Elsevier

Computer Networks

Volume 154, 8 May 2019, Pages 28-46
Computer Networks

Efficient physical intrusion detection in Internet of Things: A Node deployment approach

https://doi.org/10.1016/j.comnet.2019.02.019Get rights and content

Abstract

In Internet of Things (IoT), intrusion detection plays an important role in many applications for detecting malicious intruders. The intruder can be, an unexpected physically moving entity, invading an area under surveillance, or an adversary in a battlefield. Node deployment strategy plays a crucial role in determining the intrusion detection capability of an IoT network. With uniform deployment, the detection probability is the same for any location in the network area. Nevertheless, different applications may need diverse levels of detection probability at key areas within the network. For example, a battlefield surveillance application needs improved detection probability around the headquarter. On the contrary, a Gaussian deployment strategy provides improved detection probability to the key areas due to differentiated node density. However, it is neither energy-efficient nor provides a quick detection of the physical intruder.

In this work, we introduce a novel deployment strategy to overcome the above said limitations of both uniform and Gaussian deployments for energy-efficient and quick detection. Initially, we investigate the problem of physical intrusion detection in our introduced deployment strategy considering a realistic sensing model. Furthermore, we examine the effects of different network parameters on the detection probability in details. We also derive the relationship between the different network parameters and connectivity to ensure fast detection. We perform exhaustive experiments on real datasets, primarily, in order to validate the correctness of modeling and analyses. Next, we examine the effects of different network parameters on the detection probability. The results clearly demonstrate that our approach improves the detection probability by more than 25% when compared to two well-known deployment strategies under various network parameters.

Introduction

Internet of Things (IoT) has attracted much research interest from the academia and industry for many critical military and civilian applications, including intrusion detection, surveillance, targeting systems, industrial process monitoring and traffic control [1], [2]. The main idea of IoT is that in the future most of the objects that surround us would be accessible, sensed, and interconnected inside the global, dynamic, living structure of the Internet [2]. In a typical IoT network, the nodes are battery-powered microsystems that embed a variable number of transducers to monitor their surroundings [3]. The nodes also embed a wireless radio and form a wireless network autonomously, through which they communicate their sensed data. Nodes also connect to the internet or to other external networks, and act as gateways to forward the sensed data to remote users.

An IoT network usually incorporates a large number of heterogeneous nodes, e.g., smart meters, cameras, vehicles, while providing untethered access to a variety of data generated by such nodes to deliver new services to improve quality of daily lives. Depending on the particular application, in IoT networks, we can broadly classify data gathering pattern as time driven and event driven. In time driven, each node generates sensory data continuously at a predetermined rate and sends those data to the sink periodically. In contrast, for event driven, a node sends data to the sink once a certain event occurs. Such type of data gathering application is most suited to time-critical applications like, intrusion detection. Among these data gathering patterns, event driven is the most energy efficient and challenging, since the occurrence of events is entirely unpredictable, resulting in arbitrary traffic pattern [4]. Intrusion detection is one of the fundamental applications in IoT and has significant importance in practice. Generally, it is defined as a monitoring system for detecting the existence and movement of any malicious or unexpected intruder that is invading the network domain within pre-defined distance or time period [5]. Typically, to detect a physical intruder, the nodes in the network must be equipped with some means to identify this event in the form of proximity sensors. These proximity sensors are capable of detecting objects within a certain range without coming into physical contact with them. The design of the proximity sensors are done in numerous ways using electromagnetic, inductive, capacitive, photoelectric, thermal or optical sensors to name a few.

An IoT network for intrusion detection can be implemented for diverse security scenarios, ranging from search-and-capture missions (in military scenarios) within a region to a large battlefield [1], [6]. The performance of an Intrusion Detection System (IDS) is measured by how fast the intruder is detected by the nodes [7]. An efficient security system is attained by deploying plenty of nodes. This results in efficient covering of the entire monitored region, making it possible for detection of any intruder once it invades any portion of the secured area. However, such a security system is neither cost effective nor practical. Therefore, a strategy that provides acceptable security performance with least cost is apparently desirable for intrusion detection application in an IoT.

Node deployment strategy plays an imperative role in determining the intrusion detection capability of an IoT network. There are broadly two types of deployment categories in IoT, namely, deterministic deployment and random deployment [8]. In deterministic deployment, the positions of the nodes are pre-specified. The applications use this type of deployment when nodes are expensive or their positions significantly affect their operations. The applications include placing imaging and video sensors, populating an area with highly precise seismic sensors, civil security applications. On the contrary, in random deployment, node deployment takes place randomly, generally in an inaccessible terrain. For example, in the application domain of battlefield monitoring or in forest fire detection, as the monitored region is often dangerous for human beings to access, generally, the dropping of nodes takes place randomly. Under this circumstance, the nodes can be deployed in the monitored area following certain random distribution, such as Uniform distribution [9] and Gaussian distribution [10].

