Title: Distributed Intrusion Detection System for Wireless Sensor Networks based on a Reputation System coupled with Kernel Self-Organizing Maps
Authors: Z. Bankovic´, J.M. Moya, A. Araujo, D. Fraga, J.C. Vallejo, J.M. de Goyeneche
Published in: Integrated Computer-Aided Engineering, Vol 17
ISSN : 1069–2509
Date of Publication: April 2010
Digital Object Identifier : 10.3233/ICA-2010-0334
Web: http://iospress.metapress.com/content/67t2t65423226255/

Security of sensor networks is a complicated task, mostly due to the limited resources of sensor units. The first line of defense, i.e. encryption and authentication, is useless if an attacker has entered the system, and it is also vulnerable to side-channel attacks. Thus, a second line of defense, known as Intrusion Detection, must be added in order to detect and eliminate attacks. In the recent past, various solutions for detecting intrusions have been proposed. Most of them are able to detect only a limited number of attacks. Further, the solutions that deploy machine learning techniques exhibit higher level of flexibility and adaptability. Yet, these techniques consume significant power and computational resources. In this work we propose a distributed intrusion detection system organized as a reputation system where the reputation of each node is assigned by self-organizing maps (SOM) trained for detecting intrusions. The response of the system consists in assigning low reputation values to the compromised nodes rendering them isolated from the rest of the network. Further, we propose the implementation of SOM algorithm using the energy-efficient SORU (Stream Oriented Reconfigurable Unit) co-processor developed by our research group. Our solution offers many benefits: scalable solution, fast response to adversarial activities, ability to detect unknown attacks, high adaptability and energy efficiency. The testing results demonstrate its high potential.

Title: Improving Security for SCADA Sensor Networks with Reputation Systems and Self- Organizing Maps
Authors: José M. Moya, A. Araujo, Z. Bankovic, J.M. de Goyeneche, J.C. Vallejo, P. Malagón, D. Villanueva, D. Fraga, E. Romero, J. Blesa
Published in: Sensors, Vol 9
ISSN : 1424–8220
Date of Publication: November 2009
Digital Object Identifier : 10.3390/s91109380
Web: http://www.mdpi.com/1424-8220/9/11/9380

The reliable operation of modern infrastructures depends on computerized systems and Supervisory Control and Data Acquisition (SCADA) systems, which are also based on the data obtained from sensor networks. The inherent limitations of the sensor devices make them extremely vulnerable to cyberwarfare/cyberterrorism attacks. In this paper, we propose a reputation system enhanced with distributed agents, based on unsupervised learning algorithms (self-organizing maps), in order to achieve fault tolerance and enhanced resistance to previously unknown attacks. This approach has been extensively simulated and compared with previous proposals.

Title: Detecting and confining Sybil attack in wireless sensor networks based on reputation systems coupled with clustering algorithms
Authors: Zorana Bankovic, David Fraga, José Manuel Moya, Juan Carlos Vallejo, Alvaro Araujo, Pedro Malagón, Juan Mariano de Goyeneche, Daniel Villanueva, Elena Romero and Javier Blesa
Published in: Journal Engineering Intelligent Systems, Vol 20, 3
ISSN : 1472-8915
Date of Publication: September 2010
Digital Object Identifier :
Web: http://www.crlpublishing.co.uk/journal.asp?j=eis&s=Recent%20Special%20Issues

The Sybil attack is one of the most aggressive and elusive attacks in sensor networks that can affect on many aspects of its operation. Thus, its efficient detection is of highest importance. In order to resolve this issue, in this work we propose to couple reputation systems with agents based on clustering algorithms trained for detecting outliers in data. The response of the system consists in assigning low reputation values to the compromised nodes rendering them isolated from the rest of the network. The main improvement of this work consists in the inclusion of distributed detector with redundancy, which provides optimal detector configuration in an autonomous way. Clustering algorithms deploy feature space based on sequences of sensor outputs. Our solution offers many benefits: scalable solution, fast response to adversarial activities, ability to detect unknown attacks, high adaptability and low consumption. The testing results demonstrate its high ability in detecting and confining Sybil attack.

Title: Bio-inspired enhancement of reputation systems for intelligent environments
Authors:Zorana Bankovic, David Fraga, José Manuel Moya, Juan Carlos Vallejo, Pedro Malagón, Alvaro Araujo, Juan Mariano de Goyeneche, Elena Romero, Javier Blesa, Daniel Villanueva y Octavio Nieto-Taladriz
Published in: Information Sciences
ISSN : 0020-0255
Date of Publication: July 2011
Digital Object Identifier : 10.1016/j.ins.2011.07.032
Web: http://www.sciencedirect.com/science/article/pii/S0020025511003641

Providing security to the emerging field of ambient intelligence will be difficult if we rely only on existing techniques, given their dynamic and heterogeneous nature. Moreover, security demands of these systems are expected to grow, as many applications will require accurate context modeling. In this work we propose an enhancement to the reputation systems traditionally deployed for securing these systems. Different anomaly detectors are combined using the immunological paradigm to optimize reputation system performance in response to evolving security requirements. As an example, the experiments show how a combination of detectors based on unsupervised techniques (self-organizing maps and genetic algorithms) can help to significantly reduce the global response time of the reputation system. The proposed solution offers many benefits: scalability, fast response to adversarial activities, ability to detect unknown attacks, high adaptability, and high ability in detecting and confining attacks. For these reasons, we believe that our solution is capable of coping with the dynamism of ambient intelligence systems and the growing requirements of security demands.