Journal of the Institute of Electronics Engineers of Korea CI (전자공학회논문지CI)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

A Contents-Based Anomaly Detection Scheme in WSNs

콘텐츠 기반 무선 센서 네트워크 이상 탐지 기법

  • Lee, Chang-Seuk (Dept. of Computer Engineering, Changwon National University) ;
  • Lee, Kwang-Hui (Dept. of Computer Engineering, Changwon National University)
  • 이창석 (창원대학교 컴퓨터공학과) ;
  • 이광휘 (창원대학교 컴퓨터공학과)
  • Received : 2011.06.30
  • Accepted : 2011.08.29
  • Published : 2011.09.25
Download PDF
⟨ Previous Next ⟩

Abstract

In many applications, wireless sensor networks could be thought as data-centric networks, and the sensor nodes are densely distributed over a large sensor field. The sensor nodes are normally vulnerable in terms of security since they are very often deployed in a hostile environment and open space. In this paper, we propose a scheme for contents-based anomaly detection in wireless sensor networks. In this scheme we use the characteristics of sensor networks where several nodes surrounding an event point can simultaneously detect the phenomenon occurring and the contents detected from these sensors are limited to inside a certain range. The proposed scheme consists of several phases; training, testing and refining phases. Anomaly candidates detected by the distance-based anomaly detection scheme in the testing phase are sent to the refining phase. They are then compared in the sink node with previously collected data set to improve detection performance in the refining phase. Our simulation results suggest the effectiveness of the proposed scheme in this paper evidenced by the improvements of the detection rate and the false positive rate.

데이터 중심적인 네트워크인 무선 센서 네트워크는 대량의 센서 노드들이 광범위한 지역에 조밀하게 분산 배치되어 동작한다. 센서 노드들은 일반적으로 열린 환경에서 독립적으로 동작하기 때문에 보안 공격에 취약하다. 본 논문에서는 무선 센서 네트워크를 위한 콘텐츠 기반 이상 탐지 기법을 제안한다. 제안 기법은 무선 센서 네트워크의 특징인 특정한 현상을 여러 개의 센서 노드가 동시에 감지한다는 특성과 센서 노드에서 측정된 데이터인 콘텐츠는 어떤 특정 범위 안에서 변한다는 특성을 이용한다. 제안 기법은 훈련 단계, 적용 단계와 보정 단계로 구성되며 적용 단계에서 거리 기반 이상 탐지(distance-based anomaly detection) 기법을 이용하여 얻게 된 이상치 후보를 보정 단계로 보낸다. 보정 단계는 동일한 현상을 동시에 감지한 센서 노드들의 데이터로 구성된 콘텐츠 테이블과 이상치 후보를 비교, 분석함으로써 이상 탐지 기법의 성능을 향상시킨다. 시뮬레이션을 통해 제안 탐지 기법이 높은 탐지율과 낮은 오탐율을 가진다는 것을 확인할 수 있었다.

Keywords

References

  1. I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirici, "Wireless sensor networks: a survey," IEEE Trans. Systems, Man and Cybernetics (B), Vol. 38, pp. 393-422, 2002.
  2. A. Perrig, et. al, "Security in wireless sensor networks," CACM, Vol. 47, No. 6, pp. 53-57, 2004. https://doi.org/10.1145/990680.990707
  3. F. Martinicic, et. al., "Distributed event detection in sensor networks," in Proc. of the International Conference on Systems and Networks Communication, pp. 43-48, 2006.
  4. D. M. Hawkins, "Identification of outliers," Chapman and Hall, London, 1980.
  5. V. Barnett, T. Lewis, "Outliers in statistical data," John Wiley Sons, New York, 1994.
  6. E. M. Knorr, R. T. Ng, V. Tucakov, "Distance-based outliers: algorithms and applications," The VLDB Journal, Vol. 8, Issue 3-4, pp. 237-253, 2000. https://doi.org/10.1007/s007780050006
  7. Pang-Ning tan, M. Steinbach, V. Kumar, "Introduction to Data Mining," Addison-Wesley, 2006.
  8. Bhuse, V., Gupta, A., "Anomaly Intrusion Detection in Wireless Sensor Networks," J. High Speed Networks, pp. 33-51, 2006.
  9. V. Chatzigiannakis, S. Papavassiliou, "Diagnosing Anomalies and Identifying Faulty Nodes in sensor Networks," IEEE Sensors Journal, Vol. 7, 2007.
  10. W. Du, L. Fang, P. Ning, "LAD: Localization Anomaly Detection for Wirelesss Sensor Networks," Journal of Parallel and Distgributed Computing, Vol. 66, 2006.
  11. C. E. Loo, M. Y. Ng, C. Leckie, M. Palaniswami, "Intrusion Detection for Routing Attacks in Sensor Networks," International Journal of Distributed Sensor Networks, Vol. 2, No. 4, 2006.
  12. A. P. R. da Silva, M. H. T. Martins, et. al, "Decentralized Intrusion Detection in Wireless Sensor Networks," in Proc. of the 1st ACM International Workshop on Quality of Service & Security in Wireless and Mobile Networks (Q2SWinet'05), pp. 16-23, New York, USA, 2005.
  13. K. Ioannis, B. Zinaida, G. Thanassis, F. C. Felix, D. Tassos, "Cooperative Intrusion Detection in Wireless Sensor Networks," in Proc. of the 6th European Conference on Wireless Sensor Networks, 2009.
  14. I. Downard, "Simulation Sensor Networks in NS-2," Technical Report NRL/FR/5522-04-10073, Naval Research Laboratory, Washington, D.C., U.S.A., May 2004.