[go: up one dir, main page]

WO2014156177A1 - A method of controlling a plurality of sensor nodes, computer product tangibly embodied in a machine-readable medium, and a sensor system - Google Patents

A method of controlling a plurality of sensor nodes, computer product tangibly embodied in a machine-readable medium, and a sensor system Download PDF

Info

Publication number
WO2014156177A1
WO2014156177A1 PCT/JP2014/001803 JP2014001803W WO2014156177A1 WO 2014156177 A1 WO2014156177 A1 WO 2014156177A1 JP 2014001803 W JP2014001803 W JP 2014001803W WO 2014156177 A1 WO2014156177 A1 WO 2014156177A1
Authority
WO
WIPO (PCT)
Prior art keywords
sensor
target
data
node
route
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2014/001803
Other languages
French (fr)
Inventor
Sivabalan ARUMUGAM
Ritesh Kumar KALLE
Anand Raghawa Prasad
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Publication of WO2014156177A1 publication Critical patent/WO2014156177A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/38Services specially adapted for particular environments, situations or purposes for collecting sensor information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/143Denial of service attacks involving systematic or selective dropping of packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • This invention is related to a method of controlling a plurality of sensors in a sensor system, a computer product tangibly embodied in a machine-readable medium for controlling the plurality of the sensor nodes and a sensor system, more specifically, to a method, a computer product and a sensor system for a wireless sensor system.
  • DOS Denial of Service
  • MAC Wireless Medium Access Control
  • IEEE 802.11 use distributed contention resolution mechanisms for sharing the wireless channel.
  • selfish hosts that fail to adhere to the MAC protocol may obtain an unfair share of the channel bandwidth.
  • the author's proposed modifications to the IEEE 802.11 protocol to simplify detection of such selfish hosts also presented a correction scheme for penalizing selfish misbehavior[1].
  • CORE is the rating based algorithm. Rating is assigned for each nodes based on "reputation" that is evaluated based on each entity's collaborativeness in communication. The author's suggested a generic mechanism is based on reputation to enforce cooperation among the nodes of a MANET (Mobile Ad hoc NETwork) to prevent selfish behavior. Misbehaving nodes will eventually gain a "bad" reputation and thus be excluded from communication by others[5].
  • MANET Mobile Ad hoc NETwork
  • NPL 1 P. Kyasanur and N. H. Vaidya, "Detection and handling of mac layer misbehaviour in wireless networks.” in DSN, 2003, pp. 173-182.
  • NPL 2 S. Marti, T. J. Giuli, K. Lai, and M. Baker, "Mitigating routing misbehaviour in mobile ad hoc networks,” in MobiCom '00: Proceedings of the 6th annual international conference on Mobile computing and networking. ACM Press, 2000, pp. 255-265.
  • NPL 3 Y. Zhang, W. Lee, and Y.-A. Huang, “Intrusion detection techniques for mobile wireless networks," Wireless Network, vol. 9, no. 5, pp. 545-556, 2003.
  • NPL 4 Y. Zhang and W. Lee, "Intrusion detection in wireless ad-hoc networks,” in MobiCom '00: Proceedings of the 6th annual international conference on Mobile computing and networking. New York, NY, USA: ACM Press, 2000, pp. 275-283.
  • NPL 5 P. Michiardi and R. Molva, "Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks," in Proceedings of the IFIP TC6/TC11
  • NPL 6 Sixth Joint Working Conference on Communications and Multimedia Security. Deventer, Netherlands: Kluwer, B.V., 2002, pp. 107-121.
  • NPL 7 F. K.
  • NPL 8 J. Konorski, “Multiple access in ad-hoc wireless lans with non-cooperative stations.” in NETWORKING, 2002, pp. 1141-1146.
  • NPL 9 M. Cagalj, S. Ganeriwal, I. Aad, and J.-P. Hubaux, "On cheating in csma/ca ad hoc networks," in EPFL Technical Report, 2004.
  • NPL 10 Y. Hu, A. Perrig, and D.
  • NPL 11 W. Wang and B. Bhargava, “Visualisation of wormholes in sensor networks,” in Proc. 3rd ACM Workshop Wireless Security, 2004, pp. 51-60.
  • NPL 12 B. Parno, A. Perrig, and V. Gligor, "Distributed detection of node replication attacks in sensor n1etworks," in Proc. IEEE Symposium Security and Privacy, 2005, pp. 49-63.
  • NPL 13 M. Li, I. Koutsopoulos, and R. Poovendran, "Optimal jamming attacks and network defense policies in wireless sensor networks," in Proc.
  • NPL 14 C. Jaikaeo, C. Srisathapornphat, and C.-C. Shen, "Diagnosis of sensor networks," in Proc. IEEE International Conf. Commun., 2001, vol. 5, pp. 1627-1632.
  • NPL 15 J. Staddon, D. Balfanz, and G. Durfee, "Efficient tracing of failed nodes in sensor networks," in Proc. 1st ACM International Workshop Wireless Sensor Networks Applications, 2002, pp. 122-130
  • NPL 16 G. Wang, W. Zhang, and G. Cao, "On supporting distributed collaboration in sensor networks," in Proc. IEEE Military Communi. Conf., 2003, vol. 2, pp.
  • NPL 17 S. Marti, T. Giuli, K. Lai, and M. Baker, "Mitigating routing misbehavior in mobile ad hoc networks," in Proc. 6th Annual International Conference Mobile Computing Networking, 2000, pp. 255-265
  • NPL 18 M. Ding, D. Chen, K. Xing, and X. Cheng, "Localized fault-tolerant event boundary detection in sensor networks," in Proc. IEEE INFOCOM, 2005, vol. 2, pp. 902-913
  • NPL 19 B. Krishnamachari and S. Iyengar, “Distributed Bayesian algorithms for fault-tolerant event region detection in wireless sensor networks," IEEE Trans. Comput., vol. 53, pp. 241-250, 2004.
  • NPL 20 T. Palpanas, D. Papadopoulos, V. Kalogeraki, and D. Gunopulos, "Distributed deviation detection in sensor networks," ACM SIGMOD Record, vol. 32, pp. 77-82, 2003. F. Liu, X. Cheng, and D. Chen, "Insider attacker detection in wireless sensor networks," in Proc. IEEE INFOCOM, 2007, pp. 1937-1945.
  • NPL 21 P. Michiardi and R. Molva, “Core: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks," in Proc. Advanced Commun. Multimedia Security, 2002, pp. 107-121.
  • NPL 22 S. Buchegger and J.-Y. L.
  • Wireless sensor networks in comparison with wired networks are more substantially vulnerable to threats and intrusions.
  • data reliability and trust on data measured are always a main concern.
  • none of them managed to develop a system which is able to identify and drive away all threat to wireless sensor networks. Since, these research works have focused on specific kinds of threats.
  • Nodes in wireless sensor networks are limited in resources, nodes tend to misbehave or act selfish and some nodes may be compromised by attackers. Misbehaviour and selfishness of nodes may lead to make the remote monitoring operator take false decisions about the operations of the plant. So, there should be an approach to identify random changes in data sensing and hopping.
  • an exemplary object of the invention is to provide a method of controlling a plurality of sensors in a sensor system, and a computer program and a computer product tangibly embodied in a machine-readable medium capable of removing a removal node or selecting an incorrect malicious node in the sensor network.
  • a method of controlling a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network being divided into a plurality of cells each including at least one sensor node.
  • the method includes a data collecting step that collects sensor data sensed by the sensing function of the sensor nodes by the central coordinator, a target detection step that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system, a function change step that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell, and an identification step that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
  • a computer product tangibly embodied in a machine-readable medium for a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network where the plurality of the sensor nodes are placed being divided to a plurality of cells where at least one sensor node is placed, the computer product including: a data collecting step that collects sensor data sensed by the sensing function of the sensor nodes by the central coordinator, a target detection step that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system; a function change step that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell, and an identification step that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor no
  • a sensor system includes: a plurality of sensor nodes each including a sensing function and a monitoring function, and a central coordinator that controls the plurality of the sensor nodes.
  • a sensor network where the plurality of the sensor nodes are placed is divided to a plurality of cells where at least one sensor node is placed.
  • the central coordinator includes: a data collecting part that collects sensor data sensed by the sensing function of the sensor nodes, a target detection part that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system, a function change part that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell, and an identification part that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
  • a method of controlling a plurality of sensors in a sensor system, and a computer program and a computer product tangibly embodied in a machine-readable medium can monitor the behaviour of the sensor node without additional watchdog hardware.
  • Fig. 1 is a schematic view showing a sensor system in the sensor networks in the Related Art.
  • Fig. 2A is a schematic view for explaining Level 1 Watchdog node and Level 2 Watchdog node respectively.
  • Fig. 2B is a schematic view for explaining Level 1 Watchdog node and Level 2 Watchdog node respectively.
  • Fig. 3 is a schematic view showing a sensor system in the wireless sensor network of an exemplary embodiment of the present invention.
  • Fig. 4 is a block diagram showing the central coordinator 20 of an exemplary embodiment of the present invention.
  • FIG. 5 is a block diagram showing more detailed central coordinator 20 of an exemplary embodiment of the present invention.
