Optimization of intrusion detection

systems for wireless sensor networks

using evolutionary algorithms

Martin StehlíkFaculty of InformaticsMasaryk UniversityBrno

Wireless Sensor Network (WSN)• Highly distributed network which consists of many low-cost

sensor nodes and a base station (or sink) that gathers the observed data for processing.

Source: http://embedsoftdev.com/embedded/wireless-sensor-network-wsn/

Typical sensor node (TelosB)

• Microcontroller▫ 8 MHz, 10 kB RAM

• External memory▫ 1 MB

• Radio▫ 2.4 GHz, 250 kbps

• Battery▫ 2 x AA (3 V)

• Sensors▫ Temperature, light, humidity, …

Security

• Sensor nodes:

▫ Communicate wirelessly.

▫ Have lower computational capabilities.

▫ Have limited energy supply.

▫ Can be easily captured.

▫ Are not tamper-resistant.

• WSNs are deployed in hostile environment.

• WSNs are more vulnerable than conventional networks by their nature.

Attacker model

• Passive attacker

▫ Eavesdrops on transmissions.

• Active attacker

▫ Alters data.

▫ Drops or selectively forwards packets.

▫ Replays packets.

▫ Injects packets.

▫ Jams the network.

=> can be detected by Intrusion Detection System.

Intrusion detection system (IDS)• IDS node can monitor packets addressed to itself.

• IDS node can overhear and monitor communication of its neighbors.

IDS techniques

• Many techniques have been proposed to detect different attacks.

• We can measure:

▫ Packet sent & delivery ratio.

▫ Packet sending & receiving rate.

▫ Carrier sensing time.

▫ Sending power.

• And monitor:

▫ Packet alteration.

▫ Dropping.

IDS optimization

• Sensor nodes are limited in their energy and memory.

• Better IDS accuracy usually requires:

▫ Energy (network lifetime).

▫ Memory (restriction to other applications).

Trade-off between IDS accuracy and WSN performance and lifetime.

High-level aim:

• Framework for (semi)automated design and optimization of IDS parameters.

Why do we simulate WSN?• Time of implementation and runtime (e.g. battery

depletion).

• Simulation of hundreds or thousands sensor nodes.

• Verifiability of results.

• Repeatability of tests.

• Protocols that work during simulations may fail in real environment because of simplicity of the model.

▫ Thorough comparison of simulators with reality can be found in [SSM11].

IDS optimization framework

Figure: Andriy Stetsko

Simulator• Input: candidate solution represented as a

simulation configuration.

▫ Number of monitored neighbors.

▫ Max. number of buffered packets.

▫ …

• Output: statistics of a simulation.

▫ Detection accuracy.

▫ Memory and energy consumption.

• Simulation: specific WSN running predefined time configured according to the candidate solution.

Optimization engine• Input: statistics from the simulator.

▫ Detection accuracy.

▫ Memory and energy consumption.

• Output: new candidate solution(s) in form of simulation configurations.

▫ Number of monitored neighbors.

▫ Max. number of buffered packets.

▫ …

• Algorithms: evolutionary algorithms, particle swarm optimization, simulated annealing, …

Evolutionary algorithms

Source: http://eodev.sourceforge.net/eo/tutorial/html/EA_tutorial.jpg

• Inspired in nature.

Pareto front• Single aggregate objective function

• Set of non-dominated solutions.

Our test case• Pareto front.

Source: [SSSM13]

Multi-objective evolutionary algorithms• What did the evolution find?

Source: [SSSM13]

Conclusion• Utilization of MOEAs in unexplored areas of research.

• MOEAs enable to choose between optimized solutions according to our requirements.

• Main goal: working IDS framework for WSNs.

▫ Design of robust solutions for large WSNs, enabling detection of various attacks.

Acknowledgments

• This work was supported by the project VG20102014031, programme BV II/2 - VS, of the Ministry of the Interior of the Czech Republic.

Thank you for your attention.

References

• [SSM11] A. Stetsko, M. Stehlík, and V. Matyáš. Calibrating and comparing simulators for wireless sensor networks. In Proceedings of the 8th IEEE International Conference on Mobile Adhoc and Sensor Systems, MASS '11, pages 733-738, Los Alamitos, CA, USA, 2011. IEEE Computer Society.

• [SSSM13] M. Stehlík, A. Saleh, A. Stetsko, and V. Matyáš. Multi-Objective Optimization of Intrusion Detection Systems for Wireless Sensor Networks. Submitted to 12th European Conference on Artificial Life.

• [SMS13] A. Stetsko, V. Matyáš, and M. Stehlík. A Framework for optimization of intrusion detection system parameters in wireless sensor networks. Prepared for a journal submission.