A Review of Intrusion Detection System Schemes in Wireless Sensor ...

Vol. 4, No. 9 September 2013

ISSN 2079-8407

Journal of Emerging Trends in Computing and Information Sciences ©2009-2013 CIS Journal. All rights reserved. http://www.cisjournal.org

A Review of Intrusion Detection System Schemes in Wireless Sensor Network 1 1

Hassen Mohammed Abduallah Alsafi, 2 Saeed Salem Basamh

Department of Computer Science, 2 Department of Information and Technology International Islamic University Malaysia 1 [email protected] , [email protected]

ABSTRACT Wireless Sensor Network (WSN) comprises of several tiny devices, low-cost, low-power and sensor nodes. This node has distinctive nature unlike from other networks. It includes a huge amount of small sensing devices with some limitation in energy, computation, and communication capabilities. These sensing devices are designed for specific applications, and they interact directly with their physical environments. The applications of WSNs are abundant; many of them are even security critical such as military or security applications. However, strong security practice should be deployed to secure the network from various attacks. The prevention-based approach such as key cryptographic and authentication has been implemented to secure the network from malicious activities. Yet, these techniques will not secure the computer or network system from insider attacks which leads to extract some sensitive information. As the result, intrusion detection turns into a crucial second layer to protect and keep the network secure from any malicious attack. The aim of this paper to provide a detailed review about the characteristics and vulnerabilities of WSN. Alongside, we highlighted the use of IDS framework to protect the network security. Keywords: Wireless Sensor Network, Intrusion Detection System, security attacks, sensor node, anomaly detection, signature detection.

1. INTRODUCTION A Wireless Sensor Networks (WSN) comprises of several components such as tiny nodes, low-cost, lowpower and several nodes. These sensors are self-organized and it deployed automatically in a homogenous and highly distributed network environment. Also, it does not require any predefined infrastructure or centralized management. The ultimate aim of using such sensors is to collect and process information about the surrounding environment. In order to send a packet between nodes, a wireless transmitter and receiver are required. Furthermore, the packets will be transmitted from one node to another via multi-hope communication. As the result, single node may operate as host and router in the same time. There are three different categories of wireless networks namely as ad-hoc, cellular and sensor networks. Even though these networks have some similarities between them, it is also exists some differences. For instance, in ad-hoc network does not involve any fixed infrastructure or bas station. Unlike ad-hoc network, Cellular network is based on the cellular architecture in which a large area is partitioned in to several cells; each cell is having a fixed special node known as base station. In addition, each cell consists of various mobile terminals (MT) which is used to communicate to other mobile terminals in a same cell through base station. In contrast, WSNs are differs from the discussed networks as the following: a)

The computation and energy resources are restricted. b) Normally, the sensor nodes are not held by users, thus there is a high risk that the sensors to be compromised.

User 4 User 3

Internet

User 2 Wireless Sensor Network

User 1

Target Sink Node

Sensor Node

Fig 1: WSN Architecture Since the sensor nodes are deployed in the distributed nature, multi-hop data forwarding and open wireless medium, these make WSN highly venerable to security attacks. For example, WSN can be attacked either by passive or active attacks. The passive attack targets to eavesdrop the packets that include hide information. This will lead to breach the confidentiality of the network. On the other hand, active attack intends to inject packets to obsolete destination into the network. For instance, modifying or deleting the packets. This lead in violate the integrity, availability and authentication. The prevention-based mechanism such as key management, cryptographic and authentication has been used and implemented to protect and secure the network from malicious activities. Yet, these techniques will not be able to secure the network from internal vulnerabilities i.e. Insider attacks. Usually such attack aims to extract some sensitive information from the victim node [6] [7]

688


ISSN 2079-8407


[8] [9]. Detection-based mechanisms are then introduced to overcome the limitation of the prevention technique. This technique will be placed as second layer of defense to detect the intruders as well the outrider attacks.

CH: Cluster Head SN: Sensor Node BS: Base Station

Internet

This paper presents a comprehensive review about the current IDS and the analysis of using the IDS for the wired network and then compares it with the WSN from different angles. Additionally, we classified the IDS based on the detection techniques. The current state-of-art in this work is discussed in details. Finally, we discussed and concluded work.

