An Intrusion Detection using Hybrid technique in Cluster based Wireless Sensor Network

DOI : 10.17577/IJERTV1IS3242

Download Full-Text PDF Cite this Publication

Text Only Version

An Intrusion Detection using Hybrid technique in Cluster based Wireless Sensor Network

Mr. Sumedh G. Dhengre1, Mrs. Veena Gulhane2

1Research Scholar, Dept. of CSE, G. H. Raisoni College of Engg., Nagpur , Maharashtra, India

2Asst. Prof., Dept. of CSE, G. H. Raisoni College of Engg., Nagpur, Maharashtra, India


Wireless Sensor Network s (WSNs) are playing a fundamental role in emerging pervasive platforms that have potential to host a wide range of n ext generation civil and military applications. Wireless sensor network (WSN) is regularly deployed in unattended and hostile environments. The WSN is vulnerable to security threats and susceptible to physical capture. Thus, it is necessary to use effective mechanisms to protect the network . Intrusion detection system is one of the major and efficient defensive methods against attack s on wireless sensor network . Sensor network s have different characteristics and hence security solutions have to be designed with limited usage of computation and resources. In this paper, the architecture of hybrid intrusion detection system (HIDS) has been proposed for wireless sensor network s. In order to get hybrid scheme, the combined version of Cluster-based and Rule-base intrusion detection techniques is used and eventually evaluated the performance of this scheme by simulating the network . The simulation result shows that the scheme performs intrusion detection using hybrid technique and detection graph shows ratings lik e attack rating, data rating and detection net rating with the attack name and performs better in terms of energy efficiency and detection rate.

  1. Introduction

    Wireless Sensor Networks (WSNs) often considered as a self-organized network of lo w cost, power and comple x sensor nodes have been typically designed to monitor the environment for physical and chemica l changes, disaster regions and climatic conditions. The sensor nodes are light and portable, with sensing abilities, co mmunication and processing board , and are used for sensing in critical applications. WSNs perform both routing and sensing activities and are configured in ad hoc mode for co mmunicat ion.

    Wireless Sensor Networks (WSN) is one of the most interesting and promising areas over the past few years. These networks may be very large systems comprised

    of sma ll sized, lowpowe r, low-cost sensor devices that collect detailed informat ion about the physical environment. Each device has one or more sensors, embedded processor(s), and low-power radio(s), and is norma lly battery operated value of sensor networks however, lies in using and coordinating a vast number of such devices and allows the imple mentation of very large sensing tasks. In a usual scenario, these networks are deployed in areas of interest (such as inaccessible terrains or disaster sites) for fine gra ined monitoring in various classes of applications [1]. The fle xib ility and self-organization, fault tolerance, high sensing fidelity, low-cost, and rapid deployment characteristics of sensor networks create many new and excit ing application areas for re mote sensing. In the near future, these application areas will make sensor networks an integral part of life [2].

    WSNs are energy constrained, critica l and very susceptible to various routing and malicious attacks which include spoofing, sinkhole, selective forwarding, sybil, wormho le, b lackhole , and denial of service (Do S) attacks. These have been described in [3]. Prevention mechanis ms which include authentication, cryptography, and installation of firewa lls have been emp loyed to secure networks. However, these mechanis ms only pose a first line of defence and do not provide enough security for wireless networks. These mechanis ms can be exploited because it has been proved that no matter the amount of prevention techniques incorporated into a network, there will always be weak links. Therefore, there is a need to develop mechanisms that will be added to the existing techniques to provide a better security and guarantee survivability. Hence the development of Intrusion Detection System (IDS) re ferred to as a second line of defence. Many IDS have been proposed from several researchers and some of the m a re d iscussed in the related works. However, a nu mber of the m suffer fro m a high False Positive Rate (FPR) wh ich describes an instance where the IDS falsely report a legal activ ity as an anomaly. Anoma ly detection uses activities that significantly deviate from the normal users or

    programs profile , to detect possible instances of attacks. It detects new attacks without necessarily been required to know prior intrusions. In this work, our goal is to simu late IDS for Clustered based WSNs by presenting an approach that provides high detection accuracy with a low FPR

