Abstract
It is well known that the safety, reliability and energy efficiencies are the prime concerns while designing and deploying wireless sensor networks. Therefore, unattained features and inability to recharge the nodes makes wireless sensor networks more susceptible to attack. To successfully deploy efficient usage of power resources, sensor networks from time to time keep nodes to sleep. They awake when some activity is noticed. MAC protocols playa very crucial role to save the power consumption during communication. Attacker is not adhering the communication protocols by taking the advantage of unattended scenario. The communication protocols are designed in such a manner that they are assuring the optimal consumption of battery or other power sources. By indulging the nodes in unnecessary communication adversary applies the repudiation of sleep attack by applying repudiation of service attack. This work implements the effect of denial of service attack which leads to the denial of sleep attack in wireless sensor networks using support vector machine learning. To achieve better result, model is developed and tested with the help of various kernel functions (linear, sigmoidal and redial functions). After the intensive execution of experiments, final outcomes have been drawn. On the basis of achieved results and validation of model we can conclude that the developed system performs outstanding throughput for detecting denial of sleep strike attack in WSN.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
1 Introduction
There are huge numbers of boundaries along the line of numerous resources for instance storage, networking and computational competencies in Sensor nodes which are used to create sensors. In this era, it’s the sensor which is used stating from the household activities to big scientific activities. The network is created by successfully applying very tiny and inexpensive sensors. These sensors have given rise to electrifying modern applications in each and every area of human lives. These sensors can be applied to the numerous areas like environment, animal habitats, medical applications, home computerization as well as in vehicle control and monitoring systems. The main factors while designing and deploying the wireless sensor network application, which cannot be ignored, is energy competence of the renowned MAC protocol [1,2,3,4,5,6].
Denial of service (DoS) attack is a precise category of attack that aims a device with battery operated power causing rapid consumption of this compel resource. It is really very difficult to substitute all the sensors which are unsuccessful in terms of the battery outflow, and it is also hard to refresh all such sensors. To efficiently raise the life of each distinct sensor node, the battery control approved from these nodes should be preserved. In case, if the attack is fails, lifetime of the network can be condensed to a few months/years or some days [2, 5, 6]. On every occasion authentication is performed by successfully implementing symmetric keys and hash functions. Any malicious node that is eligible for the symmetric keys will also receive access to all the information which belongs to base station [3, 6]. The data which belongs to the base station shall never be recognized by further nodes. Data could be stolen by an intruder to turn into a base-station and gather the entire data from the pools of Cluster Heads. Without knowledge based authentications, the disclosure of the claimant is certainly not exposed openly, the claimant’s secret key is implemented to compute a worth which could be applied in collaborative way among the claimant and certifier, to further continue the process of authentication [4].
Without (Zero) knowledge resistant protocol is an influential crypto-graphical method that uses an experiment from certifier confirming that it is difficult to halt. Consequently, it could be implemented in numerous cryptographic submissions and further procedures for example identification, authentication, and Key exchange [5, 6]. The smooth architecture of mesh in WSN could be enthusiastically acclimating to provision launching of current working nodes or be extended in order to shelter huge topography area. The network is adaptable enough except offerings novel concerns in the node communication progression; few important issues are data confidentiality, data authenticity and integrity, data freshness and availability [2, 7,8,9].
In article [1], author proposed an effective solution to defend against denial of sleep attack on a sensor network. Their mechanism is to protect the MAC layer to defend the denial of sleep protocol. In article [10], author proposed a cross-layer design of secure scheme integrating the MAC protocol. Their analyses showed that the proposed scheme can counter the replay attack and forge attack in an energy-efficient way. Further they have given a detailed analysis of energy distribution to show a reasonable decision rule of coordination between energy conservation and security requirements for WSNs.
WSNs have grown up as an intrinsic part of scientific applications whether big and small. For instance, WSNs are used in applications of logistic applications, checking the cooling chain of unpreserved products and similar applications. Service providers are competent enough to provide real-time data regarding the circumstance of goods in distribution. WSNs are also implemented to control acute substructures for instance bridges. Security is an important concern that should be considered in these applications. Despite of attacks on the confidentiality as well as on integrity of data, it should also be defended in contradiction of all the threats to the availability of the WSN, for example DoS attacks. In terms of security, single attacker has always a physical method to identify or access a node and can acquire the important material, thereby becoming a legitimate member of the network. Therefore, a WSN should be capable enough to identify the internal attacks that are not possible without an active intrusion detection system (IDS). The architecture of IDS is given in Fig. 1. In the past few decades, huge amounts of research have been performed for IDS development for WSN network using trust based approach, data mining based, regression model based, artificial intelligence based approach [11, 12]. The brief description of developed IDS for WSN is given in the literature section.
