Download Latest Version
nbids.zip (4.4 MB)
Get an email when there's a new version of Neighbor-based IDS for TinyOS
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| README.txt | 2010-12-15 | 2.9 kB | |
| nbids.zip | 2010-06-05 | 4.4 MB | |
| Totals: 2 Items | 4.4 MB | 0 |
NEIGHBOR-BASED IDS FOR TINYOS v. 2.1
by Lukáš Folkman, Andriy Stetsko, Vashek Matyáš
The neighbor-based detection technique explores the principle that sensor nodes situated spatially close to each other tend to have a similar behavior. A node is considered malicious if its behavior significantly differs from its neighbors. This intrusion detection system (IDS) is monitoring the presence of selective forwarding, jamming and hello flood attacks and employs the neighbor-based detection technique. The system was designed for and works on the TinyOS operating system running the Collection Tree Protocol. The IDS agents operate as standalone, 1-hop and 2-hop collaborating units. The results show that the our implementation is accurate especially in the case when collaboration among neighboring nodes is used.
Deployment of the IDS
The proposed IDS can be incorporated into any wireless sensor network application. However, its performance depends on the configuration of the IDS and the actual network. The IDS can be configured before compiling by defining macros in the application's MAKEFILE. Description of these configuration options can be found in the MAKEFILE (disabling and enabling of collaboration or low gain monitoring). Furthermore, the detection period, low gain monitoring threshold, maximum number of monitored neighbours and thresholds used in detections can be set in IDS.H.
We only mention here that disabling hardware address recognition is necessary for the IDS to function. Otherwise the transceiver would reject packets that are not destined to it, hence the IDS agent would not be able to monitor its neighbourhood. Disabling hardware address recognition can be done by adding the following rule to the application's MAKEFILE.
CFLAGS += -DCC2420_NO_ADDRESS_RECOGNITION
The path to the IDS source code has to be added there too:
CFLAGS += -I$(IDS_DIR)
Finally, the application can be compiled for Tmote Sky mote or for simulating using TOSSIM. After a node is booted, the IDS starts up – data acquisition of network traffic begins and the first detection is scheduled. DETECTION and ALERTDB channels can be added in order to see detection outputs and alerts while simulation is running in TOSSIM. This is done by calling ADDCHANNEL(CHANNEL, OUTPUT) on the TOSSIM object in C++ or Python source code which manages the simulation. File pointer or standard output can be provided as the output parameter.
C++:
Tossim* t = new Tossim(NULL);
t->addChannel("Detection", stdout);
Python:
>>> t = Tossim([])
>>> t.addChannel("Detection", sys.stdout)
Please, see the TinyOS tutorials and documentation for further information on how to deploy TinyOS applications.
-------------------
This work was supported by the project 102/09/H042 of the Czech Science Foundation and by the project 1M0545 of the Czech Ministry of Education, Youth and Sports.