Research on Intrusion Detection Algorithm Based on Multi-Class SVM in Wireless Sensor Networks

Similar documents
A Two-phase Distributed Training Algorithm for Linear SVM in WSN

A Kind of Wireless Sensor Network Coverage Optimization Algorithm Based on Genetic PSO

Open Access Research on the Prediction Model of Material Cost Based on Data Mining

Face Recognition Based on LDA and Improved Pairwise-Constrained Multiple Metric Learning Method

A Data Classification Algorithm of Internet of Things Based on Neural Network

An Integrated Face Recognition Algorithm Based on Wavelet Subspace

S. Sreenivasan Research Scholar, School of Advanced Sciences, VIT University, Chennai Campus, Vandalur-Kelambakkam Road, Chennai, Tamil Nadu, India

Application of Improved Lzc Algorithm in the Discrimination of Photo and Text ChengJing Ye 1, a, Donghai Zeng 2,b

A Novel Image Super-resolution Reconstruction Algorithm based on Modified Sparse Representation

The Comparative Study of Machine Learning Algorithms in Text Data Classification*

A Multipath AODV Reliable Data Transmission Routing Algorithm Based on LQI

Energy Conservation through Sleep Scheduling in Wireless Sensor Network 1. Sneha M. Patil, Archana B. Kanwade 2

Blackhole Attack Detection in Wireless Sensor Networks Using Support Vector Machine

Routing Protocols in Mobile Ad-Hoc Network

DETECTING SYBIL ATTACK USING HYBRID FUZZY K-MEANS ALGORITHM IN WSN

An Energy Efficiency Routing Algorithm of Wireless Sensor Network Based on Round Model. Zhang Ying-Hui

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack

Intrusions Detection System Based on Ubiquitous Network Nodes

Video Inter-frame Forgery Identification Based on Optical Flow Consistency

Open Access Research on the Data Pre-Processing in the Network Abnormal Intrusion Detection

Geospatial Information Service Based on Ad Hoc Network

Traffic Flow Prediction Based on the location of Big Data. Xijun Zhang, Zhanting Yuan

Performance Comparison of MANETs Routing Protocols for Dense and Sparse Topology

Modeling Body Motion Posture Recognition Using 2D-Skeleton Angle Feature

A Low-Overhead Hybrid Routing Algorithm for ZigBee Networks. Zhi Ren, Lihua Tian, Jianling Cao, Jibi Li, Zilong Zhang

Robot Learning. There are generally three types of robot learning: Learning from data. Learning by demonstration. Reinforcement learning

The Effects of Outliers on Support Vector Machines

KBSVM: KMeans-based SVM for Business Intelligence

ZigBee Routing Algorithm Based on Energy Optimization

An efficient face recognition algorithm based on multi-kernel regularization learning

A Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence

A Feature Selection Method to Handle Imbalanced Data in Text Classification

A Scheme of Multi-path Adaptive Load Balancing in MANETs

Contents. Preface to the Second Edition

Research on adaptive network theft Trojan detection model Ting Wu

Spoofing Detection in Wireless Networks

PRIVACY AND TRUST-AWARE FRAMEWORK FOR SECURE ROUTING IN WIRELESS MESH NETWORKS

A Balancing Algorithm in Wireless Sensor Network Based on the Assistance of Approaching Nodes

Efficient Hybrid Multicast Routing Protocol for Ad-Hoc Wireless Networks

Hydraulic pump fault diagnosis with compressed signals based on stagewise orthogonal matching pursuit

Analysis of Cluster based Routing Algorithms in Wireless Sensor Networks using NS2 simulator

Chongqing, China. *Corresponding author. Keywords: Wireless body area network, Privacy protection, Data aggregation.

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Facial expression recognition using shape and texture information

Fault Diagnosis of Wind Turbine Based on ELMD and FCM

Research on Transmission Based on Collaboration Coding in WSNs

Secure and Efficient Routing Mechanism in Mobile Ad-Hoc Networks

Pedestrian Detection with Improved LBP and Hog Algorithm

Distribution Network Reconfiguration Based on Relevance Vector Machine

A Novel Intrusion Detection Method for WSN Sijia Wang a, Qi Li and Yanhui Guo

Time Series Clustering Ensemble Algorithm Based on Locality Preserving Projection

Analysis Range-Free Node Location Algorithm in WSN

A Comparative study of On-Demand Data Delivery with Tables Driven and On-Demand Protocols for Mobile Ad-Hoc Network