Base Station (BS)/Sink SN SN

SN CH SN

User

SN

SN

2. LAYERS OF WSN Figure 2, shows the different layers that sensor node contains. It has four different layers, each one of these layers has its own specific functions. These layers are namely as communication, processing, power supply and sensing /actuation. The core or heart of the senor node is the processing unit. It contains all the vital fornication in this layer. On the other hand, communication unit allows the node to send and receive data to other nodes or to a base station, and to be part of a sensor network. The power supply unit distributes different voltages to the node. This unit includes liner regulators and capacitors. The power consumption at this unit must be optimized. Finally, the sensor unit is can be considered as connection or bridge with the physical world. Almost every physical parameter can be measured and processed in the node, and communicated to the network [1].

SN

Fig 3: Flat WSN (FWSN)

SN SN

SN

SN

CH

SN

SN

SN

CH

SN

SN

SN

SN

SN

SN SN

Base Station (BS)/ Sink SN SN

SN SN CH SN

SN

SN

SN

SN

CH

SN

SN

SN

SN SN

Sensing /Actuation Unit

Fig 4: Cluster WSN (CWSN)

Processing Unit

The following table 2 illustrates the difference between FWSA and CWSN [3]: Table 1: Differnces between fwsn and cwsn

Power Supply Unit Topology Type

communication Unit Flat WSN Fig 2: Architecture of a node

3. TOPOLOGY OF WIRELESS SENSOR NETWORKS The topology of WSN is divided into two different types known as, Flat-based WSN (FWSN) and Cluster-based WSN (CWSN). The topology of WSN are illustrates in figure 3 and figure 4 respectively.

Cluster WSN

Features  Information is created via multi-hop communication  Maximize the energy consumption.  Decrease the network scalability.  Example proposed of protocol : SPIN  Popular WSN topology.  Sensor Nodes are clustered.  The operations within SN are managed through Cluster Head (CH).  Minimize the energy consumption.  Increase the network scalability.  Example proposed protocol : LEACH , TEEN , APTEEN and PEGASIS

689


ISSN 2079-8407


4. OVERVIEW OF SECURITY GOALS IN WIRELESS SENSORS NETWORK Figure 5, classified the security goals into primary and secondary goals [3] [4]. The primary goals are known as ordinary security goals that should be available in any systems. For example, confidentiality, availability and integrity. On the other hand, the secondary goals are as the self-organization, secure localization and Time synchronization.

Table 2: Taxonomy Framework of Attacks in WSN Layer Layer Applications Layer Transport Layer

Network Layer Security Goals for WSN

Data link Layer Physical layer attacks Primary

Secondary

Multi-layer attacks self-organization Confidentiality

Availability

Attacks Data Corruption. Repudiation. Session Hijacking. SYN flooding. Blackhole. Wormhole. Resource consumption. Location disclosure attacks. Flooding. Byzantine. Traffic analysis. WEP weakness. Jamming. Interceptions. Eavesdropping. Denial of Service (DoS). Man-in-the-middle(MIM) Impersonation.

secure localization

6. TAXONOMY OF ATTACKER MODEL

Time synchronization Authentication

Integrity

Fig 5: Security Goals for WSN

5. TYPES OF ATTACKS IN WSN The attacks in the WSN can take two different forms based on the intended of intrusion. First form is an attacker targets to eradicate or tear the connection of the communication via dispersal malicious control messages. Second, is clean the link bandwidth of a compromised computer or network system then consume the computation resources of sensor nodes. The following table 2 demonstrates the classification of common sorts of attacks based on their features [5]. Unlike traditional wired network, attackers in WSN can simply obtain access to the deployment area of a WSN, capture various nodes, and initiate extensive range of attacks. Thus, it advocates considering as a minimum active mote-class. This paradigm has two attacks model namely as internal and external model attacks. Figure 6, classified the attacks in WSN.

Fig.7 describes the classification of attacker model in WSN. The first model is known as Internal Attacks. It is usually occurs when the sensor nodes that contain the cryptographic key used to validate the encryption in a network. Additionally, an adversary place full control on the compromise sensor node to perform malicious activity in the network. It will take advantage to run internal attacks straightly from the compromised node, after gain full control the attacker can read cryptographic keys and use it in his own devices to attack the network. On the other hand, in order to perform the external attacks from device the cryptographic key does not need to be presented. Thus, if the encryption and validation process does not deploy in a system, malicious device will be placed as an internal attacks.

