Probabilistic model for

Intrusion Detection in
Wireless Sensor Network
Homogeneous Wireless Sensor
Networks.

By RANADIP DAS

Wireless Sensor Network

Wireless Sensor Network (WSN) is a collection of spatially
deployed wireless sensors by which to monitor various changes
of environmental conditions (e.g., forest fire, air pollutant
concentration, and object moving) in a collaborative manner
without relying on any underlying infrastructure support.
Sensor network parameters such as sensing range, transmission
range, and node density have to be carefully considered at the
network design stage, according to specific applications.
Sensor nodes are prone to energy drainage and failure and their
battery source might not be replaceable, instead new sensors are
deployed.
Sensor node capable of collecting data from the surrounding
regions and simple computations such as data aggregation, data
fusion, and computation are carried out to correspond with other
sensor nodes.

Wireless Sensor Network

WSN Applications
Environmental Monitoring - watershed management, forest fire
prediction
Structural Health and Industrial Monitoring: machinery failure
detection. It reduces the maintenance costs and prevents from
catastrophic failures.
Civil Structure Monitoring: large civil structures, like bridges or
skyscrapers.
Medical Health-care - overall monitoring of ill patients in
hospitals and at homes
Military applications - sensor nodes include battlefield
surveillance, guidance systems of intelligent missiles, and detection
of attacks by weapons of mass destruction, such as chemical,
biological and nuclear.
Area monitoring - In area monitoring, the WSN is deployed over a
region where some phenomenon is to be monitored.

Intruder Detection
in Wireless Sensor Network
Intrusion
any kind of unauthorized or unapproved activities are called
intrusions.

Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) is a collection of the tools,
methods, and resources to help identify, assess, and
report
intrusions.
Intrusion detection (i.e., object tracking) in a WSN can be regarded
as a monitoring system that is installed around a system or device
for detecting the intruder in the network domain.
The intruder may be detected as soon as it enters the vicinity of
WSNs or after traveling some distance within the area of interest,
since it is mainly depending on the availability of the sensor.

Probabilistic Model for Intruder

Detection in Homogeneous WSN
In a WSN, there are two ways to detect an
intruder
single-sensing detection the intruder can be
successfully detected by a single sensor.
multiple-sensing detection the intruder can
only be detected by multiple collaborating
sensors.

multiple-sensing detection figure

Intruder

Sensor
node for
intruder
detectio
n

 Detection Model -

we can derive the expected intrusion distance when

entering the wsn Intrusion distance:
The intrusion distance (D) is the distance between the
points where the intruder enters the WSN and the point where
the intruder gets detected by any sensor(s).
Maximal Intrusion Distance (denoted by Dm, Dm > 0) is
the maximal distance allowable for the intruder to move
before it is detected by the WSN.
Detection probability: The detection probability is defined
as the probability that an intruder is detected within a certain
intrusion distance (e.g., Maximal Intrusion Distance Dm).
Average intrusion distance: The average intrusion
distance is defined as the expected distance that the intruder
travels before it is detected by the WSN for the first time.

INTRUSION DETECTION IN A HOMOGENEOUS WIRELESS SENSOR

NETWORK

Single-Sensing Detection = In the singlesensing detection model, the intruder

can be recognized once it moves into the
sensing coverage disk of any sensor(s).
Case 1: When the intruder starts from a
point of the network boundary, as shown
in Fig given an intrusion distance D>=0,
the corresponding intrusion detection
area SD is almost an oblong area. This
area includes a rectangular area with
length D and width 2rs and a half disk
with radius rs attached to it. The area
moved by the intruder is
SD = 2*rs*D+( rs2 / 2 )
According to the definition of singlesensing detection, the intruder is
detected if and only if there exists at
least one sensor within this area S D .
Otherwise, the intruder is not detected.

INTRUSION DETECTION IN A HOMOGENEOUS WIRELESS SENSOR

NETWORK

Case 2: when the intruder starts from a random point in the network domain,
the corresponding intrusion detection area is
SD = 2*D*rs+ ( rs2 / 2 + rs2 / 2 )
= 2*D*rs+ rs2

 Theorem 1. The probability P1[D==0] that an intruder can be

immediately detected once it enters a homogeneous WSN with node
density and identical sensing range rs can be given P1[D==0] =

1- e-(rs^2 / 2)
Proof. In a uniformly distributed WSN with node density , the
probability of m sensors located within the area S. according to
Poisson distribution

P(m, S) =

( (S,)^m /m! ) e-s

the probability of no sensor in the immediate intrusion detection area

S0 = rs^2 / 2 is P(0, (rs^2 / 2 )) =

e-(rs^2 )/ 2

The complement of P(0, (rs^2 / 2 )) is the probability that there is at

least one sensor located in S 0 = rs^2 / 2
Thus, the probability that the intruder can be detected immediately
by the WSN once it enters the WSN is
P1[D==0] = 1 - P(0, (rs^2 / 2 )) = 1- e-(rs^2 / 2)
This result shows that the immediate detection probability P 1[D==0]
is determined by the node density and the sensing range. By
increasing the node density or enlarging the sensing range, P 1[D==0]
can be improved.

