Detecting Denial of Service Attacks in Sensor Networks

Abstract

A wireless sensor network consists of tiny sensing nodes which are deployed in a remote or hostile region, such as battlefield or volcano, to gather information. Each sensor has sensing and wireless communication capabilities, which enable it to gather information from environment and send the information to the remote base station. The applications of wireless sensor networks are used widely today in battlefield monitor, circumstance monitor, or traffic analysis. Security in sensor networks is vital, because sensor networks often apply to a mission-critical task. Therefore, keeping the network available for its intended use is very important.DoS (Denial of Service) attack is that attackers try to diminish or eliminate a network’s capacity to perform its expected function. Attackers may simply send vast redundant data to exhaust the resource of a sensor node or drop data to disturb the result of a query. Due to the limited capability of a sensor, it is very difficult to prevent a sensor from DoS attack. Furthermore, mechanisms of DoS detection used in the wired or wireless environments may not be suitable for sensor networks. This paper proposed a cluster-based intrusion detection system. A secure monitor called gNode is proposed to observe and to report DoS attack activities. Each cluster contains a number of gNodes and normal sensor nodes. gNodes send back the warning ticket to its cluster head or sink, if an abnormal event happens. Once a cluster head or sink receives a certain rate of warning tickets if the compromised node is common sensor node, its cluster head would ignore all messages sent from the compromised sensor node, if the compromised node is cluster head, sink would send a recluster command to the cluster which its cluster head is compromised. The proposed approach could detect DoS attacks more precisely and reduce the damage from a DoS attack based on clustering. This study expects to establish an energy-efficiency and effective intrusion detection system to detect DoS attacks in wireless sensor networks.