Internal (Insider) Attacks

Taxonomy of Attacker Model

Attacks Taxonomy

External (Outsider) Attacks Sybil Attack

Hello Flood Attack

Fig 7: Security Goals for WSN Jamming Attack Sinkhole Attack Selective Forwarding Attack

Packet Alternation Attack

Fig 6: Taxonomy of Attacks in WSN

Moreover, the attacks are categorized into: Passive and active [12][17]. The passive attacker listen to the stream of data sent via the communication channel and attempts to acquire imperative information. However, active attacker can perform the same function as passive.

690


ISSN 2079-8407


Also, it has the ability to amend, insert false information and corrupt the data. In addition the attacks can also be classified based on their capability in compromising the network. The first type is known as laptop-class attackers. In this type the adversary utilizes the performance of superior machines that much better than then typical nodes in terms of energy consumption and CPU speed. Whereas in moteclass attacks, attackers make use of devices that have identical capabilities as motes in the network [13][19].

and sinkhole. However this mechanism is not sufficient to secure the entire system from internal attacks. Basically, the insider attacks may capture some sensitive data. Hence, it is only effective to prevent against outsider or external attacks [11]. On the other hand, detection-based mechanism has been proposed to overcome the limitation in the previous technique. It is used to secure and monitor the WSNs from internal or insider attacks and mostly it operates as second line defense. For instance, (IDS) plays significant role as second line of defense and its major aim is to detect the abnormal or malicious activity in the network system .

Table 3: Classification of Attacks in WSN

Mote-class versus laptop-class attacks

7. DEFENSE MECHANISMS AGAINST ATTACKS IN WSN The defense techniques that used to overcome the vulnerabilities in WSN are categorized into preventionbased security approaches and detection-based approaches. Prevention-based mechanism is formed as first defense line for WSN. It is used to protect the sensor networks from different types of attacks for example, wormholes

coverage Small limited large

Less cooperative More cooperative

or

Cooperation among nodes

point-to-point broadcast

communication paradigm

Static Dynamic

Topology

Low High

Node density

less More

Computing resources and batteries

Yes No

Human involvement

of Low

Number nodes

Network type

High

Passive versus active attacks

Basically, this category relies on the SNs that created and established the attack. For example, if the attacks occurred at network, it will be known as insider attack or else it will be known as outsider attack. The classification of passive or active attacks depends on the impact that results after the node has been compromised. For instance, in the passive attack each data packets is monitored and checked without any modification or alteration. On the other hand, active attack makes sure to modify and change the content of the data itself. This type of attack is based on the ability of the attacker in compromising the computer and network system. There are two types: Mote-class attacks and laptop-class attack. Mote-class attacks include small number of nodes and these nodes have similar capabilities to attack. Whereas in laptop-class attack, powerful machines like laptop with higher transmission range, processing power and energy to compromise the network.

Ad-hoc network

Outsider versus insider attacks

Feature

Sensor network

Category

Table 4: Difference between the Ad-Hoc network and sensor network

Defense techniques such as prevention and detection based approaches that used in the traditional networks cannot be implemented directly in the WSN for the following reasons: 



The sensor nodes in WSN are control by the human being which is physically unprotected. However, in the traditional network such as switch and routers are physically secure where it’s placed in the room and specific people have privilege to access. The sensor nodes have limited capabilities in the memory capacity and energy consumption. For example, sensor nodes have limited energy power or they are rechargeable; if it runs out of energy then it won’t forward any packets from or into sensor nodes. As the result, the sensor nodes will be eliminated from the entire network. In contrast, in the traditional network the energy power are unrestricted such that the switches or hubs are connected directly to the power or they are non rechargeable.

691


ISSN 2079-8407


Thus, the current security defenses tools used in the WSN are inadequate and new inspirations and thoughts are needed in the Sensor Network area.

8. INTRUSION DETECTION SYSTEM Intrusion detection system (IDS) is known as the process of detecting, analyzing and reporting unwanted intrusion that exploited the vulnerabilities of the computer system and networks. It acts as second line of defense against attacks that preventive mechanism fail to address [11]. The IDS has the ability to notice the breaches of the security goals namely as confidentiality, availability and integrity. The collected information and logs from the IDS, needs to be interpreted by experienced and skilled person[21]. The current implementation of IDSec for WSN will not function well in the sensor networks because of a range of diversity between them. The following are some of the differences: a.

b.

