cell-based intrusion detection using wireless mesh network

2 downloads 137089 Views 802KB Size Report
Fortunately, wireless network infrastructure has potential to enhance the detection ... detection approach offer by the advantages of the wireless mesh network. 3.
INTERNATIONAL JOURNAL of ACADEMIC RESEARCH

Vol. 5. No. 5. September, 2013

Megat N.M. Mohamed Noor. Cell-based intrusion detection using wireless mesh network. International Journal of Academic Research Part A; 2013; 5(5), 94-99. DOI: 10.7813/2075-4124.2013/5-5/A.12

CELL-BASED INTRUSION DETECTION USING WIRELESS MESH NETWORK Megat Norulazmi Megat Mohamed Noor Department of MIIT, University of Kuala Lumpur (MALAYSIA) [email protected] DOI: 10.7813/2075-4124.2013/5-5/A.12 ABSTRACT In order to obtain optimal surveillance detection we may need to deploy large number of Wi-Fi sensors and cameras which relatively incur huge cost. Fortunately, wireless network infrastructure has potential to enhance the detection without need to massively deploy extra physical sensors by exploiting the triangulation of Wi-Fi signal interference. This paper presents experimental results that demonstrate the accuracy of Wi-Fi signal strength mapping approach to detect an existence of a human through a prediction model which is generated by Naïve Bayes learning algorithm. This research introduces the cell-based intrusion detection offer by the advantages of the wireless mesh network over the traditional wireless network infrastructure. The result shows that the prediction accuracy of whether a subject is exist inside or outside of the wireless mesh imaginary boundary is at 90%. Therefore the proposed cell-based intrusion detection using wireless mesh network has a great potential to be used to enhance surveillance system detection without need to massively deploy extra physical sensors. Henceforth, our proposed cell-based intrusion detection through a wireless mesh network has a great potential to enhance current home surveillance system deployment in a large residential area. Key words: Cell-Based Intrusion Detection, Wireless Mesh Network, Wi-Fi signal strength mapping 1. INTRODUCTION Nowadays, with Wi-Fi technology and wireless mesh technology, the scalability and reliability factor for wireless network infrastructure are improved. Wireless mesh network usually consist of mesh clients, mesh router and gateways. It offers more redundancy and reliability because if one node faults to operate, other nodes can continue to communicate, directly or through one or more intermediate nodes. This advantage improves the scalability and coverage area because to extend the coverage area, users only need to add nodes and ensure that new node can communicate with other nodes. In the context of surveillance system implementation in a large residential area, there are lots of factors that are needed to be considered, especially the cost. Therefore, wireless network infrastructure based surveillance system is currently being widely deployed as a cost effective solution compared to wired network infrastructure. This is because of its known three major factors; mobility, easier deployment, and scalability. However, in order to obtain optimal surveillance detection we may need to deploy large number of Wi-Fi sensors and cameras which relatively incur huge cost. Fortunately, wireless network infrastructure has a potential to enhance the detection without the need to massively deploy extra sensors. This can be achieved using passive detection through signal strength mapping approach. However traditional wireless network infrastructure is not scalable enough to be deployed in large residential area. Since wireless mesh technology offers better scalability, redundancy and reliability features, a passive detection to enhance the intrusion detection is achievable through a cell-based detection offer by the nature of the mesh network topology. Rest of the paper is organized as follow: Section 2 discusses related work. Section 3 introduces the method that is used in this work. Section 4 explains the project set-up. Section 5 present the result, and finally section 6 summarizes the paper. 2. RELATED WORKS According to Pius W.Q. Lee, Winston K.G. Seah, Hwee-Pink Tan, and Zexi Yao (2010), human body comprises of liquid, bone and flesh, which selectively absorb, reflect and scatter RF signal. Therefore, in the presence of human activity in the network, different components of a signal are absorbed at different time instances, resulting in signal strength fluctuations at the receiver. Pius W.Q. Lee, Winston K.G. Seah, Hwee-Pink Tan, and Zexi Yao (2010) state that it can be adopted as preliminary detection system to trigger other systems such as video surveillance, or alert security personal to focus on specific CCTV displays. However, the shadowing losses of the wireless network signal strength (RSS) measurement from the traditional wireless network cannot be used effectively in a wide residential area. This is because traditional Wi-Fi link is effectively limited up to about 50 meter radius and yet still subject to signal to noise ratio issue. A new form of distributed wireless networks called wireless mesh networks (WMN) has emerges to address the limitation of traditional wireless networking. According to W. Zhang et. al. (2008), wireless mesh networks is a special kind of multi-hop wireless network that

