An Instance⁃Learning⁃Based Intrusion⁃Detection System for Wireless Sensor Networks

[Abstract] This paper proposes an instance⁃learning⁃based intrusion⁃detection system (IL⁃IDS) for wireless sensor networks (WSNs). The goal of the proposed system is to detect routing attacks on a WSN. Taking an existing instance⁃learning algorithm for wired networks as our basis, we propose IL⁃IDS for handling routing security problems in a WSN. Attacks on a routing protocol for a WSN include black hole attack and sinkhole attack. The basic idea of our system is to differentiate the changes between secure instances and attack instances. Considering the limited resources of sensor nodes, the existing algorithm cannot be used directly in a WSN. Our system mainly comprises four parts: feature vector selection, threshold selection, instance data processing, and instance determination. We create a feature vector form composed of the attributes that changes obviously when an attack occurs within the network. For the data processing in resource⁃constrained sensor nodes, we propose a data⁃reduction scheme based on the clustering algorithm. For instance determination, we provide a threshold⁃selection scheme and describe the concrete⁃instance⁃determination mechanism of the system. Finally, we simulate and evaluate the proposed IL⁃IDS for different types of attacks.

[Keywords] WSN; security; intrusion⁃detection system; instance learning; black hole