Most research works addressing intrusion detection problem in resource-constrained network including IoT and Wireless Sensor Network (WSN), assume either uniform deployment [9], [11] or Gaussian deployment [10], [12]. A uniform deployment works well for intruders that attack from the boundary of the area under protection, but it cannot provide extra protection to sensitive areas within the network. Most importantly, uniformly deployed IoT network suffers from energy-hole problem [13]. On the contrary, Gaussian deployment can provide differentiated intrusion detection capabilities around the network [12], however, the sensing coverage probability is not satisfactory [14]. It is worth mentioning that there is tight coupling between the sensing coverage probability and the intrusion detection capability of an IoT network and is directly proportional to the immediate detection probability. Further, the Gaussian deployment cannot avoid the energy-hole problem [13]. In this work, to overcome these limitations, we introduce a novel tailor-made Gaussian distribution based node deployment strategy and examine the intrusion detection probability of its resulting IoT network considering a realistic multi-level probabilistic sensing model. Unlike Uniform and Gaussian distributions, tailor-made Gaussian distribution based node deployment strategy alleviates the energy-hole problem, thereby, one can obtain enhanced network lifetime. The main philosophy of the tailor-made Gaussian distribution based node deployment strategy is to deploy nodes in the area of interest following Gaussian distribution with varying standard deviations. We can apply this kind of deployment model in diverse application scenarios with multiple targets. However, to help the reader understand the solution, we consider the following scenario. Let us assume an IoT deployed for monitoring a given area (e.g., a battlefield, a production plant). We have some unwanted moving entities classified as ‘intruders‘ (e.g., vehicles) entering the network area with an intention to perform malicious activities. We want these entities to be detected by the IoT nodes surrounding it. In particular, we need to know as soon as possible when and where a vehicle enters the network area; to know its current position during movement. Contribution The major contributions of this work are as follows:

  • As an alternative to Uniform and Gaussian distributions, we devise an analytical framework for physical intrusion detection by exploring tailor-made Gaussian distribution based node deployment strategy, and mathematically derive detection probability with respect to network parameters including number of deployed nodes and sensing range.

  • We next investigate the relationship between the network parameters and the detection capability of the tailor-made Gaussian node deployment, employing both single-sensing and multiple-sensing detection models for homogeneous and heterogeneous IoT networks.

  • We examine the network coverage and connectivity in a heterogeneous IoT network, and validate theoretical derivations and results by Monte-Carlo simulations.

  • Finally, we conduct extensive simulation experiments primarily, to validate the correctness of the modeling and analysis. We also evaluate the effectiveness of the tailor-made Gaussian distributed IoT network for intrusion detection. Simulation results show that the proposed approach can significantly increase the detection probability compared to two well-known deployment strategies under the assumed scenarios.

This work is an extended version of our previously published two short works [15], [16]. We extend our prior works in the following aspects: (i) Additional existing works most relevant to our context are summarized and presented in a more structured manner. (ii) In-depth analysis of detection probability employing both single-sensing and multiple-sensing detection models for homogeneous and heterogeneous IoT networks. (iii) We examine the network coverage and connectivity issues, and validate theoretical derivations and results by Monte-Carlo simulation. (iv) We conduct more comprehensive and rigorous experiments on real datasets to validate the correctness of the modeling and analyses.

Organization The rest of this paper is organized as follows: In Section 2, we survey the literatures of intrusion detection techniques. Section 3 presents the system model and definitions considered for the present work. Section 4 examines the intrusion detection probability in a homogeneous IoT, and Section 5 analyzes the intrusion detection probability in a heterogeneous IoT for both single-sensing and multiple-sensing detection models. We examine the network coverage and connectivity issue in a heterogeneous IoT in Section 6. In Section 7, we present the results of a formal complexity analysis of our designed framework. Section 8 presents experimental results under various network configurations. Finally, we conclude the paper with some mention about the future scope in Section 9.

Section snippets

Related work

In the last decade, many intrusion detection (also, known as tracking or object/target detection) techniques were proposed to detect the intruder quickly and use energy efficiently in wireless resource-constrained nodes. Most of the proposed intrusion detection techniques belong to WSN paradigm. Similar to WSN, nodes in IoT play an important role in collecting, sending, and receiving a significant amount of data. Hence, in our work, most of the problems related to the intrusion detection

System model

In this section, we describe the models used in this work. In particular, Section 3.1 presents the network model. Section 3.2 discusses the node deployment model. We then introduce the sensing and detection models in Section 3.3. Section 3.4 presents the intrusion strategy model. We describe the performance evaluation metrics in Section 3.5. Finally, in Section 3.6, we present the network operation model.