The Performance of MANET Routing Protocols for Scalable Video Communication

An Embedded Dynamic Security Networking Technology Based on Quick Jump and Trust

LEACH and PGASIS Protocols in wireless sensor network: Study and Simulation

A Modular k-nearest Neighbor Classification Method for Massively Parallel Text Categorization

An Abnormal Data Detection Method Based on the Temporal-spatial Correlation in Wireless Sensor Networks

Security Enhancement in Wireless Sensor Networks using Machine Learning

A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks

The Population Density of Early Warning System Based On Video Image

Collaborative Security Attack Detection in Software-Defined Vehicular Networks

SVM Classification in Multiclass Letter Recognition System

DDoS Detection in SDN Switches using Support Vector Machine Classifier

Research on Applications of Data Mining in Electronic Commerce. Xiuping YANG 1, a

DDoS Attack Detection Using Moment in Statistics with Discriminant Analysis

Support Vector Machines

Combining SVMs with Various Feature Selection Strategies

Intrusion Detection for Routing Attacks in Sensor Networks

Protection Against DDOS Using Secure Code Propagation In The VANETs

A REVIEW PAPER ON DETECTION AND PREVENTION OF WORMHOLE ATTACK IN WIRELESS SENSOR NETWORK

Energy Efficiency and Latency Improving In Wireless Sensor Networks

MultiHop Routing for Delay Minimization in WSN

Performance Analysis of Heterogeneous Wireless Sensor Network in Environmental Attack

PERFORMANCE ANALYSIS OF AODV ROUTING PROTOCOL IN MOBILE ADHOC PROTOCOL

Research on Mining Cloud Data Based on Correlation Dimension Feature

Eradication of Vulnerable host from N2N communication Networks using probabilistic models on historical data

An Application of Genetic Algorithm for Auto-body Panel Die-design Case Library Based on Grid

Support Vector Machines

Challenges in Mobile Ad Hoc Network

Simulation and Analysis of AODV and DSDV Routing Protocols in Vehicular Adhoc Networks using Random Waypoint Mobility Model

IMPROVING WIRELESS SENSOR NETWORK LIFESPAN THROUGH ENERGY EFFICIENT ALGORITHMS

Method for security monitoring and special filtering traffic mode in info communication systems

Detection and Removal of Blackhole Attack Using Handshake Mechanism in MANET and VANET

Bloom Filter for Network Security Alex X. Liu & Haipeng Dai

Security of Intelligent Building Network Based on Wireless Sensor Network

An Improved DFSA Anti-collision Algorithm Based on the RFID-based Internet of Vehicles

An adaptive container code character segmentation algorithm Yajie Zhu1, a, Chenglong Liang2, b

Finger Vein Biometric Approach for Personal Identification Using IRT Feature and Gabor Filter Implementation

A Secure Data Transmission Scheme in Wireless Sensor Networks

Nodes Energy Conserving Algorithms to prevent Partitioning in Wireless Sensor Networks

A Pigeon Agents based Analytical Model to Optimize Communication in Delay Tolerant Network

Impact of Black Hole and Sink Hole Attacks on Routing Protocols for WSN

Keyword Extraction by KNN considering Similarity among Features

Face Recognition Using Vector Quantization Histogram and Support Vector Machine Classifier Rong-sheng LI, Fei-fei LEE *, Yan YAN and Qiu CHEN

2017 2nd International Conference on Communications, Information Management and Network Security (CIMNS 2017) ISBN:

All Rights Reserved 2017 IJARCET

EFFICIENT DATA TRANSMISSION AND SECURE COMMUNICATION IN VANETS USING NODE-PRIORITY AND CERTIFICATE REVOCATION MECHANISM

Performance Analysis of AODV Routing Protocol with and without Malicious Attack in Mobile Adhoc Networks

Machine Learning for NLP

Transcription:

