2 Related Work - Proceedings of the 3rd International Conference on Advanced Technologies for

106 R. B. Kagade and J. Santhosh centralized trust management is adopted and in intergroup topology distributed trust management is adopted.

ATRM: agent based trust and reputation management scheme An agent based trust and reputation management scheme [6] (ATRM) is based on a clustered WSN with mobile agent system. It requires every node to hold the mobile agent which is administrating the trust and reputation of the hosting node.

PLUS Parameterized and localized trust management scheme for sensor network security [7]. It uses distributed approach to adapt to different operational environ- ments and different applications. The trust is calculated based on either direct or indirect observations.

RFSN reputation based framework for sensor networks they have proposed a framework where each node maintains reputation metrics which includes the past behavior of other sensor nodes of the network and the metrics used for predicting the future behavior. The values of the trust are evaluated on the basis of that reputation and for representing the values of reputation, Bayesian formulation is used.

TRGR Trust management scheme for resilient geographic routing Trust management scheme for resilient geographic routing [8] (TRGR) is a simple trust management scheme which uses resilient geographic routing. Geographic routing consists of two parts: geographic forwarding and complementary routing [9]. The trust algo- rithm works in a fully distributed manner, in which each node monitors the behavior of one hop neighbors. The basic idea of this trust management scheme is to favor well behaving honest nodes by giving them the credit for each successful packet forwarding, while penalizing suspicious nodes that doesn’t route packet according to route.

BRMSN Behavior reputation method for sensor networks Behavior reputation method for sensor networks [10] (BRMSN) measures the spatial information between the nodes as reputation measurement. The model is a reflection of the node’s compre- hensive ability about the actual physical properties and conduct essentially. Nodes in the network not only include the identity of the trust but also the trust in the behavior of the node. The model focuses on the local testing.

In this paper Intrusion detection system is introduced which depends on transmission time and relieving time. Two level trust mechanism is proposed to reduce overhead of base station and cluster head. The number of successful and unsuccessful transmission of data at WSN decides the trust value of sensor nodes.

This paper is organized as follows: In Sect.2the existing systems are discussed while Sect.3introduces the proposed work. Section4decides expected results and Sect.5concludes the proposed.

State Context and Hierarchical Trust Management … 107 clustering of WSN and deploying cluster based intrusion detection system. The mechanism works in static and heterogeneous network, hierarchical and clustering struc- ture. Hierarchical cluster based and leach based routing protocol is used for efficient communication. The mechanism is proved to be as robustness and fault tolerant design. The research provides reliable service but is an expensive mechanism. The intrusion detection architecture supports real-time detection property almost 80.6%.

The mechanism results 80.6% and 55.7% accuracy for content based detection and context based detection capabilities respectively.

Daojing He proposed a distributed trust evaluation model for medical sensor networks [5]. The traditional cryptographic methods are not sufficient for trust evaluation in medical sensor networks. The research work uses transmission rate and leaving time into trust evaluation to detect malicious nodes. They proposed an application-independent and distributed trust evaluation model for MSNs. The trust management is carried out through the use of simple cryptographic techniques [5].

A novel distributed trust evaluation model for MSNs, where each node manages trust records of other nodes about performing some activities. Centralized malicious node detection and secure unicast routing is presented. It proved to be as improved packet delivery with effective malicious node identification mechanism. IDS mechanism depends on transmission time, relieving time and packet dropping ratio. 88%

accuracy is shown by researchers with limited number of malicious nodes in WSN.

Fenye Bao proposed hierarchical trust management for WSNs and applied it to routing and intrusion detection to detect selfish or malicious nodes [12]. The work focused on multidimensional trust attributes and the trust value was calculated through social trust and QoS trust, including intimacy, honesty, energy, and unselfish- ness; meanwhile, subjective trust and objective trust were taken into consideration to validate the proposed protocol [1]. However, the node with the maximum number of interactions with neighbors was considered as the most trustworthy in the process of the calculation of the intimacy trust inspired by social networks. The difference is the consideration of the reasonable range of the maximum number of interactions, as interaction that exceeds the range indicates malicious behavior. The mechanism is proved to have IDS detection capabilities with 90% accuracy with false positive probability is zero and method is scalable. Trust based geographic routing is used in WSN.

