Research On Intrusion Detection Based On Clustering And Support Vector Machine Multi-class Classification In WSN

In recent years, the types of network intrusion are emerging in an endlessstream. Due to the lack of some resources in wireless sensor networks, such as nodeenergy and processing capacity, network intrusions become more and moreimpossible to defend effectively. Aiming at some common attacks in wireless sensornetworks, such as Hello flooding attacks, blackhole attacks, selective forwardingattacks, denial of service (DoS) attacks and Sybil attacks, this paper proposes a newkind of error correction output coding algorithm. This algorithm is constructed basedon clustering and SVM multi-class algorithms. It has an efficient result in detectingtwo kinds of attacks on the basis of a lower time complexity, which provides aneffective way in misuse detection of attacks. In this paper, the main work andresearch results can be summarized as follows:(1) In the process of constructing the modified H-ECOC-SVM error correctionoutput coding matrix, this paper introduces two kinds of ideas, including Hadamardcoding method and sparse random coding method. In order to enhance the codingmatrix usability and the intrusion detection accuracy, some influence factors, such asthe correlations between each two-column and the hamming distance between eachtwo-row, are considered. In the modified H-ECOC-SVM coding matrix, eachtwo-column is unrelated, and the minimum hamming distance between each two-rowis maximized. This lays a good theoretical basis for building optimal SVMclassifiers.(2) In the aspect of creating classifiers, grid search method and five-foldcross-validation method are used to calculate nuclear parameters and penaltyparameters. According to the encoding rules of H-ECOC-SVM matrix, onemulti-class problem is decomposed into several two types of problems. In this way,the number of classifier parameters is reduced and the training model of singleclassifiers is simplified. This brings great convenience to multi-class attack detection. (3) Before feature extraction, the test dataset is firstly detected and in thisprocess, clustering algorithm is used to find attacks. In the case of no attack, thismethod saves more time and energy consumption. PCA method makes an analysis ofthe train dataset and the test dataset. It is applied in analyzing and extracting thedimension of feature vector. This process reduces the operation time and theworkloads of classifiers, which satisfies the requirements of time complexity inintrusion detection.(4) The proposed algorithm makes a detailed intrusion detection for five kindsof attacks, including Hello flooding attacks, blackhole attacks, selective forwardingattacks, denial of service attacks and Sybil attacks. The experiment results show thatthe detection rates of three kinds of attacks are above90percent. The false negativerates of two kinds of attacks are below5percent. The average detection time costs offive kinds of attacks are kept under0.1seconds. The results show that the proposedalgorithm has a certain practical reference value in wireless sensor network intrusiondetection.