  2. An Intrusion Detection System (IDS)

    Intrusion, i.e. unauthorized access or login (to the system, or the network or other resources) [4]; intrusion is a set of actions fro m internal or e xte rnal of the network, wh ich violate security aspects (including integrity, confidentiality, availability and authenticity) of a networks resource [5, 6]. Intrusion detection is a process which detecting contradictory activities with security policies to unauthorized access or performance reduction of a system or network [4]; The purpose of intrusion detection process is reviewing, controlling, analyzing and representing reports from the system and network activit ies. Intrusion Detection System (IDS), i.e.:

    It is a hardware, software or combination of both systems, with aggressive-defensive approach to protect secrete information, systems and networks [7,8];

    Usable on host, network [9] and applicat ion levels;

    Analyzing tra ffic, controls co mmunications and ports, detecting attacks and occurrence vandalism, by internal users or e xternal attackers;

    Concluding by using deterministic methods (based on patterns of known attacks) or non- deterministic [8, 9] (to detecting new attacks and anomalies such as determin ing thresholds);

    Informing and warning to the security manager [6, 7, 10] (somet imes disconnect suspicious communicat ions and block ma licious traffic);

    Determining identity of attacker and tracking him/ her/it;

    The ma in three functionalities for IDS, inc luding: monitoring (evaluation), analyzing (detection) and reacting (reporting) [5, 7] to the occurring attacks on computer systems and networks. If IDS be configured, correctly; it can represent three types of events: primary identification events (like stealthy scan and file content man ipulation), attacks (automat ic/ manual or local/re mote) and suspicious events.

    The IDS acts as a network monitor or an ala rm. It prevents destruction of the system by raising an alarm before the intruder starts to attack. The two major

    modules of intrusion detection include anomaly detection and misuse detection [11]. Anoma ly d etection builds a model of norma l behaviour, and compares the model with detected behaviour. Anomaly detection has a high detection rate, but the false positive rate is also high. The misuse detection detects the attack type by comparing the past attack behaviour and the current attack behaviour. The misuse detection has high accuracy but low detection rate. Especially, the misuse detection cannot detect unknown attacks, which are not in the model base. Many researchers discuss the module of hybrid detection to gain both the advantages of anomaly detection and misuse detection [12, 13]. This comb ination can detect unknown attacks with the high detection rate of anomal detection and the high accuracy of misuse detection. The Hybrid Intrusion Detection System (HIDS) ach ieves the goals of high detection rate and low false positive rate. In this section, a HIDS is discussed in a CWSN. Cluster head (CH) is one of SNs in the CWSN but the capability of CH is better than other SNs [14]. Additionally, the CH aggregates the sensed data from other SNs in its own cluster. This makes a target for attackers. However, the CH is used to detect the intruders in our proposed HIDS. This not only decreases the consumption of energy, but also efficiently reduces the amount of informat ion. Therefore, the lifetime of WSN can be prolonged.

    1. Requirements for IDS in Sensor Networks

      In this section we elaborate on the requirements that an IDS system for sensor networks should satisfy. To do so, one has to consider some specific characteristics of these networks. Each sensor node has limited communicat ion and computational resources and a short radio range. Furthermore, each node is a weak unit that can be easily compro mised by an adversary [15], who can then load malic ious software to launch an insider attack. In this context, a distributed architecture, based on node cooperation is a desirable solution. In particular, we require that an IDS system for sensor networks must satisfy the following properties:

      1. Localize auditing: An IDS for sensor networks must work with localized and partial audit data. In sensor networks there are no centralized points (apart fro m the base station) that can collect global audit data, so this approach fits the sensor network paradig m.

      2. M inimize resources: An IDS for sensor networks should utilize a sma ll a mount of resources. The wireless network does not have stable connections, and physical resources of network and devices, such as bandwidth and power, are limited. Disconnection can

        happen at any time . In addition, the communicat ion between nodes for intrusion detection purposes should not take too much of the availab le bandwidth.

      3. Trust no node: An IDS cannot assume any single node is secure. Unlike wired networks, sensor nodes can be very easily compro mised. Therefore, in cooperative algorithms, the IDS must assume that no node can be fully trusted.

      4. Be truly d istributed: That means data collection

        and analysis is performed on a number of locations. The distributed approach also applies to execution of the detection algorith m and ale rt corre lation.

