13.

Sno
1.

Literature Survey
Year
of
Pub.
2005

Title of Paper
An
Intrusion
Detection
System
for
Wireless
Sensor
Networks
By Ilker Onat
Ali Miri

2.

2007

Key Feature and

Main Features
1. Introduced a detection based
security scheme for wireless
sensor networks.
2. Although sensor nodes have low
computation and communication
capabilities, they have specific properties
such as their stable neighborhood information
that allows for detection of anomalies in
networking
and
transceiver
behaviors of the neighboring
nodes.
3. Introduced a anomaly
based
intrusion
detection
method
(based on parameters Average
Receive Power and Average
Packet Arrival Rate) for wireless
sensor networks suited to their
simple and resource-limited nature
4. To make a sensor node capable of detecting
an intruder a simple dynamic statistical
model of the neighboring nodes is built in
conjunction with a low-complexity detection
algorithm by monitoring received packet
power levels and arrival rates.
1. Presented key features and rules-based

17

Research Gaps
1. To
determine
better
node
features addressing specific
vulnerabilities and to develop
improved detection algorithms
with sensor node capabilities
in mind.
2. Assumes that neighborhood is
stationary
and
does
not
consider
dynamic
neighborhood.
3. Considers Node Impersonation
and Resource Depletion attacks
only. Does not consider other
attacks.

1. Suitable for static WSNs. Key

3.

2007

4.

2007

Rule-based
Intrusion
Detection
for
Wireless
Sensor
Networks By
Haiguang Chen,
Huafeng Wu , Xi
Zhou , Chuanshan
Gao

scheme for WSNs..

2. Investigated different defense rules(Max
Repeat
time
for
message,
Radio
Transmission Range,Collission, Integrity
and Interval Time) and key features(Packet
throughout probability, Number of
neighbors, Change ratio of Route
table,Computation,Storage,Energy)
in
WSNs to build efficient, accurate and
effective Intrusion Detection Systems (IDS).
3. Proposed a moving window function
method to gather the current activity data
4. Proposed a dynamic technique to gather the
amount of message data for IDS
5. Performed rules application to detect some
known attacks fast in WSNs.
6. Used key feature to characterize the behaviors
of WSNs and protect against attacks.

feature and rules-based scheme for

dynamic WSN should be considered.
2. Detects the attacks based on certain rules
and key features. Any deviation from these
features is not considered.

Intrusion
detection
techniques
in
mobile Ad hoc and
wireless
sensor
networks By
Bo
sun
and
lawrence osborne
Design and
Implementation of
an Intrusion
Detection System

1. Introduced two important services of a WSN,

secure aggregation and secure localization,
to illustrate current WSN IDS research efforts.

1. Requires a distributed architecture and

the collaboration of a group of nodes to
make accurate decisions.
2. Attack models must be carefully
established to facilitate the deployment of
IDS strategies.

1. Provided an IDS capable of detecting and

reacting to DoS attacks which can threaten
the availability of a wireless sensor network.
2. Employed an active or proactive means

1. Active IDS implementation involves

improving anomaly detection pattern to
generate a dynamic baseline of network
traffic.

18

for
Wireless
Sensor Networks
By
Dmitriy

of responding to attacks by discontinuing

communications with the offending nodes as
soon as a DoS attack is detected

2. Comparing Information dynamically

against a current measure of network load
to determine the presence of a DoS attack

1. Developed
distributed
algorithms
for
detecting anomalous activity in information
flow patterns in large-scale sensor networks.
2. Used algorithms as building blocks of an
integrated system for intrusion detection,
attack isolation and fully automated
response for assuring WSN survivability and
information flow continuity.
3. Introduced the general guidelines for applying
IDS architectures in static sensor networks
(with no mobile nodes).
4. A novel technique for optimally monitoring
neighbors, called spontaneous watchdogs, is
introduced
5. The data correlation problem and
anomalies of intrusion detection has been
resolved. Algorithm proposes the correlation
mechanism aims at acquiring detection alerts
and relating them together to expose a more
condensed view of security issues.
1. Sensor nodes must be able to configure
themselves in the presence of adverse
situations. Therefore, the nodes should make
use of situation awareness mechanisms to
determine the existence of abnormal events in
their surroundings.
2. Considers a static WSN as a living body; an

1. Suitable for static WSNs. Does not

provide anomaly detection for
dynamic WSN .
2. Can be extended to include all type of
attacks.