Intrusion detection in a homogeneous IoT

In this section, we analyzed the intrusion detection probability in a homogeneous IoT. We derived the detection probability for both single-sensing detection (see Section 4.1) and m-sensing detection (see Section 4.2) models. For theoretical analysis purpose, we build a Cartesian coordinate system as illustrated in Fig. 1. Without loss of generality, (0, 0) is set as the target, and (R, 0)t is the starting position of the intruder at time t. The intruder is moving towards (0, 0) along the x

Intrusion detection in a heterogeneous IoT

In this section, we present the analysis of intrusion detection probabilities for both single sensing (see Section 5.1) and m-sensing (see Section 5.2) detection models. It is worth mentioning that the real world IoT deployments are fundamentally heterogeneous, consisting of IoT devices with different functionalities and connectivity capabilities. As defined in Section 3.1, we assume two types of nodes: Node I and Node II, of numbers N1 and N2, respectively. Without loss of generality, we

Network connectivity analysis

In this section, we discuss the network connectivity of tailor-made Gaussian distributed IoT. The satisfactory performance of any IoT immensely depends on the network connectivity. According to our network model, Theorems 1-12 indicate that the intrusion detection probability of our tailor-made Gaussian distributed IoT depends on the sensing range, number of deployed nodes, intrusion distance and node heterogeneity. Further, given the sensing range, a predefined detection probability and

Complexity analysis

We present the theoretical analysis of our designed framework in this section. Specifically, we first derive the computational complexity of our node deployment method (see Section 3.2) and the same is presented in Lemma 1. Next, we analyze the message complexity of our routing protocol (see Section 3.6). We also analyze the time complexity of our framework by combining the complexities of node deployment and routing protocol. Finally, we analyze the implementation cost of our framework.

Lemma 1

The

Experimental evaluation

In this section, we evaluate the effectiveness of the developed analytical model, reported in Sections 4–6, through extensive simulation experiments in both homogeneous and heterogeneous IoT. We compared the performance of our tailor-made Gaussian distributed IoT (LENS) with our main competitors, Gaussian distributed IoT (GINO) [25] and random-uniformly distributed IoT (UNID) [50]. To measure the performance of both the schemes, we use a real-world publicly-available dataset for pedestrian

Conclusion

Node deployment strategy plays a crucial role in determining the intrusion detection capability of an IoT network. In this work, we devised an analytical framework for physical intrusion detection by exploring our introduced deployment strategy in both homogeneous and heterogeneous IoT networks. We next mathematically formulate the detection probability and examine the effect of different network parameters on the detection probability in details. Further, we derived the relationship between

Subir Halder received his M. Tech. and Ph.D. degrees in computer science and engineering from Kalyani Government Engineering College and Indian Institute of Engineering Science and Technology, India in 2006 and 2015, respectively. He is currently a Postdoctoral Researcher at University of Padua, Italy. Prior to that, he was Assistant Professor in the Department of Computer Science and Engineering, Dr. B. C. Roy Engineering College, India. He has co-authored more than 25 papers in international

References (51)

  • L. Lazos et al.

    Analytic evaluation of target detection in heterogeneous wireless sensor networks

    ACM Trans. Sens. Netw.

    (2009)
  • A. Ghosal et al.

    A survey on energy efficient intrusion detection in wireless sensor networks

    J. Ambient. Intell. Smart Environ.

    (2017)
  • M. Conti

    Secure Wireless Sensor Networks: Threats and Solutions

    (2015)
  • P. Balister et al.

    Random vs. deterministic deployment of sensors in the presence of failures and placement errors

    Proc. of 28th Annual IEEE International Conference on Computer Communications (INFOCOM)

    (2009)
  • S. Ren et al.

    Design and analysis of sensing scheduling algorithms under partial coverage for object detection in sensor networks

    IEEE Trans. Parallel Distrib. Syst.

    (2007)
  • Y. Wang et al.

    Gaussian versus uniform distribution for intrusion detection in wireless sensor networks

    IEEE Trans. Parallel Distrib. Syst.

    (2013)
  • M. Hammoudeh et al.

    A wireless sensor network border monitoring system: deployment issues and routing protocols

    IEEE Sens. J.

    (2017)
  • J. Ren et al.

    Lifetime and energy hole evolution analysis in data-gathering wireless sensor networks

    IEEE Trans. Ind. Inf.

    (2016)
  • S. Halder et al.

    Lifetime enhancement of wireless sensor networks by avoiding energy-holes with gaussian distribution

    Telecommun. Syst.

    (2017)
  • A. Ghosal et al.