  • Fig. 6 is a schematic view showing a sensor network including sensor routes and watchdog nodes in a sensor network of an exemplary embodiment of the present invention.
  • Fig. 7 is a schematic view showing an example of the tentative target route for sensor network of an exemplary embodiment of the present invention.
  • Fig. 8 is a schematic view showing a second route for sensor network of an exemplary embodiment of the present invention.
  • Fig. 9 is a schematic view showing the sensor system 1 of the exemplary embodiment of the present invention.
  • Fig. 10 is a flow chart showing a method of isolating a selfish node in the sensor network of an exemplary embodiment of the present invention.
  • Fig. 10 is a flow chart showing a method of isolating a selfish node in the sensor network of an exemplary embodiment of the present invention.
  • Fig. 11 is a chart showing the detailed steps of the step SP15 shown in Fig. 10.
  • Fig. 12 is a chart showing the detailed steps of the step SP22 shown in Fig. 11.
  • Fig. 13 is a chart showing the detailed steps of the step SP35 shown in Fig. 12.
  • Fig. 14 is a schematic view showing a watchdog operation in duty cycle in the sensor network of an exemplary embodiment of the present invention.
  • misbehaving nodes present in the wireless sensor network may lead to a false decision by the controller and end up in shutdown of the plant operation.
  • This issue can be solved by using a node called 'watchdog' which will monitor the data traffic between neighbouring nodes.
  • Fig. 1 is a schematic view showing a sensor system in the sensor networks in the Related Art
  • Fig. 2A and Fig. 2B are schematic views for explaining Level 1 Watchdog node and Level 2 Watchdog node respectively.
  • the sensor system 100 of the Related Art follows a hierarchical architecture.
  • the sensor system 100 is divided into smaller parts (hereinafter referred to as "cells") 110.
  • Fig. 2 shows the different layers categorization.
  • Each cell 110 indicates the sensory limit of a cluster head node (hereinafter referred to as "Level 1 Watchdog”) 131.
  • Level 1 Watchdog nodes 131 are in charge of supervising the cells 110.
  • the entire Level 1 watchdog nodes 131 may or may not have the same number of sensors 101 to be monitored, which purely depends on the deployment environment and also the application for which the sensors are deployed.
  • the nodes 132 are regional nodes (hereinafter referred to as "Level 2 Watchdog node”) 132 which should be selected in a way to be located on the cells 110 boundaries to enable their sensory limit to cover a number of the Level 1 Watchdog nodes 131.
  • the sensor system 100 does not necessarily require arranging the sensors 101 in the system in order.
  • the number of the sensors 101 in the cells 110 can be different.
  • the sensor system 100 topology can be changed.
  • the only fixed nodes in the sensor system 100 are the Level 2 Watchdog nodes 132 and Level 1 Watchdog nodes 131 which should be selected at the outset of designing the network by the base station (hereinafter referred to as a "controller") 120.
  • two intrusion detection mechanisms i.e., "signature-based detection” and “anomaly detection” can be incorporated.
  • the normal attacks signatures can be compiled in the controller 120 to be sent to the Level 2 Watchdog nodes 132 and the Level 1 Watchdog nodes 131 in order to detect these signatures.
  • the database included in the controller 120 is able to be updated to detect new attacks (detection based on the attacks signatures).
  • the user can detect the attacks and hence create high security for the sensor network 100.
  • the intrusion detection entities in the target architecture include: Level 1 Watchdog nodes 131: As mentioned earlier, this node is responsible for monitoring the related region. Less power is required. These nodes eavesdrop to the data sent by the nodes under their control, analyze the data and inform their upper nodes (the Level 2 Watchdog nodes 132) of the suspicious cases. In fact, compared to the other sensors, these nodes enjoy more capacities including the intrusion detection program installed on them.
  • Level 2 Watchdog nodes 132 These nodes are in charge of controlling and receiving the information from their neighboring Level 1 Watchdog nodes 131 as well as sending warning message to the upper layer which is the controller 120. More power is required. These nodes have all the abilities of the intrusion detection system. In addition, they allow integration into larger networks. Therefore, even in presence of a large number of sensors, the sensor system 100 can be divided into smaller sections to be easily manageable.
  • the controller 120 is the top level of the sensor system 100 which is directly supported by human force. This station (controller 120) receives information from the Level 2 Watchdog nodes 132, analyzes them and applies the necessary operations and policies to the system. In the cases that message is sent outside of the cells 110, the monitoring is assigned to the upper layer. In this case, the Level 2 Watchdog nodes 132 operate as Watchdog. If the regional nodes are malicious themselves, the upper layer i.e., the controller 120 should detect the malicious nodes by monitoring the Level 2 Watchdog nodes 132 and applying security measures. Thus, in this case the top level of watchdog is the controller 120.
  • the Level 1 Watchdog nodes 131 are responsible for collecting the information related to their cells 110 and sending the information to the upper layer. In the hierarchical design, if the energy of some nodes (in a particular cell) is exhausted, the Level 1 Watchdog node 131 can access the information through other sensors available in that cell 110. Note that, when the energy of the Level 1 Watchdog nodes 131 is exhausted, the controller 120's access to the cell 100's information will be lost, even if other sensors 101 have energy in that cell.
  • the number of cluster head nodes is 25 (20 nodes in the first layer and 5 nodes in the second layer). That is, 25 additional nodes are required for this sensor system 100.
  • the exemplary embodiment of the present invention aims to remove the number of additional nodes required and also aims to simplify the complex algorithm running in the controller.
  • an exemplary embodiment of the present invention introduces a duality function which includes a sensing function and a monitoring function in all the sensor nodes included in a sensor system.
  • a central coordinator of the sensor network detects some abnormality in a received data packet, it can send a control signal to neighbouring nodes where there is some abnormality to change their functionalities, which can act as watchdog nodes, then the central coordinator can identify the misbehaved or selfish node by the monitoring result of the watchdog nodes.
  • the exemplary embodiment of the present invention can find an effective way of isolating the misbehaved or selfish node from the network, with those sensor nodes having the duality function, without computationally intense algorithm and also without use of additional hardware.
  • FIG. 3 is a schematic view showing a sensor system in the wireless sensor network of the exemplary embodiment of the present invention.
  • the sensor system of the exemplary embodiment of the present invention includes a plurality of sensor nodes 11, and a central coordinator 20 that controls the plurality of the sensor nodes 11.
  • a sensor network where the plurality of the sensor nodes 11 is placed is divided to a plurality of cells 10 where at least one sensor node 11 is placed.
  • Each sensor node 11 has a dual function, which means each sensor node 11 includes a sensing function which can sense data and a monitoring function (watchdog function), and for example, the watchdog function can monitor data of the other sensor nodes.
  • a monitoring function watchdog function
  • Described in the present exemplary embodiment is an example in which each sensor node has the dual function, but at least one sensor nodes with the dual function can be placed in each cell in the sensor network and the rest of the nodes may be the sensor nodes having only the sensing functions.
  • the sensor node 11 of the sensor system 1 is capable of sensing, storing and routing data packets among similarly capable nodes having unique network address within the network.
  • the sensor system 1 is divided into logical entities known as cells based on the geography, the coverage area being roughly in hexagonal geometry.
  • the sensor node 11 of the exemplary embodiment has two modes of operations, sensor mode and watchdog mode.
  • the sensor node 11 is capable of performing various wireless sensor network operations (sense, store and communicate). In the sensor mode, the node communicates with other equivalent sensor nodes only.
  • the watchdog mode does not participate in routing of data packets among sensor nodes 11.
  • the watchdog node 31 communicates only with other watchdog nodes 31 and the central coordinator 20.
  • the watchdog node 31 works in a promiscuous mode.
  • the promiscuous mode is a hidden mode to the sensor nodes, and is capable of inspecting packet communication between the sensor nodes.
  • Each watchdog node 31 is capable of monitoring communication within the cell 10 where it is placed. Each watchdog node 31 can also generate an alarm signal to communicate anomaly to the central coordinator 20. One or more watchdog nodes 31 in each of the cell 10 can communicate with each other through a secure network (hereinafter referred to as "watchdog network"). This watchdog network would route the alarm signal generated at the watchdog node 31 to the central coordinator 20.
  • watchdog network a secure network
  • Fig. 4 is a block diagram showing the central coordinator 20 of the exemplary embodiment of the present invention.
  • the central coordinator 20 includes a data collecting part 21, a target detection part 22, a function change part 23, and an identification part 24.
  • the data collecting part 21 collects sensor data sensed by the sensing function of the sensor nodes 11.
  • the target detection part 22 detects a target sensor node or a target cell which sends defect data or has a defect due to either an internal or external problem of the sensor system 1.
  • the function change part 23 changes the sensing function to the monitoring function of at least one sensor node 11 in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell.
  • the identification part 24 identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell. Further the identification part 24 can isolate the defect sensor node or the defect cell from the sensor system 1 after identifying the defect node or cell.
  • the internal problem of the sensor system 1 is, for example, that a sensor node 11 becomes a misbehaver node or a selfish node and sends abnormal data to other sensor nodes 11 or to the central coordinator 20.
  • the external problem of the sensor node 11 is, for example, that someone intrudes into the sensor network and sends a packet including an Error Correction Code Cyclic Redundancy Check code to a specific sensor node 11, or steals packet data from the central coordinator 20 or a specific sensor node 11.
