Research On Key Technologies Of Intrusion Detection For Wireless Sensor Networks

With the rapid development and maturing of microelectronic technology,sensor technology,embedded technology and wireless communication technology,wireless sensor networks(WSNs)have drawn wide attention of academia and industry,which have very broad application prospects in various fields.Its development will bring great changes to human society.However,security problems have become obstacles in the practical application of WSNs,which have drawn much attention and have been a hot issue in current research.Intrusion detection is the second line of defense for wireless sensor network security and it can effectively make up for the lack of security defense measures such as encryption and authentication.Therefore,it is of great significance to study the key technologies of intrusion detection for WSNs.The internal attack on WSNs launched by attackers is a multiple-stage attack,which usually consists of three stages:physically capturing sensor nodes and obtaining all the key confidential data in them by cracking(the first stage);redeploying the captured nodes or cloned nodes back to the sensor networks and rejoining the network communication(the second stage);launching various internal attacks by captured nodes under the control of attackers,such as selective forwarding attacks,black hole attacks,sybil attacks,energy exhausted attacks and malicious data injection attacks(the third stage).In order to detect the typical attacks initiated in different stages of WSN internal attacks,progressive intrusion detection schemes are proposed in this paper,which can detect attacks and respond as early as possible and reduce the damage caused by attacks.The main work and innovation of this paper include the following aspects:1.Aiming at the early detection of the node capture attacks occurring on the first stage of internal attacks,an early detection method of node capture based on the survivability monitoring was proposed for WSNs in asynchronous sleep mode,so as to detect the captured nodes as early as possible,just before they rejoin the networks.The proposed scheme is based on communication monitoring between neighbor nodes and employs the Hello message scheduling mechanism to ensure the reception of Hello messages between asynchronous sleep nodes.Moreover,it explores the local collaborative decision of common neighbors to improve the detection accuracy rate.The simulation results show that the proposed scheme outperforms other typical methods.2.In order to detect the node clone attacks initiated by the second stage of internal attacks,a clone attack detection method based on witness monitoring with low resource expenditure was proposed for randomly deployed networks.The method consists of two phases:witness chains establishment and clone detection routes generation.The witness chains and detection routes are in the centrifugal direction and circumferential direction,respectively,which can ensure the encounter of witnesses and detection routes of nodes with the same ID but different positions to detect clone attacks.Both theoretical analysis and simulation results manifest that the proposed method outperforms most methods in the literature with low resource expenditure.3.Aiming at selective forwarding attacks which are not easy to discover in the third stage of internal attacks,a selective forwarding attack detection method based on adaptive learning automaton and communication quality was proposed.Comprehensive communication quality of nodes was employed to evaluate the long-term forwarding behaviors of nodes,considering the normal packet loss caused by radio channel and MAC layer collisions.The adaptive reward and penalty parameters of a detection learning automaton are determined by the comprehensive communication quality of the node and the voting of its neighbors to reward or punish the normal or malicious nodes.Simulation results indicate the effectiveness of the proposed method.4.Aiming at a variety of internal attacks faced by WSNs,an adaptive integrated intrusion detection method based on state context and hierarchical trust mechanism was proposed,which can detect flooding attacks,selective forwarding attacks,energy exhausted attacks and data tampering attacks.A multidimensional two-tier hierarchical trust mechanism in the level of sensor nodes and cluster heads considering interactive trust,honesty trust and content trust was put forward.Meanwhile,an intrusion detection mechanism based on a self-adaptive dynamic trust threshold was described,which improves the flexibility and applicability and is suitable for cluster-based WSNs.The experiments and simulation results indicate that the mechanism we proposed outperforms the existing typical systems in malicious detection and resource overhead.In summary,the initiation process of internal attacks on WSNs is the main line of this research.A series of lightweight detection methods for malicious behaviors such as node capture attacks,node clone attacks and selective forwarding attacks were proposed,and an integrated intrusion detection method that can detect a variety of attacks was also put forward in this paper.Hence,progressive intrusion detection schemes were actively explored and studied,and made some achievements.