In WSN, every node won’t be controlled by human being since it is self-organization or the human being involvement is not there. The computing resources and batteries are less restricted in ad-hoc networks compare to WSN which is more consuming.

based on detection techniques into three main classes of IDS as follows [4]: 8.1 Signature-Based IDS Signature-based IDS also known as rule-based IDS, consists of prior stored rules of several security attacks. These rules-based are kept in the database. Once the network’s behavior displays any deviation from the fixed rules, it is classified as attack. Signature-based IDS are well suitable for known intrusions; however they are not able to identify the latest security attacks or attacks having no predefined rules [10] [14]. The use of IDS in the traditional wired network is to monitor the network traffic at fixed infrastructure such as routers and switch. However, the IDS deployment in the WSN is different, where wireless network does not have such traffic hub points. In addition, to the difference in the infrastructure there is also variation in the communication patterns of clients in the WSN. Because of the bandwidth restrictions, batteries limitation and regular disconnect, users frequently adopt latest operation modes such as disconnected operations [11]. Audit Data

Timing Information

System Profile

Host-1

Add new rules

Modify existing rules Internal Network

Rule

Host-3 Host-2

Internet

Match? Web Server

DMZ Network

Internal Detection

IDS

Firewall

Firewall

DNS Server

Fig 8: Intrusion Detection System (IDS) (IDS) are classified according to the audit data to tow main parts: Host-based or Network based. The hostbased IDS uses application logs in the analysis. Whereas the network-based operates by capturing and evaluating (investigate) the networks packet received from network traffic. On the other hand, IDS schemes are categorized

Attack State

Fig 9: Signature Detection System (SDS) 8.2 Anomaly-Based IDS This is known as second type of attacks in IDS. It is much effective (or it has the potential ability) to detect new security attacks. Since, it does not maintain any database to store the signature, the probability to miss detecting well-know security attack is high. However, it keeps continuously screen the traffic patterns or system events [3][10]. In this technique, there are normal logs or report that stored in the system. Then, the system starts evaluating and comparing the captured data against the stored one in the normal profile. If it is deviates from the baseline then there is possible intrusion occurred. Finally, the system administrated should be informed about the status and take proper reaction [13][17].

692


ISSN 2079-8407


requires extra resources and computations power as compared to anomaly-based IDS. However, one of the crucial and complicated activities is the complexity of insertion new attack patterns in the database. Such IDS scheme may use data mining or pattern matching techniques [17] [20].

Audit Data

System Profile

Update Profile Generate new profiles dynamically Deviant ? Statistically

Attack State

Fig 10: Anomaly-based IDS 8.3 Specification-based IDS This technique is the combination the signaturebased and anomaly-based techniques. Moreover, hybrid approach normally involves two detection components. The first element known as signature-based is in charge of identifying well-known security attacks using signatures. On the other hand, the second element is known as anomaly detection which is in charge for detection and learning normal and malicious (abnormal) patterns or monitor network behavior deviation from normal profile. This scheme is precise if the security attack detection contains less number of false positives. Nevertheless, hybrid mechanism may consume extra energy and extra resource. It is not advisable to use such scheme for the networks such as WSN that are suffered from constrains and limitations in some areas.

9. COMPARISIONS OF THE DETECTION TECHNIQUES Wireless Sensor Network (WSN) is regularly implemented in open medium environment and the sensors nodes in nature are fully distributed. In order to communicate with each other a multihop communication should be used. These networks are normally implemented in such areas where direct human interaction is either impossible or very difficult. Moreover, WSNs have limitations in terms of computations, bandwidth, memory and energy. These limitations should be considered while designing any protocol for such networks. Because of the hostile environment of WSNs, security is considered as one of the most important aspects. IDS are widely used for securing WSNs.IDS is capable to detect an intrusion and raise an alarm for appropriate responses. Due to the energy and computational power limitations, designing appropriate IDS for WSNs is challenging task. Signature-based IDS are appropriate fit for large sized WSNs where more security threats and attacks can compromise network operations. Signature-based IDS

