Conference PaperPDF Available

An Effective Classification for DoS Attacks in Wireless Sensor Networks

Authors:
Thi-Thu-Huong Le at Pusan National University
Thi-Thu-Huong Le
Taehwan Park at Pusan National University
Taehwan Park
Dongkeun Cho
Dongkeun Cho
Dongkeun Cho
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Howon Kim at Pusan National University
Howon Kim
Download full-text PDF
Read full-text
Download citation

Figures

Figures - uploaded by Thi-Thu-Huong Le
Author content
All figure content in this area was uploaded by Thi-Thu-Huong Le
Content may be subject to copyright.
Content uploaded by Thi-Thu-Huong Le
Author content
All content in this area was uploaded by Thi-Thu-Huong Le on Aug 19, 2018
Content may be subject to copyright.
An Effective Classification for DoS Attacks in
Wireless Sensor Networks
1st Thi-Thu-Huong Le
School of Computer Science & Engineering
Pusan National University
Busan, South Korea
lehuong7885@gmail.com
2nd Taehwan Park
School of Computer Science & Engineering
Pusan National University
Busan, South Korea
pth5804@gmail.com
3rd Dongkeun Cho
School of Computer Science & Engineering
Pusan National University
Busan, South Korea
drivvdry@gmail.com
4th Howon Kim
School of Computer Science & Engineering
Pusan National University
Busan, South Korea
howonkim@pusan.ac.kr
Abstract—Intrusion Detection Systems (IDSs) have an impor-
tant role in detecting and preventing security attacks. An IDS
should be in Wireless Sensor Networks (WSN) to ensure the
security and dependability of WSN service. In this paper, we
present an approach method to detect types of DoS attacks in
WSN. In particular, we apply Random Forest model to detect
type of DoS attacks on WSN-DS dataset. The proposed approach
achieves the best performance with F1-score of attacks are 99%,
96%, 98%, 100%, and 96% for Blackhole, Flooding, Grayhole,
Normal, and Scheduling (TDMA) attacks, respectively.
Index Terms—Intrusion Detection System, Wireless Sensor
Networks, Random Forest
I. INTRODUCTION
WSNs have many applications and are used in scenarios
such as detecting climate changed, monitoring environments
and habitats, and various other surveillance and military appli-
cations. Many securities related solutions for WSNs have been
proposed such as authentication, key exchange, and secure
routing or security mechanisms for specific attacks. An IDS
is one possible solution to address a wide range of security
attacks in WSNs. IDS can detect attacks but cannot prevent
or respond. One the attack is detected, the IDSs raise an
alarm to inform the controller to take actions. There are two
main techniques of IDSs. The first one is rule-based IDS is
also known as signature-based IDS. This method can detect
well-known attacks with good accuracy, but it is unable to
detect new attacks for which the signatures are not present
in intrusion database. The second one is anomaly based IDSs
which detect intrusion by matching traffic patterns or resource
utilization. Although anomaly based IDSs have the ability to
detect both well-known and new attacks, they have more false
positive and false negative alarms. WSNs are vulnerable to
several types of security threats that can degrade the overall
performance of these networks. DoS attacks may be launched
in a number of ways in WSNs. There are several possible
Identify applicable funding agency here. If none, delete this.
attacks on the protocol stack or different layers of the sensor
node that may cause DoS [1]. Network traffic is analyzed
and a mechanism is defined for detecting attacks [2]. Support
vector machine (SVM) algorithm for anomaly detection and
set of signature for malicious behavior detection is used
in this method [3]. Both intrusion detection and prevention
scheme are implemented with less communication overhead
and low energy consumption [4]. It is a cluster based scheme.
Intrusion detection systems are implemented at different levels
in cluster. Misuse Intrusion detection technique has applied
at sensor nodes, Hybrid IDS at cluster-head and integrated
HIDS at sink node [5]. Artificial neural network is used at
every sensor node which provides self-learning capability to
system [6]. Mobile agent is used for detecting the intrusion.
Three main mobile agents are used: Collector agent, Misuse
detection agent and anomaly detection agent which uses SVM
[7]. In this scheme, Hybrid clustering method is introduced.
Imperialist competitive algorithm is enhanced with fuzzy logic
controller and density based algorithm is used to form arbitrary
shape clusters and for handling noise [8]. This scheme is bio-
inspired method i.e. fuzzy system and cooperative decision
making approach has applied [9]. In this scheme, fuzzy c-
mean clustering is used and anomaly detection is performed
based on fuzzy evaluation and inter cluster distance [10]. In
this game theory method is used along with fuzzy Q-learning.