Martynov

2008

Data Integrity
And Intrusion
Detection In
Wireless
Sensor Networks
By
Rathanakar
Acharya, Asha. K

6.

2008

Situation
Awareness
Mechanisms for
Wireless Sensor
Networks
By
Rodrigo Roman

19

1. System fulfills important goals

such as total network coverage,
simplicity, usefulness,
extensibility, and
inclusiveness. These goals are
not met completely by the existing
work in the field.

and Javier Lopez

3.
4.

2009

2009

Intrusion
Detection for
Wireless Sensor
Networks Based
on Multi-Agent
and
Refined Clustering
By
WANG Huai-bin
YUAN Zheng
WANG Chundong

1.

Sensor Network
Security: A Survey
By

1.

Xiangqian
Chen, Kia

2.

3.

2.

abnormal situation as a disease; and

associated with any disease, a set of
symptoms that can lead to its diagnosis
By analyzing both diseases and symptoms,
develops
lightweight
awareness
mechanisms.
Considers these awareness mechanisms as a
foundation for high-level monitoring
services and shows how these mechanisms
are included in the blueprint of an intrusion
detection system
Develops a model of multiagent based on
intrusion detection system for wireless
sensor networks, and a new method of
detection called refined clustering
Uses self-organizing map (SOM) neural
network to cluster roughly the samples, and
K-means clustering algorithm is adopted to
refine the clustering.
Develops a Multi-agent mechanism, where
the combination of SOM neural network
and K means algorithm is running to detect
the abnormity of the nodes in the wireless
sensor network, which will make the system
more flexible, more precise and easier to
implement
Identified the threats and vulnerabilities to
WSNs and summarize the defense methods
based on the networking protocol layer
analysis.
Gives a overview of security issues. These

20

2. Mechanisms presented here are

oriented to monitor networks that
are static by nature and does
not consider mobile networks

1. Application
of
distributed
intrusion
detection
system
(DIDS)
and
multi-agent
technology will be a trend in the
future.
2. To improve the algorithm of
detection in order to make the
detection
agent
more
efficiency.

1. Private
key
operations
in
asymmetric
cryptography
schemes are still too expensive
in terms of computation and
energy cost for sensor nodes, and

Makki, Kang
Yen, and Niki
Pissinou

3.
4.

5.
6.

7.

issues are divided into seven categories:

Cryptography, Key management, Attack
detections and preventions, Secure routing,
Secure location security, Secure data
fusion, and other security issues
Cryptography selection is fundamental to
providing security services in WSNs
Integrating the localization of sensors and key
predistribution can provide good security
performance and minimize the effect of node
compromise.
Introduces some normal attack detecting
mechanisms, and describes some special
node compromise detecting methods.
Discusses secure routing algorithms for
WSNs. Many routing algorithms are
reputation based schemes, which rely on
neighbor
nodes
corporation.
Some
approaches utilize the special structure
(cluster WSNs) to balance the computing and
transmission overheads between big nodes
and normal nodes.
Provides secure and reliable location
information in some special applications
under adversaries attacks.

21

still need further studies.

