Martin Stehlík Faculty of Informatics Masaryk University Brno

Optimization of intrusion detection

systems for wireless sensor networks

using evolutionary algorithms

Martin StehlíkFaculty of InformaticsMasaryk UniversityBrno

Wireless Sensor Network (WSN)• Highly distributed network which consists of many low-cost

sensor nodes and a base station (or sink) that gathers the observed data for processing.

Source: http://embedsoftdev.com/embedded/wireless-sensor-network-wsn/

Typical sensor node (TelosB)

• Microcontroller▫ 8 MHz, 10 kB RAM

• External memory▫ 1 MB

• Radio▫ 2.4 GHz, 250 kbps

• Battery▫ 2 x AA (3 V)

• Sensors▫ Temperature, light, humidity, …

Security

• Sensor nodes:

▫ Communicate wirelessly.

▫ Have lower computational capabilities.

▫ Have limited energy supply.

▫ Can be easily captured.

▫ Are not tamper-resistant.

• WSNs are deployed in hostile environment.

• WSNs are more vulnerable than conventional networks by their nature.

Attacker model

• Passive attacker

▫ Eavesdrops on transmissions.

• Active attacker

▫ Alters data.

▫ Drops or selectively forwards packets.

▫ Replays packets.

▫ Injects packets.

▫ Jams the network.

=> can be detected by Intrusion Detection System.

Intrusion detection system (IDS)• IDS node can monitor packets addressed to itself.

• IDS node can overhear and monitor communication of its neighbors.

IDS techniques

• Many techniques have been proposed to detect different attacks.

• We can measure:

▫ Packet sent & delivery ratio.

▫ Packet sending & receiving rate.

▫ Carrier sensing time.

▫ Sending power.

• And monitor:

▫ Packet alteration.

▫ Dropping.

IDS optimization

• Sensor nodes are limited in their energy and memory.

• Better IDS accuracy usually requires:

▫ Energy (network lifetime).

▫ Memory (restriction to other applications).

Trade-off between IDS accuracy and WSN performance and lifetime.

High-level aim:

• Framework for (semi)automated design and optimization of IDS parameters.

Why do we simulate WSN?• Time of implementation and runtime (e.g. battery

depletion).

• Simulation of hundreds or thousands sensor nodes.

• Verifiability of results.

• Repeatability of tests.

• Protocols that work during simulations may fail in real environment because of simplicity of the model.

▫ Thorough comparison of simulators with reality can be found in [SSM11].

IDS optimization framework

Figure: Andriy Stetsko

Simulator• Input: candidate solution represented as a

simulation configuration.

▫ Number of monitored neighbors.

▫ Max. number of buffered packets.

▫ …

• Output: statistics of a simulation.

▫ Detection accuracy.

▫ Memory and energy consumption.

• Simulation: specific WSN running predefined time configured according to the candidate solution.

Optimization engine• Input: statistics from the simulator.

▫ Detection accuracy.

▫ Memory and energy consumption.

• Output: new candidate solution(s) in form of simulation configurations.

▫ Number of monitored neighbors.

▫ Max. number of buffered packets.

▫ …

• Algorithms: evolutionary algorithms, particle swarm optimization, simulated annealing, …

Evolutionary algorithms

Source: http://eodev.sourceforge.net/eo/tutorial/html/EA_tutorial.jpg

• Inspired in nature.

Pareto front• Single aggregate objective function

• Set of non-dominated solutions.

Our test case• Pareto front.

Source: [SSSM13]

Multi-objective evolutionary algorithms• What did the evolution find?

Source: [SSSM13]

Conclusion• Utilization of MOEAs in unexplored areas of research.

• MOEAs enable to choose between optimized solutions according to our requirements.

• Main goal: working IDS framework for WSNs.

▫ Design of robust solutions for large WSNs, enabling detection of various attacks.

Acknowledgments

• This work was supported by the project VG20102014031, programme BV II/2 - VS, of the Ministry of the Interior of the Czech Republic.

Thank you for your attention.

References

• [SSM11] A. Stetsko, M. Stehlík, and V. Matyáš. Calibrating and comparing simulators for wireless sensor networks. In Proceedings of the 8th IEEE International Conference on Mobile Adhoc and Sensor Systems, MASS '11, pages 733-738, Los Alamitos, CA, USA, 2011. IEEE Computer Society.

• [SSSM13] M. Stehlík, A. Saleh, A. Stetsko, and V. Matyáš. Multi-Objective Optimization of Intrusion Detection Systems for Wireless Sensor Networks. Submitted to 12th European Conference on Artificial Life.

• [SMS13] A. Stetsko, V. Matyáš, and M. Stehlík. A Framework for optimization of intrusion detection system parameters in wireless sensor networks. Prepared for a journal submission.