  • Fig. 5 is a block diagram showing more detailed central coordinator 20 of the exemplary embodiment of the present invention.
  • the central coordinator 20 can further include a cell list generator 25 that generates a target cell list including at least one target cell from a detection result of the target detection part 22 for checking if there is a defect in at least one target cell.
  • the function change part 23 changes the sensing function to the monitoring function of at least one sensor node in each target cell listed in the target cell list.
  • the target detection part 22 includes a first detector 22a, a data confirmation part 22b and a second detector 22c.
  • the first detector 22a detects data corruption or random change of sensor data which the collecting part 21 collects.
  • the second detector 22c detects the target sensor node or the target cell from a result of checking for correctness of the data corrupt or the random change of the sensor data detected by the first detector 22a.
  • the data confirmation part 22b confirms the correctness of a result of the first detector 22a.
  • Figs. 6-8 are schematic views showing a sensor system for explaining an operation of the central coordinator 20 of an exemplary embodiment of the present invention.
  • a route Rs1 is a route for sensor network 11, and the route for sensor network Rs passes through a plurality of sensor nodes 11 of a plurality of cells 10.
  • a route Rw is a route for watchdog network, and the route for watchdog network Rw passes through only the watchdog nodes 31. For example, one watchdog node 31 is placed per each cell 10 and the route for watchdog network Rw is made by all watchdog nodes 31.
  • the watchdog node 31 can become the sensor node 11 and the sensor node 11 can become the watchdog node 31 by changing its sensing function or watchdog function by a control signal sent by the central coordinator 20. Therefore, any sensor node 11 can join the watchdog network by changing its functionality into watchdog, and any watchdog node 31 can join the sensor network by changing its functionality into sensing.
  • One route for sensor network Rs can also become another route for sensor network by changing one or more sensor nodes 11 within the route.
  • the data collecting part 21 of the central coordinator 20 collects the sensor data sent from a plurality of routes for sensor network Rs, for example a route for sensor network Rs1.
  • the first detector 22a of the target detection part 22 detects the data corrupt or the random change in the sensor data sent from a route for sensor network Rs and decides this route as a tentative target route.
  • Fig. 7 shows an example of the tentative target route for sensor network. Assume that the tentative target route for sensor network of this example is the route for sensor network Rs1.
  • the data confirmation part 22b of the target detection part 22 re-collects the sensor data sent from the tentative target route for sensor network Rs1 detected by the first detector 22a.
  • the second detector 22c detects a target route including the target sensor node or the target cell from a result of re-checking for correctness of the sensor data sent from the tentative target route for sensor network Rs1.
  • the data confirmation part 22b confirms the correctness of a result of the first detector 22a.
  • the data collecting part 21 of the central coordinator 20 collects the sensor data sent from a plurality of routes for sensor network Rs.
  • the first detector 22a of the target detection part 22 detects the data corrupt or the random change in the sensor data sent from a route for sensor network Rs and decides this route as a first route for sensor network Rs.
  • Fig. 7 also shows another example of the first route for sensor network. Assume that the first route for sensor network of this example is the route for sensor network Rs1.
  • the data confirmation part 22b changes the first route for sensor network Rs1 to a second route for sensor network and collects the sensor data sent from the second route.
  • Fig. 8 shows a second route for sensor network Rs2 in this example. As shown in Fig. 8, the second route for sensor network Rs2 passes through a plurality of the sensor nodes of a plurality of the cells.
  • the second detector 22c detects a target route for sensor network passing through the target sensor node or the target cell from a result of the data confirmation part 22b.
  • the first detector 22a detects a tentative target sensor node or a tentative target cell based on a result of the data collecting part 21. Then, in the first method of generating the second route for sensor network Rs2, the data confirmation part 22b selects the second route for sensor network Rs so as not to include the target sensor node or the target cell. In the second method of generating the second route for sensor network Rs2, the data confirmation part 22b selects the second route for sensor network Rs so as to include a cell near the tentative target cell or a cell near a cell including the tentative target sensor node.
  • the central coordinator 20 can confirm if the tentative target cell or a cell near a cell is an actual misbehaver sensor node or an actual target cell including a misbehaver sensor node or not.
  • the target detection part 22 can detect the target sensor node or the target cell by monitoring a change between current sensor data and previous sensor data in the first route for sensor network Rs1 at first and then by comparing sensor data in the second route for sensor network Rs2 with another sensor data in other route for sensor network Rs, for example.
  • each function or each operation of the central coordinator 20 can be done by either hardware or software, and also the ways of hardware and software can be combined and used in the central coordinator 20.
  • Each function or operation of the sensor node 11 and the watchdog node 31 can be done as well.
  • the sensor data of this sensor node 11 is routed through the route for sensor network Rs in its proximity in the sensor network.
  • the central coordinator 20 receives the anomaly or threat information through a signal (hereinafter referred to as “watchdog signal” or “monitor signal”) routed through the watchdog network.
  • the central coordinator 20 can transmit a signal to the identified sensor node (target sensor node) which generates a threat in order to isolate it from the rest of the wireless sensor network.
  • the internal threat refers to anomalous operation of sensor nodes due to malfunctioning of hardware/software.
  • To isolate it from the sensor network can also enhance for higher layer security and security of the normally functioning sensor nodes from internal and external threats.
  • the new routes such as the second route for sensor network Rs2 are thereafter decided either through existing routing mechanism or randomly by appropriate updating of the routing tables at all concerned nodes or cells (tentative target sensor nodes or tentative target cells).
  • the central coordinator 20 may further inform all sensor nodes of the target sensor nodes through its control interface by forwarding information packets.
  • the watchdog node 31 has to monitor the communication between neighbor sensor nodes 11 within the cell of its placement continuously and report anomaly to the central coordinator 20. Algorithms at the central coordinator 20 would identify threats and command the watchdog nodes and the sensor nodes to isolate the target sensor node or the target cell from the sensor network. The number of iteration of the process to identify the target sensor nodes or target sensor cells will be determined depending on, for example, the topology in the sensor network and/or the number of misbehaving nodes included in the sensor network.
  • the sensor system 1 of the exemplary embodiment does not need for additional watchdog hardware by using the sensor node with dual functionalities. Further, the sensor system 1 does not need additional intense computational algorithms in the sensor node, which leads to an increase in life time of the sensor nodes.
  • the power consumption has always been a challenging issue to be considered in designing these wireless sensor networks.
  • the exemplary embodiment of the present invention does not need additional watchdog nodes due to the sensor nodes with dual functionalities. Therefore, the sensor system 1, while suppressing an energy consumption of the sensor network, can use limited transfer of power of the sensor network efficiently and prevent conspiracy nodes.
  • Fig. 9 is a schematic view showing the sensor system 1 of the exemplary embodiment of the present invention.
  • Fig. 10 is a flow chart showing the method of isolating the selfish node in the sensor network of the exemplary embodiment of the present invention.
  • Figs. 11-13 are flow charts showing the detailed steps of the step SP15 shown in Fig. 10.
  • the sensor network of the exemplary embodiment is associated with the central coordinator 20.
  • the central coordinator 20 identifies drastic change in data expected from certain sensor nodes in network.
  • the central coordinator 20 changes the routing procedure (SP1). For example, as described above, the central coordinator 20 changes the first route for sensor network Rs1 to the second route for sensor network Rs2 and requests the sensor nodes 11 in the second route for sensor network Rs2 to send the sensor data (SP1).
  • the sensor data sensed in the sensor node 11 is hopped through the second route for sensor network Rs2.
  • the central coordinator 20 identifies the misbehaving node(s) by comparing previous sensor data of the first route for sensor network Rs1 stored in a previous route table with new sensor data of the second route for sensor network Rs1 stored in a new route table (SP2). If the central coordinator 20 comes to a conclusion about the intrusion by the result of the comparison, the central coordinator 20 isolates this infected node(s) (target sensor node(s)) from the sensor network (SP3). Note that, the central coordinator 20 can detect either a target sensor node or target sensor cell.
  • the target sensor cell includes a target sensor node.
  • each of these sensor nodes S1-S8 is associated with the particular central coordinator 20 which monitors the variation in data sensed or relayed to other nodes in the sensor network. If this central coordinator 20 finds sudden and/or drastic variations unexpectedly from a certain sensor node (a tentative target sensor node), the route for sensor network Rs would be changed to another route for sensor network Rs so as not to pass the certain sensor node. For example, if the central coordinator 20 determines that the particular sensor node (S6) was misbehaving, the central coordinator 20 may send a control signal to one or more neighboring nodes to change its functionalities from sensing (S3, S5, S7) to watchdog (W1, W2, W3).
  • the watchdog nodes W1, W2 and W3 now can monitor the particular sensor node (S6).
  • the monitoring results of the watchdog nodes W1, W2 and W3 are immediately sent to the central coordinator 20, and then the central coordinator 20 can identify the particular sensor node (S6) as a misbehaving node, and isolate the misbehaving node immediately.
  • the central coordinator 20 would thereafter change the configuration of the isolated node(s) and provide a new key to continue sensing or forwarding data in the network.