94 | PART A. NATURAL AND APPLIED SCIENCES

INTERNATIONAL JOURNAL of ACADEMIC RESEARCH

Vol. 5. No. 5. September, 2013

is made up mesh routers and mesh clients. Wireless mesh network become fast-growing wireless technology because simple to set up, easy to maintain, cost savings, shared networks and easily to facilitate expansion (Yang Liuqing, 2010; Yu Qian, 2010). Wireless mesh system uses a new mechanism that can adjust the coverage and the intensity as to facilitate the expansion process (Yang Liuqing, 2010; Yu Qian, 2010). To overcome the limitation of traditional wireless network for a RSS-based detection, this research introduces a cell-based intrusion detection approach offer by the advantages of the wireless mesh network. 3. RESEARCH METHODOLOGY Supervised learning is conducted in two steps. In the first step, a model is built from a training dataset using a learning algorithm. In the second step, performance of the model is evaluated using an unseen test dataset.

Fig. 1. Training operator’s set-up in Rapidminer

Fig. 2. Operator’s set-up within Cross-Validation

Fig. 3. Prediction model testing operator’s set-up The result of the evaluation is used to classify unseen instances (Lanzi, P. L., 2006). Rapidminer (Mierswa, I., Wurst, M., Klinkenberg, R., Scholz, M., & Euler, T., 2006) is a well-known open-source data mining package has been chosen as our research instrument in this research. The Rapidminer operator’s configurations for the supervised learning methodology are shown in figure 1, 2, and 3. All configurations in this research are in default setting.

Baku, Azerbaijan| 95

INTERNATIONAL JOURNAL of ACADEMIC RESEARCH

Vol. 5. No. 5. September, 2013

4. EXPERIMENTAL SET UP Our experimental set-up is deployed in room 1807-1808 at MIIT Department of Universiti Kuala Lumpur which is located at Jalan Sultan Ismail, Kuala Lumpur. The flow of this experiment is as shown in figure 4. The floor plan of the RSS sampling point for the data collection is depicted in figure 5.

Fig. 4. Experiment Flowchart The distance between each sampling point (P1 to P12) is shown in figure 5. The height of the wireless mesh routers (we are using openmesh OMP2 wireless mesh router) is about 0.8 meter and the distance between them are shown in figure 5. The monitoring point PC distance to the center of imaginary boundary between mesh router#1 and mesh router#2 is about 4.50 meter. However, unlike in our previous work (M. N. M. M. Noor, 2013); the measurements are not taken for the individual RSS link between the wireless mesh and the monitoring point PC’s wireless adapter. We use Wireshark to sniff all the packets and filter out data to gather RSS measurement for the each link between those 3 wireless mesh routers SSID.

96 | PART A. NATURAL AND APPLIED SCIENCES

INTERNATIONAL JOURNAL of ACADEMIC RESEARCH

Vol. 5. No. 5. September, 2013

Fig. 5. Access points placement, imaginary boundary and distance measurement between access points There are 3 type of data collection. Firstly, background data is collected without any existence of subject. Secondly, static data is collected where a subject is standing fixed for ten minutes at the respective sampling point (refer to figure 5). Data collected from sampling point P1 to P6 is labeled as IN_MESH, and sampling point P7 to P12 is labeled as OUT_MESH. Furthermore, the background data is labeled as NON_EXIST; while combination of IN_MESH and OUT_MESH data is labeled as EXIST. 90 percent of the respective data are used as training data and the rest for testing data. In addition, all the respective training data are trimmed so that number of class instances in the data is balanced (M. N. M. M. Noor, 2012). 5. TESTING AND RESULT Result shown in figure 6, 7, 8 and 9 indicate the trends of each wireless mesh AP’s signal strength (located as in figure 5) that is collected in different scenarios. Figure 6 indicate the trends of the mesh AP’s RSS where there are no subject exist. Figure 7 indicate the trends of the mesh AP’s RSS when there are subject exist (combination of data at P1 to P12, see figure 5). Figure 8 shows the mesh AP’s RSS trends when a subject is within the imaginary border of the wireless mesh AP (combination of data at P1 to P6, see figure 5). Figure 9 shows the mesh AP’s RSS trends when a subject is outside the imaginary border of the wireless mesh AP (combination of data at P7 to P12, see figure 5). The trends indicated by respective figure 6 and 7 clearly show unique characteristics of whether a subject is exist or not at the surrounding of the wireless mesh network. Figure 10 is the testing result of prediction model trained with data from figure 6 and 7. The result shows that the prediction accuracy of whether a subject is exists or not at the surrounding of the wireless mesh network is at 90%.

