Design and Analysis of Intrusion Detection Protocols for Hierarchical Wireless Sensor Networks

Abstract

In most of the applications, wireless sensor networks are deployed in an unattended environment. Thus, sensor nodes can be physically captured by the adversaries, and the adversaries can then extract the stored information in those nodes using the power analysis attacks. Using the extracted information they can manufacture new sensor nodes. These newly manufactured sensor nodes can also have additional functionalities, which can be used to launch different attacks. After that these new sensor nodes can be deployed by the adversaries in the network. These nodes can launch different attacks in the network, which can cause information loss along with high energy expenditure. Furthermore, WSN is prone to various attacks, such as blackhole attack, wormhole attack, sinkhole attack, etc. In this thesis, we propose several intrusion detection and prevention schemes in hierarchical wireless sensor networks (HWSNs). The first contribution is on designing a new efficient group-based scheme for the detection and prevention of multiple blackhole attacker nodes in HWSNs. In our scheme, the entire WSN is divided into several clusters, and each cluster has a resource-rich cluster head node. Each $CH$ is responsible for the detection and prevention of blackhole attack in the network. Furthermore, our scheme is efficient, and thus, it is very appropriate for practical applications in HWSNs. In the second contribution, we propose a new detection scheme for the detection of different types of sinkhole nodes in HWSNs. In the last contribution, we propose a new intrusion detection technique for hybrid anomaly in HWSNs, which uses the existing data mining algorithm, called K-means clustering. The proposed technique has the ability to detect two types of malicious nodes: blackhole and misdirection attacker nodes. The proposed scheme is useful, especially for those scenarios where the chances of occurrence of hybrid attacks are high and attack specific detection mechanisms fail. It can automatically detect the hybrid anomaly.