Anomaly-based IDS are suitable for small-sized WSNs where few nodes communicate with the base station. In small-sized WSN, the traffic patterns or flags usually is the same, so abnormal traffic pattern or changing behavior can be treated as an intrusion. However, such IDS may generate more false alarms and may not be able to detect well-known intrusions. Anomaly-based IDSs are normally lightweight in nature and mostly use statistical, probabilistic, traffic analysis or intelligent techniques. Hybrid IDS are suitable for large and sustainable WSNs. These IDS contain both anomaly-based and signature-based schemes. Thus, they may require more resources and computations power. In order to reduce the usage of limited resources, such schemes are mostly use in cluster based or hierarchical WSNs, in which some parts of the network are used to execute anomaly detection while other parts are accompanied with signature-based detection

10. INTRUSION DETECTION SYSTEM ARCHITECTURE Intrusion Detection System can work in several modes. There are three main modes classifications: Standalone IDS and cooperative, distributed cluster based IDS and hierarchical IDS [15] [19] [20]. The standaloneIDS works on each node independently to detect internal malicious events based on the system logs. While, in the cooperative or distributed -based IDS is every node monitors and control its close neighbor and surrounding nodes activities and operation, if any node has been violate then cluster head will be updated. In case of hierarchical IDS, the cluster heads monitors all its sub-related nodes and response in case of intrusion detected. Table 5, summarizes the compression of IDS techniques used in WSN. In general, IDS consist of three major components as shown in the figure11 [16]: Analysis and Detection

Monitoring

Alarm

Fig 11: IDS Components

693


ISSN 2079-8407


Most of recent structural design models of IDS are based on wired and static networks. These designs alone are insufficient to be migrated and deployed in a WSN environment. The architecture in WSN is deployed as distributed IDS. Every node will have its own an IDS agent running on node. Moreover, IDS agents cooperate with each other using ID algorithm to decide when and how the network is being attacked. The architecture is divided into some elements. For example, Mobile IDS Agents. It resides on each node on the network. The other part is known as the Stationary Secure Database. This contains global signatures of recognized misuse attacks store each user’s normal activity in a non-hostile environment. The network infrastructures for WSN are classified into: flat and multilayer infrastructure based on the applications. Consequently, the proper and accurate IDS architecture depend on the infrastructure that will be deployed upon. For instance, in flat infrastructure, all nodes are presumed to be equal to each other. Conversely, some nodes are considered different in the multilayer network infrastructure. In this infrastructure the node are structured to clusters linked into cluster head for every cluster. Sequentially, to be able to communicate between cluster head and another, this should be done via regional node. Therefore, this infrastructure could be suitable for military applications. The following are some the architecture for IDS in WSN: 11.1 Non-collaborative Intrusion Detection Systems (Stand-alone IDS) In this network infrastructure, the IDS will run on every node independently to detect any malicious activities occurring in the victim node. Moreover, different





















High

Medium

Hybrid-based IDS Low

High

Medium

Signaturebased IDS

Low

High

Medium

Anomalybased IDS

Low

11. ARCHITECTURE OF IDS IN WIRELESS SENSOR NETWORK

Characteristics

Alarm

Memory / Utilizati on

Analysis and detection

 Mostly it used for both local and neighbor monitoring events in the node.  It is used to monitor traffic patterns , internal events and reduce utilization[17]  Based on modeling algorithm.  Usually, the decision is made based on the logs data of the analyzes of the network operation, behaviors and activities.  It is the response generating element that alerts the system if it detects any intrusions.

Energy consumption/

Monitoring

Characteristics



Detection Rate

Component

information will be collected from different node and the decision is made separately on each node, as there is no sharing or updating among the nodes in the network [19] [20]. As well, nodes belong to identical network will not know any information regarding the condition on other nodes. While, this infrastructure is not productive because of its limitations, it would be efficient in a network where not all nodes configured IDS. As the collected data on every node will not be enough to determine an intrusion occurred or not. Thus, this architecture is proper to be used for flat infrastructure network. Finally, this network was not recommended to be chosen as optimal solutions to design the IDS architecture for WSN. Table 5: Compression of different IDs mechanism used in WSN



False alarm

In addition, the components are discussed in detail in the table 6. Table 6: Components of IDs

11.2 Distributed and Cooperative Intrusion Detection Systems WSN are based on the distribution and cooperation of different nodes in nature. The data win this architecture are shared between themselves and it could be peer-to-peer or hierarchical approaches [20]. There are some papers introduced IDS for WSN as example in fig13 [20].

