Efficient physical intrusion detection in Internet of Things: A Node deployment approach
Introduction
Internet of Things (IoT) has attracted much research interest from the academia and industry for many critical military and civilian applications, including intrusion detection, surveillance, targeting systems, industrial process monitoring and traffic control [1], [2]. The main idea of IoT is that in the future most of the objects that surround us would be accessible, sensed, and interconnected inside the global, dynamic, living structure of the Internet [2]. In a typical IoT network, the nodes are battery-powered microsystems that embed a variable number of transducers to monitor their surroundings [3]. The nodes also embed a wireless radio and form a wireless network autonomously, through which they communicate their sensed data. Nodes also connect to the internet or to other external networks, and act as gateways to forward the sensed data to remote users.
An IoT network usually incorporates a large number of heterogeneous nodes, e.g., smart meters, cameras, vehicles, while providing untethered access to a variety of data generated by such nodes to deliver new services to improve quality of daily lives. Depending on the particular application, in IoT networks, we can broadly classify data gathering pattern as time driven and event driven. In time driven, each node generates sensory data continuously at a predetermined rate and sends those data to the sink periodically. In contrast, for event driven, a node sends data to the sink once a certain event occurs. Such type of data gathering application is most suited to time-critical applications like, intrusion detection. Among these data gathering patterns, event driven is the most energy efficient and challenging, since the occurrence of events is entirely unpredictable, resulting in arbitrary traffic pattern [4]. Intrusion detection is one of the fundamental applications in IoT and has significant importance in practice. Generally, it is defined as a monitoring system for detecting the existence and movement of any malicious or unexpected intruder that is invading the network domain within pre-defined distance or time period [5]. Typically, to detect a physical intruder, the nodes in the network must be equipped with some means to identify this event in the form of proximity sensors. These proximity sensors are capable of detecting objects within a certain range without coming into physical contact with them. The design of the proximity sensors are done in numerous ways using electromagnetic, inductive, capacitive, photoelectric, thermal or optical sensors to name a few.
An IoT network for intrusion detection can be implemented for diverse security scenarios, ranging from search-and-capture missions (in military scenarios) within a region to a large battlefield [1], [6]. The performance of an Intrusion Detection System (IDS) is measured by how fast the intruder is detected by the nodes [7]. An efficient security system is attained by deploying plenty of nodes. This results in efficient covering of the entire monitored region, making it possible for detection of any intruder once it invades any portion of the secured area. However, such a security system is neither cost effective nor practical. Therefore, a strategy that provides acceptable security performance with least cost is apparently desirable for intrusion detection application in an IoT.
Node deployment strategy plays an imperative role in determining the intrusion detection capability of an IoT network. There are broadly two types of deployment categories in IoT, namely, deterministic deployment and random deployment [8]. In deterministic deployment, the positions of the nodes are pre-specified. The applications use this type of deployment when nodes are expensive or their positions significantly affect their operations. The applications include placing imaging and video sensors, populating an area with highly precise seismic sensors, civil security applications. On the contrary, in random deployment, node deployment takes place randomly, generally in an inaccessible terrain. For example, in the application domain of battlefield monitoring or in forest fire detection, as the monitored region is often dangerous for human beings to access, generally, the dropping of nodes takes place randomly. Under this circumstance, the nodes can be deployed in the monitored area following certain random distribution, such as Uniform distribution [9] and Gaussian distribution [10].
Most research works addressing intrusion detection problem in resource-constrained network including IoT and Wireless Sensor Network (WSN), assume either uniform deployment [9], [11] or Gaussian deployment [10], [12]. A uniform deployment works well for intruders that attack from the boundary of the area under protection, but it cannot provide extra protection to sensitive areas within the network. Most importantly, uniformly deployed IoT network suffers from energy-hole problem [13]. On the contrary, Gaussian deployment can provide differentiated intrusion detection capabilities around the network [12], however, the sensing coverage probability is not satisfactory [14]. It is worth mentioning that there is tight coupling between the sensing coverage probability and the intrusion detection capability of an IoT network and is directly proportional to the immediate detection probability. Further, the Gaussian deployment cannot avoid the energy-hole problem [13]. In this work, to overcome these limitations, we introduce a novel tailor-made Gaussian distribution based node deployment strategy and examine the intrusion detection probability of its resulting IoT network considering a realistic multi-level probabilistic sensing model. Unlike Uniform and Gaussian distributions, tailor-made Gaussian distribution based node deployment strategy alleviates the energy-hole problem, thereby, one can obtain enhanced network lifetime. The main philosophy of the tailor-made Gaussian distribution based node deployment strategy is to deploy nodes in the area of interest following Gaussian distribution with varying standard deviations. We can apply this kind of deployment model in diverse application scenarios with multiple targets. However, to help the reader understand the solution, we consider the following scenario. Let us assume an IoT deployed for monitoring a given area (e.g., a battlefield, a production plant). We have some unwanted moving entities classified as ‘intruders‘ (e.g., vehicles) entering the network area with an intention to perform malicious activities. We want these entities to be detected by the IoT nodes surrounding it. In particular, we need to know as soon as possible when and where a vehicle enters the network area; to know its current position during movement. Contribution The major contributions of this work are as follows:
- •
As an alternative to Uniform and Gaussian distributions, we devise an analytical framework for physical intrusion detection by exploring tailor-made Gaussian distribution based node deployment strategy, and mathematically derive detection probability with respect to network parameters including number of deployed nodes and sensing range.
