Full text

Nabil Ali Alrajeh 1 and S. Khan 2 and Bilal Shams 2

Recommended by Jaime Lloret

1, Biomedical Technology Department, College of Applied Medical Sciences, King Saud University, Riyadh 11633, Saudi Arabia
2, Institute of Information Technology, Kohat University of Science and Technology (KUST), Kohat City 26000, Pakistan

Received 28 February 2013; Accepted 16 April 2013

This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

1. Introduction

Wireless Sensor Networks (WSNs) are composed of sensor nodes and sinks. Sensor nodes have the capability of self-healing and self-organizing. They are decentralized and distributed in nature where communication takes place via multihop intermediate nodes. The main objective of a sensor node is to collect information from its surrounding environment and transmit it to the sink. WSNs have many applications and are used in scenarios such as detecting climate changed, monitoring environments and habitats, and various other surveillance and military applications. Mostly sensor nodes are used in such areas where wired networks are impossible to be deployed. WSNs are deployed in physical harsh and hostile environments where nodes are always exposed to physical security risks damages. Furthermore, self-organizing nature, low battery power supply, limited bandwidth support, distributed operations using open wireless medium, multihop traffic forwarding, and dependency on other nodes are such characteristics of sensor networks that expose it to many security attacks at all layers of the OSI model.

Many security-related solutions for WSNs have been proposed such as authentication, key exchange, and secure routing or security mechanisms for specific attacks. These security mechanisms are capable of ensuring security at some level; however they cannot eliminate most of the security attacks [1]. An IDS is one possible solution to address a wide range of security attacks in WSNs.

An IDS is also referred to as a second line of defence, which is used for intrusion detection only; that is, IDS can detect attacks but cannot prevent or respond. Once the attack is detected, the IDSs raise an alarm to inform the controller to take action. There are two important classes of IDSs. One is rule-based IDS and the other is anomaly-based IDS [2, 3]. Rule-based IDS...