  • the central coordinator 20 can transmit information on above-mentioned monitoring and control to a computer 40, and an observer can observe the monitoring and control information displayed on a display of the computer 40.
  • Figs. 10-13 The method of isolating the misbehavior node will be explained by reference to Figs. 10-13.
  • all sensor nodes 11 in the sensor network are equally capable and those capabilities of any of the dual function sensor nodes 11 are not needed to distinguish between the hardware and software.
  • the central coordinator 20 can generate a unique secure control signal to alter the operation of a sensor node 11 to the watchdog node 31 or vice-versa.
  • One of examples of algorithm to select a node to become watchdog is explained hereinafter.
  • the sensor nodes 11 are deployed in the field to sense the desired physical parameters.
  • a sensor data interface such as the central coordinator 20 initially monitors all data coming from the sensor network. In the sensor system 1, based on historical data and heuristics, the central coordinator 20 detects a misbehaving node, or a region of misbehaving nodes within one cell or group of cells as target sensor node(s) or target cell(s).
  • Step SP11 collect sensor data> Firstly, the central coordinator 20 collects the sensor data from the sensor nodes 11. The behaviors of sensed data are continuously monitored by the central coordinator 20. The central coordinator 20 analyzes the behaviors of sensed data and evaluates their data pattern in runtime history. The past sensed data information is stored in a route memory (not shown) of the central coordinator 20.
  • Step SP12 data corrupt/random change>
  • the central coordinator 20 continuously monitors if there is data corrupt or random change in monitored sensor data sent from sensor network by comparing the current sensor data with the previous sensor data, or one sensor data with another.
  • the temperature historical data should be in the range of 50 to 80 degrees Celsius uniformly anywhere the boiler plant.
  • sudden change in temperature is detected by the central coordinator 20 in a small region in the boiler plant, this is sign of an anomaly.
  • the particular boiler in the plant may have multiple sensors within one or more cells.
  • the central coordinator 20 needs to confirm the anomaly as True or False information and, further detects and confirms the misbehaving node.
  • Step SP13 change route or re-check senor data> If the central coordinator 20 observes random behaviors in the sensed data (SP12:YES), the central coordinator 20, for example, immediately changes the present routing table and starts observing the data pattern of a new route (SP13). Assuming that a sensor node 11 which might cause data corrupt or random change or which might be a misbehaver node or an intrusion node in the exemplary embodiment is hereinafter referred to as a tentative target node. The tentative target node might be decided in the later step as a target node in order to be isolated from the sensor network.
  • a cell 10 or cells 10 which may cause data corrupt or random change, or which may include a misbehaver node or an intrusion node can be referred to as a tentative target cell(s) instead, and the later step can decide the tentative target cell as a target cell in order to isolate from the sensor network.
  • Step SP14 check correctness>
  • the central coordinator 20 identifies correctness of the data corrupt or the random change of the sensor data (SP14) by comparing sensor data of the previous route such as a first sensor route with sensor data of the new route such as a second sensor route. As described above, the central coordinator 20 can select a new route so as not to include the tentative target sensor node or the tentative target cell, or select the second route so as to include a cell near the tentative target cell or a cell near a cell including the tentative target sensor node.
  • Another way for identifying the correctness can be done by rechecking the sensor data of the same route.
  • the central coordinator 20 may change measurement conditions such as receiving sensibility of the central coordinator 20, transmission sensibility, and operation mode of the central coordinator 20 or the sensor nodes 11 etc.
  • Step SP15 change functionality to watchdog>
  • the central coordinator 20 decides the sensor data from the tentative target sensor node may not be correct (SP15:NO)
  • the central coordinator 20 changes the functionality of some sensor nodes 11 from sensing to watchdog.
  • the detailed Step SP15 will be explained later.
  • runtime functionality of the watchdog node 31 can be switched from sensing into monitoring by a control signal sent from the central coordinator 20, when the central coordinator 20 receives information about the abnormality of some sensor node 11. Any sensor node 11 can become the watchdog node 31. The functionality of the sensor nodes 11 can be changed based on input from the central coordinator 20.
  • the central coordinator 20 decides the sensor data from the tentative target sensor node is correct in the SP14 (SP14:YES), the operation returns to the Step SP 11.
  • Step SP16 find selfish node>
  • the central coordinator 20 has to perform iteration of Step SP15 until the target node is identified. That is, if one watchdog node 31 is not able to identify the target node, the choice of watchdog node needs to be moved to next.
  • Step SP17 isolate selfish node> If the watchdog node 31 identifies the target node or the target cell (SP16:YES), the watchdog node 31 isolates the target node or the target cell from the network. Then the operation returns to the Step SP11 and continues performing from the Step SP11.
  • the step 15 shows how the central coordinator 20 makes "a cell list" which is listed cells 10 including possible sensor nodes 11 whose functionality will be changed to watchdog.
  • the central coordinator 20 makes the cell list of cells where watchdog functionality is to be activated (SP 21).
  • the cell list generator 25 assigns watchdogs to a cell (i) by using algorithm WD_assignment (Algorithm running at central coordinator to determine the next watchdog within a cell (i)) (SP 22), and keeps performing the step SP22 until all the cells listed in the cell list which the cell list generator 25 made in the step SP21 are assigned with watchdog nodes (SP 23).
  • algorithm WD_assignment Algorithm running at central coordinator to determine the next watchdog within a cell (i)
  • the central coordinator 20 selects random node among sensor nodes (possible watchdog nodes) within the cells listed in the cell list (SP 31).
  • the cell list is made by the cell list generator 25 in the step SP21.
  • the first detector 22a of the central coordinator 20 generates a control signal to scan received signal strength of all neighbor sensor nodes and reports this to the central coordinator 20 (SP 32).
  • the data confirmation part 22b checks if all RSSIs (Received Signal Strength Indication) by promiscuous capture of packets are above a threshold (SP 33).
  • the second detector 22c excludes the current node from watchdog nodes of the cell list (SP 34), then operation returns to the Step SP31.
  • the second detector 22c selects the current node as a watchdog node (SP 35). If all the RSSIs are above the threshold, the node can receive packet data from all nodes in a cell. The node which is able to receive packets in promiscuous mode from all the nodes in a cell is selected as watchdog. This ensures that this node can monitor all communication within the cell, and therefore this node can be selected as the watchdog. Then, the function change part 23 will change the functionality of the node.
  • the target detection part 22 checks if more watchdog nodes 31 for cell (i) need to be assigned (SP 41). If YES, more watchdogs need to be assigned to identify misbehaving node, and return to the Step 22. If the step SP41 is NO, the target detection part 22 further checks if the number of the watchdog node assigned by the central coordinator 20 is more than one (SP 42). If the step 42 is NO, the central coordinator 20 decides that all nodes in the cell 10 should be isolated, as it is impossible to assign any watchdogs in the cell (SP 43). After the step SP42 and the step SP43, the operation returns to Step SP23 in Fig. 11.
  • the central coordinator 20 would decide to isolate the misbehaving node if the misbehavior continues to exceed a certain threshold of the activity. This threshold may be decided on run-time basis by the central coordinator 20 judging the impact of the sensor node that is misbehaving.
  • the following shows some (non-exhaustive) conditions under which the watchdog node 31 will inform the central coordinator 20 of detailed reason for anomaly. That is, the watchdog node 31 informs the central coordinator 20 of it, if a misbehaving node tampers or modifies source address, destination address and next hop routing address, etc., in the packet headers, or if a misbehaving node modifies or deletes partial or whole data content from the packet by means of inspection of the Error Correction Code/Cyclic Redundancy Check code, etc., or if a misbehaving node stops forwarding data packets to the next hop, though it was supposed to do so.
  • the internal threat leads to an intentional/accidental malfunction in existing sensor network nodes. If the central coordinator 20 finds the misbehavior pattern from the one or more sensor nodes to be a confirmed internal threat such as spoofing of information, intentional masquerading of network address, and tamper of data/control information; then the central coordinator 20 concludes that the node is a threat to the proper functioning of the sensor network and commands the watchdog nodes 31 and the sensor nodes 11 to isolate it from the rest of the network. Once the sensor node 11 is isolated from rest of the network, the routing tables in the sensor nodes 11, the watchdog nodes 31 and the central coordinator 20 get updated based on existing routing mechanism, and the data packets are routed accordingly.
  • the central coordinator 20 changes the configuration of the infected nodes, and provides a new key to the rest of the sensor nodes 11 in order to continue sensing/ hopping for the network.
  • the central coordinator 20 may send a control signal to the watchdog nodes 31 to change the functionality into sensing.
  • the sensor system 1 can collect the sensor data by using all of the nodes.
  • the central coordinator 20 learns a single watchdog mode may not be reliable, for example when the watchdog node may itself be incorrectly reporting to the central coordinator 20, it may configure at least one more node to watchdog operation.
  • the sensor node 11 may adapt its functionality using a duty cycle mechanism as shown in Fig. 14 based on the context derived in the sensor network.
  • the nodes with dual function can function with the sense or watchdog mode as desired by the central coordinator 20.
  • the duty cycling in time requires a hardware-software tuning when it can associate with either the sensor network or the watchdog network through time division multiplexing operation.