Communications and Network, 2013, 5, 524-528 http://dx.doi.org/10.4236/cn.2013.53b2096 Published Online September 2013 (http://www.scirp.org/journal/cn) Research on Intrusion Detection Algorithm Based on Multi-Class SVM in Wireless Sensor Networks Hangxia Zhou, Qian Liu, Chen Cui Department of Computer Science and Technology, China Jiliang University, Hangzhou, China Email: zhx@cjlu.edu.cn Received June 2013 ABSTRACT A multi-class method is proposed based on Error Correcting Output Codes algorithm in order to get better performance of attack recognition in Wireless Sensor Networks. Aiming to enhance the accuracy of attack detection, the multi-class method is constructed with Hadamard matrix and two-class Support Vector Machines. In order to minimize the complexity of the algorithm, sparse coding method is applied in this paper. The comprehensive experimental results show that this modified multi-class method has better attack detection rate compared with other three coding algorithms, and its time efficiency is higher than Hadamard coding algorithm. Keywords: Wireless Sensor Network; Multi-Class; Network Security 1. Introduction Wireless Sensor Network (WSN) consists of a large number of small sensor nodes in terms of self-organization and multiple hops. These sensor nodes have low cost, less energy, and limited processing ability. These nodes are applied to sense, collect and process the object within the network coverage area, and sent signals to the host user in the form of data. The sensor nodes are usually distributed in no security environment, and it is easy for them to be captured and manipulated by attackers. In recent years, WSN security has become the frontier research fields to scholars. The author in [1] summarized the types of attacks in WSN, such as blackhole attack, hello flooding attack, DoS attack, and selective forwarding attack and so on. Support Vector Machine (SVM) is one of the most widely used classification methods in WSN. It has peculiar advantages in small sample, high dimension pattern recognition and nonlinear problems [2]. But the traditional support vector machine is designed for two-class classification so that it fails to handle multi-class problems. As a result, research on SVM multi-class classifier has become a necessity. This paper proposed a modified Sparse-ECOC multiclass classification method. This method can be used to classify the traffic data collected by network nodes to determine whether the system is invaded by attackers. Experiments show that compared with the existing classification algorithm, this improved algorithm has higher attack detection rate and time efficiency. 2. Classical Algorithms Compared with the traditional networks, wireless sensor network has the following two characteristics: the limitation of energy supply, processing speed and storage space. And the limitation of communication bandwidth, time delay, transmission packet size, etc. Because of the limitations, safety prevention method which is commonly used in wired networks does not apply to wireless sensor networks. For this reason, this article chooses intrusion detection technology of SVM which conforms to the characteristics of WSN. 2.1. Support Vector Machine and Principle Support vector machine is a new kind of machine learning method. It is based on statistical learning theory and structural risk minimization principle. In [3], the use of kernel function made the nonlinear flow data collected by sensor nodes to be mapped to a high-dimensional feature space, which greatly reduces the algorithm complexity, and effectively overcomes the dimension disaster problems which often appears in artificial neural networks. In [4], support vector machine has strong generalization ability in tackling small sample classification. The model proposed in [5] is suitable for low bandwidth and small packets situations in wireless sensor networks. d In SVM model, set input vector xi R, category y 1,1, sample size i, j = 1,2,..., n, kernel function i { }

H. X. ZHOU ET AL. 525 K( xi, x j), high dimensional feature space Z, nonlinear d mapping ϕ : R Z. Nonlinear samples can be mapped to high-dimensional feature space Z by kernel function and mapping ϕ to construct an optimal separating hyperplane in Z. The points on the optimal separating hyperplane need to meet: ωϕ ( x) + b= 0, (1) and classification interval is equal to 2/ ω. If we want the best effect of classifying, classification interval shall take the maximum, that is to say, ω shall take the minimum [6]. In practice, classic support vector machine cannot solve multi-class problems. So we need to take other ways to solve them. In [7], the author listed some common multi-class classification method, such as one-against-one method, one-against-all method, binary tree method, error correcting output codes (ECOC) method, directed acyclic graph SVM (DAGSVM) method, etc. 2.2. Hadamard Coding Algorithm Hadamard error correcting output codes method is a typical algorithm which decomposes multi-class problem into several two-class problems. Hadamard matrix was proposed by James Joseph Sylvester on the basis of orthogonality in 1867 [8]. It is a square matrix which is made of 1 and +1, and any different two rows of it is mutually orthogonal. N dimensional Hadamard matrix can be obtained by N /2 dimensional matrix through the method of recursing. 1 1 HN/2 HN/2 H2 = 1 1 H N = HN/2 H (2) N/2 For N dimensional matrix, any two rows or two columns are neither same nor complementary. The distance between any two rows or two columns is N /2. These features meet the needs of classifier training, but the first 1 column in the matrix cannot be used for classifier coding. So the original N dimensional matrix needs to be cut in a certain degree. 3. Experimental Design and Implementation Experimental design includes two aspects: coding matrix construction and the training of classifier. Coding matrix construction is conducted on the basis of Hadamard matrix. The realization of classifier is implemented on NS2 and LIBSVM platform. 3.1. Construct Modified Coding Matrix According to the characteristics of the matrix and coding principles, the approach of Sparse-ECOC matrix structure can be shown as follows: Obtained a N dimensional Hadamard matrix according to Equation (2). Delete the first 1 column, and obtained a N ( N 1) dimensional matrix. Take the first l lines of the matrix, and obtained a l ( N 1) dimensional matrix. Chose an element from each row and replace it with element 0. Ensure the minimum hamming distance as large as possible. The sign l expresses sample class number. The modified coding matrix has simple coding scheme, less number of classifiers constructed, and convenient calculation. Any two rows or two columns are neither same nor complementary. The hamming distance between any two rows is equal to N /2. The coding matrix constructed in this way is ternary code matrix. In ternary code encoding, element 1 expresses positive, element 1 expresses negative, and element 0 expresses doing nothing with it [9]. The addition of zero elements made classifier more simplified, so we call this coding matrix Sparse-ECOC matrix. The Sparse-ECOC matrix not only satisfies the training requirements of multi-class SVM classifier, but also reduces each single classifier's construction time because of the addition of zero elements. These properties effectively improve the training speed and comprehensive performance. 3.2. Classifier Implementation The Sparse-ECOC multi-class algorithm proposed in this paper mainly detect for hello flooding attack, denial-ofservice (DoS) attack, blackhole attack, selective forwarding attack and sybil attack in WSN. Detect and classify attacks by analyzing the energy of nodes and packets received and send situations in the networks. In order to reduce the complexity of calculation, we choose appropriate flow characteristics for each attack as less as possible. For hello flooding attack, we select the energy of package sent as its feature. For DoS attack, we select the number of data packets received. For blackhole attack, we select the number of route request replies received, the number of route request replies sent, and the number of route request replies dropped. For selective forwarding attack, we select the number of route errors send and the number of route errors received. For sybil attack, we select the frequency of the node selected as cluster head [10]. Classifier realization mainly includes four processes: data acquisition, data preprocessing, kernel function selection and classifier training, algorithm verification (Figure 1). 1) Data acquision: Build a hierarchical and cluster structure model of WSN in NS2. We choose IEEE 802.15.4

