Applying Data Mining Techniques to Intrusion Detection in Wireless Sensor Networks

Wireless Sensor Networks (WSNs) have become a hot research topic in recent years. They have many potential applications for both civil and military tasks. However, the unattended nature of WSNs and the limited computational and energy resources of their nodes make them susceptible to many types of attacks. Intrusion detection is one of the major and efficient defence methods against attacks in a network infrastructure. Intrusion Detection Systems can be seen as the second line of defence and they complement the security primitives that are adopted in order to prevent attacks against the computer network being protected. The peculiar features of a wireless sensor network pose stringent requirements to the design of intrusion detection systems. In this paper, we propose a hybrid, lightweight, distributed Intrusion Detection System (IDS) for wireless sensor networks. This IDS uses both misuse-based and anomaly-based detection techniques. It is composed of a Central Agent, which performs highly accurate intrusion detection by using data mining techniques, and a number of Local Agents running lighter anomaly-based detection techniques on the motes. Decision trees have been adopted as classification algorithm in the detection process of the Central Agent and their behaviour has been analysed in selected attacks scenarios. The accuracy of the proposed IDS has been measured and validated through an extensive experimental campaign. This paper presents the results of these experimental tests.