  • the watchdog duty cycle ratio determines the percentage of time the node spends in the watchdog mode versus the node spends in the sense mode. This parameter can be tuned based on the need by the central coordinator 20 to achieve desired result.
  • the central coordinator 20 can take this decision based on environmental context. For example in the city temperature monitoring example, measuring 0 degree in a small area of the city in summer clearly is an anomaly. The context of summer and outdoor temperature can be used to take this decision. Since this is a non-real time necessity, a dedicated watchdog continuously monitoring the anomalous node may not be required. A low watchdog duty cycle can be implemented in the neighboring nodes by the central coordinator 20 to monitor this situation.
  • the exemplary embodiment of the present invention can identify the misbehaving node, and isolate/exclude it from the sensor network without additional hardware or an intense data analysis algorithm by controlling the functionalities of the sensor nodes 11 with dual function.
  • the sensor system 1 of the exemplary embodiment of the present invention can suppress an energy consumption of the sensor network due to the use of the sensor nodes 11 with dual function by reducing additional watchdog nodes. Therefore, the sensor system 1 can use efficiently limited power transfer of the sensor network and prevent conspiracy node.
  • the sensor system of the exemplary embodiment of the present invention assigns a dual function sensor node to watchdog node only when the central coordinator 20 detects an anomaly. In this manner, the sensor system of the exemplary embodiment of the present invention avoids placement of one or more dedicated watchdog node in each of the cell belonging to a wireless sensor network. The watchdog is more power consuming node and hence minimizing the activity duration of watchdog mode will minimize the power consumption.
  • Non-transitory computer readable media include any type of tangible storage media. Examples of non-transitory computer readable media include magnetic storage media (such as floppy disks, magnetic tapes, hard disk drives, etc.), optical magnetic storage media (e.g.
  • the program may be provided to a computer using any type of transitory computer readable media.
  • transitory computer readable media include electric signals, optical signals, and electromagnetic waves.
  • Transitory computer readable media can provide the program to a computer via a wired communication line (e.g. electric wires, and optical fibers) or a wireless communication line.
  • a method of controlling a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network being divided into a plurality of cells each including at least one sensor node, the method comprising: a data collecting step that collects sensor data sensed by the sensing function of the sensor nodes by the central coordinator; a target detection step that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system; a function change step that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell; and an identification step that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
  • (Supplementary note 2) The method of controlling a sensor system according a sensor system to Supplementary note 1, further comprising: a cell list generating step that generates a target cell list including at least one target cell from a result of the target detection step for checking if there is the defect in the at least one target cell, wherein the function change step changes the sensing function to the monitoring function of at least one sensor node in each target cell listed in the target cell list.
  • the target detection step includes: a first detection step that detects data corrupt or random change of sensor data collected by the data collecting step, and a second detection step that detects the target sensor node or the target cell from a result of checking for correctness of the data corrupt or the random change of the sensor data detected by the first detection step.
  • the target detection step further includes a data confirmation step that confirms the correctness of a result of the first detection step
  • the data collecting step collects the sensor data sent from a plurality of routes, a route passing through a plurality of sensor nodes of a plurality of cells
  • the first detection step detects a tentative target route, the data corrupt or the random change being detected from sensor data sent from the tentative target route
  • the data confirmation step re-collects the sensor data sent from the tentative target route detected by the first detection step
  • the second detection step detects a target route including the target sensor node or the target cell from a result of re-checking for correctness of the sensor data sent from the tentative target route.
  • the target detection step further includes a data confirmation step that confirms the correctness of a result of the first detection step
  • the data collecting step collects the sensor data sent from a plurality of routes, a route passing through a plurality of the sensor nodes of a plurality of the cells
  • the first detection step detects a first route, the data corrupt or the random change being detected from sensor data sent from the first route
  • the data confirmation step changes the first route to a second route and collects the sensor data sent from the second route, the second route passing through a plurality of the sensor nodes of a plurality of the cells
  • the second detection step detects a target route passing through the target sensor node or the target cell from a result of the data confirmation step.
  • a computer product tangibly embodied in a machine-readable medium for a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network where the plurality of the sensor nodes are placed being divided to a plurality of cells where at least one sensor node is placed, the computer product comprising: a data collecting step that collects sensor data sensed by the sensing function of the sensor nodes by the central coordinator; a target detection step that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system; a function change step that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell; and an identification step that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell
  • a sensor system comprising: a plurality of sensor nodes each including a sensing function and a monitoring function; and a central coordinator that controls the plurality of the sensor nodes, wherein a sensor network where the plurality of the sensor nodes are placed being divided to a plurality of cells where at least one sensor node is placed, the central coordinator includes: a data collecting part that collects sensor data sensed by the sensing function of the sensor nodes, a target detection part that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system, a function change part that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell, and an identification part that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
  • the sensor system according to Supplementary note 12, further comprising: a cell list generator that generates a target cell list including at least one target cell from a result of the target detection part for checking if there is the defect in the at least one target cell, wherein the function change part changes the sensing function to the monitoring function of at least one sensor node in each target cell listed in the target cell list.
  • the target detection part includes: a first detector that detects data corrupt or random change of sensor data collected by the data collecting part, and a second detector that detects the target sensor node or the target cell from a result of checking for correctness of the data corrupt or the random change of the sensor data detected by the first detector.
  • the target detection part further includes a data confirmation part that confirms the correctness of a result of the first detector
  • the data collecting part collects the sensor data sent from a plurality of routes, a route passing through a plurality of sensor nodes of a plurality of cells
  • the first detector detects a tentative target route, the data corrupt or the random change being detected from sensor data sent from the tentative target route
  • the data confirmation part re-collects the sensor data sent from the tentative target route detected by the first detector
  • the second detector detects a target route including the target sensor node or the target cell from a result of re-checking for correctness of the sensor data sent from the tentative target route.
  • the target detection part further includes a data confirmation part that confirms the correctness of a result of the first detector
  • the data collecting part collects the sensor data sent from a plurality of routes, a route passing through a plurality of the sensor nodes of a plurality of the cells
  • the first detector detects a first route, the data corrupt or the random change being detected from sensor data sent from the first route
  • the data confirmation part changes the first route to a second route and collects the sensor data sent from the second route, the second route passing through a plurality of the sensor nodes of a plurality of the cells
  • the second detector detects a target route passing through the target sensor node or the target cell from a result of the data confirmation part.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A sensor system includes a plurality of sensor nodes that each includes a sensing function and a monitoring function, and a central coordinator. A sensor network is divided to a plurality of cells where at least one sensor node is placed. The central coordinator includes a data collecting part, a target detection part that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system, a function change part that changes the sensing function to the monitoring function of at least one sensor node in each target cell, and an identification part that identifies a defect sensor node from a result of monitoring the target sensor node or the target cell.

Description

A METHOD OF CONTROLLING A PLURALITY OF SENSOR NODES, COMPUTER PRODUCT TANGIBLY EMBODIED IN A MACHINE-READABLE MEDIUM, AND A SENSOR SYSTEM
This invention is related to a method of controlling a plurality of sensors in a sensor system, a computer product tangibly embodied in a machine-readable medium for controlling the plurality of the sensor nodes and a sensor system, more specifically, to a method, a computer product and a sensor system for a wireless sensor system.
In wireless sensor network, field sensors are used to collect the data and pass it to the controller through the neighboring node. Sensor network deployed in remote area(s) would be prone to Denial of Service (DOS) due to selfishness and misbehaving sensor nodes present in the network. DOS of any one sensor present in the network will result in loss of data packet or receiving the impaired data packet.
For example, assume that wireless sensor network is deployed for temperature monitoring application in an oil plant. The data collected from one temperature sensor node will reach the controller through the neighboring sensor nodes (forwarding sensor node). In this situation, if some sensor node starts transmitting the random data due to its selfishness or misbehavior, it leads to a creation of false alarm or shutting down of the entire plant, resulting in huge loss in the production.
In another scenario, a particular sensor node supposed to act as router for the neighboring sensor node that would start refusing to route the data packet will also lead to loss of data packet due to its selfishness. There are various countermeasure methods suggested in the literature to detect DOS in wireless sensor network[1-23].
Countering scheme for the IEEE 802.11 protocol: Wireless Medium Access Control (MAC) protocols such as IEEE 802.11 use distributed contention resolution mechanisms for sharing the wireless channel. In this environment, selfish hosts that fail to adhere to the MAC protocol may obtain an unfair share of the channel bandwidth. The author's proposed modifications to the IEEE 802.11 protocol to simplify detection of such selfish hosts also presented a correction scheme for penalizing selfish misbehavior[1].
Sergio Marti et al. proposed a method to identify the misbehaved node (the nodes that agree to forward packets but fail to do so) using watchdog and suggested alternate re-routing method to solve this issue[2]. Note that, the above two papers didn't suggest any methods for isolating the misbehaved sensor node.
CORE is the rating based algorithm. Rating is assigned for each nodes based on "reputation" that is evaluated based on each entity's collaborativeness in communication. The author's suggested a generic mechanism is based on reputation to enforce cooperation among the nodes of a MANET (Mobile Ad hoc NETwork) to prevent selfish behavior. Misbehaving nodes will eventually gain a "bad" reputation and thus be excluded from communication by others[5].
