Real Time Intrusion And Wormhole Attack Detection In Internet Of Things
Attacks on computers and data networks have become a daily and complicated issue. Intrusion detection has shifted its attention from hosts and operating systems to networks and has become how to produce a way of security to those networks. The aim of intrusion detection is to detect misuse and unauthorized use of the computer systems by internal and external elements. Typically, Intrusion Detection Systems allow statistical anomaly and rule-based misuse models to detect intrusions as the behavior of the intruding element is taken into account to vary from the authorized user behavior.
In this study, we implement a system whereby we can easily detect some sorts of intrusion attacks and even more specifically, wormhole attacks. We do this specifically in the case of systems operating under the principle of the Internet-of-Things paradigm.
1.1 BACKGROUND OF THE STUDY
We live in a dynamic and data based world which is connected through a set of networks. As with any other structure, there is potential for vulnerability and intrusion of such spaces. Hence, the need to create a technological way to detect and possibly find solutions to these breaches.
Generally, machine learning has had its applications in image and speech recognition, general prediction and even online fraud detection. We are going to use the features and the structure of machine learning concepts to solve issues of wormhole intrusion and vulnerabilities.
The most common intrusion issues or attacks dealt with in an intrusion system include;
- Black hole: This happens when all traffic coming in is redirected to a specific node which in that case may not forward any traffic at all.
- Wormhole Attack: Wormhole attack is a grave attack in which two attackers locate themselves strategically in the network. Then the attackers keep on listening to the network, and record the wireless information.
- Routing loop: A loop of operations may be utilized in a route path thereby making no progress.
- Network partition: In this case, the nodes on different sub networks cannot communicate even though a route between them actually exists and a connected network is partitioned into k( k>=2) sub networks
- Selfishness: This occurs when a node does not serve as a relay to other nodes.
- Sleep deprivation: The battery power of a node is forced to work till it is exhausted.
- Denial-of-Service: In this case, the source node is denied network services of sending and receiving data packets.
wormhole intrusion detection systems (NIDS) are typically placed at a strategic point or points within the network so as to monitor traffic to and from all devices on the network. It performs an analysis of passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator. An example of an NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall. In an ideal case, one would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. OPNET and NetSim are commonly used tools for simulating wormhole intrusion detection systems. NID Systems are also capable of comparing signatures for similar packets to link and drop harmful detected packets which have a signature matching the records in the NIDS. When we classify the design of the NIDS according to the system interactivity property, there are two types: on-line and off-line NIDS, often referred to as inline and tap mode, respectively. On-line NIDS deals with the network in real time. It analyses the Ethernet packets and applies some rules, to decide if it is an attack or not. Off-line NIDS deals with stored data and passes it through some processes to decide if it is an attack or not.
NIDS can be also combined with other technologies to increase detection and prediction rates. Artificial Neural Network based IDS are capable of analyzing huge volumes of data, in a smart way, due to the self-organizing structure that allows INS IDS to more efficiently recognize intrusion patterns.Neural networks assist IDS in predicting attacks by learning from mistakes; INN IDS help develop an early warning system, based on two layers. The first layer accepts single values, while the second layer takes the first’s layers output as input; the cycle repeats and allows the system to automatically recognize new unforeseen patterns in the network. This system can average 99.9% detection and classification rate, based on research results of 24 network attacks, divided in four categories: DOS, Probe, Remote-to-Local, and user-to-root.
The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis.
- Signature-based detection: Signature-based IDS monitors packets in the Network and compares with pre-configured and pre-determined attack patterns known as signatures.
- Statistical anomaly-based detection: An IDS which is anomaly-based will monitor network traffic and compare it against an established baseline. The baseline will identify what is “normal” for that network – what sort of bandwidth is generally used and what protocols are used. It may however, raise a False Positive alarm for legitimate use of bandwidth if the baselines are not intelligently configured.
- Stateful protocol analysis detection: This method identifies deviations of protocol states by comparing observed events with “pre-determined profiles of generally accepted definitions of benign activity”.
MOTIVATION OF THE STUDY
The study is motivated by the urgent need to combat network security issues in our present data and information intensive livelihoods. Another angle is to exploit the complex process of machine learning algorithms for network security.
AIMS AND OBJECTIVES OF THE STUDY
The aims and objectives of this study include;
- To discover unauthorized access to a computer network
- To analyze traffic on a computer network to obtain signs of malicious activity
- To build a predictive model through machine learning which is capable of distinguishing between intrusions, attacks or normal network connections and activities.
- In addition to the above, detecting and repelling wormhole attack
OUTLINE OF METHODOLOGY
SCOPE OF THE STUDY
The study covers a typical small home network system which can then be scaled up in future.
SIGNIFICANCE OF THE STUDY
The study is very significant in studying, analyzing and postulating more efficient and trustworthy ways of preventing and solving data security issues.
ORGANISATION OF THE PROJECT
The project is organized such that; Chapter One gives a brief introduction in form of the Background of the Study of wormhole intrusion detection Systems. In Chapter Two, we have a broad look at the related implementations of wormhole intrusion detection Systems. Chapter Three examines the System Architecture, the system design and analysis. Chapter Four presents the implementation of the project using necessary programming languages and development models. It also presents the result of testing carried out. Chapter Five rounds off the project work with the summary, conclusions and recommendations for future works.