Improved Malicious Data Injection Resilient Hierarchical Data Aggregation System for WSN

Transcription

1 Improved Malicious Data Injection Resilient Hierarchical Data Aggregation System for WSN S.SAI NISCHALA PG Scholar, Dept of CSE KSRM COLLEGE OFENGINEERING, KADAPA G.NAGENDRA BABU ASSISTANT PROFESSOR, KSRM COLLEGE OF ENGINEERING, KADAPA Abstract: The main goal of this project is to secure the event detection. A typical wireless sensing element network consists of many little and low-power sensors that use radio frequencies to perform distributed sensing tasks. Wireless sensing element networks square measure wont to notice the prevalence of events like fires, intruders, or heart attacks, malicious knowledge are often injected to form faux events, associated therefore trigger an unsought response, or to mask the prevalence of actual events. during this project we tend to think about directly the state of affairs wherever associate assailant gains full management of 1 or a lot of sensors and may run discretional malware on them to fabricate new measurements and report them in situ of the discovered ones. Keywords: Event detection, wireless sensor network, fake events, Security. 1. Introduction: A wireless device network consists of device nodes capable of collection data from the setting and act with one another via wireless transceivers. The collected information are going to be delivered to 1 or additional sinks, typically via multi-hop communication. The device nodes area unit usually expected to work with batteries and area unit usually deployed to not-easily-accessible or hostile setting, generally in giant quantities. It may be troublesome or not possible to exchange the batteries of the device nodes. On the opposite hand, the sink is often wealthy in energy. Since the device energy is that the most precious resource within the WSN, economical utilization of the energy to prolong the network lifespan has been the main target of abundant of the analysis on the WSN. The communications within the WSN has the many-to-one property therein information from an oversized range of device nodes tend to be targeted into many sinks. Since multi-hop routing is mostly required for distant device nodes from the sinks to save lots of energy, the nodes close to a sink may be burdened with relaying an oversized quantity of traffic from different nodes. device nodes area unit resource unnatural in term of energy, processor and memory and low vary communication and information measure. Restricted battery power is employed to work the device nodes and is extremely troublesome to exchange or recharge it, once the nodes die. This can have an effect on the network performance. Optimize the communication vary and minimize the energy usage, we want to conserve the energy of device nodes.sensor nodes area unit deployed to collect data and desired that each one the nodes works incessantly and transmit data as long as attainable. Device nodes pay their energy throughout transmittal the information, receiving and relaying packets. Hence, coming up with routing algorithms that maximize the life time till the primary battery expires is a very important thought Within the presence of malicious information injections, there are a unit few IJCSIET-ISSUE6-VOLUME2-SERIES3 Page 1

2 Observable properties which will facilitate detection. One in every of them is that the loss of integrity of the device e.g., sight that it's running malicious computer code. For such a state of affairs, computer code attestation techniques are planned [3] 6], however need more analysis in concrete deployments i.e., outside the controlled setting of an exploration science lab. Note, however, those injections through setting manipulation can't be detected through attestation since the computer code remains real. on the far side the integrity of the computer code, the measurements reportable by the sensors area unit themselves another noticeable stricken by malicious information injections. The approach pursued during this paper relies on measurements analysis and its pertinence depends on the belief that the measurements area unit correlative beneath real circumstances, whereas compromised measurements disrupt such correlations. The presence of correlations indicates that the measurements contain redundant data. Such redundancy is critical, since while not it, there aren't any terms of comparison to sight anomalies apart from broad constraints like the admitted measurements vary. Correlation instead adds additional constraints to the measurements, associate degreed permits less freedom for an assailant. Besides correlation, detection of inconsistencies within the measurements needs the presence of a non void set of real sensors within the network. This can be usually the case since compromising a device typically entails a price for the assailant, additionally as a risk of being detected. 2. Related work: [1] Sensing element networks are typically subject to physical attacks. Once a node s cryptographically key's compromised, associate degree aggressor might utterly impersonate it, and introduce discretionary false info into the network. Basic cryptographically mechanisms are typically not effective during this scenario. In [1] this paper, we tend to propose associate degree application-independent framework for accurately characteristic compromised sensing element nodes. The framework provides associate degree applicable abstraction of application specific detection mechanisms, and models the distinctive properties of sensing element networks. Supported the framework, we tend to develop alert reasoning algorithms to spot compromised nodes. We tend to adopt a centralized approach, wherever the bottom station is liable for reasoning concerning the alerts and characteristic compromised nodes. The responsibility of every node is simply to watch abnormal activities and lift alerts to the bottom station. Fig.1 basic wireless sensor network Fig.3 Sensor network placement and comparison process IJCSIET-ISSUE6-VOLUME2-SERIES3 Page 2

