A framework for identifying compromised nodes in wireless sensor networks

Qing Zhang, Ting Yu, Peng Ning

Research output: Contribution to journalArticle

57 Citations (Scopus)

Abstract

Sensor networks are often subject to physical attacks. Once a node's cryptographic key is compromised, an attacker may completely impersonate it and introduce arbitrary false information into the network. Basic cryptographic mechanisms are often not effective in this situation. Most techniques to address this problem focus on detecting and tolerating false information introduced by compromised nodes. They cannot pinpoint exactly where the false information is introduced and who is responsible for it. In this article, we propose an application-independent framework for accurately identifying compromised sensor nodes. The framework provides an appropriate abstraction of application-specific detection mechanisms and models the unique properties of sensor networks. Based on the framework, we develop alert reasoning algorithms to identify compromised nodes. The algorithm assumes that compromised nodes may collude at will. We show that our algorithm is optimal in the sense that it identifies the largest number of compromised nodes without introducing false positives. We evaluate the effectiveness of the designed algorithm through comprehensive experiments.

Original languageEnglish
Article number12
JournalACM Transactions on Information and System Security
Volume11
Issue number3
DOIs
Publication statusPublished - 1 Mar 2008
Externally publishedYes

Fingerprint

Wireless sensor networks
Sensor networks
Sensor nodes
Experiments

Keywords

  • Intrusion detection
  • Sensor networks

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

A framework for identifying compromised nodes in wireless sensor networks. / Zhang, Qing; Yu, Ting; Ning, Peng.

In: ACM Transactions on Information and System Security, Vol. 11, No. 3, 12, 01.03.2008.

Research output: Contribution to journalArticle

@article{7fe6cacc2a3d44a88da7b5be74e55a08,
title = "A framework for identifying compromised nodes in wireless sensor networks",
abstract = "Sensor networks are often subject to physical attacks. Once a node's cryptographic key is compromised, an attacker may completely impersonate it and introduce arbitrary false information into the network. Basic cryptographic mechanisms are often not effective in this situation. Most techniques to address this problem focus on detecting and tolerating false information introduced by compromised nodes. They cannot pinpoint exactly where the false information is introduced and who is responsible for it. In this article, we propose an application-independent framework for accurately identifying compromised sensor nodes. The framework provides an appropriate abstraction of application-specific detection mechanisms and models the unique properties of sensor networks. Based on the framework, we develop alert reasoning algorithms to identify compromised nodes. The algorithm assumes that compromised nodes may collude at will. We show that our algorithm is optimal in the sense that it identifies the largest number of compromised nodes without introducing false positives. We evaluate the effectiveness of the designed algorithm through comprehensive experiments.",
keywords = "Intrusion detection, Sensor networks",
author = "Qing Zhang and Ting Yu and Peng Ning",
year = "2008",
month = "3",
day = "1",
doi = "10.1145/1341731.1341733",
language = "English",
volume = "11",
journal = "ACM Transactions on Information and System Security",
issn = "1094-9224",
publisher = "Association for Computing Machinery (ACM)",
number = "3",

}

TY - JOUR

T1 - A framework for identifying compromised nodes in wireless sensor networks

AU - Zhang, Qing

AU - Yu, Ting

AU - Ning, Peng

PY - 2008/3/1

Y1 - 2008/3/1

N2 - Sensor networks are often subject to physical attacks. Once a node's cryptographic key is compromised, an attacker may completely impersonate it and introduce arbitrary false information into the network. Basic cryptographic mechanisms are often not effective in this situation. Most techniques to address this problem focus on detecting and tolerating false information introduced by compromised nodes. They cannot pinpoint exactly where the false information is introduced and who is responsible for it. In this article, we propose an application-independent framework for accurately identifying compromised sensor nodes. The framework provides an appropriate abstraction of application-specific detection mechanisms and models the unique properties of sensor networks. Based on the framework, we develop alert reasoning algorithms to identify compromised nodes. The algorithm assumes that compromised nodes may collude at will. We show that our algorithm is optimal in the sense that it identifies the largest number of compromised nodes without introducing false positives. We evaluate the effectiveness of the designed algorithm through comprehensive experiments.

AB - Sensor networks are often subject to physical attacks. Once a node's cryptographic key is compromised, an attacker may completely impersonate it and introduce arbitrary false information into the network. Basic cryptographic mechanisms are often not effective in this situation. Most techniques to address this problem focus on detecting and tolerating false information introduced by compromised nodes. They cannot pinpoint exactly where the false information is introduced and who is responsible for it. In this article, we propose an application-independent framework for accurately identifying compromised sensor nodes. The framework provides an appropriate abstraction of application-specific detection mechanisms and models the unique properties of sensor networks. Based on the framework, we develop alert reasoning algorithms to identify compromised nodes. The algorithm assumes that compromised nodes may collude at will. We show that our algorithm is optimal in the sense that it identifies the largest number of compromised nodes without introducing false positives. We evaluate the effectiveness of the designed algorithm through comprehensive experiments.

KW - Intrusion detection

KW - Sensor networks

UR - http://www.scopus.com/inward/record.url?scp=41549167232&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=41549167232&partnerID=8YFLogxK

U2 - 10.1145/1341731.1341733

DO - 10.1145/1341731.1341733

M3 - Article

VL - 11

JO - ACM Transactions on Information and System Security

JF - ACM Transactions on Information and System Security

SN - 1094-9224

IS - 3

M1 - 12

ER -