      5. Be secure: An IDS should be able to withstand a hostile attack against itself. Co mpro mising a monitoring node and controlling the behavior of the embedded IDS agent should not enable an adversary to revoke a legit imate node fro m the network, or keep another intruder node undetected.

        2.2. Main Challenges in Designing IDS for WSNs

        There are a lot of challenges in designing IDS for WSNs; as follows described:

        Designing effic ient software to store and install on the sensor nodes, cluster-heads and the central server, to saving existent energy consumption; as a result, leading to increase the network lifetime;

        Limited resources [16,17,18,19];

        Repeated failures and unreliable sensor nodes; Application-oriented networks [20];

        Requiring to the monitoring, detecting,

        decision ma king and responding to the intrusions, in real-t ime and fast; then leading to minimu m da mages;

        It is difficu lt to time synchronizing nodes into

        the WSNs; so, it is difficult to us ing protocols that are rely on time synchronization;

        Databases challenges: the volume of sensed data in the dynamic and mobile WSNs; proper storage mediu m; supporting different queries fro m sensor nodes, cluster-heads and the central server in network wide leve l; data inde xing and local queries to perform queries faster; indexing the mobile data.

  3. Related Work

      1. Attacks in WSN

        Attacks can be classified into two ma in categories, based on the objectives of intrusion [21]. The comparison of attacks in WSN is shown in Table 1 [22, 23, 24]. However, the ma jority of attack behaviour

        consists of the route updating misbehaviour, which influences data transmission. In the application of CWSN, the data is sensed and collected by SNs, and is delivered to CH to aggregate. The aggregated data is then sent to sink fro m CH. Therefore , CH is a main target for attack.

        Table 1. The different types of attacks in WSN

      2. Analytic Tool of Intrusion Detection

    The proposed HIDS in our research not only efficiently detects attack, but also avoids the waste of resources. First, a large nu mber o f packet records are filtered by using the intrusion detection module, and then complete the whole detection. Also with reference to the mode of normal behaviour, the detection module detects the normalcy of current behaviour, as determined by the rules. The detection module determines if the current behaviour is an attack, and the behaviour of the attacks. Rule-based presents the thoughts of expert [25]. Because human thought is very complicated, the knowledge could hardly be presented by algorithms. Therefore, a rule-based method is used to analyze results. Additionally, the rules are logged in a rule base after they have been defined. The basic method of expression of rule is "if… then… that means if "condition" is established and then the "conclusion" will occur.

    With the increasing growth in technology, many researchers have proposed several IDSs to secure WSNs. The vulnerabilit ies associated with wire less networks ma ke it impe rative to imb ibe an IDS in WSNs. [26] defined IDS as an act of monitoring and detecting unwanted actions or traffic on a network or a device. This is achieved by monitoring the traffic flow on the network. Exa mples of published work on anomaly detection systems are IDES [27], HA YSTA CK [28], and the statistical model used in

    NIDES/STATS [29] which is a more recent approach and presents a better anomaly detection system compared to the others afore mentioned. A process of developing intrusion detection capabilities for MANET was described in [30]. The authors discussed how to provide detailed informat ion about intrusions from anomaly detection by showing that for attacks; a simple rule can be applied to identify the type of attack and the location of the attacking node. A geometric fra mework has been presented in [31] to address unsupervised anomaly detection such that for exa mp le, when a packet is transmitted and is being analyzed, a decision needs to be made as to whether it is normal or abnormal. To do this, the packet is represented with a set of features which are encoded such that the traffic is mapped to a point a in a feature A, hence a A. If a is seen in separate region where other packets have not been seen, then it is considered an anomalous, otherwise, it is normal.

  4. System Architecture and Network Model The proposed HIDS consists of an intrusion detection module and decision making module. Intrusion detection module filters a large number of packet records using the rule base technique. Decision ma king module is used to take an administrative action

on the false node with the help of base station.

    1. System Architecture and Network Structure

      Here, the new Hybrid Intrusion Detection Model (HIDS) is proposed for Cluster Based Wire less Sensor Network (CWSN). Th is consists of two modules as shown in Figure 1. First, the Intrusion Detection Engine is used to filter the inco ming packets and classify is as norma l or abnorma l. The packets identified as an abnormal a re passed to the decision ma king module. The decision-making module is used to determine whether the intrusion occurs and the type of intrusion or attacks behaviour. Finally, the decision making module returns this information to the base station to follow-up treat ment on intruder node.

      Figre 1. Proposed System Architecture

      In this proposed model, we used a hierarchica l topology that divide the sensor network into clusters, each one having a cluster head (CH) as shown in Figure

      3. He re the sensors nodes are fixed and assuming that the cluster heads having the more energy than the other sensor nodes. The objective of this architecture is to save the energy that allows the network life t ime prolongation and reduce the amount of information in the network. So me of the Cluster-based routing protocols founded in the literature are: LEA CH [32], PEGASIS [33] and HEED [34].

      Fig 2: Deployment and Setting up WSN

      The Figure 2 shows the deployment and setting up of the WSN. He re, we used the three types of nodes in the network each of which indicating with diffe rent colours. Ye llo w colour shows the Base Station (BS), Green colour represents for Cluster Head (CH), all the sensor nodes are indicated by red colour and finally the intruder node with blue colour in the sensor field. The

      cluster based technique is used to form clusters in the WSN as shown in the Figure 3.

      Figure 3. Forming Clusters in WSN

    2. IDS Techniques Used

      In the proposed Hybrid Approach [35], [36], the two techniques i.e. Cluster-Based and Rule-Based techniques are merged to form Hybrid Intrusion Detection technique. Hybrid detection used to gain the advantages of both Cluster-Based approach and Rule- Based approach. This combination provides simplicity, easy to operate, low consumption of energy and provide high safety. The Hybrid Intrusion Detection System (HIDS) achieves the goals of high detection rate and low false positive rate.

      1. Clusters-Based. Clustering is known as hierarchica l of WSN [37]. To divide the network nodes into head cluster and me mbers of nodes is the basic idea. Cluster head is the centre of a cluster. Through cluster head's information fusion and forward ing to the me mbe r node of cluster, other me mbers of nodes transmit to the base station.

        Function of Base Station:

        All nodes are able to send data to BS via Cluster Head.

        Base station has all the informat ion regarding each Cluster (nu mber and MAC address).

        The re moval or addition of any node in a Cluster is mon itored by the Base Station.

        Poll status of each node is received with MAC address.

        Base station runs task of MAC address tracking, MA C address history and manage ment of database.

        The Base Station has the capability to seize the operation of any node in the network.

        Function of Cluster Head:

        Cluster Heads keep track of each node and sends periodic status information to the Base Station.

        Cluster heads receives data from its nodes and sends necessary informat ion.

        Cluster Heads (CHs) transmits data to Base Station after performing data reception and


      2. Rule-base d. Rule -based intrusion detection [9] is the collection and classification of data, the data is placed in a queue, using the FIFO princip le. In our model while monitoring the network this rules are selected appropriately and applied to the mon itored data. If the rules defining an anoma lous condition are satisfied, an intrusion is declared. The algorith m has three phases for detecting intrusions. In the first phase monitor nodes monitors the data. In the second phase the detection rules, are applied, in increasing order of comple xity, to the collected information to flag fa ilure. The third phase is the intrusion detection phase, where the number of fa ilure flagged is co mpared to the e xpected number of the occasional failures in the network. Occasional failures inc lude data alteration, message loss, and message collision. An intrusion alarm is raised if the number of fa ilures flagged e xceeds the expected number of occasional failures. The rule base methods are fas t, simp le and require less data.

Rules and De finitions:

Develop ment of this IDS to a target cluster-based WSN a re div ided into three fo llo wing important steps:

(1) pre-select, fro m the availab le set of rules, those that can be used to monitor the features defined by the designer; (2) compa re the information required by the pre-selected rules with the information available at the target network to select rules definitive ly; and (3) set the parameters of the selected rules with the values of the design definitions. Definit ions of the rules used are presented in the follo wing:

Integrity Rule: to avoid data fusion or aggregation by other sensor nodes, the message payload must be the same along the path from its origin to a destination. Attacks where the intruder modifies the contents of a received message can be detected by this rule.

Jamming Rule: the number of collisions associated with a message must be lower than the expected number in the network. The ja mming attack, where a node introduces noise into the network to disturb the communicat ion channel, can be detected by this rule.

Interval Rule: if the time interval between the receptions of two consecutive messages is longer or shorter than the allowed time limits, a fa ilure is ra ised.

