1 / 20

Martin Stehlík Faculty of Informatics Masaryk University Brno

Explore the optimization of intrusion detection systems in wireless sensor networks using evolutionary algorithms to balance IDS accuracy and WSN performance. Simulation-based framework enables automated design and testing. Acknowledgments to Ministry of the Interior, Czech Republic. References provided for further reading.

cerma
Download Presentation

Martin Stehlík Faculty of Informatics Masaryk University Brno

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Optimization of intrusion detection systems for wireless sensor networks using evolutionary algorithms Martin Stehlík Faculty of Informatics Masaryk University Brno

  2. Wireless Sensor Network (WSN) • Highly distributed network which consists of many low-cost sensor nodes and a base station (or sink) that gathers the observed data for processing. Source: http://embedsoftdev.com/embedded/wireless-sensor-network-wsn/

  3. Typical sensor node (TelosB) • Microcontroller • 8 MHz, 10 kB RAM • External memory • 1 MB • Radio • 2.4 GHz, 250 kbps • Battery • 2 x AA (3 V) • Sensors • Temperature, light, humidity, …

  4. Security • Sensor nodes: • Communicate wirelessly. • Have lower computational capabilities. • Have limited energy supply. • Can be easily captured. • Are not tamper-resistant. • WSNs are deployed in hostile environment. • WSNs are more vulnerable than conventional networks by their nature.

  5. Attacker model • Passive attacker • Eavesdrops on transmissions. • Active attacker • Alters data. • Drops or selectively forwards packets. • Replays packets. • Injects packets. • Jams the network. => can be detected by Intrusion Detection System.

  6. Intrusion detection system (IDS) • IDS node can monitor packets addressed to itself. • IDS node can overhear and monitor communication of its neighbors.

  7. IDS techniques • Many techniques have been proposed to detect different attacks. • We can measure: • Packet sent & delivery ratio. • Packet sending & receiving rate. • Carrier sensing time. • Sending power. • And monitor: • Packet alteration. • Dropping.

  8. IDS optimization • Sensor nodes are limited in their energy and memory. • Better IDS accuracy usually requires: • Energy (network lifetime). • Memory (restriction to other applications). • Trade-off between IDS accuracy and WSN performanceand lifetime. High-level aim: • Framework for (semi)automated design and optimization of IDS parameters.

  9. Why do we simulate WSN? • Time of implementation and runtime (e.g. battery depletion). • Simulation of hundreds or thousands sensor nodes. • Verifiability of results. • Repeatability of tests. • Protocols that work during simulations may fail in real environment because of simplicity of the model. • Thorough comparison of simulators with reality can be found in [SSM11].

  10. IDS optimization framework Figure: Andriy Stetsko

  11. Simulator • Input: candidate solution represented as a simulation configuration. • Number of monitored neighbors. • Max. number of buffered packets. • … • Output: statistics of a simulation. • Detection accuracy. • Memory and energy consumption. • Simulation: specific WSN running predefined time configured according to the candidate solution.

  12. Optimization engine • Input: statistics from the simulator. • Detection accuracy. • Memory and energy consumption. • Output: new candidate solution(s) in form of simulation configurations. • Number of monitored neighbors. • Max. number of buffered packets. • … • Algorithms:evolutionary algorithms, particle swarm optimization, simulated annealing, …

  13. Evolutionary algorithms • Inspired in nature. Source: http://eodev.sourceforge.net/eo/tutorial/html/EA_tutorial.jpg

  14. Pareto front • Single aggregate objective function • Set of non-dominated solutions.

  15. Our test case • Pareto front. Source: [SSSM13]

  16. Multi-objective evolutionary algorithms • What did the evolution find? Source: [SSSM13]

  17. Conclusion • Utilization of MOEAs in unexplored areas of research. • MOEAs enable to choose between optimized solutions according to our requirements. • Main goal: working IDS framework for WSNs. • Design of robust solutions for large WSNs, enabling detection of various attacks.

  18. Acknowledgments • This work was supported by the project VG20102014031, programme BV II/2 - VS, of the Ministry of the Interior of the Czech Republic.

  19. Thank you for your attention.

  20. References • [SSM11] A. Stetsko, M. Stehlík, and V. Matyáš. Calibrating and comparing simulators for wireless sensor networks. In Proceedings of the 8th IEEE International Conference on Mobile Adhoc and Sensor Systems, MASS '11, pages 733-738, Los Alamitos, CA, USA, 2011. IEEE Computer Society. • [SSSM13] M. Stehlík, A. Saleh, A. Stetsko, and V. Matyáš. Multi-Objective Optimization of Intrusion Detection Systems for Wireless Sensor Networks. Submitted to 12th European Conference on Artificial Life. • [SMS13] A. Stetsko, V. Matyáš, and M. Stehlík. A Framework for optimization of intrusion detection system parameters in wireless sensor networks. Prepared for a journal submission.

More Related