526 H. X. ZHOU ET AL. Figure 1. Classifier implementation process. standard for media access control (MAC) layer and low energy adaptive clustering hierarchy (LEACH) protocal for network layer. Specific process can be implemented as follows. a) Define the transmission channel, transmission model, the interface queue, topology, God object, the node's properties and actions in the node transmission process. b) Add environmental parameters which would be needed in the operational process of LEACH protocol. Add malicious nodes of five attacks in a specific time one by one. c) Monitor the network status, including node energy state, packet receiving and sending situation, cluster selected rules. d) Extract trace files and construct datasets. 2) Data preprocessing In order to avoid the singular sample data caused an increase of training time, normalize each column in the datasets. Then translate the normalized training dataset into seven two-type of datasets on the basis of Table 1. Element 1 expresses positive, element 1 expresses negative, and element 0 expresses does nothing with it. 3) Kernel function selection and classifier training In experiments, we select radial basis function (RBF) as the kernel function, and 250 rows of data as the training set. The optimal kernel parameters δ and penalty parameters C of seven two-class SVM classifier can be obtained in (2 10, 2 15 ) through grid search and 5-fold cross validation method. With the optimal parameters the classifier can be trained. 4) Algorithm verification Select six kinds of data from the normalized testing dataset. Input into seven classifier and got the output results. Calculate the hamming distance between outputs and Sparse-ECOC coding matrix. Take the category of the minimum hamming distance as its category of belonging. Table 1. The Sparse-ECOC coding schedule. Class Codeword SVM 1 SVM 2 SVM 3 SVM 4 SVM 5 SVM 6 SVM 7 1 1 1 1 0 1 1 1 2 +1 1 +1 1 0 1 +1 3 1 +1 0 1 1 +1 +1 4 +1 +1 1 1 +1 0 1 5 0 1 1 +1 +1 +1 +1 l 1 D= arg min d{ AM, } = A M (3) i j i, j 2 j= 1 Equation (3) is the minimum hamming distance formula. A j is the code word of the jth column in the test sample output vector. M i, j is the code word of the ith row and the jth column in the Sparse-ECOC coding schedule. 4. Experimental Analysis In the simulation, fifty sensor stationary nodes are distributed in the area of 100 100 meters. The initial energy of each node is two joules. Malicious nodes have enough energy. The total simulation time is 500 seconds. In the experiments, the train data and test data are from NS2 wireless sensor network simulation. Datasets consists of five parts: node data in Hello flooding attack, DoS attack, blackhole attack, selective forwarding attack and sybil attack situations. This paper compares the performance of the modified algorithm with one-against-one method, one-against-all method and ECOC method (Table 2). In Figures 2 and 3, we can see that Sparse-ECOC method has a distinct advantage in each attack detection when compares with one-against-one method and oneagainst-all method. The data in Figure 4 shows the detection accuracy comparison between Sparse-ECOC method and Hadamard method. They have the similar accu-