Two attacks that will probably be detected by this rule are the negligence attack and the exhaustion attack. In the negligence attack, the intruder does not send data messages generated by a tampered node. While in the e xhaustion attack, the intruder increments the message- sending rate in order to increase the energy consumption of other nodes in the cluster.

Repetition Rule: the same message can be retransmitted by a node only a limited number of times. This rule can detect an attack where the intruder sends the same message several times, thus promoting a denial of service attack.

Radio Transmission Range: all messages listened to by the monitor node must be originated from one of the nodes within its cluster. Attacks like wormhole and hello flood, where the intruder sends messages to a far located node using a more powerfu l radio, can be detected by this rule.

Retransmission Rule: the monitor listens to a message, pertaining to one of its neighbours as its next hop, and expects that this node will forward the received message, which does not happen. Two types of attacks that can be detected by this rule are the blackhole and the selective forwarding attack. In both of them, the intruder suppresses some or all messages that were supposed to be retransmitted, preventing them fro m reaching their final destination in the network.

Delay Rule: the retransmission of a message by a monitors neighbour must occur before a defined timeout. Otherwise, an attack will be detected.

Algorithm 1: Rules application procedure of IDS

1: for all messages in data structure array do

2: for all rules specific to the message in descending order by weight do

3: apply rule to the message; 4: if (message == fail) then

5: increment failure counter for the node based on weight; [failure counter = failure counter + weight]

6: discard message;

7: break;

8: end if

9: end for

10: discard message;

11: end for

Algorith m 1 shows the procedure of rules application on messages in the network. The a lgorith ms apply rules on all the messages. If message fails according to the rule, then the failure counter will incre mented and discards all the messages.

  1. Network Simulation and Results

    The above proposed model has been simulated using Visual Studio .Net fra mewo rk. The simu lator can also be used to view the topology generated by the initia l self organization algorith m LEACH [32] for s etting the WSN as shown in Figure 2. A compa rison assumed to have the same nu mber of clusters or sensing zones, no packet collisions occurred. It also assumed that there were no packet errors during transmission and reception.

    In this proposed architecture, the wire less sensor

    network is divided into the small clusters. The hierarchical c lustering is used to divide the sensor nodes. After the clustering process finished, the cluster head have been selected dynamically according to the current status of the nodes and formed the Cluster based WSN as shown in Figure 3. Generally, the node having highest energy left elected as a cluster head. Simu lation runs with the following simulat ion parameters:

    Table 2. Simulation parameters


    Routing Protocol



    Mac Layer Protocol



    Total No. Of Nodes



    Traffic type



    Simulation Topology

    1024cm x 768cm


    Simulation Time

    100 sec


    Packet size

    512 Kbytes

    Nodes are deployed randomly over an area of 1024 cm X 768 c m. The node closest to the centre of the deployment area is selected as sink or base station (BS), which is resources not limited, secure and safety for any advisory attackers and acts as an admin istrator for taking appropriate action on the intruder nodes. The network has been simulated with AODV routing protocol with Mac layer 802.11. 50 nodes are taken in the network within the simulation area and constant bit rate of traffic type is used. The network performance is observed for the simulation time 100 sec. The standard packet size is used i.e. 512 Kbytes.

    Figure 4. Int roducing attacks in WSN

    The simu lation is run in d ifferent scenarios, each scenario has different parameter values, and malicious nodes inject the malicious packets in the whole sensor network as shown in Figure 4. The figure shows the false packets in yellow colour a round ma lic ious node (Blue) are spreading in the whole network. Proposed system must recognize these nodes and refuse their connection for ne xt round as an admin istrative action against malicious nodes with the help of BS.

    After the simulat ion of network, the co mmunication

    among the nodes has been traced in trace.txt file . This trace file keeps all the communication records of the network and with the help of these records we can analyze the attack behaviour generated by the intruder nodes. The trace file is shown in the Figure 5. These records gets as an input to the Intrusion Detection Engine, filtered using rule base and detection of attacks takes place. The network graphs are shown in the following figures. Figure 6, 7, 8 shows the sending, receiving, delay graphs of the network respectively . Sending and receiving graph shows the sending and receiving of packets in the networks. The networks performance is indicated by figure 9. He re attack rating is shown which represents the attackers packets and data rating shows the amount data transmitted by all the nodes. Finally the detection of the attacks is shown in Figure 10 with their ratings and names . The wormhole, blackhole and syncflood attacks have been detected.

