Incorporating unsupervised learning into intrusion detection for wireless sensor networks with structural co-evolvability

Wireless sensor networks (WSNs) are vulnerable to many security threats because of the open and unreliable communication channels, the highly dynamic network structure as well as the decentralized management scheme. It is therefore, quite challenging to build an intrusion detection system that can detect various unknown attacks, reach better balance between detection rate and false alarm rate and increase the adaptivity to network dynamics, particularly for a resource-constraint WSN. In this paper, we proposed a knowledge-based intrusion detection strategy (KBIDS) to bridge the gap. We firstly used the Mean Shift Clustering Algorithm (MSCA), an unsupervised learning scheme to distinguish undefined abnormal patterns which reflect the abnormal behavior of a WSN being attacked from the normal context; then we employed a support vector machine to maximize the margin between abnormal and normal features so that the classification error can be minimized, which in turn to effectively enhance the detection accuracy; finally, we adopted a feature updating strategy to reflect network dynamics so that the system can co-evolve with the network change. Then, the validation of KBIDS in both network emulator and the real environment were conducted and analyzed. Results showed that KBIDS had achieved the highest detection rate and the lowest false alarm rate among several state-of-the-art intrusion models. In addition to that, we also conducted some parameter sensitivity analyses to help identifying the optimal configuration which can be used to parameterize KBIDS in real applications.