H. X. ZHOU ET AL. 527 Table 2. Detection accuracy and average training time of four ECOC encoding method. Encoding Method Detection Accuracy (%) hello flooding blackhole selective forwarding DoS sybil Average Training Time (s) Sparse-ECOC 96.19 96.15 91.07 95.24 92.73 9.825189571 Hadamard 94.16 96.09 88.21 96.19 93.26 12.593525428 one-against-one 90.96 91.06 80.17 90.35 90.14 2.913055304 one-against-all 90.95 90.92 80.08 90.31 82.17 8.700531809 Figure 2. Accuracy comparison between Sparse-ECOC method and one-against-one method. Figure 5. Training time of four encoding methods. sifiers, but it has low detection accuracy of attacks. Hadamard method has the same number of sub-classifiers as Sparse-ECOC method, but its time efficiency is far lower than the latter. These results demonstrate that Sparse- ECOC method provides a better approach for improving attack detection rate and time efficiency. Figure 3. Accuracy comparison between Sparse-ECOC method and one-against-all method. 5. Conclusion In this paper, a multi-class SVM algorithm is constructed based on Hadamard coding algorithm. Through the experiment, higher accuracy of attack detecting is obtained. By comparing the results with that of Hadamard method, one-against-one method and one-against-all method, it is found that the modified algorithm is a better approach for attack detection. Figure 4. Accuracy comparison between Sparse-ECOC method and Hadamard method. racy in blackhole attack, DoS attack and sybil attack, but Sparse-ECOC method is better in hello flooding attack and selective forwarding attack. Figure 5 shows the number of sub-classifiers needed in four encoding methods and the training time cost of each sub-classifier. From the picture, we can see that one-against-one method spends the least amount of time, but it needs the most number of sub-classifiers. Oneagainst-all method needs the least number of sub-clas- REFERENCES [1] H. Ehsan and F. A. Khan, Malicious AODV: Implementation and Analysis of Routing Attacks in MANETs, IEEE Trust, Security and Privacy in Computing and Communications Conference TRUSTCOM, Liverpool, 25-27 June 2012, pp. 1181-1187. [2] N. Shahid, I. H. Naqvi and S. B. Qaisar, Quarter-Sphere SVM: Attribute and Spatio-Temporal Correlations Based Outlier & Event Detection in Wireless Sensor Networks, IEEE Wireless Communications and Networking Conference WC, Shanghai, 1-4 April 2012, pp. 2048-2053. [3] S. Xu, C. Hu, L. Wang and G. Zhang, Support Vector Machines Based on K Nearest Neighbor Algorithm for Outlier Detection in WSNs, Proceedings of the 8th Wireless Communications, Networking and Mobile Computing International Conference WICOM, Shanghai,

528 H. X. ZHOU ET AL. 21-23 September 2012, pp. 1-4. [4] D. Bi, X. Wang and S. Wang, Particle Swarm Optimization Clustering for Target Classification in Wireless Sensor Networks, Proceedings of the 4th Natural Computation International Conference, Jinan, 18-20 October 2008, pp. 111-115. [5] A. B. Raj, M. V. Ramesh, R. V. Kulkarni and T. Hemalatha, Security Enhancement in Wireless Sensor Networks Using Machine Learning, High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems HPCC-ICESS, Liverpool, 25-27 June 2012, pp. 1264-1269. [6] X. Liu, X. Zhang and J. Duan, Speech Recognition Based on Support Vector Machine and Error Correcting Output Codes, Pervasive Computing Signal Processing and Applications International Conference PCSPA, Harbin, 17-19 September 2010, pp. 336-339. [7] F. Masulli and G. Valentini, An Experimental Analysis of the Dependence among Codeword Bit Errors in ECOC Learning Machines, Neurocomputing, Vol. 57, 2004, pp. 189-214. http://dx.doi.org/10.1016/j.neucom.2003.09.011 [8] J. Wales, Hadamard matrix From Wikipedia, 2013. http://en.wikipedia.org/wiki/hadamard_matrix. [9] M. M. Khedkar and S. A. Ladhake, Robust Human Iris Pattern Recognition System Using Neural Network Approach, Information Communication and Embedded Systems International Conference ICICES, Chennai, 21-22 February 2013, pp. 78-83. [10] C. E. Loo, M. Y. Ng, C. Leckie and M. Palaniswami, Intrusion Detection for Routing Attacks in Sensor Networks, International Journal of Distributed Sensor Networks, Vol. 2, No. 4, 2006, pp. 313-332. http://dx.doi.org/10.1080/15501320600692044

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback