TY - GEN
T1 - A dynamic graph-based cluster ensemble approach to detect security attacks in surveillance network
AU - Thomas, Diya
PY - 2021
Y1 - 2021
N2 - Wireless sensor networks (WSNs) are underlying network infrastructure for a variety of mission-critical surveillance applications. The network should be tolerant of unexpected failures of sensor nodes to meet the Quality of Service (QoS) requirements of these applications. One major cause of failure is active security attacks such as Denial of Service (DoS) attacks. This paper models the problem of detecting such attacks as an anomaly detection problem in a dynamic graph. The problem is addressed by employing a voting based cluster ensemble approach called the K-Means Spectral and Hierarchical ensemble (KSH) approach. The experimental result shows that KSH detected DoS attacks with better accuracy when compared to baseline approaches. sectionIntroduction and Motivation WSNs play a vital role in a variety of mission-critical surveillance applications, such as military surveillance. These applications demand different QoS, such as energy efficiency, coverage, and connectivity from the underlying network. To meet these QoS requirements, WSNs should be tolerant of sensor node failures. Active security attacks such as DoS attacks are one major cause of such failures. The famous Maroochy water treatment and Ukrainian power grid attacks are good instances of active security attacks over wireless sensor networks. Active security attacks are more dangerous in terms of severity it creates in the network. For instance, such an attack on WSNs deployed for military surveillance applications can lead to physical intrusions to happen without being undetected. WSNs are prone to such attacks due to its inherent constraints such as limited bandwidth, lack of tamper-proof hardware, and lack of physical line of defense such as Firewalls. Cryptographic solutions are one commonly used method in the literature to address these attacks. But, such solutions are not a viable option to detect attacks in resource constraint WSNs. A lightweight and energy-efficient intru-sion detection system can form a second line of defense in cases where such a solution fails. This paper proposes a lightweight graph-based intrusion detection system to detect active security attacks in the network. A graph model is an efficient way to represent complex relationships in the dataset. In [3], a static graph model is used to represent the sensor data. Anomalies are identified based on the spatial correlation. A graph-based spectral clustering approach on sensor data is proposed in [2]. MIDAS and MIDAS-R proposed in [4] are currently the two well-known approaches used to identify abrupt changes in a dynamic graph (representing social network). A thresholdbased scheme is applied to the graph data to detect the anomaly. In contrast to other approaches, the KSH utilizes a novel dynamic graph model that captures the spatial and temporal network changes caused by the attack. The remaining sections of this paper are organized as follows. Section 2 formulate the problem and elaborates in detail our proposed secure intrusion (anomaly) detection approach. The experiment conducted and the result obtained are discussed in Section 3. Finally, Section 4 concludes the paper.
AB - Wireless sensor networks (WSNs) are underlying network infrastructure for a variety of mission-critical surveillance applications. The network should be tolerant of unexpected failures of sensor nodes to meet the Quality of Service (QoS) requirements of these applications. One major cause of failure is active security attacks such as Denial of Service (DoS) attacks. This paper models the problem of detecting such attacks as an anomaly detection problem in a dynamic graph. The problem is addressed by employing a voting based cluster ensemble approach called the K-Means Spectral and Hierarchical ensemble (KSH) approach. The experimental result shows that KSH detected DoS attacks with better accuracy when compared to baseline approaches. sectionIntroduction and Motivation WSNs play a vital role in a variety of mission-critical surveillance applications, such as military surveillance. These applications demand different QoS, such as energy efficiency, coverage, and connectivity from the underlying network. To meet these QoS requirements, WSNs should be tolerant of sensor node failures. Active security attacks such as DoS attacks are one major cause of such failures. The famous Maroochy water treatment and Ukrainian power grid attacks are good instances of active security attacks over wireless sensor networks. Active security attacks are more dangerous in terms of severity it creates in the network. For instance, such an attack on WSNs deployed for military surveillance applications can lead to physical intrusions to happen without being undetected. WSNs are prone to such attacks due to its inherent constraints such as limited bandwidth, lack of tamper-proof hardware, and lack of physical line of defense such as Firewalls. Cryptographic solutions are one commonly used method in the literature to address these attacks. But, such solutions are not a viable option to detect attacks in resource constraint WSNs. A lightweight and energy-efficient intru-sion detection system can form a second line of defense in cases where such a solution fails. This paper proposes a lightweight graph-based intrusion detection system to detect active security attacks in the network. A graph model is an efficient way to represent complex relationships in the dataset. In [3], a static graph model is used to represent the sensor data. Anomalies are identified based on the spatial correlation. A graph-based spectral clustering approach on sensor data is proposed in [2]. MIDAS and MIDAS-R proposed in [4] are currently the two well-known approaches used to identify abrupt changes in a dynamic graph (representing social network). A thresholdbased scheme is applied to the graph data to detect the anomaly. In contrast to other approaches, the KSH utilizes a novel dynamic graph model that captures the spatial and temporal network changes caused by the attack. The remaining sections of this paper are organized as follows. Section 2 formulate the problem and elaborates in detail our proposed secure intrusion (anomaly) detection approach. The experiment conducted and the result obtained are discussed in Section 3. Finally, Section 4 concludes the paper.
UR - http://www.scopus.com/inward/record.url?scp=85120674352&partnerID=8YFLogxK
M3 - Conference proceeding contribution
AN - SCOPUS:85120674352
SN - 9780994988652
T3 - International Conference on Embedded Wireless Systems and Networks
SP - 1
EP - 2
BT - International Conference on Embedded Wireless Systems and Networks, EWSN 2021
A2 - Huang, Polly
A2 - Zuniga, Marco
A2 - Xing, Guoliang
A2 - Petrioli, Chiara
PB - Association for Computing Machinery
CY - New York, NY
T2 - International Conference on Embedded Wireless Systems and Networks, EWSN 2021
Y2 - 17 February 2021 through 19 February 2021
ER -