Frank Kargl et al.[6] have presented another method to use multiple monitoring sensors active in parallel to detect the selfish node. Since they suggested using at least one sensor for monitoring, there is a high possibility of identifying and excluding the misbehaved node from the network.
In 2012, an improved watchdog technique was proposed by A. Forootaninia and M. B. Ghaznavi-Ghoushchi, based on power-aware hierarchical design using multi level watchdog[23].
They proposed an approach for implementing a new intrusion detection system to increase the network's lifetime and security level.
NPL 1: P. Kyasanur and N. H. Vaidya, "Detection and handling of mac layer misbehaviour in wireless networks." in DSN, 2003, pp. 173-182.
NPL 2: S. Marti, T. J. Giuli, K. Lai, and M. Baker, "Mitigating routing misbehaviour in mobile ad hoc networks," in MobiCom '00: Proceedings of the 6th annual international conference on Mobile computing and networking. ACM Press, 2000, pp. 255-265.
NPL 3: Y. Zhang, W. Lee, and Y.-A. Huang, "Intrusion detection techniques for mobile wireless networks," Wireless Network, vol. 9, no. 5, pp. 545-556, 2003.
NPL 4: Y. Zhang and W. Lee, "Intrusion detection in wireless ad-hoc networks," in MobiCom '00: Proceedings of the 6th annual international conference on Mobile computing and networking. New York, NY, USA: ACM Press, 2000, pp. 275-283.
NPL 5: P. Michiardi and R. Molva, "Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks," in Proceedings of the IFIP TC6/TC11
NPL 6: Sixth Joint Working Conference on Communications and Multimedia Security. Deventer, Netherlands: Kluwer, B.V., 2002, pp. 107-121.
NPL 7: F. K. Andreas, "Sensors for detection of misbehaving nodes in manets."[Online]. Available: http://medien.informatik.uniulm.de/forschung/publikationen/dimva2004.pdf
NPL 8: J. Konorski, "Multiple access in ad-hoc wireless lans with non-cooperative stations." in NETWORKING, 2002, pp. 1141-1146.
NPL 9: M. Cagalj, S. Ganeriwal, I. Aad, and J.-P. Hubaux, "On cheating in csma/ca ad hoc networks," in EPFL Technical Report, 2004.
NPL 10: Y. Hu, A. Perrig, and D. Johnson, "Packet leashes: A defense against wormhole attacks in Wireless ad hoc networks," in Proc. IEEE INFOCOM, 2003.
NPL 11: W. Wang and B. Bhargava, "Visualisation of wormholes in sensor networks," in Proc. 3rd ACM Workshop Wireless Security, 2004, pp. 51-60.
NPL 12: B. Parno, A. Perrig, and V. Gligor, "Distributed detection of node replication attacks in sensor n1etworks," in Proc. IEEE Symposium Security and Privacy, 2005, pp. 49-63.
NPL 13: M. Li, I. Koutsopoulos, and R. Poovendran, "Optimal jamming attacks and network defense policies in wireless sensor networks," in Proc. IEEE INFOCOM, 2007, pp. 1307-1315.
NPL 14: C. Jaikaeo, C. Srisathapornphat, and C.-C. Shen, "Diagnosis of sensor networks," in Proc. IEEE International Conf. Commun., 2001, vol. 5, pp. 1627-1632.
NPL 15: J. Staddon, D. Balfanz, and G. Durfee, "Efficient tracing of failed nodes in sensor networks," in Proc. 1st ACM International Workshop Wireless Sensor Networks Applications, 2002, pp. 122-130
NPL 16: G. Wang, W. Zhang, and G. Cao, "On supporting distributed collaboration in sensor networks," in Proc. IEEE Military Communi. Conf., 2003, vol. 2, pp. 752-757.
NPL 17: S. Marti, T. Giuli, K. Lai, and M. Baker, "Mitigating routing misbehavior in mobile ad hoc networks," in Proc. 6th Annual International Conference Mobile Computing Networking, 2000, pp. 255-265
NPL 18: M. Ding, D. Chen, K. Xing, and X. Cheng, "Localized fault-tolerant event boundary detection in sensor networks," in Proc. IEEE INFOCOM, 2005, vol. 2, pp. 902-913
NPL 19: B. Krishnamachari and S. Iyengar, "Distributed Bayesian algorithms for fault-tolerant event region detection in wireless sensor networks," IEEE Trans. Comput., vol. 53, pp. 241-250, 2004.
NPL 20: T. Palpanas, D. Papadopoulos, V. Kalogeraki, and D. Gunopulos, "Distributed deviation detection in sensor networks," ACM SIGMOD Record, vol. 32, pp. 77-82, 2003.
F. Liu, X. Cheng, and D. Chen, "Insider attacker detection in wireless sensor networks," in Proc. IEEE INFOCOM, 2007, pp. 1937-1945.
NPL 21: P. Michiardi and R. Molva, "Core: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks," in Proc. Advanced Commun. Multimedia Security, 2002, pp. 107-121.
NPL 22: S. Buchegger and J.-Y. L. Boudec, "Nodes bearing grudges: Towards routing security, fairness, and robustness in mobile ad hoc networks," in Proc. 10th Euromicro Workshop Parallel, Distributed Network-Based Processing, 2002, pp. 403-410.
NPL 23: A. Forootaninia and M. B. Ghaznavi-Ghoushchi, An Improved watchdog technique based on power-aware hierarchical design for IDS in Wireless sensor networks,' International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012.
Wireless sensor networks in comparison with wired networks are more substantially vulnerable to threats and intrusions. In remote monitoring sensor network application, data reliability and trust on data measured are always a main concern. In spite of the high volume of research and studies which tried to propose an efficient intrusion detection system, none of them managed to develop a system which is able to identify and drive away all threat to wireless sensor networks. Since, these research works have focused on specific kinds of threats.
Nodes in wireless sensor networks are limited in resources, nodes tend to misbehave or act selfish and some nodes may be compromised by attackers. Misbehaviour and selfishness of nodes may lead to make the remote monitoring operator take false decisions about the operations of the plant. So, there should be an approach to identify random changes in data sensing and hopping.
In WSN, a third person can monitor the information or link to the network. So, preventing these intrusions by detecting them has also become another most demanding challenge.
Most of countermeasure methods discussed above to solve the issue of the denial of service (i.e., identify and isolate the selfish or misbehaved nodes from the entire network) are either using an additional hardware or using an intense data analysis algorithm.
To address the above problems, an exemplary object of the invention is to provide a method of controlling a plurality of sensors in a sensor system, and a computer program and a computer product tangibly embodied in a machine-readable medium capable of removing a removal node or selecting an incorrect malicious node in the sensor network.
In one embodiment, there is provided a method of controlling a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network being divided into a plurality of cells each including at least one sensor node. The method includes a data collecting step that collects sensor data sensed by the sensing function of the sensor nodes by the central coordinator, a target detection step that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system, a function change step that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell, and an identification step that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
According to another exemplary aspect of the present invention, there is provided a computer product tangibly embodied in a machine-readable medium for a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network where the plurality of the sensor nodes are placed being divided to a plurality of cells where at least one sensor node is placed, the computer product including: a data collecting step that collects sensor data sensed by the sensing function of the sensor nodes by the central coordinator, a target detection step that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system; a function change step that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell, and an identification step that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
According to another exemplary aspect of the present invention, a sensor system includes: a plurality of sensor nodes each including a sensing function and a monitoring function, and a central coordinator that controls the plurality of the sensor nodes. A sensor network where the plurality of the sensor nodes are placed is divided to a plurality of cells where at least one sensor node is placed. The central coordinator includes: a data collecting part that collects sensor data sensed by the sensing function of the sensor nodes, a target detection part that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system, a function change part that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell, and an identification part that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
A method of controlling a plurality of sensors in a sensor system, and a computer program and a computer product tangibly embodied in a machine-readable medium can monitor the behaviour of the sensor node without additional watchdog hardware.
These and other features and characteristics of the present invention, as well as the methods of operation and functions of the related elements of structures and the combination of parts and economies of manufacture, will become more apparent upon consideration of the following description and the appended claims with reference to the accompanying drawings, all of which form a part of this specification, wherein like reference numerals designate corresponding parts in the various figures. It is to be expressly understood, however, that the drawings are for the purpose of illustration and description only and are not intended as a definition of the limits of the invention. As used in the specification and the claims, the singular form of "a", "an", and "the" include plural referents unless the context clearly dictates otherwise.