Attacker, base station and sink nodes are three players in the
game. Base station and sink nodes are decision maker players
for detection DoS attack [11]. Algorithm for detecting the
sinkhole attack is proposed. Firstly, list of suspected nodes is
generated checking data consistency, and then using data flow
information intruder is identified [12]. In this work, we focus
to improve performance classification types of DoS attacks in
WSNs. The remaining of this paper is organized as follows:
Section 2 describes our approach method. Section 3 presents
the experimental evaluations and results. Section 4 provides
concludes our works.
II. TH E APP ROAC H MET HO D
A. Maintaining the Integrity of the Specifications
In this section, we describe about our approach method
in Fig.1. We separate original WSN-DS dataset to two parts
including training and testing sets data. We build Random
Forest algorithm to learn training data set. Then, we predict
type of DoS attacks on testing set data based on Random
Forest classifier.
Fig. 1. The approach method for detecting type of DoS attacks.
Random Forest as defined in [13] is a generic principle
of classifier combination that uses L tree-structured base
classifiers H(X, θn)=1,2,3, ..., L, where Xdenotes the
input data and θnis a family of identical and dependent
distributed random vectors. Every Decision Tree is made
by randomly selecting the data from the available data. For
example, a Random Forest for each Decision Tree (as in
Random Subspaces) can be built by randomly sampling a
feature subset, and/or by the random sampling of a training
data subset for each Decision Tree (the concept of Bagging).
In a Random Forest, the features are randomly selected in
each decision split. The correlation between trees is reduces by
randomly selecting the features which improves the prediction
power and results in higher efficiency. As such the advan-
tages of Random Forest [14] are overcoming the problem of
overfitting; In training data, they are less sensitive to outlier
data; Parameters can be set easily and therefore, eliminates the
need for pruning the trees; Variable importance and accuracy
is generated automatically; Random Forest not only keeps
the benefits achieved by the Decision Trees but through the
use of bagging on samples, its voting scheme [15] through
which decision is made and a random subsets of variables, it
most of the time achieves better results than Decision Trees.
The Random Forest is appropriate for high dimensional data
modeling because it can handle missing values and can handle
continuous, categorical and binary data. The bootstrapping
and ensemble scheme makes Random Forest strong enough
to overcome the problems of overfitting and hence there is
no need to prune the trees. Besides high prediction accuracy,
Random Forest is efficient, interpretable and non-parametric
for various types of datasets [16]. The model interpretability
and prediction accuracy provided by Random Forest is very
unique among popular machine learning methods. Accurate
predictions and better generalizations are achieved due to
utilization of ensemble strategies and random sampling. In
this work, we build a Random Forest classifier with hyper-
parameters setting in Table I as follows.
TABLE I
HYPER-PARAMETERS SETTING FOR RANDOM FOREST
Hyper-parameter Value
Number of trees in the forest 10
The function to measure
the quality of a split Gini
The number of features to consider
when looking for the best split Sqrt (n features)
The minimum number of samples required
to split to split an internal code 2
The minimum number of samples
required to be at a leaf note 1
The minimum weighted fraction of the sum total
of weights required to be at a leaf note 0
Whether bootstrap samples are used
when building trees True
III. EXP ER IM EN T
We used the IDS dataset in WSNs, WSN-DS, is published
in [17]. In our experiments, we built the Random Forest
classifier to detect DoS attack types on this dataset. To evaluate
our approach on dataset, we used Confusion matrix (CM) to
evaluate such as precision, recall, accuracy, F1. We denoted
TP is the number of attack examples classified correctly as
attacks; TN is the number of normal (no attack) examples
classified correctly as normal; FP is the number of normal
example classified incorrectly as attacks; FN is the number of
attack examples classified incorrectly as normal. The equations
to calculate accuracy, precision, recall and F1 metrics are
presented as follows.
Accuracy =T P +T N
T P +T N +F P +F N (1)
P recision =T P
T P +F P (2)
Recall =T P
T P +F N (3)
F measure =F1 = T P
T P +F P +F N (4)
A. A Briefly Dataset Description
WSN-DS allows several intelligent and data mining ap-
proaches to be applied for the aim of better detection and
classification of DoS attacks. As a result, sensor nodes will
be more experienced with the normal behaviors and attackers’
signatures and will be able to make proper decisions at the
right time. This dataset uses LEACH routing protocol to
extract 23 attributes in identifying the status of each node in
the network. However, in CSV files, several attributes are not
used including RSSI, Max distance to CH, Average distance
to CH, Current energy. The attributes are listed as follows in
the Table II.
In this dataset, the authors pointed four types of DoS attacks
in LEACH protocol including Blackhole, Grayhole, Flooding,
and Scheduling (or TDMA) attack. In addition to Normal, if
the node is not an attacker.