694


ISSN 2079-8407


Lack of infrastructure

IDS

IDS

Limited Memory and storage space

IDS

Dynamic Topology change

IDS

Security vulnerabiliti es in WSN Different routing protocols.

IDS

Shared Wireless Medium

IDS Intrusion detection state , Intrusion response

IDS

Easy physical accessibility

Fig 13: Distributed and Cooperative IDS in WSN [20] Each node detects intrusion and response by run an IDS agent. Normally, IDS agent is in charge for identifying and collecting local events i.e. monitor only their own communication and data to detect possible intrusions as well as initiating a response independently. Nevertheless, the IDS agents in neighbor’s nodes cooperatively participate in global which use to monitor the communication of neighbors and may cooperate with a local agent intrusion detection action when the evidence is inconclusive. Like the stand-alone IDS infrastructure, this scheme is suitable or fit for flat network infrastructure [19]. 11.3 Hierarchical Intrusion Detection Systems This architecture is the extended from the previous architecture i.e. distributed and cooperative IDS architecture and it is introduced for multilayer network. Basically, the multilayer networks are separated into clusters. For each cluster in the network, cluster head placed and act as central point similar to switch, routers or gateway. It is mostly used to monitor the entire cluster proration. Also, it is deployed in multilayer infrastructure. Every node has IDS agent running within the node and its duty is to locally monitor and detect all the intrusions. However, clustered is responsible for both local and global node for its cluster. It monitors and controls the network packet traffic and then initiate global reaction when intrusion in the network detected or identified [20].

Fig 14: Challenging Factors of Designing IDS in WSNs

13. REQUIREMENTS FOR AN INTRUSION DETECTION SYSTEM FOR WSN Once the limitations or challenges that are considered issues for designing an IDS for WSN were discussed in the previous section, we will present the main requirements that should be taken into consideration while deigning an effective scheme or ideal IDS in wireless sensor network[21]. These requirements are described in fig 15 as follows: Generality

Distribution

Fast Detection Requirement of IDS High Detection

Localize auditing

12. THE CHALLENGING FACTORS OF DESIGNING EFFECTIVE IDS FOR WSN The current IDS have been used widely for the wired network. However, the same IDS cannot be applied directly to wireless networks because of their special network proprieties in WSN. In the following we highlight the main limitations that we should be consider when designing the IDS for WSN:

Supporting Scalability

Independent of Prior Knowledge

Fig 15: The requirements of IDS[19]

695


ISSN 2079-8407


routing for mobile wireless ad hoc networks." Ad Hoc Networks1, no. 1 (2003): 175-192.

14. CONCLUSION In the designing phase of a security defense for the IDS in WSN, we have to take special care of the limitations that exits in the WSN system. Understanding the security breaches in the WSN could lead us to avoid any issues in the feature. As discussed in the paper, anomaly-based IDS consider be suitable for unlimited sizes WSN. However, they have some limitation as for the updating and inserting for networks that have resources restrictions. On the other hand, hybrid-based is not recommended because of its consumption of energy and resources.

[8]

Hu, Yih-Chun, Adrian Perrig, and David B. Johnson. "Ariadne: A secure on-demand routing protocol for ad hoc networks." Wireless Networks 11, no. 1-2 (2005): 21-38.

[9]

Perrig, Adrian, Ran Canetti, J. Doug Tygar, and Dawn Song. "The TESLA broadcast authentication protocol." (2005).

[10]

Abduvaliyev, Abror, A. Pathan, Jianying Zhou, Rodrigo Roman, and W. Wong. "On the Vital Areas of Intrusion Detection Systems in Wireless Sensor Networks." (2012): 1-15.

[11]

da Silva, Ana Paula R., Marcelo HT Martins, Bruno PS Rocha, Antonio AF Loureiro, Linnyer B. Ruiz, and Hao Chi Wong. "Decentralized intrusion detection in wireless sensor networks." In Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks, pp. 16-23. ACM, 2005.