    Figure 5. Trace file of WSN Network

    Fig 6: Graph of sending packets in Network

    Figure 7. Graph of receiving packets in Network

    Figure 8. Graph of delay in Network

    Figure 9. Graph of attack and data rating in WSN

    Figure 10. Intrusion det ection Graph

  2. Conclusion and Future Work

    Intrusion detection is a hot field of the network security research, and it is a new kind of defence technology of the network security. Hence, a better intrusion detection mechanism is presented in this paper and has imple mented the proposed architecture with using Hybrid Intrusion Detection Technique. This proposed intrusion detection architecture is designed to detect attacks. The aim was to improve the detection rate and decrease the false positive rate.

    This paper includes a proposed hybrid model o f intrusion detection for WSN. This detection fra mework is evaluated and demonstrated and it is effective, even when the density of the network is high and there is a high probability of collisions in WSNs. In addition, the detection modules involve less energy consumption than techniques proposed in previous works because here cluster based technique is used. The simulat ion setup creates the behaviour of attacks into the network and detected wormhole, blac khole and sybil attacks. In the future work, further research on this topic will be performed, with detailed simulation of different attack scenarios, to test the performance of the proposed model and to ma ke co mparison with other current techniques of HIDS. The result will be availab le in the near future is e xpected.

  3. References

  1. I. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, Wireless sensor networks: a survey, Computer Networks, 38:393-422, 2002.

  2. J. Kahn, R. Katz, and K. Pister, Next century challenges : M obile networking for smart dust, In 5th ACM /IEEE Annual International Conference on M obile Computing (MOBICOM 1999), pages 271278, 1999.

  3. Chong E., Loo M ., Christopher L., M arimuthu P., Intrusion Detection for Routing Attacks In Sensor Networks, The University of M elbourne, 2008.

  4. R. A. Kemmerer and G. Vigna, Intrusion Detection: A Brief History and Overview, Computer Society, Vol. 35, No. 4, 2002, pp. 27-30. C.2002.10036

  5. Ch. Krügel and Th. Toth, A Survey on Intrusion Detection Systems, TU Vienna, Austria, 2000.

[6]. A. K. Jones and R. S. Sielken, Computer System Intrusion Detection: A Survey, University of Virginia, 1999. [7]. K. Scarfone and P. M ell, Guide to Intrusion Detection and Prevention Systems (IDPS), NIST 800-94, Feb 2007. [8]. G. M aselli, L. Deri and S. Suin, Design and Implemen tation of an Anomaly Detection System: an Empirical Approach, University of Pisa, Italy, 2002.

[9]. S. Northcutt and J. Novak, Network Intrusion Detection: An Analysts Handbook, New Riders Publishing, Thou-sand Oaks, 2002.

[10]. V. Chandala, A. Banerjee and V. Kumar, Anomaly De- tection: A Survey, ACM Computing Surveys, University of M innesota, September 2009.

  1. R.A. Kemmerer and G. Vigna, "Intrusion detection a brief history and overview," Computer, 35(4), 2002, pp. 27- 30.

  2. Y. Qiao and X. Weixin, A network IDS with low false

    positive rate, Proceedings of the 2002 Congress on Evolutionary Computation, 2, 2002, pp. 1121-1126.

  3. Y. Qiao and X. Weixin, "A network IDS with low false positive rate," Proceedings of the 2002 Congress on Evolutionary Computation, 2, 2002,pp. 1121-1126.

  4. W.T. Su, K.M . Chang and Y.H. Kuo, eHIP: An energy – efficient hybrid intrusion prohibition system for cluster-based wireless sensor networks, Computer Networks, 51(4), 2007, pp. 1151-1168.

  5. A. Becher, Z. Benenson, and M . Dornseif, Tampering

    with motes: Real-world physical attacks on wireless sensor networks, Proceeding of the 3rd International Conference on Security in Pervasive Computing (SPC), pp. 104118, April 2006.

  6. S. M ohammadi, R. A. Ebrahimi and H. Jadidoleslamy,

    A Comparison of Routing Attacks on Wireless Sensor Networks, International Journal of Information Assur-ance and Security, Vol. 6, No. 3, 2011, pp. 195-215.