TABLE II
ATTRIBUTE OF WSN-DS DATASET
Hyper-parameter Value
Node ID, Is CH, Who CH, Id, Is CH,
RSSI, Distance to CH Who CH, Dist To CH
Energy consumption, ADV CH send, Consumed energy,
ADV CH receives ADV S,ADV R
Join REQ send, Join REQ receive, JOIN S, JOIN R,
ADV SCH send ADV S, SCH S
ADV SCH receives, Rank, SCH R, Rank, DATA,
Data sent, Data received S DATA R
Data sent to BS, Distance CH to BS, Data Sent To BS,
Send Code Dist CH To BS, Send code
Blackhole attack. Blackhole attack is a type of DoS
attack where attacker an affects LEACH protocol by
advertising itself as a CH at the beginning of the round.
Thus, any node that has joined this CH during this round
will send the data packets to it in order to be forwarded
to the BS. The Blackhole attacker assumes the role of
CH and it will keep dropping these data packets and not
forwarding them to the BS.
Grayhole attack. Grayhole attack is a type of DoS attack
where the attacker affects LEACH protocol by advertising
itself as a CH for other nodes. Therefore, when the forged
CH receives data packets from other nodes, it drops some
packets (randomly or selectively) and prevents them from
reaching the BS.
Flooding attack. Flooding attack is a type of DoS
attack where the at-tacker affects LEACH protocol in
more than one way. This research studies the impact of
Flooding attack by sending large number of advertising
CH massages (ADV CH) with high transmission power.
Consequently, when sensors receive large number of
ADV CH messages, this will consume sensors’ energy
and waste more time to determine which CH to join.
Moreover, the attacker attempts to cheat victims to choose
it as a CH, especially those nodes that are located on a
far distance from it in order to consume their energy.
Scheduling or TDMA attack Scheduling attack occurs
during the setup phase of LEACH protocol, when CHs
set up TDMA schedules for the data transmission time
slots. The attacker which acts as a CH will assign all
nodes the same time slot to send data. This is done by
changing the behavior from broadcast to unicast TDMA
schedule. Such change will cause packets collision which
leads to data loss.
B. Experiment Results
We used CM to evaluate performance of classification our
approach. The result of CM is displayed in Fig.2. Random For-
est can detect number of attack examples as well. Such as in
TDMA type detection, only 10 examples are misclassification
to Normal attack.
On the other hand, we measured precision, recall, F1 of our
model for each attack classification. The result is pointed in
Fig. 2. Confusion matrix for detecting DoS attack types.
Table III. From this result, we obtained approximately average
100% for precision, recall, F1 score.
TABLE III
TABL E TYPE ST YL ES
Attack types Performance metric
Precision Recall F1-score Support
Blackhole 0.98 1.00 0.99 2478
Flooding 0.94 0.99 0.96 804
Grayhole 0.98 0.99 0.98 3619
Normal 1.00 1.00 1.00 85429
TDMA 0.99 0.93 0.96 1712
Avg/total 1.00 1.00 1.00 94042
To confirm our approach as well, we compare with ANN
model applied on the same dataset. Table IV shows that
our model can get better performance than ANN model at
Scheduling attack. In particular, the accuracy of Scheduling
attack is 96% in Random Forest model while ANN model is
only 76.5% accuracy.
TABLE IV
TABL E TYPE ST YL ES
Model Type of DoS Attack
Backhole Grayhole Grayhole Scheduling Normal
ANN [17] 92.8 99.4 92.2 75.6 99.8
Random Forest 99 96 98 96 100
IV. CONCLUSION
In this paper, we proposed a new approach to predict
DoS attacks in WSNs. We used Random Forest classifier to
recognized categorical DoS attacks in WSN-DS dataset. From
our experiment results, we concluded that Random Forest
classifier outperform to other IDS classifiers in WSNs. In the
future, we extend our work to apply on other WSN datasets
and predict not only DoS attack, but also other attacks in
computer network.
ACKNOWLEDGMENT
This research was supported by the MSIT(Ministry of Sci-
ence and ICT), Korea, under the ITRC(Information Technol-
ogy Research Center) support program(2014-1-00743) super-
vised by the IITP(Institute for Information & communications
Technology Promotion).
REFERENCES
[1] Wood, A.D. and Stankovic, J.A., Denial of service in sensor networks,
IEEE Com-puter, Vol. 35, No. 10, pp.54-62, (2002).
[2] Li, Guorui, Jingsha He, and Yingfang Fu. Group-based intrusion de-
tection system in wireless sensor networks. Computer Communications
31.1, pp. 4324-4332, (2008).
[3] Baig, Zubair A. Pattern recognition for detecting distributed node
exhaustion at-tacks in wireless sensor networks. Computer Communi-
cations 34.3, pp. 468-484, (2011).