Baku, Azerbaijan| 97

INTERNATIONAL JOURNAL of ACADEMIC RESEARCH

Vol. 5. No. 5. September, 2013

Fig. 6. Trends of the AP’s RSS when a subject is not exist

Fig. 7. Trends of the AP’s RSS when a subject is exist Subsequently, the RSS trends of mesh network link 1-2 and 1-3 indicated in figure 8 and 9 show unique characteristics of whether a subject is exist inside or outside of the wireless mesh imaginary boundary. Figure 11 is the testing result of prediction model trained with data from figure 8 and 9. The result shows that the prediction accuracy of whether a subject is exist inside or outside of the wireless mesh imaginary boundary is at 90%. The findings show that our proposed cell-based intrusion detection through a wireless mesh network has a great potential to enhance current home surveillance system deployment in a large residential area.

Fig. 8. Trends of the AP’s RSS when a subject is exist inside the imaginary boundary

98 | PART A. NATURAL AND APPLIED SCIENCES

INTERNATIONAL JOURNAL of ACADEMIC RESEARCH

Vol. 5. No. 5. September, 2013

Fig. 9. Trends of the AP’s RSS when a subject is outside the imaginary boundary.

Fig. 10. Test result (EXIST_NOEXIST)

Fig. 11. Test result (IN_OUT) 6. CONCLUSION This research reveals that Wi-Fi signal strength (RSS) data measured from wireless mesh links can be used to detect whether a subject is exist inside or outside a cell of an imaginary boundary formed by the mesh links. Therefore the proposed cell-based intrusion detection using wireless mesh network has a great potential to be used to enhance surveillance system detection without need to massively deploy extra physical sensors. Hence, this will support for a deployment of a cost effective and an optimum detection for a large residential neighborhood surveillance system. REFERENCES 1. Lanzi P.L. (2006). Machine Learning and Data Mining: Introductions to Classification. Retrieved November 29, 2010, from slideshare.net:http://www.slideshare.net/pierluca.lanzi/machine-learningand- data-mining-10-introduction-to-classification 2. Lee P.W., Seah W.K., Tan H.-P. & Yao Z. (2010). Wireless Sensing Without Sensors – An Experimental Study of Motion/Intrusion Detection using RF Irregularity, 5-14. 3. Megat Norulazmi Megat Mohamed Noor (2012). Predictive model generation for decrepit manufacturing process Materials through temporal data mining. International Journal of Academic Research Part A; 2012; 4(5), 138-147. 4. Megat Norulazmi Megat Mohamed Noor (2013). Analysis of Device-Free Indoor Human Existence and Position Detection Using Wi-Fi Signal Strength Mapping Approach. International Journal of Academic Research Part A 5. Mierswa I., Wurst M., Klinkenberg R., Scholz M. & Euler T. (2006). YALE: rapid prototyping for complex data mining tasks. Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining (pp. 935-940). Philadelphia, PA, USA: ACM. 6. W. Zhang, Z. Wang, S.K. Das and M. Hassan, Wireless Mesh Networks: Architectures and protocols. New York: Springer, 2008. 7. Yang Liuqing & Y.U. Qian - Research on Logistics Information Transmission Platform Based on Wireless Mesh Network -- The 5th International Conference on Computer Science & Education Hefei, China. August 24–27, 2010.

Baku, Azerbaijan| 99