Architecture of IDS
2 Literature review
After the extensive study of literature, the massive accruing intrusion type and detection methods are given in Table 1.
From Table 1, it is observed that the intrusion detection system can be designed using (1) Distributed Approach, (2) Hierarchical Approach, (3) Incentive Based Approaches, (4) Reputation Based Schemes and (5) AI Based Approach. The brief description of each approach is described here.
2.1 Distributed Approach
A semantic based experimental framework for intrusion detection in WSN is estimated in article [13]. The framework is implemented via self organized and semantic based methodology. The security cosmology is in line with the attributes of WSN. The technology senses the irregularity through mutual sensor nodes. It maps nominated law of security cosmology to sensing data gathered. A well-organized energy learning method which solves the IDS algorithms in WSN applications has been proposed in article [14]. The successful use of Problematic learning automata on methodology of packet fragment is the base of this model.
2.2 Hierarchical Approach
An article [15] proposed a trust-based approach along with a location-aware, discovery and separation method of cooperated nodes in WSN. Article [16], depicts a technique based on isolation table. The technique separates malicious nodes by escaping intake of needless energy using Isolation Table Intrusion Detection System (ITIDS). Article [17] proposed a light “ranger based IDS” (RIDS) that describes how it is associates with the ranger technique to decrease energy usage. It uses the isolation tables to escape the detecting anomaly frequently. In the article [18], policy based detection technique is used to classify hierarchical overlay design (HOD) based IDS. In the article [19], a Hybrid IDS has been proposed in heterogeneous cluster based WSN. By using this proposed model, large number of attacks can be detected. A three layer architecture hierarchical model based on weighted trust evaluation is proposed article [20]. The models identify the malevolent nodes by controlling its conveyed data. A very flexible model of intrusion detection called dynamic model of IDS (DIDS) for WSN is suggested in articles [21, 22].
2.3 Incentive Based Approaches
An article [23] explores the concept of distributed and cooperative IDS. In these IDS specific IDS agents are positioned on every node which executes autonomously. They respond through identifying intrusion by local traces. The paper provides detailed intrusion detection methods for the given attacks.
Bhargava and Agrawal [24] protracted the IDS model elaborated in [23] with improved security. A proactive security scheme is proposed to avoid internal attack and recognized attacks. They offered an IDS model to recognize and prevent the attacks. Huang et al. [25] had built a model on anomaly detection. Their focus is towards investigating and improving anomaly detection and providing more details on type of attacks.
In article [26], a hybrid method based on coupling Discrete Wavelet Transforms and Artificial Neural Network (ANN) for Intrusion Detection is proposed. The imbalance of the instances across the data-set was eliminated by SMOTE based over sampling of less frequent class and random under-sampling of the dominant class. A three layer ANN was used for classification. The experimental results on KDD99 dataset advocate about the fact that the proposed model has higher accuracy, detection rate and at the same time has reduced false alarms making it suitable for real-time networks.
2.4 Reputation Based Schemes
Song and Zhang [27] proposed one more hop (OMH) protocol. The suggested protocol suppresses selfish actions on a new perspective. Their work is based on modified routing protocol and cryptographic techniques. A watchdog mechanism for monitoring packet forwarding is suggested. The limitation is that the node is unable to recognize if it is itself a destination of the packet. Watchdog type mechanisms are successful with a single intruder. In case of several intruders the mechanism is not fruitful. Yan et al. [28] stretched the work of [29,30,31,32,33] by proposing a trust evaluation based security solution. It provides operational security decision on safeguarding data, secure routing and many more other networking events. Mundinger and Le Boudec et al. [34] delivered the analytical method for analyzing the strength of a detection system. Their works investigates that liars will not affect the network performance except that they surpasses the specified threshold value termed as phase transition. In article [35], author proposed a timed IDS based on real time discrete event system (RTDES) for detecting PS-DoS attack. The proposed DES based IDS overcomes the drawbacks of existing systems and detects the PS-DoS attack with high accuracy and detection rate. The correctness of the RTDES based IDS is proved by experiment to all possible attack scenarios. In article [36], author mainly focused on data integrity protection and given an identity-based aggregate signature (IBAS) scheme with a designated verifier for WSNs. According to them advantage of aggregate signatures, their scheme not only can keep data integrity but also can reduce bandwidth and storage cost for WSNs. Further they incremented their research for security of IBAS scheme based on the computational Diffie–Hellman assumption in random oracle model.