2. Key management and security
mechanisms for mobile WSNs
should be considered and become
a focus of attention.
3. New schemes need to be designed
to secure the base station.
4. A good ideal is that the system
chooses those nodes that have
larger probability to be attacked as
the main monitoring object. How
to implement this idea still
need more work.
5. Most proposed attack-detecting
mechanisms focus on static WSNs,
ignoring
mobility.
Attack
detecting schemes for mobile
WSNs are desirable.
6. Designing
secure
routing
algorithms for mobile WSNs is
complex and current secure
routing algorithms will meet
issues when they are applied in
mobile environments.
7. The
current
cryptography
mechanisms,
such
as
authentication, identification, etc.
may detect and defend against
node compromise in some extent.
Designing secure routing that

can defend against undetected

node compromise is a promising
research area.
8. During the lifetime of a sensor
network, the network topology
changes frequently, and routing
error messages are normally
produced.
Preventing
unauthorized nodes from being
producing this type of message
is important and needs more
studies.
9. Though a lot of protocols are
proposed to secure aggregation,
the design of secure routing
algorithms is still largely open to
research.
10.
Currently,
most
studies
assume aggregators as big nodes.
It is desirable to design a secure
data aggregation scheme in the
environments without big nodes
9

2009

Designing
Intrusion
Detection to
Detect Black hole
and Selective
Forwarding
Attack

1. Introduces a specification based Intrusion

Detection System for wireless sensor
networks
2. The network consists of following four types
of nodes: Malicious Node, Watch dog,
Cluster Head, Normal Node
3. Tries to optimize the local information

22

1. Suitable for static WSNs. Does not

provide anomaly detection for
dynamic WSN

in WSN based on
local Information
by Mukesh Tiwari
& others
10.

2009

11.

2009

12.

2010

State of the
Art on
Defenses
against
Wormhole
Attacks in
Wireless Sensor
Networks By
Thanassis
Giannetsos, Tassos
Dimitriou, Neeli
R. Prasad
Intrusion
Detection in
Sensor Networks
Based on
Measurements
By Leon Reznik
Software
Development for
Malicious Nodes
Discovery in
Wireless Sensor
Network
Security

(information collected by watch dogs) into

global information (decision taken by
cluster head) in order to compensate the
communication pattern in network.
1. Describes the wormhole attack, a severe
routing attack against sensor networks that
is particularly challenging to defend against.
2. Introduces a lightweight IDS framework,
called LIDeA, designed for wireless sensor
networks.
3. LIDeA is based on a distributed
architecture, in which nodes overhear their
neighboring nodes and collaborate with
each other in order to successfully detect an
intrusion.

1. Presents the results of an empirical study of

the intrusion detection methods in wireless
sensor networks (WSN).
2. It intends to verify if networking of
heterogeneous sensors in WSN improves the
system reliability and security.
1. Proposes a new intrusion detection system
approach for assuring the security of a
wireless sensor network against malicious
attacks
2. Focuses on malicious activity discovery and
the design of software solutions for
preventing the insertion of bogus information

23

1. Specific detection rules for the

wormhole attack needs to be
worked on.
2. Suitable for static WSNs. Does not
provide anomaly detection for
dynamic WSN.

1. Suitable for static WSNs. Does not

provide anomaly detection for
dynamic WSN.

1. .Suitable for static WSNs. Does not

provide anomaly detection for
dynamic WSN.
2. To improve the algorithm of
detection in order to have more
efficiency in detection of
attacks.

13.

2010

By
Daniel-Ioan
Curiac, Madalin
Plastoi,

into the network

3. Proposes a powerful intrusion detection
mechanism that could detect and annihilate
the insertion of false data into the network.

An Intrusion
Detection System
for Critical
Information
Infrastructures
Using Wireless
Sensor Network
Technologies
By

1. Presents an Intrusion Detection System

(IDS), which is able to protect a Critical
Infrastructure from attacks directed to its
WSN-based parts.
2. Provides accurate and timely detection of
malicious activities, the proposed IDS
solution ultimately results in a dramatic
improvement in terms of protection, since
opportunities are given for performing proper
remediation/reconfiguration actions, which
counter the attack and/or allow the system to
tolerate it.

Luigi Coppolino,
Salvatore DAntonio

24

1. Suitable for static WSNs. Does not

provide anomaly detection for
dynamic WSN.
2. Experiments are preliminary in
nature and needs more work
need to be done.