A NOVEL APPROACH FOR DETECTING COMPROMISED NODES IN WIRELESS SENSOR NETWORKS

International Journal of Wireless Communications and Networking 3(1), 2011, pp. 15-19 A NOVEL APPROACH FOR DETECTING COMPROMISED NODES IN WIRELESS SENSOR NETWORKS P. Vijayalakshmi 1, D. Somasundareswari 2 and V. Duraisamy 1 1 Hindusthan College of Engineering and Technology Coimbatore, India, E-mail: vijihicet@gmail.com 2 Adithya Institute of Technology, Coimbatore, India, E-mail: dsomasundareswari@yahoo.com Abstract: Increased interest in the field of wireless sensor networks has proved that wireless sensor networks can have a broad variety of applications. Current applications of wireless sensor networks are in the fields of medical care, battlefield monitoring, environment monitoring, surveillance and disaster prevention. Many of these applications require that the sensor network be deployed in an area that is hostile, inaccessible and mission critical. However, since sensor nodes are inexpensive devices, which could be easily compromised and controlled by an adversary, the compromised nodes could report false sensed results and degrade the reliability of the whole network. Therefore, how to identify these compromised nodes in a wireless sensor network is a very important security issue. In this paper we propose a novel approach using genetic algorithm to logically identify the anomalous behavior of compromised nodes in an efficient and effective way. Keywords: Wireless sensor network, security, identify compromised nodes, Genetic algorithm I. INTRODUCTION Wireless sensor networking has been subject to extensive research efforts in recent years, and has been well recognized as a ubiquitous and general approach for some emerging applications ranging from the civilian domain, such as environmental monitoring, to the military domain, such as battlefield surveillance]. A wireless sensor network (WSN) is usually composed of a large number of sensor nodes which use wireless links to perform distributed sensing tasks. Here, each sensor node is cheap with low battery power and computation capacity, but is equipped with sensing, data processing, and communicating components. Since a WSN is usually deployed in a harsh environment and each low-cost sensor node could be easily compromised, the security becomes a major concern. For example, when some sensor nodes are compromised and controlled by an adversary, they could behave abnormally and randomly report true / false sensing results to the sink, by which the reliability of the whole network is seriously degraded. Therefore, it will be a critical issue to develop an effective strategy for the sink to detect and identify these compromised nodes. Assume that a WSN consists of n sensor nodes, where the compromised nodes are less than the normal nodes, and each normal node can know other nodes trust status by adopting the similar techniques in [23], [24]. Then, a straightforward way for the sink to identify the compromised nodes is that the sink inquiries each senor node with n 1 queries on other nodes. In such a way, after total n(n 1) queries, the sink can logically identify all compromised nodes based on these returned results. Although this approach is effective, but it is not efficient because the n(n 1) queries could consume a significant amount of the sensor nodes energy. In this paper, in order to reduce the query number, we propose a novel approach to Identify Compromised Nodes using genetic algorithm in wireless sensor networks. II. PRELIMINARIES In this section, we describe our sensor network model, provide a brief overview on the trust assumptions, and define our design goal. A. Network Model We consider a simple abstraction of a WSN consisting of a fixed sink S and a number of sensor nodes N = {N 1,, Nn}, where n 3, deployed at a remote area (around one or more hop neighborhood of the sink), as shown in Figure 1. Note that such an abstraction can be taken as a

16 International Journal of Wireless Communications and Networking building block of a large-scale WSN. The sink S is a data collection unit, which could be a powerful workstation with plentiful resources. However, the sensor nodes N = {N 1,,Nn} are inexpensive, low power devices which have limited resources, memory space, computation capability, and communication bandwidth. Once such a WSN is deployed and the corresponding data paths are established, the sink S can inquire each sensor node Ni N with a certain query, and then the sensor node Ni reports its sensing results back to the sink S over the pre-defined path. Additionally, in order to provide confidentiality to the sensing results, a pre-shared key between each Ni N and S is assumed and used to encrypt/decrypt the sensing results. We assume that the compromised nodes will be excluded from the network if the nodes resist to forward data for the other nodes. While identifying the compromised nodes under a Denial of Service (Dos) attack is not our focus, we concentrate on the case where the compromised nodes still forward data but could falsely report the sensing results. Figure 1: B. Assumptions A Wireless Sensor Network The sink S equipped with tamper-proof devices is trustworthy and unassailable. All sensor nodes N = {N 1,,Nn} will be able to report their sensing results to the sink S through the pre-defined routes. Each sensor node Ni N is inexpensive, and easily compromised by an adversary. Once the sensor node Ni is compromised and controlled by an adversary, Ni will behave abnormally and may randomly report true / false sensing results to sink S. With the passing of time, nc sensor nodes are compromised by an adversary, and form compromised-set Nc = {N *1, N *1,,N *nc }; and the rest nd sensor nodes keep normal and form normal set Nd = {N 1, N 2,, N nd }. Then, we will have N = Nc Nd. As in the most application scenarios, it is reasonable for us to assume the normal-set Nd is larger than the compromised-set Nc. Then, we will have the following relations: Nc < Nd Nc + Nd = N In the WSN abstraction, the sink S can clearly know the network topology and properly reconfigure the data path connecting each sensor node, and each normal sensor node Ni Nd can exchange their local information and get to know all nodes trust status within its communication range. C. Design Goal As the compromised nodes report the true / false sensing results randomly, the reliability of the whole network will be seriously impaired. Therefore, undoubtedly, it is of ultimate importance for the sink S to exactly know each sensor node s trust status. Based on the above assumptions, we design a novel algorithm to help the sink S to identify the compromised nodes. Compared with the straightforward approach where n(n 1) queries are required, the proposed approaches are much more efficient. III. PROPOSED ALGORITHM The proposed algorithm aims to distinguish the compromised nodes from the normal ones with the lowest number of queries. Genetic Algorithm (GA) has been used to solve many optimization problems. In this a initial population is randomly generated and is evaluated with a fitness function. With higher probability of fitness is being chosen to create the next generation. The size of the population is same for all the iterations and the process is iterated until a predefined threshold value is met or a maximum number of iterations are reached. A. Overview Genetic algorithm used to evolve simple rules for network traffic. Initially the genes should be represented as different data types like byte, integer,