2.5 AI Based Approaches
From the literature study, it has also been observed that development of IDS is a type of pattern recognition problem [37,38,39,40,41,42,43,44]. Thus supervised and unsupervised machine learning techniques were used for IDS development in studies [38, 39, 43, 45].A study based on machine learning methods has been also used for mobile malware detection by Narudin et al. in 2014 [46]. In recent scenario the availability of data is too much, so deep learning methods were also applicable in IDS development [47,48,49]. The same concept of deep learning has also been used for VANET for IDS development [44].
In this work, a novel SVM based IDS has been developed for distributed contradiction of sleep attack in WSN. A set of total 19 features are extracted and they are pruned according to their performances. The performance of proposed method is analyzed by using Positive predictive value (PPV), true positive rate (TPR) and overall classification accuracy (OCA). The mathematical expressions are given in Sect. 3.3 for these parameters. Section 4 describes the IDS engine development approaches and experimental outcome is given in Sect. 5.
3 Methodology
3.1 Experimental Work Flow
The proposed methodology for the development of an efficient IDS is based on support vector machine. This methodology is used for the detection engine to handle denial of sleep attack and is shown in Fig. 2. Raw data generated and collected after the denial of sleep attack is processed for feature pruning and is given in Sect. 3.2. Linear, sigmoidal and redial functions are used to train the data with various cost and gamma parameters. Where accuracy is reported highest that model file is to be considered as inference/detection engine.
Proposed methodology for the development of detection engine
3.2 Feature Ranking and Pruning
In this work, feature ranking and pruning plays a very crucial role. Accordingly, the ranking and pruning of features are mode on the basis of performance analyzing parameters [50, 51]. The performance analysis parameters for SVM are: Overall Classification Accuracy (OCA), Overall Training Time (OTT), and Overall Testing Time (OTST). After that each features can be considered as ‘significant (S), ‘moderate (M)’ or ‘trivial (T)’. List of features that are considered for this study given in Table 2.
The rule set for feature ranking and pruning is given in Table 3.
Table 3 describes the rule set for feature ranking. The same rule set has been used for feature selection for development of IDS using SVM which is explained in study [50].The Rule-1 described as if the OCA decreases (↓) AND OTT increases (↑) AND OTST decreases (↓) then the feature is significant. In the same manner, all rule set have been described.
3.3 Staging Analysis
The performance of the designed IDS is measured by the help of Positive Predictive Value (PPV), True Positive Rate (TPR) and Overall Classification Accuracy (OCA). The brief description of performance analysis parameters are shown in Fig. 3.
Description of performance analysis parameters
From the Fig. 3, it has been observed that there are four possibilities of each traffic operation performed by the designed IDS. These possible conditions are:(1) when intruders enter the network and perform malicious operations and these operations are detected positively (Success ^Detection) is termed as True Positive (TP), (2) when malicious operations are not detected and not reported by IDS (¬Success ^ ¬ Detection) is termed as True Negative (TN), (3) when there are no malicious operations performed and IDS detected as malicious operation (¬ Success ^ Detection) is termed as False Positive (FP) and (4) when malicious operation performed and not reported by IDS i.e. (Success ^ ¬ Detection) is termed as False Negative (FN).
The performance parameters are computing using the following mathematical expression.
3.4 Simulation Setup
The network simulation Opnet modeler 17.5 is used. To perform the denial of sleep attack (DOSA) for WSNs area of (100*100) square meter is taken. The scenario of simulation setup is shown in Fig. 4.
Scenario for simulation setup for denial of sleep attack
For developing efficient IDS for distributed denial of sleep attack, ZigBee model is taken which describes the sensor network nodes most excellently. The area is divided in four zones. The description of each zone is given in Table 4.