[4] Maleh, Yassine, et al. A Global Hybrid Intrusion Detection System for
Wireless Sensor Networks. Procedia Computer Science 52, pp. 1047-
1052, (2015).
[5] Moon, Soo Young, Ji Won Kim, and Tae Ho Cho. An energy efficient
routing method with intrusion detection and prevention for wireless
sensor networks. Advanced Communication Technology (ICACT), 16th
International Conference on. IEEE, (2014).
[6] Wang, Shun-Sheng, et al. An integrated intrusion detection system for
cluster-based wireless sensor networks. Expert Systems with Applica-
tions 38.12, pp. 15234-15243, (2011).
[7] Barbancho, Julio, et al. Using artificial intelligence in routing schemes
for wireless networks. Computer Communications 30.14, pp.2802-2811,
(2007).
[8] El Mourabit, Yousef, et al. Intrusion detection system in Wireless Sensor
Network based on mobile agent. Complex Systems (WCCS), 2014
Second World Conference on. IEEE, (2014).
[9] Shamshirband, Shahaboddin, et al. D-FICCA: A density-based fuzzy
imperialist competitive clustering algorithm for intrusion detection in
wireless sensor networks. Measurement 55, pp. 212-226, (2014).
[10] Shamshirband, Shahaboddin, et al. Co-FAIS: cooperative fuzzy artificial
immune system for detecting intrusion in wireless sensor networks.
Journal of Network and Computer Applications 42, pp.102-117, (2014).
[11] Kumarage, Heshan, et al. Distributed anomaly detection for industrial
wireless sensor networks based on fuzzy data modelling. Journal of
Parallel and Distributed Computing 73.6, pp.790-806, (2013).
[12] Shamshirband, Shahaboddin, et al. Cooperative game theoretic approach
using fuzzy Q-learning for detecting and preventing intrusions in wire-
less sensor networks. Engineering Applications of Artificial Intelligence
32, 228-241, (2014).
[13] Breiman, L. Random Forests. Machine Learning 45(1), pp.5-32, (2001).
[14] Introduction to Decision Trees and Random Forests, Ned Horning;
American Museum of Natural History’s.
[15] Breiman, L.: Random Forests. Machine Learning. 45, pp.5-3, DOI
10.1023/A:1010933404324, (2001).
[16] Yanjun Qi., ”Random Forest for Bioinformatics”. www.cs.cmu.edu/
qyj/papersA08/11-rfbook.pdf
[17] Iman Almomani, Bassam Al-Kasasbeh, and Mousa AL-Akhras. WSN-
DS: A Dataset for Intrusion Detection Systems in Wireless Sensor
Networks. Journal of Sensors, vol. 2016, Article ID 4731953, 16 pages,
2016. doi:10.1155/2016/4731953, (2016).
... Within the context of security, the reliability of WSNs is seriously threatened by numerous typical attacks, including Hello Flooding, Wormholes, Sinkholes, and Jamming, which cause abnormal traffic behavior by upsetting the network's traffic patterns [6]. Therefore, intrusion detection in WSNs stands out as a crucial topic [7]. ...
... Le et al. [6] implemented a random forest algorithm to classify four types of DoS attacks using the WSN-DS dataset. This study involved a comparative analysis of the performance of random forest and ANN algorithms. ...
... Figure 6 illustrates that the second feature subset, which has the lowest fitness value, is chosen as the output of GSWO for FS. In summary, the most useful feature subset, represented by the second whale, consists of features of order [0, 5,6,8,9,13,14,15,17]. ...
Enhancing Intrusion Detection in Wireless Sensor Networks Using a GSWO-CatBoost Approach
Article
Full-text available
  • May 2024
  • SENSORS-BASEL
Intrusion detection systems (IDSs) in wireless sensor networks (WSNs) rely heavily on effective feature selection (FS) for enhanced efficacy. This study proposes a novel approach called Genetic Sacrificial Whale Optimization (GSWO) to address the limitations of conventional methods. GSWO combines a genetic algorithm (GA) and whale optimization algorithms (WOA) modified by applying a new three-population division strategy with a proposed conditional inherited choice (CIC) to overcome premature convergence in WOA. The proposed approach achieves a balance between exploration and exploitation and enhances global search abilities. Additionally, the CatBoost model is employed for classification, effectively handling categorical data with complex patterns. A new technique for fine-tuning CatBoost’s hyperparameters is introduced, using effective quantization and the GSWO strategy. Extensive experimentation on various datasets demonstrates the superiority of GSWO-CatBoost, achieving higher accuracy rates on the WSN-DS, WSNBFSF, NSL-KDD, and CICIDS2017 datasets than the existing approaches. The comprehensive evaluations highlight the real-time applicability and accuracy of the proposed method across diverse data sources, including specialized WSN datasets and established benchmarks. Specifically, our GSWO-CatBoost method has an inference time nearly 100 times faster than deep learning methods while achieving high accuracy rates of 99.65%, 99.99%, 99.76%, and 99.74% for WSN-DS, WSNBFSF, NSL-KDD, and CICIDS2017, respectively.
