A robust self-healing and intrusion detection model in software-defined wireless sensor networks

Abstract

Software-defined wireless sensor network (SDWSN) is a networking model that brings software-defined networking (SDN) benefits such as effortlessness, innovation, and flexible network management and configuration to the wireless sensors network (WSN) world. However, the network model is still faced with several challenges in terms of security and reliability. The centralized controller, which is the “brain” of the network, is always the primary target of attacks and poses a single-point failure. A security compromise on the controller can result in access to vital users’ data, and network resources and may bring about the total failure of the SDWSN due to the absence of a robust self-healing ability. Though multi-controllers architecture is the rescuer, they are only cost-effective for large-scale SDN. Moreover, several solutions such as intrusion detection systems (IDS) and fault-tolerance (FT) mechanisms have been proposed and developed. However, research has shown that these solutions are disjointed in terms of implementation. This study considered the existing solutions as not cost-effective and therefore, seek for a viable solution that is both self-healing and attack-aware in the SDWSN. A comprehensive literature review of the FT mechanisms and IDSs has been conducted to bring together the state-of-the-art SDN, WSN, SDWSN, and machine learning algorithms, to gain insight into their challenges, strengths, and weaknesses for improvements. The literature review provided insight into the performances of both the replication scheme in the aspect of FT and the flow-based anomaly detection approach in terms of IDS. This study, therefore, proposed an integrated FT and ID model known as the Fault Tolerance-Intrusion Detection Model to detect faults and intrusions in the SDWSN together. FT and IDS mechanisms utilized the controller - OpenFlow network statistics collection technique to achieve their functions: opf_flow_stats_Request and opf_flow_stats_Reply. The system architecture for each model is designed and their components or functionalities are presented and discussed. In addition, the flow-based anomaly detector is machine learning based and to identify the best algorithm for a resilient controller, empirical analysis using four Machine learning models: support vector machine (SVM), logistic regression (LR), naïve Bayes (NB) and random forest (RF) is performed to determine classification accuracies and time efficiencies. The NSL-KDD dataset is used to train and test the model. Results of the model showed that the RF model outperformed all other models considered with an accuracy of 99% and 0.1 and 0.6 secs for training and testing time respectively, and performed well in terms of classification accuracy. The designed FaToID model was implemented in the SDWSN environment and its performance was evaluated using network latency and throughput with three controllers for FT while a DDoS dataset was used to evaluate the accuracy of the IDS. The simulation results showed a good and improved network delay and throughput for the FT mechanism in POX and default controllers compared to floodlight controllers. Moreover, the ID model showed about 98.7 % detection accuracy, 99.9 % specificity and sensitivity, 97 % precision and recall, and 96.8 % F-measure by the RF-based IDS model. Therefore, for SDWSN to be resilient, a model that incorporates both faults and attack detection must be in place to protect the network from all malicious attacks and unexpected faults that can result in access to network-sensitive resources and even failure. Integrating the proposed FaToID Model into the SDWSN model can significantly increase the dependability and resiliency of the SDWSN