In the present work, Node-0 is considered as the sink node of the network. The simulation time is 900 s. Simulation is carried out first without the denial of sleep attack and results are generated. Then a malicious node is inserted for the denial of sleep attack and again it is carried out for further 900 simulation seconds.
4 Development of the Detection Engine
4.1 Feature Selection
After the execution of Rule set defined in Table 3 on 19 feature set, seven important features are selected, called as secondary feature set. These feature sets are further processed using given rule set in Algorithm 1 for detection of Sleep Attack in WSN. It is also mentioned that these rule sets and their threshold values may be changed according to the need and the environment of the network i.e. PAN-0 to PAN-3.
4.2 Support Vector Machine
For the development of an efficient detection system for denial of sleep attack, normally classifier SVM is used. It is worth mentioning that SVM provides outstanding performance among are available tools [50,51,52,53,54,55]. Support vector machine is broadly adopted for solving the learning, prediction and classification type of problem. The separation of two classes using SVM classifier is shown in Fig. 5.
Separation of two classes with SVM
Note: mTSR Traffic Received/Traffic Sent, mTRR MAC data Traffic Received, E2ED End to End Delay, mDelay MAC Delay, mmdelay MAC Media Access Delay, mThr MAC Throughput, NPDR Network layer Packet Drop.
SVM was initially developed by a research group of Corinna and Vapnik [56] for variety of problem based on learning, prediction type or classification type [43]. Initially, SVM is used for binary classification problem that is used to characterize two different classes using a hyper plane having many numbers of support vectors as shown in Fig. 5. SVM uses the concept of learning and kernel functions. The widely used kernel functions are (1) linear kernel function, (2) polynomial kernel function, (3) quadratic kernel function, (4) radial basis kernel function and (5) multi-layer perceptron kernel Function. The brief explanation of each kernel function is shown in Table 5.
It is worth mentioning that the present work implied three kernel functions i.e. linear, radial and sigmoidal for the designing of an intrusion detection engine. Seven important and secondary features are extracted and following rule sets are created or produced. But these rule sets and their threshold values may be changed according to the need and the environment of the network in Sect. 4.2.
4.3 Training and Testing Data Bifurcation
Exhaustive experiments are carried out for the adequate selection of training and testing dataset. After reduction of noisy and useless data sets for training purpose 1190 data is qualified. In this work 10:1 ratio is used for training and testing of the data containing different types of sets. The performance of training and testing is described in Tables 6 and 7 respectively. The training data set used for development of intrusion detection engine for denial of sleep attack using different kernel functions (linear, radial and sigmoidal) are given in Table 6. It is well known that the performance of SVM depends on the optimum value of cost and gamma parameters (C,\(\upgamma\)). The varying values of cost and gamma parameters (C, \(\upgamma\)) to stabilize the outputs are also reported in Table 7.
From Table 6, it is observed that the linear kernel function takes maximum CPU burst time to complete the execution of instruction. Similarly radial function takes more time with respect to the sigmoid kernel function but less than the linear kernel function. It is worth mentioning that the sigmoid kernel function takes minimum CPU burst time to execute the instruction as per conclusion obtained from the Table 6. The minimum training time for SVM based intrusion detection engine is 0.211 s for the value set of (0.50, 0.50) and the parameters (C,\(\upgamma\)) which is highlighted in Table 6.
The testing data set used for development of intrusion detection engine for denial of sleep attack using different kernel functions (linear, radial and sigmoidal) are given in Table 7.
From Table 7, it is observed that the accuracy is reported highest in Radial function with cost and gamma parameter 2 and 1 subsequently. The model file generated during the training for the above values will become the detection engine. Table 8 is about the validation of accuracy of proposed IDS system. Proposed model’s performance is better than the previous models.
5 Results and Discussion
From Sects. 5.1 to 5.8, we are discussing about the performance comparison of the wireless sensor network system without attack and when denial of sleep attack is applied. Blue color coding for the graphs from Figs. 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 and 16 is about the performance of various parameters when there is no attack on the system. Red color coding for the graphs from Figs. 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 and 16 is about the performance of various parameters when there is denial of sleep attack applied on the system. X axis is the simulation time which is stated already in simulation setup section and total simulation time is 900 min of simulation, for the denial of service attack to generate the raw data and Y axis is the respective parameters. This raw data is used for the development of inference engine in Sect. 4. After the execution of extensive experiments using proposed model on selected seven features set namely mTSR, mTRR, E2ED, mDelay, mmdelay, mThrand NPDR, the obtained results are given below one by one.
