Optimization of intrusion detection
systems for wireless sensor networks
using evolutionary algorithms
Martin StehlíkFaculty of InformaticsMasaryk UniversityBrno
Wireless Sensor Network (WSN)• Highly distributed network which consists of many low-cost
sensor nodes and a base station (or sink) that gathers the observed data for processing.
Source: http://embedsoftdev.com/embedded/wireless-sensor-network-wsn/
Typical sensor node (TelosB)
• Microcontroller▫ 8 MHz, 10 kB RAM
• External memory▫ 1 MB
• Radio▫ 2.4 GHz, 250 kbps
• Battery▫ 2 x AA (3 V)
• Sensors▫ Temperature, light, humidity, …
Security
• Sensor nodes:
▫ Communicate wirelessly.
▫ Have lower computational capabilities.
▫ Have limited energy supply.
▫ Can be easily captured.
▫ Are not tamper-resistant.
• WSNs are deployed in hostile environment.
• WSNs are more vulnerable than conventional networks by their nature.
Attacker model
• Passive attacker
▫ Eavesdrops on transmissions.
• Active attacker
▫ Alters data.
▫ Drops or selectively forwards packets.
▫ Replays packets.
▫ Injects packets.
▫ Jams the network.
=> can be detected by Intrusion Detection System.
Intrusion detection system (IDS)• IDS node can monitor packets addressed to itself.
• IDS node can overhear and monitor communication of its neighbors.
IDS techniques
• Many techniques have been proposed to detect different attacks.
• We can measure:
▫ Packet sent & delivery ratio.
▫ Packet sending & receiving rate.
▫ Carrier sensing time.
▫ Sending power.
• And monitor:
▫ Packet alteration.
▫ Dropping.
IDS optimization
• Sensor nodes are limited in their energy and memory.
• Better IDS accuracy usually requires:
▫ Energy (network lifetime).
▫ Memory (restriction to other applications).
Trade-off between IDS accuracy and WSN performance and lifetime.
High-level aim:
• Framework for (semi)automated design and optimization of IDS parameters.
Why do we simulate WSN?• Time of implementation and runtime (e.g. battery
depletion).
• Simulation of hundreds or thousands sensor nodes.
• Verifiability of results.
• Repeatability of tests.
• Protocols that work during simulations may fail in real environment because of simplicity of the model.
▫ Thorough comparison of simulators with reality can be found in [SSM11].
IDS optimization framework
Figure: Andriy Stetsko
Simulator• Input: candidate solution represented as a
simulation configuration.
▫ Number of monitored neighbors.
▫ Max. number of buffered packets.
▫ …
• Output: statistics of a simulation.
▫ Detection accuracy.
▫ Memory and energy consumption.
• Simulation: specific WSN running predefined time configured according to the candidate solution.
Optimization engine• Input: statistics from the simulator.
▫ Detection accuracy.
▫ Memory and energy consumption.
• Output: new candidate solution(s) in form of simulation configurations.
▫ Number of monitored neighbors.
▫ Max. number of buffered packets.
▫ …
• Algorithms: evolutionary algorithms, particle swarm optimization, simulated annealing, …
Evolutionary algorithms
Source: http://eodev.sourceforge.net/eo/tutorial/html/EA_tutorial.jpg
• Inspired in nature.
Pareto front• Single aggregate objective function
• Set of non-dominated solutions.
Our test case• Pareto front.
Source: [SSSM13]
Multi-objective evolutionary algorithms• What did the evolution find?
Source: [SSSM13]
Conclusion• Utilization of MOEAs in unexplored areas of research.
• MOEAs enable to choose between optimized solutions according to our requirements.
• Main goal: working IDS framework for WSNs.
▫ Design of robust solutions for large WSNs, enabling detection of various attacks.
Acknowledgments
• This work was supported by the project VG20102014031, programme BV II/2 - VS, of the Ministry of the Interior of the Czech Republic.
Thank you for your attention.
References
• [SSM11] A. Stetsko, M. Stehlík, and V. Matyáš. Calibrating and comparing simulators for wireless sensor networks. In Proceedings of the 8th IEEE International Conference on Mobile Adhoc and Sensor Systems, MASS '11, pages 733-738, Los Alamitos, CA, USA, 2011. IEEE Computer Society.
• [SSSM13] M. Stehlík, A. Saleh, A. Stetsko, and V. Matyáš. Multi-Objective Optimization of Intrusion Detection Systems for Wireless Sensor Networks. Submitted to 12th European Conference on Artificial Life.
• [SMS13] A. Stetsko, V. Matyáš, and M. Stehlík. A Framework for optimization of intrusion detection system parameters in wireless sensor networks. Prepared for a journal submission.