Caching in Wireless Sensor Networks based on Grids 17 float etc., and the data range of the genes should be generated, in each iteration randomly. Then the genetic algorithm uses set of rules for the network of the form If {condition} then {act} B. Genetic Algorithm Parameters The general structure of the genetic algorithm for the proposed search of compromised node is given in Figure 2. simulation process, there were several parameters altered for different runs to determine what kind of effect they had on various performance measures that were taken for consideration. Figure 3 shows that the number of messages that are transmitted using GA are more compared to conventional methods. Figure 3: Analysis of Number of Messages Figure 2: Structure of Genetic Algorithm The fitness function will compute the best solutions from the information mentioned from the initial population. The selection operators like mutation and crossover form the most effective parts in the algorithm when they involve in operation of the each iteration. On completion of a single iteration the best individual is selected. Selection operation has two procedures. Firstly, computing fitness value; secondly, queuing it from the smallest to the biggest. Then the min fitness value is the best individual, selecting the best individual as father-individual, the selection probability of each individual is proportional to its fitness value, the selected probability is higher when the individual fitness value is bigger. The two chromosomes chosen for crossover should have at least one common gene (node), but there is no requirement that they be located at the same locus. The population undergoes mutation by an actual change or flipping of one of the genes of the candidate chromosomes, which keeping away from local optima The smaller networks take less time than the larger networks for two main reasons. The obvious reason is that there are more compromised nodes in the larger networks, so more times is needed to find all of them. The second reason is that there is more traffic generated in the larger networks, so it takes longer for the base station to process all the requests. Figure 4 shows the average number of packets sent by a compromised node once it has been IV. PERFORMANCE ANALYSIS The NS-2 simulator was chosen to simulate the designed algorithm for detecting compromised nodes in a wireless sensor network. To begin the Figure 4: Analysis of Packet Delivery Ratio

18 International Journal of Wireless Communications and Networking injected into the network. Here that the number of compromised nodes is dependent on the network size. For example, the network with 40 nodes will include 4 compromised nodes. The algorithm works efficiently since only a few packets at most are sent compared to the hundreds of valid packets. Figure 5 shows that the delay is reduced to a considerable level on using GA Figure 5: Analysis of Delay during Transmission Figure 6 shows that the message over-head is reduced on using GA compared to conventional techniques. The results have shown a good improvement in number of messages transmitted, delay, packet delivery ratio and message overhead. Figure 6: Analysis of Message Over-head VI. CONCLUSIONS We have presented an algorithm to detect the compromised nodes in wireless sensor networks. The base station is alerted to claims of abnormal behavior and verifies them by checking the difference in packet transmission times of the suspected node. Simulations are conducted to demonstrate the performance metrics. We believe that a base station that has more computation and power resources would further decrease the detection time. The concept implementation has proved that the rules generated by GA have the potential capability to detect the compromised nodes effectively in wireless sensor network environment. The purpose of the work reported in the paper is to analysis the performance metric using genetic algorithm. The future work is to extend the scope of the rules involved REFERENCES [1] I. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, A survery on sensor networks, IEEE Communications Magazine, Vol. 40, No. 8, pp. 102-116, 2002. [2] I. Akyildiz and I. Kasimoglu, Wireless sensor and actor networks: research challenges, Ad Hoc Networks, Vol. 2, No. 4, pp. 351-367, 2004. [3] I. Akyildiz and E. Stuntebeck, Wireless underground sensor networks :research challenges, Ad Hoc Networks, Vol. 4, No. 6, pp. 669-686, 2006. [4] A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. Culler SPINS:security protocols for sensor networks, Wireless Networks, Vol. 8, No. 5, pp. 521-534, 2002. [5] W. Du, J. Deng, Y. Han, and P. Varshney, A key predistribution scheme for sensor networks using deployment knowledge, IEEE Transactions on Dependable and Secure Computing, Vol. 3, No. 1, pp. 62-77, 2006. [6] A. Perrig, J. Stankovic, and D. Wagner, Security in wireless sensor networks, Communications of the ACM, Vol. 47, No. 6, pp. 53-57, 2004. [7] H. Chan, A. Perrig, and D. Song, Random key predistribution schemes for sensor networks, in Proc. Symposium on Security and Privacy 2003, May 2003, pp. 197-213. [8] S. Zhu, S. Setia, and S. Jajodia, LEAP: efficient security mechanisms for large-scale distributed sensor networks, in Proc. ACM CCS 2003, October 2003, pp. 62-72.

