Technical Reports

A List by Author: Andriy Stetsko

e-mail:
xstetsko(a)fi.muni.cz

Improving Intrusion Detection Systems for Wireless Sensor Networks

by Andriy Stetsko, Tobias Smolka, Václav Matyá¹, Martin Stehlik, March 2014, 29 pages.

FIMU-RS-2014-01. Available as Postscript, PDF.

Abstract:

A considerable amount of research has been undertaken in the field of intrusion detection in wireless sensor networks. Researchers proposed a number of relevant mechanisms, and it is not an easy task to select the right ones for a given application scenario. Even when a network operator knows what mechanism to use, it remains an open issue how to configure this particular mechanism in such a way that it is efficient for the particular needs. We propose a framework that optimizes the configuration of an intrusion detection system in terms of detection accuracy and memory usage. There is a variety of scenarios, and a single set of configuration values is not optimal for all of them. Therefore, we believe, such a framework is of a great value for a network operator who needs to optimize an intrusion detection system for his particular needs, e.g., attacker model, environment, node parameters.

Neighbor-Based Intrusion Detection for Wireless Sensor Networks

by Andriy Stetsko, Luká¹ Folkman, Václav Matyá¹, May 2010, 33 pages.

FIMU-RS-2010-04. Available as Postscript, PDF.

Abstract:

The neighbor-based detection technique explores the principle that sensor nodes situated spatially close to each other tend to have similar behavior. A node is considered malicious if its behavior significantly differs from its neighbors. The detection technique is localized, unsupervised and adapts to changing network dynamics. Although the technique is promising, it has not been deeply researched in the context of wireless sensor networks yet. In this technical report we analyze symptoms of different attacks for the applicability of the neighbor-based technique. The analysis shows that the technique can be used for detection of selective forwarding, jamming and hello flood attacks. We implemented an intrusion detection system which employs the neighbor-based detection technique. The system was designed for and works on the TinyOS operating system running the Collection tree protocol. We evaluated accuracy of the technique in detection of selective forwarding, jamming and hello flood attacks. The results show that the neighbor-based detection technique is highly accurate, especially in the case when collaboration among neighboring nodes is used.