  7. M . Saxena, Security in Wireless Sensor Networks: A Layer-based Classification, Department of Computer Science, Purdue University, 2011.


  8. C. Karlof and D. Wagner, Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures, Pro ceedings of the 1st IEEE International Workshop on Sen-sor Network Protocols and Applications, Alaska, 11 M ay 2003, pp. 113-127.

  9. K. Scarfone and P. M ell, Guide to Intrusion Detection and Prevention Systems (IPS), NIST 800-94, Feb 2007.

  10. J. Yick, B. M ukherjee and D. Ghosal, Wireless Sensor Network Survey, Elseviers Computer Networks, Vol. 52,

    No. 12, 2008, pp. 2292-2330.


  11. W.T. Su, K.M . Chang and Y.H. Kuo, eHIP: An energy – efficient hybrid intrusion prohibition system for cluster-based wireless sensor networks, Computer Networks, 51(4), 2007, pp. 1151-1168.

  12. C. Karlof and D. Wagner, Secure routing in wireless sensor networks: attacks and countermeasures, Ad Hoc Networks, 1(2-3), 2003, pp. 293-315.

  13. Y. Wang, G. Attebury and B. Ramamurthy, A survey of security issues in wireless sensor networks, IEEE Communications Surveys & Tutorials, 8(2), 2006, pp. 2-23.

  14. A. D. Wood and J. A. Stankovic, Denial of service in sensor networks, Computer, 35(10), 2002, pp. 54-62.

  15. R. A. Kemmerer and G. Vigna, Intrusion detection a brief history and overview, Computer, 35(4), 2002, pp. 27- 30.

  16. Tzeyoung M . W., IATAC, Intrusion Detection Systems, 6th Edition, Information Assurance Tools Report;

    Aug, 2009

  17. Lunt T. F., Tamaru A., Gilham F., Jagannathan R., Jalali C., Peter G. N., A Real-Time Intrusion-Detection Expert Systems (IDES), Final technical report, Computer Science Laboratory, SRI International, 1992.

  18. Smaha, S. E., Haystack, An intrusion detection system, in Proceedings of the Fourth Aerospace Computer Security Applications Conference, 1988.

  19. Javitz H. S., Valdes A., The NIDES statistical component: Description and justification, Technical Rep. SRI International, Comp. Sci. Lab, 1994.

  20. Yi-an H., Wenke L., A Cooperative Intrusion Detection

    System for Ad-Hoc Networks, Proceedings of the 1st ACM workshop on Security of ad-hoc and sensor networks, Pages 135-147, 2003.

  21. Eskin E., Arnold A., Prerau M ., Portnoy L., and Stolfo S., A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data, In Applications of data mining in computer security, Kluwer, 2002.

  22. W. R. Heinzelman, A. Chandrakasan , and H. Balakrishnan, Energy Efficient Communication Protocol for Wireless M icrosensor Networks, Proceeding of the 33rd Hawaii International Conference on System Sciences, IEEE, 2000, pp.1-10.

  23. S. Lindsey, and C. Raghavendra, PEGASIS: Power Efficient Gathering in Sensor Information System, In Proc.IEEE Aerospace conference, vol.3, 2002, pp.1125-1130.

  24. O. Younis, and S. Fahmy, Heed: A hybrid, Energy – Efficient Distributed Clustering Approach for Ad Hoc Sensor Networks, IEEE Transactions on M obile Computing, vol.3, No.4, 2004, pp.366-379.

  25. K. Q. Yan, S. C. Wang, S. S. Wang and C. W. Liu, Hybrid Intrusion Detection System for Enhancing the Security of a Cluster-based Wireless Sensor Network, Chayang University of Technology, Taiwan, IEEE 2010, pp. 114-118

  26. K. Q. Yan, S. C. Wang, S. S. Wang and C. W. Liu, Hybrid Intrusion Detection of Cluster-based Wireless Sensor Network, Proceedings of International M ultiConference of

    Engineers and Computer Scientists , Hong Kong, Vol. 1, 2009.

  27. S. Doumit and D. P. Agrawal, Self-organized Critically & stochastic learning based intrusion detection system for wireless sensor network, M ILCOM2003-IEEE/ACM transactions on Networking, Vol. 11(1), 2003, pp 2-16.

Leave a Reply