3 Advantages: Malicious Data injection can be avoided. Disadvantages of [1]: Reasoning is done based on the number of sensor report. This method not calculating the full reasoning[2] Despite the important role in their supposed applications, device networks are at risk of numerous security attacks, particularly as a result of their deployed during a hostile and/or harsh surroundings. In such AN surroundings, a captured device is also reverseengineered, modified, and abused by the resister. Author [2] gift a Program-Integrity Verification protocol that verifies the integrity of the program residing in every device whenever the device joins the network or has practiced an extended service blockage. the center of PIV is that the novel irregular hash operate tailored to cheap CPUs, by that the rule for hash computation on the program is indiscriminately generated whenever the program must be verified. that typically is provided with a lot of process capability, power, sophistication, and intelligence. As mentioned before, in device networks, the information within the neighboring nodes are thought of extremely correlate since the determined objects within the same geo-graphical location are typically powerfully correlate. The aggregate values and data concerning the anomalies are forwarded to the sink. The sink knowing the topology of the network might verify whether or not the anomaly spreads inside multiple teams, and whether or not it follows one or a lot of network methods. Benefits of [3] paper will give the high security with mobile malicious detection theme. Disadvantage of [3] paper conjointly simply compares the aggregate information to find the malicious activity Advantages: The PIV protocol [2] 1) prevents manipulation/reverse-engineering/reprogramming of devices unless the assaulter modifies the sensor hardware (e.g., attaching a lot of memory). 2) Provides strictly software-based protection. 3) Triggers the verification occasionally, so acquisition token officiousness into traditional device functions. Disadvantages of [2] It will find solely the device program is modified. It cannot verify perceived data is correct or not. The WSN applications aim at protective and observation military, environmental, safety-critical, or domestic infrastructures and resources. owing to the important nature of such applications, information integrity and accuracy issues that will be caused by compromised or awry nodes are of high analysis and sensible importance. In [3] paper, AN anomaly detection approach that fuses information gathered from completely different nodes during a distributed device network is projected and evaluated. the stress of this work is placed on the information integrity and accuracy downside caused by compromised or awry nodes. In each cluster we have a tendency to assume that there's a primary node Fig.4. data transmission in WSN 2.1. Existing system summary: In the presence of malicious data injections, there are few observable properties that can help detection. One of them is the loss of integrity of the sensor e.g., detect that it is running malicious software. For such a scenario, software attestation techniques have been proposed, but require further evaluation in concrete deployments i.e., outside the controlled environment of a research lab. However, those injections through environment manipulation cannot be detected through attestation since the software is still genuine. To the best of our knowledge, no previous papers develop a general methodology. 3. Proposed technique: We propose a novel algorithm to identify malicious data injections and build measurement IJCSIET-ISSUE6-VOLUME2-SERIES3 Page 3

4 estimates that are resistant to several compromised sensors even when they collude in the attack. We introduce novel ways of aggregating measurements that are aimed at discarding malicious contributions under attack and minimize the false positives under genuine circumstances as well. We also propose a novel more general methodology to apply our algorithm in different application settings. We describe the three phases our algorithm those are Estimation, similarity check and characterization. In similarity check we propose two tests that capture the characteristics of most event detection criteria. The magnitude test verifies that reported measurements are close in magnitude to their estimates. The shape test verifies that the estimate and reported signal have a similar shape. The estimation-based framework, which iteratively extracts and aggregates measurements estimates, is at the core of our detection mechanism. Estimates are iteratively computed on new measurements and a similarity check compares them as shown in Fig. 2. When the similarity check fails, we run a characterization step an extensive analysis that identifies the likely compromised sensors. The models used to build the estimates are learnt during an initialization, which serves to customize our techniques to the specific WSN deployment and whose output is the estimation models. During the initialization, the network is assumed to be free of compromise. Fig.x) Sequence flow of proposed work The steps leading to the estimation models are shown in Fig. 3(a): a) we first pre-process the data to eliminate faulty readings, alleviate noise and transform the data to extract the parameters of interest, b) we check if the estimation models change significantly in the presence of events, and if so we create a separate set of estimation models for each modality of the physical phenomenon, c) we analyze the data to test if the correlation detected allows to build a linear model to perform the estimation, d) the validity of a linear model is defined for each pair of sensors and allows to identify the neighborhood of a sensor as the set of sensors with which there is a strong linear relationship, e) finally the parameters that fit the estimation models are calculated. The similarity check also needs to be customized to the sensor deployment during the initialization, according to the steps shown in Fig. 3(b). To assess if the estimates are similar enough to the reported measurements, a similarity metric is required. Since the final goal of our detection scheme is securing the event detection, the similarity metric should check the integrity of observable properties that characterize the event. Such properties can be derived from the event detection criterion, i.e., the algorithm that is run on the measurements to detect the presence of events. We define two main properties that characterize most event detection criteria: the magnitude and the shape of the measurements signal, based on which, we build respective tests. Customization involves: a) choosing a similarity check based on such tests, b) tailoring the test to the application according to the event detection criterion, c) tuning a dissimilarity tolerance parameter to reach an objective false positive rate (FPR). The tasks pertinent to each step can be assigned to different devices. However, in estimation-based frameworks, as in voting- or trust-based frameworks, the final detection decision should be taken by an entity that is not compromised, typically the base station. The decision is taken based on the values (votes, trust, measurements) received from the IJCSIET-ISSUE6-VOLUME2-SERIES3 Page 4

