Multimetric Online Intrusion Detection in Software-Defined Wireless Sensor Networks

Abstract: Software-defined wireless sensor networks have attracted considerable attention in recent years as they simplify the network management and provide the framework to automate infrastructure sharing. On the other hand, the centralization and planes' separation can turn SDNs vulnerable to new types of denial of service attacks. Existing intrusion detection approaches are not in general suitable for restricted networks or do not achieve optimal detection rates. This work aims at fulfilling both requirements by usi… Show more

“…In case of FNI attack, the detector monitoring the data packets delivery rate was triggered first in 100% of the events, as shown in Figure 29b. These results showed that there is evidence to support the hypothesis drawn up in our previous works about the relation metric / attack (SEGURA et al, 2020).…”

“…Next, the anomaly detection algorithm was implemented. We chose to use change point analysis since it fulfills the lightweight criteria and the previous evaluation (SEGURA et al, 2020) showed detection performance results similar to other works in the literature using ML techniques, among others. However, our proposal is independent of the anomaly detection technique while it is lightweight enough to fit and run in simple WSN or IoT devices.…”

“…Finally, we explored the application of change point analysis to detect anomalies in SDWSNs. First, we applied Skaperas, Mamatas and Chorti (2018) algorithm to evaluate DDoS detection accuracy (SEGURA et al, 2020), obtaining similar results than ML approaches. Skaperas' algoritm has an offline phase to determine the best detection parameters and an online phase for a real-time CPD.…”

“…Skaperas' algoritm has an offline phase to determine the best detection parameters and an online phase for a real-time CPD. Thus, we proposed a variation of Skaperas' algorithm (SEGURA;CHORTI, 2020), eliminating the offline phase to reduce the memory and processing requirements without significant impact on the detection accuracy. This implementation is described in Section 5.2.…”

“…For the next part, the results were separated grouping each attack based on the monitoring metric: for the FDFF attack, the control overhead CP detection results were analyzed, while for a FNI attack the data packets delivery rate, CP detection results were analyzed based on Segura et al (2020). The average value of 𝑃 𝐷𝑆 as a function of 𝛾 and 𝛼 for the case of a FDFF attack is depicted in Figure 27.…”

Cooperative intrusion detection for software-defined resource-constrained networks.

“…In case of FNI attack, the detector monitoring the data packets delivery rate was triggered first in 100% of the events, as shown in Figure 29b. These results showed that there is evidence to support the hypothesis drawn up in our previous works about the relation metric / attack (SEGURA et al, 2020).…”

“…Next, the anomaly detection algorithm was implemented. We chose to use change point analysis since it fulfills the lightweight criteria and the previous evaluation (SEGURA et al, 2020) showed detection performance results similar to other works in the literature using ML techniques, among others. However, our proposal is independent of the anomaly detection technique while it is lightweight enough to fit and run in simple WSN or IoT devices.…”

“…Finally, we explored the application of change point analysis to detect anomalies in SDWSNs. First, we applied Skaperas, Mamatas and Chorti (2018) algorithm to evaluate DDoS detection accuracy (SEGURA et al, 2020), obtaining similar results than ML approaches. Skaperas' algoritm has an offline phase to determine the best detection parameters and an online phase for a real-time CPD.…”

“…Skaperas' algoritm has an offline phase to determine the best detection parameters and an online phase for a real-time CPD. Thus, we proposed a variation of Skaperas' algorithm (SEGURA;CHORTI, 2020), eliminating the offline phase to reduce the memory and processing requirements without significant impact on the detection accuracy. This implementation is described in Section 5.2.…”

“…For the next part, the results were separated grouping each attack based on the monitoring metric: for the FDFF attack, the control overhead CP detection results were analyzed, while for a FNI attack the data packets delivery rate, CP detection results were analyzed based on Segura et al (2020). The average value of 𝑃 𝐷𝑆 as a function of 𝛾 and 𝛼 for the case of a FDFF attack is depicted in Figure 27.…”

Cooperative intrusion detection for software-defined resource-constrained networks.

Architectural Design, Improvement, and Challenges of Distributed Software-Defined Wireless Sensor Networks

Centralized and Distributed Intrusion Detection for Resource-Constrained Wireless SDN Networks