[12]

Roosta, Tanya, Sameer Pai, Phoebus Chen, Shankar Sastry, and Stephen Wicker. "Inherent security of routing protocols in ad-hoc and sensor networks." In Global Telecommunications Conference, 2007. GLOBECOM'07. IEEE, pp. 1273-1278. IEEE, 2007.

[13]

Karlof, Chris, and David Wagner. "Secure routing in wireless sensor networks: Attacks and countermeasures." Ad hoc networks 1, no. 2 (2003): 293-315.

[14]

Mamun, Mohammad Saiful Islam, and AFM Sultanul Kabir. "Hierarchical design based intrusion detection system for wireless ad hoc sensor network."International Journal of Network Security & Its Applications (IJNSA) 2.3 (2010): 102-117.

ACKNOWLEDGMENT The author(s) would like to thank all anonymous reviewers for their helpful inputs which results in improvements in the quality of the paper. Furthermore this research paper is made possible through the help and support from Dr.Tala and Dr.Kewei Sha. This will not complete without their supports and encouragements.

REFERENCES [1]

Portilla, Jorge, et al. "A Modular Architecture for Nodes in Wireless Sensor Networks." J. UCS 12.3 (2006): 328-339.

[2]

Strikos, Andreas A. "A full approach for intrusion detection in wireless sensor networks." School of Information and Communication Technology, KTH (2007).

[3]

Wang, Shun-Sheng, Kuo-Qin Yan, Shu-Ching Wang, and Chia-Wei Liu. "An integrated intrusion detection system for cluster-based wireless sensor networks." Expert Systems with Applications 38, no. 12 (2011): 15234-15243.

[4]

Walters, John Paul, Zhengqiang Liang, Weisong Shi, and Vipin Chaudhary. "Wireless sensor network security: A survey,” in book chapter of Security." In in Distributed, Grid, and Pervasive Computing, Yang Xiao (Eds. 2007).

[5]

Su, Wei-Tsung, Ko-Ming Chang, and Yau-Hwang Kuo. "eHIP: An energy-efficient hybrid intrusion prohibition system for cluster-based wireless sensor networks." Computer Networks 51, no. 4 (2007): 1151-1168.

[15]

Siddiqui, Muhammad Shoaib, and Choong Seon Hong. "Security issues in wireless mesh networks." In Multimedia and Ubiquitous Engineering, 2007. MUE'07. International Conference on, pp. 717-722. IEEE, 2007.

[6]

Zapata, Manel Guerrero. "Secure ad hoc ondemand distance vector routing."ACM SIGMOBILE Mobile Computing and Communications Review 6, no. 3 (2002): 106-107.

[16]

Khan, Shafiullah, Kok-Keong Loo, and Zia Ud Din. "Framework for intrusion detection in IEEE 802.11 wireless mesh networks." Int. Arab J. Inf. Technol. 7, no. 4 (2010): 435-440.

[7]

Hu, Yih-Chun, David B. Johnson, and Adrian Perrig. "SEAD: Secure efficient distance vector

[17]

Khan, Shafiullah, and Kok-Keong Loo. "Real-time cross-layer design for a large-scale flood detection and attack trace-back mechanism in IEEE 802.11

696


ISSN 2079-8407


wireless mesh networks." Network Security 2009, no. 5 (2009): 9-16. [18]

[19]

Alrajeh, Nabil Ali, S. Khan, and Bilal Shams. "Intrusion Detection Systems in Wireless Sensor Networks: A Review." International Journal of Distributed Sensor Networks 2013 (2013). Rassam, Murad A., M. A. Maarof, and Anazida Zainal. "A Survey of Intrusion Detection Schemes in Wireless Sensor Networks." American Journal of Applied Sciences 9, no. 10 (2012): 1636.

[20]

Anantvalee, Tiranuch, and Jie Wu. "A survey on intrusion detection in mobile ad hoc networks." In Wireless Network Security, pp. 159-180. Springer US, 2007.

[21]

Alsafi, Hassen Mohammed, Wafaa Mustafa Abduallah, and Al-Sakib Khan Pathan. "IDPS: an integrated intrusion handling model for cloud computing environment." International Journal of Computing & Information Technology (IJCIT) 4, no. 1 (2012): 1-16.

697