Caching in Wireless Sensor Networks based on Grids 19 [9] B. Przydatek, D. Song, and A. Perrig, SIA: secure information aggregation in sensor networks, in Proc. Conference on Embedded Networked Sensor System 2003, November 2003, pp. 255-265. [10] X. Lin, H. Zhu, B. Lin, P.-H. Ho, and X. Shen, A novel voting mechanism for compromised node revocation in wireless ad hoc networks, in IEEE Global Communications Conference (GLOBECOM 06), San Francisco, Nov. 27-Dec. 1, 2006. [11] X. Lin, P.-H. Ho, and X. Shen, Towards compromise-resilient localized authentication architecture for wireless mesh networks, in Proc. Of QShine 2007, Vancouver, British Columbia, August 14-17, 2007. [12] H. Yang, F. Ye, Y. Yuan, S. Lu, and W. Arbaugh, Toward resilient security in wireless sensor networks, in Proc. ACM Mobihoc 2005, May 2005, pp. 34-45. [13] F. Ye, H. Luo, S. Lu, and L. Zhang, Statistical enroute filtering of injected false data in sensor networks, in Proc. IEEE Infocom 2004, March 2004, pp. 2446-2457. [14] W. Du, R. Wang, and P. Ning, An efficient scheme for authenticating public keys in sensor networks, in Proc. ACM Mobihoc 2005, May 2005, pp. 58-67. [15] W. Zhang, H. Song, S. Zhu, and G. Cao, Least privilege and privilege deprivation: towards tolerating mobile sink compromises in wireless sensor networks, in Proc. ACM Mobihoc 2005, May 2005, pp. 378-389. [16] W. Yu and K. Liu, Secure cooperative mobile ad hoc networks against injecting traffic attacks, in Proc. IEEE SECON 2005, September 2005, pp. 55-64. [17] W. Zhang, S. Das, and Y. Liu, A trust based framework for secure data aggregation in wireless sensor networks, in Proc. IEEE SECON 2006, September 2006. [18] F. Delgosha and F. Fekri, Threshold keyestablishment in distributed sensor networks using a multivariate scheme, in Proc. IEEE Infocom 2006, April 2006. [19] M. Miller and N. Vaidya, Leveraging channel diversity for key establishment in wireless sensor networks, in Proc. IEEE Infocom 2006, April 2006. [20] X. Lin, R. Lu, H. Zhu, P.-H. Ho, X. Shen and Z. Cao, SRPAKE: An Anonymous Secure Routing Protocol with Authenticated Key Exchange for Wireless Ad Hoc Networks, in Proc. IEEE ICC 2007, June 2007. [21] K. Ren, W. Lou, and Y. Zhang, LEDS: providing location-aware end-toend data security in wireless sensor networks, in Proc. IEEE Infocom 2006, April 2006, pp. 1-12. [22] K. Ren, W. Lou, and Y. Zhang, Multi-user broadcast authentication in wireless sensor networks, in Proc. IEEE SECON 2007, June 2007. [23] A. P. da Silva, M. Martins, B. Roacha, A. Loureiro, L. Ruiz, and H. Wong, Decentralized intrusion detection in wireless sensor networks, in ACM Q2SWinet 05, 2005. [24] Y. Huang and W. Lee, A cooperative intrusion detection system for ad hoc networks, in ACM SASN 03, October 2003. [25] Intrusion-Detection. http://en.wikipedia.org /wiki/ intrusion-detection. [26] Biswanth Mukherjee, L. Todd Heberlein and Karl N. Levitt, Network Intrusion Detection, IEEE Networks, May/June 1994, pp. 26-41. [27] T. Ozyer, R. Alhaji, and K. Barker, Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule prescreening, Journal of Network and Computer Applications, pp. 99-113, 2007. [28] Sartid Vongpradhip and Wichet Plaimart, Survival Architecture for Distributed Intrusion Detection System using Mobile Agent, Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007), IEEE Computer Society, 2007.