Intrusion detection system in software defined wireless sensor networks

Abstract

Software defined wireless sensor network (SDWSN) is a network paradigm recently developed for dynamic and secure control of smart devices and the future of Internet of Things. It employs innovation, ease of network management and configuration of software defined networking to address the inherent challenges that wireless sensor networks (WSN) faced due to the decoupling nature of the control and the data planes. However, SDWSN is not immune to the challenges it was designed to solve, specifically, security threats and attacks. In particular, SDWSN does not have the major security component of the network such as middle box and transport layer security which makes it more vulnerable to threats and attacks emanating from network intrusions. Moreover there is no active mechanism in place to monitor the network and make it alert and proactive at all times. This challenge is addressed in this research by proposing an Intrusion Detection System (IDS) for SDWSN using Machine Learning (ML) technique. To identify which ML is more effective and efficient in the detection of threats and attacks, we performed classification experiments using algorithms such as Decision Tree (DT), Support Vector Machine (SVM) and Logistic Regression (LR). These algorithms were used to identify network packets and classify them as normal and anomaly network packets. The experiment was performed in Waikato Environment for Knowledge Analysis (WEKA) using the KDD Cup'99 dataset with 18 selected features. The obtained results show that SVM model is the most effective ML algorithm followed by DT in terms of detection rate of both the normal and anomaly instances. On the basis of efficiency, DT produced 77.43% and 22.57% accuracy for correct and incorrect classification respectively as well as minimum time for classification in both training and testing. From these results, we conclude that DT is more efficient and effective in the detection of network intrusions in real-time so that the SDWSN can at all time be alert and proactive. This research produced an IDS framework for SDWSN based on DT model. The researchers defined the IDS components and discussed the functioning of each components that contribute to ensuring that only non-malicious packets are allowed into the SDWSN. This was achieved by monitoring the network resources and being able to identify and block any form of intrusions and attacks. Security is an important component of the network. Therefore, it is important that the network is alerted and proactive at all time to avoid violation of integrity, confidentiality and availability or cases of network failure due to attacks by intruders. The essence is to ensure that the SDWSN is secured and dependable. Moreover, the researchers also recommended similar study on other ML algorithms and the actual implementation of the IDS in a real-world SDWSN.