Identification of Attacks against Wireless Sensor Networks Based on Behaviour Analysis
The paper describes the problem of identification of network layer attacks on wireless sensor networks for subsequent development of intrusion detection systems. 15 types of behaviour (including 14 states under attack and the normal state) and identification features are briefly specified. A technique for attacks identifying based on a combination of Random Forest algorithm and probability classifier is proposed. A study of the dependence of the accuracy of the probability classifier and the average number of used features on a confidence level and a priori probability of the normal state, which allows reducing the feature space to one feature, is described. For most attacks, there is a relative constancy of the dependence values in the range from 0 to 0.7 0.15, after which a decrease occurs, corresponding to the quality of identification. Recommendations to the algorithm parameters are formed and its evaluation is carried out.