, secure routing, etc.) are bestowed because the 1st line of defence against intrusions. However, as in any reasonably security system, intrusions cannot be entirely prevented. The intrusion and compromise of a node leads to steer like security keys being unconcealed to the intruders. This ends up in the failure of the preventive security mechanism. Therefore, IDSs are designed to reveal intrusions, before they’ll disclose the secured system resources. IDSs are continuously thought-about as a second wall of defence from the protection purpose of read

    Comparison with firewalls

    Although they each relate to network security, associate IDS differs from a firewall in this a firewall appearance externally for intrusions so as to prevent them from happening. Firewalls limit access between networks to stop intrusion associated don’t signal an attack from within the network. Associate IDS describes a suspected

    intrusion once its taken place associated signals an alarm. Associate IDS additionally watches for attacks that originate from at intervals a system. this can be historically achieved by examining network communications, distinctive heuristics and patterns (often mentioned as signatures) of common laptop attacks, and taking action to alert operators. A system that terminates connections is named associate intrusion interference system, associated performs access management like an application layer firewall.



Signature-based IDS refers to the detection of attacks by searching for specific patterns, like computer memory unit sequences in network traffic, or far-famed malicious instruction sequences utilized by malware. This word originates from anti-virus package that refers to those detected patterns as signatures. Though signature-based IDS will simply discover far-famed attacks, it’s tough to discover new attacks, that no pattern is obtainable.


Anomaly-based intrusion discoverion systems were primarily introduced to detect unknown attacks, partly thanks to the speedy development of malware. The fundamental approach is to use machine learning to make a model of trustworthy activity, so compare new behaviour against this model. Since these models are often trained in line with the applications and hardware configurations, machine learning based mostly methodology features a higher generalized property compared to ancient signature-based IDS. Though this approach permits the detection of antecedently unknown attacks, it’s going to suffer from false positives: antecedently unknown legitimate activity can also be classified as malicious. Most of the prevailing IDSs suffer from the long throughout detection method that degrades the performance of IDSs. Economical feature choice rule makes the classification method utilized in detection a lot of reliable.

New forms of what may be known as anomaly-based intrusion detection systems are being viewe by Gartner as User and Entity Behaviour Analytics (UEBA)(an evolution of the user behaviour analytics category) and network traffic analysis (NTA).In specific, NTA deals with malicious insiders furthermore as targeted external attacks that have compromised a user machine or account. Gartner has noted that some organizations have opted for NTA over a lot of ancient IDS.

Intrusion interference

Some systems might plan to stop Associate in nursing intrusion try however this can be neither needed nor expected of an observance system. Intrusion detection and interference systems (IDPS) are primarily cantered on distinctive attainable incidents, work info regarding them, and news tries. Additionally, organizations use IDPS for alternative functions, like distinctive issues with security policies, documenting existing threats and deterring people from violating security policies. IDPS became a

necessary addition to the protection infrastructure of nearly each organization. Intrusion interference systems (IPS), conjointly called intrusion detection and interference systems (IDPS) are network security appliances that monitor network or system activities for malicious activity. the most functions of intrusion interference systems are to spot malicious activity, log info regarding this activity, report it and plan to block or stop it. Intrusion interference systems are thought-about extensions of intrusion detection systems as a result of them each monitor network traffic and/or system activities for malicious activity. the most variations are, not like intrusion detection systems, intrusion interference systems are placed in-line and are able to actively stop or block intrusions that are detected. IPS will take such actions as causing Associate in nursing alarm, dropping detected malicious packets, resetting a affiliation or interference traffic from the sinning IP address. Associate in Nursing IPS also can correct cyclic redundancy check (CRC) errors, defragment packet streams, mitigate protocol sequencing problems, and pack up unwanted transport and network layer choices.