MAC data traffic received for the network. (Color figure online)
MAC delay observed in network with and without denial of sleep attack. (Color figure online)
MAC management traffic received for the network with and without denial of sleep attack. (Color figure online)
MAC management traffic sent for the network with and without denial of sleep attack. (Color figure online)
MAC media access delay for the network with and without denial of sleep attack. (Color figure online)
MAC throughput for the network with and without denial of sleep attack. (Color figure online)
END to END delay in PAN-0 with and without denial of sleep attack. (Color figure online)
END to END delay in PAN-1 with and without denial of sleep attack. (Color figure online)
END to END delay in PAN-2 with and without denial of sleep attack. (Color figure online)
END to END delay in PAN-3 with and without denial of sleep attack. (Color figure online)
Network layer packet drop with and without denial of sleepattack. (Color figure online)
5.1 MAC Data Traffic Received
Figure 6 shows the result for MAC data traffic received by the overall network with and without denial of sleep attack. From the simulated and collected statistics the overall improvement in the MAC data traffic received in the network is observed 117.42% which is an insane increment in the unattended network that totally depends upon the battery back. This extra data is a result of repudiation of sleep attack on the network. In sensor networks less possible is considered. Y axis is MAC data traffic received which is given in bits/seconds.
5.2 MAC Delay
Figure 7 shows the MAC delay observed in the network with and without repudiation of sleep attack. The average delay observed in the network while applying the repudiation of sleep attack is 101.2153986. Increment in delay will lead to the poor performance of the given network. Y-axis is MAC delay which is measured in seconds.
5.3 MAC Management Traffic Received
Figure 8 shows the MAC management traffic received for the establishment of the network and finding the route towards the sink. From the result generated during the simulation it is observed that MAC management traffic received is increasing with the ratio of 102.2085. Y axis is MAC management traffic received which is measured in bits/s.
5.4 MAC Management Traffic Sent
Figure 9 shows the MAC management traffic received forthe establishment of the network and finding the route towards the sink. From the result generated during the simulation it is observed that MAC management traffic received is increasing with the ratio of 102.5171. From Figs. 8 and 9, the traffic received and traffic sent ratio is observed as 1166.98. The ratio should be near about the same for MAC management traffic sent and received. Y axis is MAC management traffic sent which is measured in bits/seconds.
5.5 MAC Media Access Delay
Figure 10 shows the MAC media access delay is observed in the network with and without denial of sleep attack. The average delay observed in the network while applying the denial of sleep attack is 104.17. Increment in delay will lead to the poor performance of the given network. Y axis is MAC media access delay which is measured in seconds.
The average delay observed in the network while applying the denial of sleep attack is 104.17. Increment in delay will lead to the poor performance of the given network.
5.6 MAC Throughput
Figure 11 shows the throughput of the network with and without denial of sleep attack. The throughput ratio observed is slightly decrementing and value is 94.06145. Y axis is MAC throughput which is measured in bits/s.
5.7 End to End Delay in PAN-0/PAN-1/PAN-2/PAN-3
Figures 12, 13, 14 and 15 shows the End to End Delay in Pan 0/PAN1/PAN2/PAN3 or Zone 0/Zone1/Zone2/Zone3. Y axis is end to end delay which is measured in seconds.
5.8 Network Layer Packet Drop
Figure 16 shows the network layer packet drop with and without denial of sleep attack. The packet drop ratio is observed as 102.54%. i.e., increment of 2.54% comparison to previous result. Y axis is about the packet drop during transmission (size of packet is 1024 byte) and it is measured in terms of packets.
Table 9 shows the final findings and outcomes in the nutshell and comparative analysis of performances for selected seven features set by study performed by Mukkamala and Sung [50]. The comparisons are made on the basis of ratio, which is computed by the help of expression given in Eq. 4.