- •
We next investigate the relationship between the network parameters and the detection capability of the tailor-made Gaussian node deployment, employing both single-sensing and multiple-sensing detection models for homogeneous and heterogeneous IoT networks.
- •
We examine the network coverage and connectivity in a heterogeneous IoT network, and validate theoretical derivations and results by Monte-Carlo simulations.
- •
Finally, we conduct extensive simulation experiments primarily, to validate the correctness of the modeling and analysis. We also evaluate the effectiveness of the tailor-made Gaussian distributed IoT network for intrusion detection. Simulation results show that the proposed approach can significantly increase the detection probability compared to two well-known deployment strategies under the assumed scenarios.
This work is an extended version of our previously published two short works [15], [16]. We extend our prior works in the following aspects: (i) Additional existing works most relevant to our context are summarized and presented in a more structured manner. (ii) In-depth analysis of detection probability employing both single-sensing and multiple-sensing detection models for homogeneous and heterogeneous IoT networks. (iii) We examine the network coverage and connectivity issues, and validate theoretical derivations and results by Monte-Carlo simulation. (iv) We conduct more comprehensive and rigorous experiments on real datasets to validate the correctness of the modeling and analyses.
Organization The rest of this paper is organized as follows: In Section 2, we survey the literatures of intrusion detection techniques. Section 3 presents the system model and definitions considered for the present work. Section 4 examines the intrusion detection probability in a homogeneous IoT, and Section 5 analyzes the intrusion detection probability in a heterogeneous IoT for both single-sensing and multiple-sensing detection models. We examine the network coverage and connectivity issue in a heterogeneous IoT in Section 6. In Section 7, we present the results of a formal complexity analysis of our designed framework. Section 8 presents experimental results under various network configurations. Finally, we conclude the paper with some mention about the future scope in Section 9.
Section snippets
Related work
In the last decade, many intrusion detection (also, known as tracking or object/target detection) techniques were proposed to detect the intruder quickly and use energy efficiently in wireless resource-constrained nodes. Most of the proposed intrusion detection techniques belong to WSN paradigm. Similar to WSN, nodes in IoT play an important role in collecting, sending, and receiving a significant amount of data. Hence, in our work, most of the problems related to the intrusion detection
System model
In this section, we describe the models used in this work. In particular, Section 3.1 presents the network model. Section 3.2 discusses the node deployment model. We then introduce the sensing and detection models in Section 3.3. Section 3.4 presents the intrusion strategy model. We describe the performance evaluation metrics in Section 3.5. Finally, in Section 3.6, we present the network operation model.
