MPOID: Multi-protocol Oriented Intrusion Detection Method for Wireless Sensor Networks

Abstract

It is very difficult to detect intrusions in wireless sensor networks (WSN), because of the dynamic network topology and diverse routing protocols. Traditional Intrusion Detection Systems (IDS) for WSN only focus attention on a specified routing protocol, which lacks universality and flexibility. To solve the problem of multi-protocol intrusion detection, this paper proposes a universal method: MPOID (Multi-Protocol Oriented Intrusion Detection). Our work can generate all the attack types for any routing protocol of WSN, furthermore, part of which can be detected with the automatically generated rules accurately. In this work, we formalize the routing protocol with the Process Algebra for Wireless Mesh Networks (AWN) language, and then classify all the potential attacks into four categories according to four original purposes. Beginning from the original purpose, we can generate all the attack targets, attack traces and attack types. What's more, if the protocol process do not use local variables in the key variable assignment, we can also generatethe detection rules for this attack type. Our case study of ADOV (Ad hoc On-demand Distance Vector) protocol shows that our method generated all types of attacks, which outperforms other work. Our further theoretical analysis verifies that our detection rules could detect the corresponding attack types as we claimed. In conclusion, the MPOID method could be used as a flexible and universal tool to analyze and detect attack types for multi-protocol in WSN effectively.