Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network

In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.

💡 Research Summary

**
The paper addresses the security challenges of wireless ad‑hoc sensor networks (WSNs), emphasizing that cryptographic mechanisms alone cannot protect these networks from both external and internal attacks. Consequently, an intrusion detection system (IDS) is essential. Existing IDS proposals for WSNs are either distributed, imposing heavy computational, storage, and energy burdens on individual sensor nodes, or centralized, lacking scalability and adaptability. Moreover, many of these solutions focus on specific attacks and do not provide comprehensive coverage for unknown threats.

To overcome these limitations, the authors propose a hierarchical, four‑level IDS architecture that leverages clustering and a GSM‑cell‑like hexagonal partitioning of the deployment area. The hierarchy consists of:

1. Sensor Nodes (leaf level) – perform only sensing and routing; no IDS module is installed to conserve power.
2. Cluster Nodes – each hexagonal cell is assigned a cluster node that aggregates data from its member sensors, performs both signature‑based and anomaly‑based detection, and forwards alerts upward.
3. Regional Nodes – monitor a group of cluster nodes, correlate alerts, and provide an additional verification layer to reduce false positives.
4. Base Station (top level) – maintains a global policy repository and a signature database, distributes updates to lower layers, and presents alarms to human operators.

The detection mechanism is hybrid. Known attacks such as Hello Flood, Sybil, Wormhole, Black Hole, and Sink Hole are identified through a signature repository that is centrally maintained at the base station and propagated down the hierarchy. Simultaneously, each cluster and regional node runs anomaly detection based on learned normal traffic profiles, enabling the system to flag previously unseen attacks. By combining these two approaches, the architecture aims to achieve low false‑positive rates while retaining the ability to detect novel threats.

A policy‑based management framework underpins the system. The framework follows the classic Policy Decision Point (PDP) and Policy Enforcement Point (PEP) model. Policies—predefined actions triggered under specific conditions—are stored centrally, interpreted by the PDP, and enforced by the PEPs located on cluster and regional nodes. For example, if a sensor repeatedly drops packets, the corresponding cluster node can automatically revoke that sensor’s routing privileges. This policy engine provides automated, dynamic reconfiguration, supporting survivability (nodes can take over each other’s roles) and scalability (management functions are distributed across the hierarchy).

The paper also surveys common WSN threats: DoS/DDoS (availability), eavesdropping/sniffing (confidentiality), man‑in‑the‑middle (integrity), signal jamming (communication disruption), and a range of routing attacks (Hello Flood, Sybil, Wormhole, Black Hole, Sink Hole, selective forwarding, etc.). It critiques existing IDS solutions for lacking clear cluster‑formation procedures, insufficient handling of both internal and external attackers, and high resource consumption.

Key contributions of the proposed system include:

• Energy efficiency: By offloading IDS tasks from resource‑constrained sensors to more capable cluster and regional nodes.
• Hierarchical scalability: Hexagonal GSM‑cell partitioning allows the network to expand to large geographic areas while maintaining manageable management domains.
• Hybrid detection: Integration of signature‑based and anomaly‑based techniques provides coverage for both known and unknown attacks.
• Policy‑driven automation: Centralized policy definition combined with distributed enforcement enables rapid response and self‑healing capabilities.

The authors acknowledge that the paper lacks concrete implementation details and experimental validation. Future work is suggested to include simulation or real‑world testing, development of dynamic cluster‑head election algorithms, conflict resolution among policies, and performance evaluation under varying attack scenarios.

In summary, the paper presents a well‑structured, hierarchical IDS architecture tailored for the constraints of wireless sensor networks. By combining clustering, hybrid detection, and policy‑based management, it seeks to deliver a scalable, energy‑aware, and robust intrusion detection solution capable of handling both known and emerging threats in large‑scale WSN deployments.