    Tailor-made gaussian distribution for intrusion detection in wireless sensor networks

    Proc. of 11th IEEE International Conference on Ubiquitous Intelligence and Computing (UIC)

    (2014)
  • A. Ghosal et al.

    Intrusion detection in a tailor-made gaussian distribution wireless sensor networks

    Proc. of 11th International Conference on Distributed Computing and Internet Technology (ICDCIT). LNCS of

    (2015)
  • J. Li et al.

    Energy-efficient intrusion detection with a barrier of probabilistic sensors

    Proc. of 31st Annual IEEE International Conference on Computer Communications (INFOCOM)

    (2012)
  • J. Chen et al.

    Energy-efficient intrusion detection with a barrier of probabilistic sensors: global and local

    IEEE Trans. Wireless Commun.

    (2013)
  • K. Zhao et al.

    EMoD: efficient motion detection of device-free objects using passive RFID tags

    Proc. of IEEE 23rd International Conference Network Protocols (ICNP)

    (2015)
  • J. Han et al.

    Twins: device-free object tracking using passive tags

    IEEE/ACM Trans. Networking

    (2016)
  • Cited by (19)

    • An ensemble learning and fog-cloud architecture-driven cyber-attack detection framework for IoMT networks

      2021, Computer Communications
      Citation Excerpt :

      The rapid growth of the Internet is responsible for the emergence of the Internet of Things (IoT). The IoT paradigm has recently been used to build smart environments, such as smart cities and smart homes, with different technology domains and related services [1–3]. The integration of healthcare-based devices and sensors within IoT, led to the evolution of Internet of Medical Things (IoMT) [4].

    • INTRUSION DETECTION SYSTEMS IN INTERNET OF THINGS: A RECENT STATE OF THE ART

      2024, Journal of Theoretical and Applied Information Technology
    • An intrusion detection method based on granular autoencoders

      2023, Journal of Intelligent and Fuzzy Systems
    • Deep Learning Based Image Compression for Efficient Wireless Communication in IOT

      2023, Proceedings of International Conference on Contemporary Computing and Informatics, IC3I 2023
    View all citing articles on Scopus

    Subir Halder received his M. Tech. and Ph.D. degrees in computer science and engineering from Kalyani Government Engineering College and Indian Institute of Engineering Science and Technology, India in 2006 and 2015, respectively. He is currently a Postdoctoral Researcher at University of Padua, Italy. Prior to that, he was Assistant Professor in the Department of Computer Science and Engineering, Dr. B. C. Roy Engineering College, India. He has co-authored more than 25 papers in international peer-reviewed conferences and journals in his field. He has also co-authored 5 book chapters. His research interests include security and privacy in next generation networking including WSN, IoT, network modeling and analysis, and performance evaluation and optimization.

    Amrita Ghosal obtained her Ph.D. degree in computer science and engineering from Indian Institute of Engineering Science and Technology, India in 2015. She received her M. Tech. degree in computer science and engineering from Kalyani Govt. Engineering College, India in 2006. She is currently a Postdoctoral Researcher at University of Padua, Italy. Prior to that, she was Assistant Professor in the Department of Computer Science and Engineering, Dr. B. C. Roy Engineering College, India. Her current research interests include security and privacy in wireless resource-constrained mobile device and smart grid, network modeling and analysis. She has published research works in reputed conference proceedings and journals in her field. She also has co-authored a number of book chapters.

    Mauro Conti Mauro Conti is Full Professor at the University of Padua, Italy, and Affiliate Professor at the University of Washington, Seattle, USA. He obtained his Ph.D. from Sapienza University of Rome, Italy, in 2009. After his Ph.D., he was a Post-Doc Researcher at Vrije Universiteit Amsterdam, The Netherlands. In 2011 he joined as Assistant Professor the University of Padua, where he became Associate Professor in 2015, and Full Professor in 2018. He has been Visiting Researcher at GMU (2008, 2016), UCLA (2010), UCI (2012, 2013, 2014, 2017), TU Darmstadt (2013), UF (2015), and FIU (2015, 2016). He has been awarded with a Marie Curie Fellowship (2012) by the European Commission, and with a Fellowship by the German DAAD (2013). His research is also funded bycompanies, including Cisco and Intel. His main research interest is in the area of security and privacy. In this area, he published more than 250 papers in topmost international peer-reviewed journals and conference. He is Area Editor-in-Chief for IEEE Communications Surveys & Tutorials, and Associate Editor for several journals, including IEEE Communications Surveys & Tutorials, IEEE Transactions on Information Forensics and Security, and IEEE Transactions on Network and Service Management. He was Program Chair for TRUST 2015, ICISS 2016, WiSec 2017, and General Chair for SecureComm 2012 and ACM SACMAT 2013. He is Senior Member of the IEEE.

    View full text