Intrusion interference systems are often classified into four totally different types: [19][24]

  1. Network-based intrusion interference system (NIPS): monitors the whole network for suspicious traffic by analyzing protocol activity.
  2. Wireless intrusion interference system (WIPS): monitor a wireless network for suspicious traffic by analyzing wireless networking protocols
  3. Network behaviour analysis (NBA): examines network traffic to spot threats that generate uncommon traffic flows, like distributed denial of service (DDoS) attacks, sure varieties of malware and policy violations.
  4. Host-based intrusion interference system (HIPS): associate put in code package that monitors one host for suspicious activity by analyzing events occurring inside that host.

Detection strategies

The majority of intrusion interference systems utilize one amongst 3 detection methods: signature-based, applied mathematics anomaly-based and stateful protocol analysis


  1. Signature-based detection: Signature-based IDS monitors packets within the Network and compares with pre- configured and pre-determined attack patterns called signatures.
  2. Statistical anomaly-based detection: associate IDS that is anomaly-based can monitor network traffic and compare it against a long-time baseline. The baseline can determine what’s “normal” for that network what style of information measure is mostly used and what protocols area unit used. it’s going to but, raise a False Positive alarm for legitimate use of information measure if the baselines don’t seem to be showing intelligence organized.
  3. Stateful protocol analysis detection: This technique identifies deviations of protocol states by examination

    determined events with “pre-determined profiles of usually accepted definitions of benign activity”


    In this paper, Associate in Nursing thorough discussion and analysis of the prevailing Intrusion Detection Systems (IDS) for Wireless device Networks is given. IDS is also a necessary a neighborhood of security for each network. Energy-efficient intrusion detection systems are acceptable for wireless device networks. Strictly centralized IDS approaches are power economical as a result of the foremost powerful a neighborhood of the network (sink or BS) detects intrusion. But, these techniques are advanced and wish some specialized routing protocol that gathers information from every device node to makings or sink for anomaly detection. On the opposite hand, strictly distributed IDS techniques aren’t energy-efficient as a result of IDS agent is place in in each node. it will increase additional computation or power consumption at node level. Distributed-centralized IDS approach suits WSNs in accordance with energy consumption and complexity; however it’s its own constraints. Wireless device networks are susceptible

    to style of at intervals attacks that have an effect on the performance of the network. These attacks lead to wrong interpretation of the device field. There is a demand of

    Associate in Nursing energy-efficient intrusion detection system that works in distributed manner and cooperates with completely different nodes to spot the abnormal behavior of nodes.


    1. I.F. Akyildiz, W. Su, Y. Sankarasubramaniam and E. Cayirci, A survey on sensor networks, IEEE Commun. Mag., vol. 40, num. 8, pp. 102- 114, 2002.
    2. X. Chen, K. Makki, K. Yen and N. Pissinou, Sensor network security: A survey, IEEE J. Communications Surveys and Tutorials, vol. 11, num. 2, pp. 52-73, 2009.
    3. Y. Zhou, Y. Fang and Y. Zhang, Securing wireless sensor networks: a survey, IEEE Commun. Surveys Tutorials, vol. 10, num. 3, pp. 6-28, 2008.
    4. E. Cayirci and C. Rong, Security in Wireless Ad Hoc and Sensor Networks, book published by Wiley, 2009.
    5. Y. Wang, G. Attebury and B. Ramamurthy, A survey of security issues in wireless sensor networks, IEEE Commun. Surveys and Tutorials, vol. 8, num. 2, pp. 223, 2006.
    6. G. Padmavathi and D. Shanmugapriya, A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks, International J. Computer Science, vol. 4, num. 1, pp. 19, 2009.
    7. M. Ngadi, A.H. Abdullah, and S. Mandala, A survey on MANET intrusion detection, International J.Computer Science and Security, volume 2, number 1, pages 1-11, 2008
    8. Y. Zhang, W. Lee, and Y.A. Huang, Intrusion detection techniques for mobile wireless networks, J. Wireless Networks, vol. 9, num. 5, pp. 545-556, 2003.

Leave a Reply

Your email address will not be published. Required fields are marked *