6 Conclusion
This research is carried out for the security of wireless sensor network, when denial of sleep attack is applied to the network. The propose work has been simulated under the environment of Opnet modeler 17.5 and raw data is generated for noisy environment. Further, a set of 19 features are extracted and redundant data is removed from the dataset. The performance of network with and without attack is deduced and measured comparatively. Association rule set is formulated for training and testing of dataset is conducted with support vector machine. Accuracy of the system is highest at the radial function. Model file generated for the function where accuracy is reported highest and stabilized and it is also used as detection engine for the denial of sleep attack.
References
Manju, V. C., Lekha, S. S., & Kumar, M. S. (2013). Mechanisms for detecting and preventing denial of sleep attacks on wireless sensor networks. In 2013 IEEE conference on information & communication technologies (pp. 74–77). IEEE.
Raymond, D. R., Marchany, R. C., Brownfield, M. I., & Midkiff, S. F. (2008). Effects of denial-of-sleep attacks on wireless sensor network MAC protocols. IEEE Transactions on Vehicular Technology,58(1), 367–380.
Frunza, M., & Scripcariu, L. (2007). Improved RSA encryption algorithm for increased security of wireless networks. In 2007 International symposium on signals, circuits and systems (Vol. 2, pp. 1–4). IEEE.
Udgata, S. K., Mubeen, A., & Sabat, S. L. (2011). Wireless sensor network security model using zero knowledge protocol. In 2011 IEEE international conference on communications (ICC) (pp. 1–5). IEEE.
Noroozi, E., & Kadivar, J. (2010). Energy analysis for wireless sensor networks. In 2010 2nd international conference on mechanical and electronics engineering (Vol. 2, pp. V2–382). IEEE.
Raymond, D. R., & Midkiff, S. F. (2007). Clustered adaptive rate limiting: Defeating denial-of-sleep attacks in wireless sensor networks. In MILCOM 2007-IEEE military communications conference (pp. 1–7). IEEE.
Vasserman, E. Y., & Hopper, N. (2011). Vampire attacks: Draining life from wireless ad hoc sensor networks. IEEE Transactions on Mobile Computing,12(2), 318–332.
Hu, Y. C., Perrig, A., & Johnson, D. B. (2003). Packet leashes: a defense against wormhole attacks in wireless networks. In IEEE INFOCOM 2003. Twenty-second annual joint conference of the ieee computer and communications societies (IEEE Cat. No. 03CH37428) (Vol. 3, pp. 1976–1986). IEEE.
Peres, M., Chalouf, M. A., & Krief, F. (2011). On optimizing energy consumption: An adaptative authentication level in wireless sensor networks. In Global information infrastructure symposium-GIIS 2011 (pp. 1–8). IEEE.
Hsueh, C. T., Wen, C. Y., & Ouyang, Y. C. (2015). A secure scheme against power exhausting attacks in hierarchical wireless sensor networks. IEEE Sensors Journal,15(6), 3590–3602.
Ebinger, P., & Bißmeyer, N. (2009). TEREC: Trust evaluation and reputation exchange for cooperative intrusion detection in MANETs. In 2009 seventh annual communication networks and services research conference (pp. 378–385). IEEE.
Zheng, S., & Baras, J. S. (2011). Trust-assisted anomaly detection and localization in wireless sensor networks. In 2011 8th annual IEEE communications society conference on sensor, mesh and ad hoc communications and networks (pp. 386–394). IEEE.
Mao, Y. (2010). A semantic-based intrusion detection framework for wireless sensor network. In INC2010: 6th international conference on networked computing (pp. 1–5). IEEE.
Misra, S., Krishna, P. V., & Abraham, K. I. (2010). Energy efficient learning solution for intrusion detection in wireless sensor networks. In 2010 2nd international conference on communication systems and networks (COMSNETS 2010) (pp. 1–6). IEEE.
Crosby, G. V., Hester, L., & Pissinou, N. (2011). Location-aware, trust-based detection and isolation of compromised nodes in wireless sensor networks. IJ Network Security,12(2), 107–117.
Chen, R. C., Hsieh, C. F., & Huang, Y. F. (2010). An isolation intrusion detection system for hierarchical wireless sensor networks. JNW,5(3), 335–342.
Chen, R. C., Haung, Y. F., & Hsieh, C. F. (2010). Ranger intrusion detection system for wireless sensor networks with Sybil attack based on ontology. In New aspects of applied informatics, biomedical electronics and informatics and communications.