Xiaoyong Li put forward a lightweight and dependable trust system for clustered WSNs, which aims at decreasing resource consumption and enhancing the relia- bility of CHs’ trust evaluation [13]. A self-adaptive weighting mechanism is used to calculate trust value of CH which is better than subjective weight method. A series of theoretical proofs were given in the research to verify the effectiveness of the mechanism. In the process of trust evaluation, only successful and unsuccessful interactions were taken into consideration, with no other trust evaluation factors taken into account. The mechanism takes interactive trust, honesty trust and content trust into account, addressing problems of consuming energy maliciously and tampering multidimensional observing data with lower resource overhead, which is described in

108 R. B. Kagade and J. Santhosh the performance evaluation [1]. The research is focused on minimizing memory overhead and transmission overhead. It works better to protect from garnished attack and bad mouthing attack. Results show that intrusion detection capabilities are 87.5%.

Shaikh proposed GTMS; a group-based trust management scheme for clustered WSNs. GTMS evaluates the trust of a group of nodes in contrast to traditional trust schemes that always focus on the trust values of individual nodes [14]. In this approach WSN requires small memory to store trust value at each node. The mechanism achieves significant reduction of the cost associated with the trust evaluation of distant nodes. But it depends on a broadcast-based strategy to collect feedback from the CMs of a cluster, which requires a significant amount of resources and power. This mechanism worked for wired and wireless mechanism. It focused on reducing cost of trust evaluation. Trust value is calculated depending on time based past interaction. Timing window is used to measure the number of successful and unsuccessful interactions. Trust evaluation cost is minimized by 14.6–15.7%.

Ismail Butun has presented intrusion detection system for mobile Ad Hoc networks [15]. Agent based distributed and collaborative IDSs are emphasized in research. Two types of classifiers are used for detection of intrusion; Decision Tree and support vector machine. Dynamic Source Routing, Ad hoc On-demand Distance Vector and Destination Sequenced Distance Vector protocol is used for routing data in WSN.

Limitations of Classical Approaches

Signature-based detection approaches are relatively easy to implement, require no learning curve. This eliminates the risk of over-training or voluntary deformation of the profile that can be observed in behavior-based approaches. However, these approaches require an active maintenance and very frequent updates of the signature database to integrate any new attack discovered. Indeed, the update cannot be performed automatically as in the case of behavior-based detection. This fact implies a higher rate of false negatives.

The problem arises especially with very recent attacks for which signatures have not been included in the database yet. Also, the absence of a standard pattern descrip- tion language limits the usefulness of signatures described in a given language since interoperability between different detectors is probably not possible. If signature values are too simplified it can lead to detection of false intrude which corresponds to legitimate actions and therefore to trigger false positives.

Anomaly-based detection approaches have several interesting features. First, as the hypotheses are made only on the normal behavior of the system and not on possible attacks, detection is exhaustive. Indeed, “the system allows a prior to detect all that differs” from established normal behavior. Thus, it becomes possible to envisage detection of unknown attacks and no specific knowledge about the attacker is required. All necessary information is collected within the system. On the other hand, once the learning phase terminates, the IDS does not require particular update.

The definition of normal behavior evolve only slightly if any.

Nevertheless, a high rate of false positives is the main weakness of these approaches because it is sometimes difficult to define the “normal behavior”. Sudden

State Context and Hierarchical Trust Management … 109 changes in the environment can have an impact on behavior. This sudden change in behavior will be considered as an anomaly and an alert will be generated. Also, since the first phase is dedicated solely to the development of the definition of

“normal behavior”, this one is particularly vulnerable to attack. Indeed, the pres- ence of signals related to an attack in the learning trace will result in skewing the definition of behavior. Thereafter, any similar attack will be treated as a normal behavior. The information used during this first phase in the optimal condition must be totally free from damage. In practice, it is frequently impossible to have such perfect environment.

Dalam dokumen Proceedings of the 3rd International Conference on Advanced Technologies for Societal Applications—Volume 1 (Halaman 112-115)