5 sensors. In some cases, the deciding entity cannot perform such aggregation Fig.6 Data collection Fig. A) Activity of proposed model 4. Requirements and results: We tested our protocol with single PC (20 GB Hard disc space and 1 GB RAM. And software s: Linux OS (Ubuntu 10.04), NS2.34. VMware. We got a result in two forms, one is Nam and another one is Xgraph. Fig.5-7 shows the animation result and fig.8. shows graph result Fig.7 Malicious data removal Fig.5 Network deployment.8 malicious node identified in network Fig IJCSIET-ISSUE6-VOLUME2-SERIES3 Page 5

6 Conclusion: We achieved our main goal of this project, which is to secure the event detection. A typical wireless sensor network consists of several tiny and low-power sensors which use radio frequencies to perform distributed sensing tasks. Wireless sensor networks are used to detect the occurrence of events such as fires, intruders, or heart attacks, malicious data can be injected to create fake events, and thus trigger an undesired response, or to mask the occurrence of actual events. In this project we considered directly the scenario where an attacker gains full control of one or more sensors and can run arbitrary malware on them to fabricate new measurements and report them in place of the observed ones. In our proposed model, the base station detected malicious node successfully. In our future work, we will try to implement the sinkhole attack in the network. Reference: 1) A Framework for Identifying Compromised Nodes in Wireless Sensor Networks, QING ZHANG, TING YU and PENG NING North Carolina State University 2) Soft Tamper-Proofing via Program Integrity Verification in Wireless Sensor Networks, Taejoon Park, Student Member, IEEE, and Kang G. Shin, Fellow, IEEE, ) Diagnosing Anomalies and Identifying Faulty Nodes in Sensor Networks, Vassilis Chatzigiannakis, Student Member, IEEE, and Symeon Papavassiliou, Member, IEEE, ) T. Park and K. G. Shin, Soft tamper-proofing via program integrity verification in wireless sensor networks, Trans. Mobile Comput., vol. 4, no. 3, pp , May/Jun ) A. Seshadri, M. Luk, A. Perrig, L. van Doorn, and P. Khosla, SCUBA: Secure code update by attestation in sensor networks, in Proc. Workshop Wireless Security, 2006, pp ) D. Zhang and D. Liu, DataGuard: Dynamic data attestation in wire-less sensor networks, in Proc. IEEE/IFIP Int. Conf. DSN, 2010, pp ) S. Tanachaiwiwat and A. Helmy, Correlation analysis for alleviating effects of inserted data in wireless sensor networks, in Proc. MobiQuitous, 2005, pp ) F. Liu, X. Cheng, and D. Chen, Insider attacker detection in wireless sensor networks, in Proc. 26th IEEE INFOCOM, 2007, pp ) M. Rezvani, A. Ignjatovic, E. Bertino, and S. Jha, A robust iterative filtering technique for wireless sensor networks in the presence of malicious attacks, in Proc. SenSys, 2013, pp ) B. Sun, X. Shan, K. Wu, and Y. Xiao, Anomaly detection based secure in-network aggregation for wireless sensor networks, Syst. J., vol. 7, no. 1, pp , Mar no. 5, pp , May IJCSIET-ISSUE6-VOLUME2-SERIES3 Page 6