Mamun, M. S. I., & Kabir, A. S. (2010). Hierarchical design based intrusion detection system for wireless ad hoc sensor network. International Journal of Network Security & Its Applications (IJNSA),2(3), 102–117.
Yan, K. Q., Wang, S. C., & Liu, C. W. (2009). A hybrid intrusion detection system of cluster-based wireless sensor networks. In Proceedings of the international multiconference of engineers and computer scientists (Vol. 1, pp. 18–20).
Atakli, I. M., Hu, H., Chen, Y., Ku, W. S., & Su, Z. (2008). Malicious node detection in wireless sensor networks using weighted trust evaluation. In Proceedings of the 2008 Spring simulation multiconference (pp. 836–843). Society for Computer Simulation International.
Huo, G., & Wang, X. (2008). DIDS: A dynamic model of intrusion detection system in wireless sensor networks. In 2008 international conference on information and automation (pp. 374–378). IEEE.
Techateerawat, P., & Jennings, A. (2006). Energy efficiency of intrusion detection systems in wireless sensor networks. In 2006 IEEE/WIC/ACM international conference on web intelligence and intelligent agent technology workshops (pp. 227–230). IEEE.
Zhang, Y., & Lee, W. (2000). Intrusion detection in wireless ad-hoc networks. In Proceedings of the 6th annual international conference on mobile computing and networking (pp. 275–283). ACM.
Bhargava, S., & Agrawal, D. P. (2001). Security enhancements in AODV protocol for wireless ad hoc networks. In IEEE 54th vehicular technology conference. VTC Fall 2001. Proceedings (Cat. No. 01CH37211) (Vol. 4, pp. 2143–2147). IEEE.
Huang, Y. A., & Lee, W. (2003). A cooperative intrusion detection system for ad hoc networks. In Proceedings of the 1st ACM workshop on security of ad hoc and sensor networks (pp. 135–147). ACM.
Hamid, Y., Shah, F. A., & Sugumaran, M. (2019). Wavelet neural network model for network intrusion detection system. International Journal of Information Technology,11(2), 251–263.
Song, C., & Zhang, Q. (2009). OMH–suppressing selfish behavior in ad hoc networks with one more hop. Mobile Networks and Applications,14(2), 178–187.
Yan, Z., Zhang, P., & Virtanen, T. (2003). Trust evaluation based security solution in ad hoc networks. In Proceedings of the 7th Nordic workshop on secure IT systems (Vol. 14).
Razak, S. A., Furnell, S., Clarke, N., & Brooke, P. (2006). A two-tier intrusion detection system for mobile ad hoc networks–a friend approach. In International conference on intelligence and security informatics (pp. 590–595). Springer, Berlin.
Rebahi, Y., Mujica-V, V. E., & Sisalem, D. (2005). A reputation-based trust mechanism for ad hoc networks. In 10th IEEE symposium on computers and communications (ISCC’05) (pp. 37–42). IEEE.
Razak, S. A., Furnell, S. M., Clarke, N. L., & Brooke, P. J. (2008). Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks. Ad Hoc Networks,6(7), 1151–1167.
Eschenauer, L., Gligor, V. D., & Baras, J. (2002). On trust establishment in mobile ad-hoc networks. In International workshop on security protocols (pp. 47–66). Springer, Berlin.
Razak, S. A., Samian, N., & Maarof, M. A. (2008). A friend mechanism for mobile ad hoc networks. In 2008 The 4th international conference on information assurance and security (pp. 243–248). IEEE.
Mundinger, J., & Le Boudec, J. Y. (2008). Analysis of a reputation system for mobile ad-hoc networks with liars. Performance Evaluation,65(3–4), 212–226.
Agarwal, M., Purwar, S., Biswas, S., & Nandi, S. (2016). Intrusion detection system for PS-Poll DoS attack in 802.11 networks using real time discrete event system. IEEE/CAA Journal of Automatica Sinica,4(4), 792–808.
Shen, L., Ma, J., Liu, X., Wei, F., & Miao, M. (2016). A secure and efficient id-based aggregate signature scheme for wireless sensor networks. IEEE Internet of Things Journal,4(2), 546–554.
Michalski, R. S., Bratko, I., & Bratko, A. (1998). Machine learning and data mining; methods and applications. New York: Wiley.