Intrusion detection in a homogeneous IoT
In this section, we analyzed the intrusion detection probability in a homogeneous IoT. We derived the detection probability for both single-sensing detection (see Section 4.1) and m-sensing detection (see Section 4.2) models. For theoretical analysis purpose, we build a Cartesian coordinate system as illustrated in Fig. 1. Without loss of generality, (0, 0) is set as the target, and (R, 0)t is the starting position of the intruder at time t. The intruder is moving towards (0, 0) along the x
Intrusion detection in a heterogeneous IoT
In this section, we present the analysis of intrusion detection probabilities for both single sensing (see Section 5.1) and m-sensing (see Section 5.2) detection models. It is worth mentioning that the real world IoT deployments are fundamentally heterogeneous, consisting of IoT devices with different functionalities and connectivity capabilities. As defined in Section 3.1, we assume two types of nodes: Node I and Node II, of numbers N1 and N2, respectively. Without loss of generality, we
Network connectivity analysis
In this section, we discuss the network connectivity of tailor-made Gaussian distributed IoT. The satisfactory performance of any IoT immensely depends on the network connectivity. According to our network model, Theorems 1-12 indicate that the intrusion detection probability of our tailor-made Gaussian distributed IoT depends on the sensing range, number of deployed nodes, intrusion distance and node heterogeneity. Further, given the sensing range, a predefined detection probability and
Complexity analysis
We present the theoretical analysis of our designed framework in this section. Specifically, we first derive the computational complexity of our node deployment method (see Section 3.2) and the same is presented in Lemma 1. Next, we analyze the message complexity of our routing protocol (see Section 3.6). We also analyze the time complexity of our framework by combining the complexities of node deployment and routing protocol. Finally, we analyze the implementation cost of our framework. Lemma 1 The
Experimental evaluation
In this section, we evaluate the effectiveness of the developed analytical model, reported in Sections 4–6, through extensive simulation experiments in both homogeneous and heterogeneous IoT. We compared the performance of our tailor-made Gaussian distributed IoT (LENS) with our main competitors, Gaussian distributed IoT (GINO) [25] and random-uniformly distributed IoT (UNID) [50]. To measure the performance of both the schemes, we use a real-world publicly-available dataset for pedestrian
Conclusion
Node deployment strategy plays a crucial role in determining the intrusion detection capability of an IoT network. In this work, we devised an analytical framework for physical intrusion detection by exploring our introduced deployment strategy in both homogeneous and heterogeneous IoT networks. We next mathematically formulate the detection probability and examine the effect of different network parameters on the detection probability in details. Further, we derived the relationship between
Subir Halder received his M. Tech. and Ph.D. degrees in computer science and engineering from Kalyani Government Engineering College and Indian Institute of Engineering Science and Technology, India in 2006 and 2015, respectively. He is currently a Postdoctoral Researcher at University of Padua, Italy. Prior to that, he was Assistant Professor in the Department of Computer Science and Engineering, Dr. B. C. Roy Engineering College, India. He has co-authored more than 25 papers in international
References (51)
- et al.
Internet of things security: a top-down survey
Comput. Networks
(2018) - et al.
Intrusion detection in a k-gaussian distributed wireless sensor network
J. Parallel Distrib. Comput.
(2011) - et al.
Detect smart intruders in sensor networks by creating network dynamics
Comput. Networks
(2014) - et al.
Energy-efficient relay tracking with multiple mobile camera sensors
Comput. Networks
(2018) - et al.
A comprehensive survey on wireless sensor node hardware platforms
Comput. Networks
(2018) - et al.
An energy-balancing clustering approach for gradient-based routing in wireless sensor networks
Comput Commun
(2012) - et al.
Constructing routing structures for sensor data collection with dynamic traffic patterns
Comput. Netw.
(2018) - et al.
A critical review of practices and challenges in intrusion detection systems for iot: towards universal and resilient systems
IEEE Commun. Surveys Tutor.
(2018) - et al.
LiMCA: an optimal clustering algorithm for lifetime maximization of internet of things
Wire. Netw.
(2018) - et al.
Events privacy in wsns: a new model and its application
Proc. of IEEE International Symposium on World of Wireless, Mobile and Multimedia Networks (WoWMoM)
(2011)
Analytic evaluation of target detection in heterogeneous wireless sensor networks
ACM Trans. Sens. Netw.
A survey on energy efficient intrusion detection in wireless sensor networks
J. Ambient. Intell. Smart Environ.
Secure Wireless Sensor Networks: Threats and Solutions
Random vs. deterministic deployment of sensors in the presence of failures and placement errors
Proc. of 28th Annual IEEE International Conference on Computer Communications (INFOCOM)
Design and analysis of sensing scheduling algorithms under partial coverage for object detection in sensor networks
IEEE Trans. Parallel Distrib. Syst.
Gaussian versus uniform distribution for intrusion detection in wireless sensor networks
IEEE Trans. Parallel Distrib. Syst.
A wireless sensor network border monitoring system: deployment issues and routing protocols
IEEE Sens. J.
Lifetime and energy hole evolution analysis in data-gathering wireless sensor networks
IEEE Trans. Ind. Inf.
Lifetime enhancement of wireless sensor networks by avoiding energy-holes with gaussian distribution
Telecommun. Syst.
