Lightweight Anomaly-based Intrusion Detection System for Multi-feature Traffic in Wireless Sensor Networks
Abdelouahid Derhab and Abdelghani Bouras
In this paper, we adopt the divide-and-conquer strategy to propose a lightweight design for an intrusion detection system in wireless sensor networks, lIghtweiGht aNomaly-based Intrusion deTection system for multi-feature traffIc in wireless sensOr Networks (IGNITION). The design is based on three approaches: (1) defining a node normal behavior composed of reduced number of high-level features, which in turn reduces the processing overhead. The method to obtain these features is low computational cost as it only considers strongly correlated low-level features and applies the divide-and-conquer strategy on the maximal cliques algorithm and the maximum weighted spanning tree algorithm, (2) similarity measure that incurs low computational complexity compared to other measures, and (3) simple binary classifier to distinguish between normal and anomalous behaviors, and which takes advantages of some WSNs characteristics. The performance of IGNITION is studied in terms of detection rate, false positive rate, and ROC distance and under three levels of noise factor. The study shows that a good tradeoff between detection rate and false positive rate is achieved when the noise factor is 10.
Keywords: Intrusion detection, anomaly-based, wireless sensor network, one-class classifier, similarity, dissimilarity.