Tsai, C. F., Hsu, Y. F., Lin, C. Y., & Lin, W. Y. (2009). Intrusion detection by machine learning: A review. Expert Systems with Applications,36(10), 11994–12000.
Theodoridis, S., & Koutroumbas, K. (2006). Pattern recognition (3rd ed.). Orlando, FL: Academic Press Inc.
Mitchell, T. M. (1997). Does machine learning really work? AI Magazine,18(3), 11.
Manocha, S., & Girolami, M. A. (2007). An empirical analysis of the probabilistic K-nearest neighbour classifier. Pattern Recognition Letters,28(13), 1818–1824.
Hassoun, M. H. (1996). Fundamentals of artificial neural networks. In Proceedings of the IEEE, New York.
Vapnik, V. N. (1999). An overview of statistical learning theory. IEEE Transactions on Neural Networks,10(5), 988–999.
Maglaras, L. A. (2015). A novel distributed intrusion detection system for vehicular ad hoc networks. International Journal of Advanced Computer Science and Applications (IJACSA),6(4), 101–106.
Tiwari, A. (2019). Real-time intrusion detection system using computational intelligence and neural network: Review, analysis and anticipated solution of machine learning. In Information technology and applied mathematics (pp. 153–161). Singapore: Springer.
Narudin, F. A., Feizollah, A., Anuar, N. B., & Gani, A. (2016). Evaluation of machine learning classifiers for mobile malware detection. Soft Computing,20(1), 343–357.
Mao, Q., Hu, F., & Hao, Q. (2018). Deep learning for intelligent wireless networks: A comprehensive survey. IEEE Communications Surveys & Tutorials,20(4), 2595–2621.
Al-Qatf, M., Lasheng, Y., Al-Habib, M., & Al-Sabahi, K. (2018). Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access,6, 52843–52856.
Kim, J., Kim, J., Thu, H. L. T., & Kim, H. (2016). Long short term memory recurrent neural network classifier for intrusion detection. In 2016 international conference on platform technology and service (PlatCon) (pp. 1–5). IEEE.
Mukkamala, S., & Sung, A. H. (2003). Feature selection for intrusion detection with neural networks and support vector machines. Transportation Research Record,1822(1), 33–39.
Mukkamala, S., Sung, A. H., & Abraham, A. (2005). Intrusion detection using an ensemble of intelligent paradigms. Journal of Network and Computer Applications,28(2), 167–182.
Ganyun, L. V., Haozhong, C., Haibao, Z., & Lixin, D. (2005). Fault diagnosis of power transformer based on multi-layer SVM classifier. Electric Power Systems Research,74(1), 1–7.
Çomak, E., Arslan, A., & Türkoğlu, İ. (2007). A decision support system based on support vector machines for diagnosis of the heart valve diseases. Computers in Biology and Medicine,37(1), 21–27.
Zhou, S. M., & Gan, J. Q. (2007). Constructing L2-SVM-based fuzzy classifiers in high-dimensional space with automatic model selection and fuzzy rule ranking. IEEE Transactions on Fuzzy Systems,15(3), 398–409.
Chiang, J. H., & Hao, P. Y. (2004). Support vector learning mechanism for fuzzy rule-based modeling: A new approach. IEEE Transactions on Fuzzy Systems,12(1), 1–12.
Cortes, C., & Vapnik, V. (1995). Support-vector networks. Machine Learning,20(3), 273–297.
Shamsuddin, S. B., & Woodward, M. E. (2008). Applying knowledge discovery in database techniques in modeling packet header anomaly intrusion detection systems. Journal of Software,3(9), 68–76.
Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., & Srivastava, J. (2003). A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the 2003 SIAM international conference on data mining (pp. 25–36). Society for Industrial and Applied Mathematics.
Wang, X., Wong, J. S., Stanley, F., & Basu, S. (2009). Cross-layer based anomaly detection in wireless mesh networks. In 2009 ninth annual international symposium on applications and the internet (pp. 9–15). IEEE.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Mohd, N., Singh, A. & Bhadauria, H.S. A Novel SVM Based IDS for Distributed Denial of Sleep Strike in Wireless Sensor Networks. Wireless Pers Commun 111, 1999–2022 (2020). https://doi.org/10.1007/s11277-019-06969-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-019-06969-9