View
... Park et al. [10] compared a random forest (RF) classifier with an artificial neural network (ANN) algorithm for detecting the type of DoS attacks in WSNs, and it is found that the proposed RF classifier attains the best F1-Score results, which are 96 %, 99 %, 98 %, 96 % and 100 % for flooding, blackhole, grayhole, scheduling (TDMA), and normal attacks, respectively. However, the outcome of this analysis was for a limited number of instances in the testing phase, which represents approximately 25 % (94,042 instances) of the results. ...
... Run-time (s) HT (10) 971.95 HAT (10) 2 400.01 ARF (10) 2 049.89 ARF (20) 4 214.41 ...
... Run-time (s) HT (10) 971.95 HAT (10) 2 400.01 ARF (10) 2 049.89 ARF (20) 4 214.41 ...
An Online Ensemble Learning Model for Detecting Attacks in Wireless Sensor Networks
Article
Full-text available
  • Dec 2023
In today's modern world, the usage of technology is unavoidable, and the rapid advances in the Internet and communication fields have resulted in the expansion of wireless sensor network (WSN) technology. However, WSN has been proven to be vulnerable to security breaches. The harsh and unattended deployment of these networks, combined with their constrained resources and the volume of data generated, introduces a major security concern. WSN applications are extremely critical, it is essential to build reliable solutions that involve fast and continuous mechanisms for online stream analysis, allowing the identification of attacks and intrusions. Our aim is to develop an intelligent and efficient intrusion detection system by applying an important machine learning concept known as ensemble learning in order to improve detection performance. Although ensemble models have been proven to be useful in offline learning, they have received less attention in streaming applications. In this paper, we examine the application of different homogeneous and heterogeneous online ensembles in sensory data analysis on a specialized WSN detection system (WSN-DS) dataset in order to classify four types of attacks: Blackhole attack, Grayhole, Flooding, and Scheduling among normal network traffic. Among the proposed novel online ensembles, both the heterogeneous ensemble consisting of an Adaptive Random Forest (ARF) combined with the Hoeffding Adaptive Tree (HAT) algorithm and the homogeneous ensemble HAT made up of 10 models achieved higher detection rates of 96.84 % and 97.2 %, respectively. The above models are efficient and effective in dealing with concept drift while taking into account WSN resource constraints.
View
... Park et al. [20] used the Random Forest technique to classify attacks in WSNs based on the WSN-DS dataset [19]. Their method successfully categorizes network states, but may need additional investigation to address emerging threats. ...
Machine Learning-Based Attack Detection for Wireless Sensor Network Security Using Hidden Markov Models
Article
Full-text available
  • May 2024
  • WIRELESS PERS COMMUN
The progress of Wireless Sensor Networks (WSNs) technologies has introduced a greater susceptibility of sensors and networks to being victims of distributed attacks. These attacks include various malicious activities such as intrusions during routing processes, data intercepting and other disruptive actions. In response to this increasing security challenge, numerous models for attack identification have been proposed. These models typically involve the deployment of detection systems that collect sensor data and employ machine learning and artificial intelligence techniques to categorize them. This research introduces a novel method for the analysis and classification of WSN datasets. The primary objective is to develop an anomaly identification approach that enhances sensor network security and operational efficiency with a good degree of accuracy. To achieve this goal, artificial intelligence method based-on stochastic models are used to create a detection system that learns from existing routing data to identify potential malicious network entries. The proposed approach relies on the principles of the Hidden Markov Model (HMM) and the Gaussian Mixture Model (GMM), a part of artificial intelligence stochastic functions, which incorporate predictive assumptions. In addition, dimensionality reduction is used to select the most pertinent routing features for the training of the system. To assess the effectiveness of our proposed approach, we performed experiments using a custom dataset that represents various network scenarios, including both normal and attacked states. The results demonstrate the performance of the model, achieving a classification score of 92. 18% when using a combination of two HMM and three GMM in the classifier. The proposed method attains a 98% precision value and 95% accuracy, better than performances of SVM, NB, DT and RF methods. This highlights the efficacy of our proposed approach compared to existing research.
View
... Behaviors include sudden spikes in network activity and the appearance of new, unexpected WSN parameters are hallmarks of abnormal network usage. Wormholes, sinkholes, flooding, and jamming are just some of the attacks that disrupt normal network operation [8]. It may be difficult for the classifier to quickly distinguish normal and abnormal patterns in network traffic because of the large number and variety of involved data and noninvolved data [9]. ...
Stochastic Gradient Descent Intrusions Detection for Wireless Sensor Network Attack Detection System Using Machine Learning
Article
Full-text available
  • Jan 2024
Communication in cyber-physical systems relies heavily on Wireless Sensor Networks (WSNs), which have numerous uses including ambient monitoring, object recognition, and data transmission. However, they are vulnerable to cyberattacks because they are connected to the IoT. In order to combat the difficulties associated with WSN intrusion detection, this research employs machine learning techniques, notably the Gaussian Nave Bayes (GNB) and Stochastic Gradient Descent (SGD) algorithms. The effectiveness of recommendation systems is improved with the introduction of context awareness. To lessen the burden on the computer, we first do a principal component analysis and singular value decomposition on the raw traffic data. The system was tested on two datasets, yielding extremely high accuracy results. This is evidence of the system’s strength, even when the dataset is changed. On the WSN-DS dataset, the suggested SG-IDS model achieved a 96% accuracy rate, outperforming state-of-the-art algorithms with higher rates of 98% accuracy, 96% recall, and 97% F1-measurement. In an evaluation on an IoMT dataset, the SG-IDS performed admirably, with an accuracy of 0.87 and a precision of 1.00 in intrusion detection tasks.
View
... However, the increasing volume of data transmitted over WSNs poses significant challenges for real-time analysis by IDSs [7]. Additionally, distinguishing between normal and abnormal network traffic in WSNs is complicated by the presence of attacks such as wormholes, sinkholes, flooding, and jamming, which disrupt the typical network behavior [8]. The sheer magnitude of network traffic data slows down classifiers and introduces difficulties in detecting suspicious behavior due to noise and irrelevant features, further impeding effective investigation and decreasing the likelihood of successful detection [9,10]. ...
View
... Their methodology involved training and testing separate models to classify normal data, suspect data, and pathological data. The authors in [19] proposed a classification method based on the Random Forest method to detect attacks in WSN. Their method was applied to the WSN-DS dataset to detect 1 3 17 Page 4 of 35 ...
Stochastic Machine Learning Based Attacks Detection System in Wireless Sensor Networks
Article
Full-text available
  • Dec 2023
  • J NETW SYST MANAG
Wireless Sensor Networks (WSNs) play a crucial role in diverse applications, encompassing environmental monitoring, healthcare, and industrial automation. However, these networks are susceptible to various security threats, underscoring the need for robust attack detection systems. In this paper, we propose a Stochastic Machine Learning-Based Attack Detection System for WSNs that leverages the synergy of Hidden Markov Models (HMMs) and Gaussian Mixture Models (GMMs). The proposed system employs Principal Component Analysis for dimensionality reduction in the WSN dataset, thereby retaining essential routing features while mitigating the number of variables. Additionally, iterative machine learning Expectation-Maximization is employed to train the HMMs and GMMs, empowering the system to accurately detect and classify malicious activities and erroneous routing data. To evaluate the system’s efficacy, a series of experiments were conducted, entailing variations in the parameters of both HMMs and GMMs. Notably, the findings underscore that the configuration comprising 3 HMMs and 4 GMMs surpasses other combinations, achieving an exceptional accuracy level of 94.55%. Furthermore, a comprehensive comparison is drawn between the proposed system and common machine learning classifiers. This analysis unequivocally highlights the system’s superiority in terms of accuracy and overall performance. Notable is the system’s exceptional performance in cross-validation, consistently achieving accuracies within the range of 0.96 to 0.98. The proposed Stochastic Machine Learning-Based Attack Detection System introduces a highly promising approach to fortify the security of WSNs. The amalgamation of rigorous experimentation, comparative analysis, and impressive results underscores its potential as an effective security enhancement tool.
View
View
View
View
Hierarchical Average Fusion with GM-PHD Filters Against FDI and DoS Attacks
Article
  • Jan 2024
We address the multisensor multitarget tracking problem based on a hierarchical sensor network. In this setup, there is a fusion center, several cluster heads, and many sensors. Each sensor runs a Gaussian mixture probability hypothesis density (PHD) filter. The sensors send their locally calculated Gaussian components to the local cluster head in the presence of false data injection (FDI) and denial-of-service (DoS) attackers. We propose a hybrid PHD averaging fusion framework that consists of two parts: one uses the arithmetic average (AA) fusion to compensate for information shortage due to DoS and the other uses the geometric average (GA) fusion to suppress false information due to FDI. By integrating the respective zero forcing and avoiding behaviors of the two average fusion approaches, our proposed hybrid fusion scheme is proven resilient to both FDI and DoS attacks. Experimental results illustrate that our proposed algorithm can provide reliable tracking performance against FDI and DoS attacks.
View
WSN-DS: A Dataset for Intrusion Detection Systems in Wireless Sensor Networks
Article
Full-text available
  • Jan 2016
Wireless Sensor Networks (WSN) have become increasingly one of the hottest research areas in computer science due to their wide range of applications including critical military and civilian applications. Such applications have created various security threats, especially in unattended environments. To ensure the security and dependability of WSN services, an Intrusion Detection System (IDS) should be in place. This IDS has to be compatible with the characteristics of WSNs and capable of detecting the largest possible number of security threats. In this paper a specialized dataset for WSN is developed to help better detect and classify four types of Denial of Service (DoS) attacks: Blackhole, Grayhole, Flooding, and Scheduling attacks. This paper considers the use of LEACH protocol which is one of the most popular hierarchical routing protocols in WSNs. A scheme has been defined to collect data from Network Simulator 2 (NS-2) and then processed to produce 23 features. The collected dataset is called WSN-DS. Artificial Neural Network (ANN) has been trained on the dataset to detect and classify different DoS attacks. The results show that WSN-DS improved the ability of IDS to achieve higher classification accuracy rate. WEKA toolbox was used with holdout and 10-Fold Cross Validation methods. The best results were achieved with 10-Fold Cross Validation with one hidden layer. The classification accuracies of attacks were 92.8%, 99.4%, 92.2%, 75.6%, and 99.8% for Blackhole, Flooding, Scheduling, and Grayhole attacks, in addition to the normal case (without attacks), respectively.
View
Intrusion detection system in Wireless Sensor Network based on mobile agent
Article
Full-text available
  • Mar 2015
The wireless sensor network is a network of simple sensing devices, which are capable of communicating with other devices and sensing some changes of Incidents or parameters, however, the wireless sensor network is easy to be attacked because of its features, so protecting networks against intrusions or attacks is one of the most principals posed issue into the network and information security domains. This problem on Wireless Sensor Networks (WSNs), in attention to their special properties, has more importance. This work describes a new Intrusion Detection System architecture that uses multi-agent system and a classification algorithm to detect the intrusion. We use the Weka tool to implement algorithms of detection intrusion and to perform the rate classification.
View
A Global Hybrid Intrusion Detection System for Wireless Sensor Networks
Article
Full-text available
  • Jul 2015
Many researchers are currently focusing on the security of wireless sensor networks (WSNs). This type of network is associated with vulnerable characteristics such as open-air transmission and self-organizing withoutafixed infrastructure. Intrusion Detection Systems (IDSs) can play an important role in detecting and preventing security attacks. In this paper, we propose a hybrid, lightweight intrusion detection system for sensor networks. Our intrusion detection model takes advantage of cluster-based architecture to reduce energy consumption. This model uses anomaly detection based on support vector machine (SVM) algorithm and aset of signature rules to detect malicious behaviors and provide global lightweight IDS. Simulation results show that the proposed model can detect abnormal events efficiently and has a high detection rate with lower false alarm.
View
View
Random Forests
Article
  • Jan 2001
Bagging predictors is a method for generating multiple versions of a predictor and using these to get an aggregated predictor. The aggregation averages over the versions when predicting a numerical outcome and does a plurality vote when predicting a class. The multiple versions are formed by making bootstrap replicates of the learning set and using these as new learning sets. Tests on real and simulated data sets using classification and regression trees and subset selection in linear regression show that bagging can give substantial gains in accuracy. The vital element is the instability of the prediction method. If perturbing the learning set can cause significant changes in the predictor constructed, then bagging can improve accuracy.
View
An energy-efficient routing method with intrusion detection and prevention for wireless sensor networks
Conference Paper
  • Feb 2014
Because of the features such as limited resources, wireless communication and harsh environments, wireless sensor networks (WSNs) are prone to various security attacks. Therefore, we need intrusion detection and prevention methods in WSNs. When the two types of schemes are applied, heavy communication overhead and resulting excessive energy consumption of nodes occur. For this reason, we propose an energy efficient routing method in an environment where both intrusion detection and prevention schemes are used in WSNs. We confirmed through experiments that the proposed scheme reduces the communication overhead and energy consumption compared to existing schemes.
View
Ensemble Machine Learning
Article
  • Mar 2012
Modern biology has experienced an increased use of machine learning techniques for large scale and complex biological data analysis. In the area of Bioinformatics, the Random Forest (RF) [6] technique, which includes an ensemble of decision trees and incorporates feature selection and interactions naturally in the learning process, is a popular choice. It is nonparametric, interpretable, efficient, and has high prediction accuracy for many types of data. Recent work in computational biology has seen an increased use of RF, owing to its unique advantages in dealing with small sample size, high-dimensional feature space, and complex data structures.