The above and other objects, advantages and features of the present invention will be more apparent from the following description of certain preferred embodiments taken in conjunction with the accompanying drawings, in which:
Fig. 1 is a schematic view showing a sensor system in the sensor networks in the Related Art. Fig. 2A is a schematic view for explaining Level 1 Watchdog node and Level 2 Watchdog node respectively. Fig. 2B is a schematic view for explaining Level 1 Watchdog node and Level 2 Watchdog node respectively. Fig. 3 is a schematic view showing a sensor system in the wireless sensor network of an exemplary embodiment of the present invention. Fig. 4 is a block diagram showing the central coordinator 20 of an exemplary embodiment of the present invention. Fig. 5 is a block diagram showing more detailed central coordinator 20 of an exemplary embodiment of the present invention. Fig. 6 is a schematic view showing a sensor network including sensor routes and watchdog nodes in a sensor network of an exemplary embodiment of the present invention. Fig. 7 is a schematic view showing an example of the tentative target route for sensor network of an exemplary embodiment of the present invention. Fig. 8 is a schematic view showing a second route for sensor network of an exemplary embodiment of the present invention. Fig. 9 is a schematic view showing the sensor system 1 of the exemplary embodiment of the present invention. Fig. 10 is a flow chart showing a method of isolating a selfish node in the sensor network of an exemplary embodiment of the present invention. Fig. 11 is a chart showing the detailed steps of the step SP15 shown in Fig. 10. Fig. 12 is a chart showing the detailed steps of the step SP22 shown in Fig. 11. Fig. 13 is a chart showing the detailed steps of the step SP35 shown in Fig. 12. Fig. 14 is a schematic view showing a watchdog operation in duty cycle in the sensor network of an exemplary embodiment of the present invention.
As described above, misbehaving nodes present in the wireless sensor network may lead to a false decision by the controller and end up in shutdown of the plant operation. This issue can be solved by using a node called 'watchdog' which will monitor the data traffic between neighbouring nodes.
To understand the exemplary embodiment of the present invention more easily, before describing the sensor system of the exemplary embodiment of the present invention, a wireless sensor network (WSN) system of the Related Art (NPL 23) will be explained first. Fig. 1 is a schematic view showing a sensor system in the sensor networks in the Related Art, and Fig. 2A and Fig. 2B are schematic views for explaining Level 1 Watchdog node and Level 2 Watchdog node respectively.
Constitution of Related Art
The sensor system 100 of the Related Art follows a hierarchical architecture. The sensor system 100 is divided into smaller parts (hereinafter referred to as "cells") 110. Fig. 2 shows the different layers categorization. Each cell 110 indicates the sensory limit of a cluster head node (hereinafter referred to as "Level 1 Watchdog") 131. The Level 1 Watchdog nodes 131 are in charge of supervising the cells 110. The entire Level 1 watchdog nodes 131 may or may not have the same number of sensors 101 to be monitored, which purely depends on the deployment environment and also the application for which the sensors are deployed.
According to this division, the nodes 132 are regional nodes (hereinafter referred to as "Level 2 Watchdog node") 132 which should be selected in a way to be located on the cells 110 boundaries to enable their sensory limit to cover a number of the Level 1 Watchdog nodes 131. The sensor system 100 does not necessarily require arranging the sensors 101 in the system in order.
The number of the sensors 101 in the cells 110 can be different. The sensor system 100 topology can be changed. The only fixed nodes in the sensor system 100 are the Level 2 Watchdog nodes 132 and Level 1 Watchdog nodes 131 which should be selected at the outset of designing the network by the base station (hereinafter referred to as a "controller") 120.
In the sensor system 100, two intrusion detection mechanisms i.e., "signature-based detection" and "anomaly detection" can be incorporated. The normal attacks signatures can be compiled in the controller 120 to be sent to the Level 2 Watchdog nodes 132 and the Level 1 Watchdog nodes 131 in order to detect these signatures. The database included in the controller 120 is able to be updated to detect new attacks (detection based on the attacks signatures). In addition, using the techniques of detecting abnormality in the first level by the Level 1 Watchdog nodes 131, the user can detect the attacks and hence create high security for the sensor network 100.
The intrusion detection entities in the target architecture include:
Level 1 Watchdog nodes 131:
As mentioned earlier, this node is responsible for monitoring the related region. Less power is required. These nodes eavesdrop to the data sent by the nodes under their control, analyze the data and inform their upper nodes (the Level 2 Watchdog nodes 132) of the suspicious cases. In fact, compared to the other sensors, these nodes enjoy more capacities including the intrusion detection program installed on them.
Level 2 Watchdog nodes 132:
These nodes are in charge of controlling and receiving the information from their neighboring Level 1 Watchdog nodes 131 as well as sending warning message to the upper layer which is the controller 120. More power is required. These nodes have all the abilities of the intrusion detection system. In addition, they allow integration into larger networks. Therefore, even in presence of a large number of sensors, the sensor system 100 can be divided into smaller sections to be easily manageable.
Controller 120:
The controller 120 is the top level of the sensor system 100 which is directly supported by human force. This station (controller 120) receives information from the Level 2 Watchdog nodes 132, analyzes them and applies the necessary operations and policies to the system. In the cases that message is sent outside of the cells 110, the monitoring is assigned to the upper layer. In this case, the Level 2 Watchdog nodes 132 operate as Watchdog. If the regional nodes are malicious themselves, the upper layer i.e., the controller 120 should detect the malicious nodes by monitoring the Level 2 Watchdog nodes 132 and applying security measures. Thus, in this case the top level of watchdog is the controller 120.
As mentioned earlier, the Level 1 Watchdog nodes 131 are responsible for collecting the information related to their cells 110 and sending the information to the upper layer. In the hierarchical design, if the energy of some nodes (in a particular cell) is exhausted, the Level 1 Watchdog node 131 can access the information through other sensors available in that cell 110. Note that, when the energy of the Level 1 Watchdog nodes 131 is exhausted, the controller 120's access to the cell 100's information will be lost, even if other sensors 101 have energy in that cell.
Assuming that there are 100 sensor nodes 101 in total, and if the maximum number of the possible nodes per cell is 5, then 20 cells can be put into the first layer. Similarly, if the maximum number of the possible nodes in the cells of the second layer is 4, then 5 cells can be put into the second layer. Therefore, the number of cluster head nodes is 25 (20 nodes in the first layer and 5 nodes in the second layer). That is, 25 additional nodes are required for this sensor system 100.
The exemplary embodiment of the present invention aims to remove the number of additional nodes required and also aims to simplify the complex algorithm running in the controller.
To achieve this, an exemplary embodiment of the present invention introduces a duality function which includes a sensing function and a monitoring function in all the sensor nodes included in a sensor system. In short, when a central coordinator of the sensor network detects some abnormality in a received data packet, it can send a control signal to neighbouring nodes where there is some abnormality to change their functionalities, which can act as watchdog nodes, then the central coordinator can identify the misbehaved or selfish node by the monitoring result of the watchdog nodes.
Thus, the exemplary embodiment of the present invention can find an effective way of isolating the misbehaved or selfish node from the network, with those sensor nodes having the duality function, without computationally intense algorithm and also without use of additional hardware.
Constitution of a sensor system of an exemplary embodiment
Next a constitution of the exemplary embodiment of the present invention will be explained. Fig. 3 is a schematic view showing a sensor system in the wireless sensor network of the exemplary embodiment of the present invention.
As shown in Fig. 3, the sensor system of the exemplary embodiment of the present invention includes a plurality of sensor nodes 11, and a central coordinator 20 that controls the plurality of the sensor nodes 11. A sensor network where the plurality of the sensor nodes 11 is placed is divided to a plurality of cells 10 where at least one sensor node 11 is placed.
Each sensor node 11 has a dual function, which means each sensor node 11 includes a sensing function which can sense data and a monitoring function (watchdog function), and for example, the watchdog function can monitor data of the other sensor nodes. Described in the present exemplary embodiment is an example in which each sensor node has the dual function, but at least one sensor nodes with the dual function can be placed in each cell in the sensor network and the rest of the nodes may be the sensor nodes having only the sensing functions.
The sensor node 11 of the sensor system 1 is capable of sensing, storing and routing data packets among similarly capable nodes having unique network address within the network. The sensor system 1 is divided into logical entities known as cells based on the geography, the coverage area being roughly in hexagonal geometry.
The sensor node 11 of the exemplary embodiment has two modes of operations, sensor mode and watchdog mode. The sensor node 11 is capable of performing various wireless sensor network operations (sense, store and communicate). In the sensor mode, the node communicates with other equivalent sensor nodes only.
The watchdog mode does not participate in routing of data packets among sensor nodes 11. In the watchdog mode, the watchdog node 31 communicates only with other watchdog nodes 31 and the central coordinator 20. The watchdog node 31 works in a promiscuous mode. The promiscuous mode is a hidden mode to the sensor nodes, and is capable of inspecting packet communication between the sensor nodes.
Each watchdog node 31 is capable of monitoring communication within the cell 10 where it is placed. Each watchdog node 31 can also generate an alarm signal to communicate anomaly to the central coordinator 20. One or more watchdog nodes 31 in each of the cell 10 can communicate with each other through a secure network (hereinafter referred to as "watchdog network"). This watchdog network would route the alarm signal generated at the watchdog node 31 to the central coordinator 20.
Fig. 4 is a block diagram showing the central coordinator 20 of the exemplary embodiment of the present invention. As shown in Fig. 4, the central coordinator 20 includes a data collecting part 21, a target detection part 22, a function change part 23, and an identification part 24.
The data collecting part 21 collects sensor data sensed by the sensing function of the sensor nodes 11. The target detection part 22 detects a target sensor node or a target cell which sends defect data or has a defect due to either an internal or external problem of the sensor system 1. The function change part 23 changes the sensing function to the monitoring function of at least one sensor node 11 in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell. The identification part 24 identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell. Further the identification part 24 can isolate the defect sensor node or the defect cell from the sensor system 1 after identifying the defect node or cell.