Tailor-made gaussian distribution for intrusion detection in wireless sensor networks
Proc. of 11th IEEE International Conference on Ubiquitous Intelligence and Computing (UIC)
Intrusion detection in a tailor-made gaussian distribution wireless sensor networks
Proc. of 11th International Conference on Distributed Computing and Internet Technology (ICDCIT). LNCS of
Energy-efficient intrusion detection with a barrier of probabilistic sensors
Proc. of 31st Annual IEEE International Conference on Computer Communications (INFOCOM)
Energy-efficient intrusion detection with a barrier of probabilistic sensors: global and local
IEEE Trans. Wireless Commun.
EMoD: efficient motion detection of device-free objects using passive RFID tags
Proc. of IEEE 23rd International Conference Network Protocols (ICNP)
Twins: device-free object tracking using passive tags
IEEE/ACM Trans. Networking
Cited by (19)
An ensemble learning and fog-cloud architecture-driven cyber-attack detection framework for IoMT networks
2021, Computer CommunicationsCitation Excerpt :The rapid growth of the Internet is responsible for the emergence of the Internet of Things (IoT). The IoT paradigm has recently been used to build smart environments, such as smart cities and smart homes, with different technology domains and related services [1–3]. The integration of healthcare-based devices and sensors within IoT, led to the evolution of Internet of Medical Things (IoMT) [4].
INTRUSION DETECTION SYSTEMS IN INTERNET OF THINGS: A RECENT STATE OF THE ART
2024, Journal of Theoretical and Applied Information TechnologyDetection and Mitigation of Denial of Service Attacks in Internet of Things Networks
2024, Arabian Journal for Science and EngineeringAn intrusion detection method based on granular autoencoders
2023, Journal of Intelligent and Fuzzy SystemsAdaptive Intrusion Detection in Edge Computing Using Cerebellar Model Articulation Controller and Spline Fit
2023, IEEE Transactions on Services ComputingDeep Learning Based Image Compression for Efficient Wireless Communication in IOT
2023, Proceedings of International Conference on Contemporary Computing and Informatics, IC3I 2023
Subir Halder received his M. Tech. and Ph.D. degrees in computer science and engineering from Kalyani Government Engineering College and Indian Institute of Engineering Science and Technology, India in 2006 and 2015, respectively. He is currently a Postdoctoral Researcher at University of Padua, Italy. Prior to that, he was Assistant Professor in the Department of Computer Science and Engineering, Dr. B. C. Roy Engineering College, India. He has co-authored more than 25 papers in international peer-reviewed conferences and journals in his field. He has also co-authored 5 book chapters. His research interests include security and privacy in next generation networking including WSN, IoT, network modeling and analysis, and performance evaluation and optimization.
Amrita Ghosal obtained her Ph.D. degree in computer science and engineering from Indian Institute of Engineering Science and Technology, India in 2015. She received her M. Tech. degree in computer science and engineering from Kalyani Govt. Engineering College, India in 2006. She is currently a Postdoctoral Researcher at University of Padua, Italy. Prior to that, she was Assistant Professor in the Department of Computer Science and Engineering, Dr. B. C. Roy Engineering College, India. Her current research interests include security and privacy in wireless resource-constrained mobile device and smart grid, network modeling and analysis. She has published research works in reputed conference proceedings and journals in her field. She also has co-authored a number of book chapters.
Mauro Conti Mauro Conti is Full Professor at the University of Padua, Italy, and Affiliate Professor at the University of Washington, Seattle, USA. He obtained his Ph.D. from Sapienza University of Rome, Italy, in 2009. After his Ph.D., he was a Post-Doc Researcher at Vrije Universiteit Amsterdam, The Netherlands. In 2011 he joined as Assistant Professor the University of Padua, where he became Associate Professor in 2015, and Full Professor in 2018. He has been Visiting Researcher at GMU (2008, 2016), UCLA (2010), UCI (2012, 2013, 2014, 2017), TU Darmstadt (2013), UF (2015), and FIU (2015, 2016). He has been awarded with a Marie Curie Fellowship (2012) by the European Commission, and with a Fellowship by the German DAAD (2013). His research is also funded bycompanies, including Cisco and Intel. His main research interest is in the area of security and privacy. In this area, he published more than 250 papers in topmost international peer-reviewed journals and conference. He is Area Editor-in-Chief for IEEE Communications Surveys & Tutorials, and Associate Editor for several journals, including IEEE Communications Surveys & Tutorials, IEEE Transactions on Information Forensics and Security, and IEEE Transactions on Network and Service Management. He was Program Chair for TRUST 2015, ICISS 2016, WiSec 2017, and General Chair for SecureComm 2012 and ACM SACMAT 2013. He is Senior Member of the IEEE.