View
D-FICCA: A Density-based Fuzzy Imperialist Competitive Clustering Algorithm for Intrusion Detection in Wireless Sensor Networks
Article
  • May 2014
  • MEASUREMENT
Owing to the scattered nature of Denial-of-Service attacks, it is tremendously challenging to detect such malicious behavior using traditional intrusion detection systems in Wireless Sensor Networks (WSNs). In the current paper, a hybrid clustering method is introduced, namely a Density-based Fuzzy Imperialist Competitive Clustering Algorithm (D-FICCA). Hereby, the Imperialist Competitive Algorithm (ICA) is modified with a density-based algorithm and fuzzy logic for optimum clustering in WSNs. A density-based clustering algorithm helps improve the imperialist competitive algorithm for the formation of arbitrary cluster shapes as well as handling noise. The fuzzy logic controller (FLC) assimilates to imperialistic competition by adjusting the fuzzy rules to avoid possible errors of the worst imperialist action selection strategy. The proposed method aims to enhance the accuracy of malicious detection. D-FICCA is evaluated on a publicly available dataset consisting of real measurements collected from sensors deployed at the Intel Berkeley Research Lab. Its performance is compared against existing empirical methods, such as K-MICA, K-mean, and DBSCAN. The results demonstrate that the proposed framework achieves higher detection accuracy 87% and clustering quality 0.99 compared to existing approaches.
View
Co-FAIS: Cooperative Fuzzy Artificial Immune System for Detecting Intrusion in Wireless Sensor Networks
Article
  • May 2014
Due to the distributed nature of Denial-of-Service attacks, it is tremendously challenging to identify such malicious behavior using traditional intrusion detection systems in Wireless Sensor Networks (WSNs). In the current paper, a bio-inspired method is introduced, namely the Cooperative-based Fuzzy Artificial Immune System (Co-FAIS). It is a modular-based defense strategy derived from the danger theory of the human immune system. The agents synchronize and work with one another to calculate the abnormality of sensor behavior in terms of context antigen value (CAV) or attackers and update the fuzzy activation threshold for security response. In such a multi-node circumstance, the sniffer module adapts to the sink node to audit data by analyzing the packet components and sending the log file to the next layer. The fuzzy misuse detector module (FMDM) integrates with a danger detector module to identify the sources of danger signals. The infected sources are transmitted to the fuzzy Q-learning vaccination modules (FQVM) in order for particular, required action to enhance system abilities. The Cooperative Decision Making Modules (Co-DMM) incorporates danger detector module with the fuzzy Q-learning vaccination module to produce optimum defense strategies. To evaluate the performance of the proposed model, the Low Energy Adaptive Clustering Hierarchy (LEACH) was simulated using a network simulator. The model was subsequently compared against other existing soft computing methods, such as fuzzy logic controller (FLC), artificial immune system (AIS), and fuzzy Q-learning (FQL), in terms of detection accuracy, counter-defense, network lifetime and energy consumption, to demonstrate its efficiency and viability. The proposed method improves detection accuracy and successful defense rate performance against attacks compared to conventional empirical methods.
View
Cooperative Game Theoretic Approach using Fuzzy Q-learning for Detecting and Preventing Intrusions in Wireless Sensor Networks
Article
  • Jun 2014
  • ENG APPL ARTIF INTEL
Owing to the distributed nature of denial-of-service attacks, it is tremendously challenging to detect such malicious behavior using traditional intrusion detection systems in Wireless Sensor Networks (WSNs). In the current paper, a game theoretic method is introduced, namely cooperative Game-based Fuzzy Q-learning (G-FQL). G-FQL adopts a combination of both the game theoretic approach and the fuzzy Q-learning algorithm in WSNs. It is a three-player strategy game consisting of sink nodes, a base station, and an attacker. The game performs at any time a victim node in the network receives a flooding packet as a DDoS attack beyond a specific alarm event threshold in WSN. The proposed model implements cooperative defense counter-attack scenarios for the sink node and the base station to operate as rational decision-maker players through a game theory strategy. In order to evaluate the performance of the proposed model, the Low Energy Adaptive Clustering Hierarchy (LEACH) was simulated using NS-2 simulator. The model is subsequently compared against other existing soft computing methods, such as fuzzy logic controller, Q-learning, and fuzzy Q-learning, in terms of detection accuracy, counter-defense, network lifetime and energy consumption,to demonstrate its efficiency and viability. The proposed model's attack detection and defense accuracy yield a greater improvement than existing above-mentioned machine learning methods. In contrast to the Markovian game theoretic, the proposed model operates better in terms of successful defense rate.
View