Theorem 2. Suppose is the maximal intrusion distance allowable

for a given application. The probability P1[D< DM] that the intruder
can be detected within in the given homogeneous WSN can be
derived as
P1[D<= DM] = 1-

e-(2*Dm*rs + rs^2 / 2)

Proof. According to the definition of single-sensing detection

The probability that the intruder can be detected within an intrusion
distance of DM is equivalent to the probability that there is at least
one sensor located in the corresponding intrusion detection area
SDM = 2*rs* DM +( rs2 / 2 )
If no sensor nodes are not in the immediate intrusion detection area,
then the probability of detection is P(0, S DM ).

P(0, SDM ) = e-(2*Dm*rs + (rs^2 / 2))

The complement of P(0, SDM ) is the probability that there is at least
one sensor located in SDM = 2*rs* DM +( rs2 / 2 )
Thus, the probability that the intruder can be detected immediately by
the WSN once it enters the WSN is
P1[D<= DM] = 1 - P(0, (2*rs* DM +( rs2 / 2 )))
=

1- e-(2*Dm*rs + (rs^2 / 2))

 Multiple-sensing detection (K-Sensing Detection).

In the k-sensing detection model, an intruder has to be sensed by
at least k sensors for intrusion detection in a WSN.
Theorem 3. let Pk [D=0] be the probability that an intruder is
detected immediately once it enters a WSN with node density
and identical sensing range rs in K sensing detection model.
K-1

Pk[D=0] = 1- (rs^2 / 2i i!)e-(rs^2 / 2)

i=0
Proof.
P(i,(rs^2 / 2 )) is the probability that there are i sensors located
in the immediate detection area S0 = rs^2 / 2 .
i=0 k-1 P(i, (rs^2 / 2 )) is the probability that there are less than
k sensors in the area S0.

1- i=0 k-1 P(i, (rs^2 / 2 represents the probability that there

are at least k sensors located in the area S 0 . In this case, the
intruder can be sensed by at least k sensors when it accesses the
network boundary. Consequently, it can be said that
Pk[D=0] = 1- i=0 k-1 P(i, (rs^2 / 2 ))

= 1- i=0 k-1 (rs^2 / 2i i!)e-(rs^2 / 2)

 Theorem 4. let Pk [D <= DM] be the probability that the intruder is detected
within the maximal intrusion distance in a k-sensing detection model for
the given homogeneous WSN. Then, P k [D <= DM] can be calculated as

Pk[D <= DM] =K-11- ((SDM )i / i! )e ^( - SDM )

i=0
where SDM = 2*rs* DM +( rs2 /
2)
Proof. SDM = 2*rs* DM +( rs2 / 2 ) is the intrusion detection area with respect
to the maximal intrusion distance . If there are at least k sensors in the
area SDM, the intruder can be sensed by the k sensors.
P(i, SDM)= ((SDM )i / i! ) e ^( - SDM ) denotes the probability that i sensors
are located in the area of S DM.
So i=0 k-1 P(i, SDM)= i=0 k-1 ((SDM )i / i! )e ^( - SDM ) is the probability that
there are less than k sensors in the area S DM .

1- i=0 k-1 ((SDM )i / i! )e ^( - SDM ) represents the complement of

probability
i=0 k-1 P(i, SDM) that there are at least k sensors located in the
area SDM , before intruder travel distance of S DM .
Finally, the probability Pk[D <= DM] that the intruder is detected within the
maximal intrusion distance in k-sensing detection model can be derived as
Pk[D <= DM] = 1- ((SDM )i / i! ) e ^( - SDM )

Conclusion
We have developed a probabilistic model
for intrusion detection and applied the
same into single-sensing detection for a
2D homogeneous WSNs. This model gives
an insight to the required number of
sensors in a given deployment area, their
sensing and transmission range to
securely detect an intruder in WSNs.

References

Yun Wang, Xiaodong Wang, Bin Xie, Demin Wang and Dharma P
Agrawal, Intrusion Detection in Homogeneous and Heterogeneous
Wireless Sensor Networks, in IEEE Transactions on Mobile
Computing, 7(6), 2008, 698-711.
Shaila K, Sajitha M, Tejaswi V, S H Manjula, Venugopal K R and L M
Patnaik, SEEDI: Secure and Energy Efficient Approach for
Detection of an Intruder in Homogeneous Wireless Sensor
Networks, in Proceedings of the International Conference on
Intelligent Network and Computing (ICINC-2010), 2010, 279-283.
Ismail Butun, Salvatore D. Morgera, and Ravi Sankar , A Survey of
Intrusion Detection Systems in Wireless Sensor Networks IEEE
COMMUNICATIONS SURVEYS & TUTORIALS, ACCEPTED FOR
PUBLICATION.
Keshav Goyal, Nidhi Gupta, Keshawanand Singh,A Survey on
Intrusion Detection in Wireless Sensor Networks International
Journal of Scientific Research Engineering & Technology (IJSRET)
Volume 2 Issue2 pp 113-126 May 2013