The internal problem of the sensor system 1 is, for example, that a sensor node 11 becomes a misbehaver node or a selfish node and sends abnormal data to other sensor nodes 11 or to the central coordinator 20. The external problem of the sensor node 11 is, for example, that someone intrudes into the sensor network and sends a packet including an Error Correction Code Cyclic Redundancy Check code to a specific sensor node 11, or steals packet data from the central coordinator 20 or a specific sensor node 11.
Fig. 5 is a block diagram showing more detailed central coordinator 20 of the exemplary embodiment of the present invention. The central coordinator 20 can further include a cell list generator 25 that generates a target cell list including at least one target cell from a detection result of the target detection part 22 for checking if there is a defect in at least one target cell. The function change part 23 changes the sensing function to the monitoring function of at least one sensor node in each target cell listed in the target cell list.
Further the target detection part 22 includes a first detector 22a, a data confirmation part 22b and a second detector 22c. The first detector 22a detects data corruption or random change of sensor data which the collecting part 21 collects. The second detector 22c detects the target sensor node or the target cell from a result of checking for correctness of the data corrupt or the random change of the sensor data detected by the first detector 22a. The data confirmation part 22b confirms the correctness of a result of the first detector 22a.
Figs. 6-8 are schematic views showing a sensor system for explaining an operation of the central coordinator 20 of an exemplary embodiment of the present invention. As shown in Fig. 6, a route Rs1 is a route for sensor network 11, and the route for sensor network Rs passes through a plurality of sensor nodes 11 of a plurality of cells 10.
A route Rw is a route for watchdog network, and the route for watchdog network Rw passes through only the watchdog nodes 31. For example, one watchdog node 31 is placed per each cell 10 and the route for watchdog network Rw is made by all watchdog nodes 31.
Note that, as described later, the watchdog node 31 can become the sensor node 11 and the sensor node 11 can become the watchdog node 31 by changing its sensing function or watchdog function by a control signal sent by the central coordinator 20. Therefore, any sensor node 11 can join the watchdog network by changing its functionality into watchdog, and any watchdog node 31 can join the sensor network by changing its functionality into sensing. In this exemplary embodiment, there is a plurality of routes in the sensor network. One route for sensor network Rs can also become another route for sensor network by changing one or more sensor nodes 11 within the route.
In one example, the data collecting part 21 of the central coordinator 20 collects the sensor data sent from a plurality of routes for sensor network Rs, for example a route for sensor network Rs1. The first detector 22a of the target detection part 22 detects the data corrupt or the random change in the sensor data sent from a route for sensor network Rs and decides this route as a tentative target route. Fig. 7 shows an example of the tentative target route for sensor network. Assume that the tentative target route for sensor network of this example is the route for sensor network Rs1.
The data confirmation part 22b of the target detection part 22 re-collects the sensor data sent from the tentative target route for sensor network Rs1 detected by the first detector 22a. The second detector 22c detects a target route including the target sensor node or the target cell from a result of re-checking for correctness of the sensor data sent from the tentative target route for sensor network Rs1.
In another example, the data confirmation part 22b confirms the correctness of a result of the first detector 22a. The data collecting part 21 of the central coordinator 20 collects the sensor data sent from a plurality of routes for sensor network Rs. The first detector 22a of the target detection part 22 detects the data corrupt or the random change in the sensor data sent from a route for sensor network Rs and decides this route as a first route for sensor network Rs. Fig. 7 also shows another example of the first route for sensor network. Assume that the first route for sensor network of this example is the route for sensor network Rs1.
The data confirmation part 22b changes the first route for sensor network Rs1 to a second route for sensor network and collects the sensor data sent from the second route. Fig. 8 shows a second route for sensor network Rs2 in this example. As shown in Fig. 8, the second route for sensor network Rs2 passes through a plurality of the sensor nodes of a plurality of the cells. The second detector 22c detects a target route for sensor network passing through the target sensor node or the target cell from a result of the data confirmation part 22b.
A method of generating/selecting the second route for sensor network Rs2 will be explained hereinafter. The first detector 22a detects a tentative target sensor node or a tentative target cell based on a result of the data collecting part 21. Then, in the first method of generating the second route for sensor network Rs2, the data confirmation part 22b selects the second route for sensor network Rs so as not to include the target sensor node or the target cell. In the second method of generating the second route for sensor network Rs2, the data confirmation part 22b selects the second route for sensor network Rs so as to include a cell near the tentative target cell or a cell near a cell including the tentative target sensor node.
In either the first or second method, the central coordinator 20 can confirm if the tentative target cell or a cell near a cell is an actual misbehaver sensor node or an actual target cell including a misbehaver sensor node or not. The target detection part 22 can detect the target sensor node or the target cell by monitoring a change between current sensor data and previous sensor data in the first route for sensor network Rs1 at first and then by comparing sensor data in the second route for sensor network Rs2 with another sensor data in other route for sensor network Rs, for example.
Note that, each function or each operation of the central coordinator 20 can be done by either hardware or software, and also the ways of hardware and software can be combined and used in the central coordinator 20. Each function or operation of the sensor node 11 and the watchdog node 31 can be done as well.
The sensor data of this sensor node 11 is routed through the route for sensor network Rs in its proximity in the sensor network. The central coordinator 20 receives the anomaly or threat information through a signal (hereinafter referred to as "watchdog signal" or "monitor signal") routed through the watchdog network.
The central coordinator 20 can transmit a signal to the identified sensor node (target sensor node) which generates a threat in order to isolate it from the rest of the wireless sensor network. For example, the internal threat refers to anomalous operation of sensor nodes due to malfunctioning of hardware/software. To isolate it from the sensor network can also enhance for higher layer security and security of the normally functioning sensor nodes from internal and external threats.
The new routes such as the second route for sensor network Rs2 are thereafter decided either through existing routing mechanism or randomly by appropriate updating of the routing tables at all concerned nodes or cells (tentative target sensor nodes or tentative target cells). The central coordinator 20 may further inform all sensor nodes of the target sensor nodes through its control interface by forwarding information packets.
The watchdog node 31 has to monitor the communication between neighbor sensor nodes 11 within the cell of its placement continuously and report anomaly to the central coordinator 20. Algorithms at the central coordinator 20 would identify threats and command the watchdog nodes and the sensor nodes to isolate the target sensor node or the target cell from the sensor network. The number of iteration of the process to identify the target sensor nodes or target sensor cells will be determined depending on, for example, the topology in the sensor network and/or the number of misbehaving nodes included in the sensor network.
Accordingly, the sensor system 1 of the exemplary embodiment does not need for additional watchdog hardware by using the sensor node with dual functionalities. Further, the sensor system 1 does not need additional intense computational algorithms in the sensor node, which leads to an increase in life time of the sensor nodes.
Moreover, as a result of energy limitations in wireless sensors, the power consumption has always been a challenging issue to be considered in designing these wireless sensor networks. The exemplary embodiment of the present invention does not need additional watchdog nodes due to the sensor nodes with dual functionalities. Therefore, the sensor system 1, while suppressing an energy consumption of the sensor network, can use limited transfer of power of the sensor network efficiently and prevent conspiracy nodes.
Total behaviour of the central coordinator 20
Next, the detailed method of detecting the target sensor nodes or the target cell in the sensor network of the exemplary embodiment will be discussed. By the detection of the target sensor node which operates abnormally, the sensor network can prevent an internal or external problem from the sensor network and can take the countermeasures against DOS. Fig. 9 is a schematic view showing the sensor system 1 of the exemplary embodiment of the present invention. Fig. 10 is a flow chart showing the method of isolating the selfish node in the sensor network of the exemplary embodiment of the present invention. Figs. 11-13 are flow charts showing the detailed steps of the step SP15 shown in Fig. 10.
As shown in Fig. 9, the sensor network of the exemplary embodiment is associated with the central coordinator 20. The central coordinator 20 identifies drastic change in data expected from certain sensor nodes in network. The central coordinator 20 changes the routing procedure (SP1). For example, as described above, the central coordinator 20 changes the first route for sensor network Rs1 to the second route for sensor network Rs2 and requests the sensor nodes 11 in the second route for sensor network Rs2 to send the sensor data (SP1).
The sensor data sensed in the sensor node 11 is hopped through the second route for sensor network Rs2. The central coordinator 20 identifies the misbehaving node(s) by comparing previous sensor data of the first route for sensor network Rs1 stored in a previous route table with new sensor data of the second route for sensor network Rs1 stored in a new route table (SP2). If the central coordinator 20 comes to a conclusion about the intrusion by the result of the comparison, the central coordinator 20 isolates this infected node(s) (target sensor node(s)) from the sensor network (SP3). Note that, the central coordinator 20 can detect either a target sensor node or target sensor cell. The target sensor cell includes a target sensor node.
Considering a network of sensors as shown in Fig. 9, each of these sensor nodes S1-S8 is associated with the particular central coordinator 20 which monitors the variation in data sensed or relayed to other nodes in the sensor network. If this central coordinator 20 finds sudden and/or drastic variations unexpectedly from a certain sensor node (a tentative target sensor node), the route for sensor network Rs would be changed to another route for sensor network Rs so as not to pass the certain sensor node. For example, if the central coordinator 20 determines that the particular sensor node (S6) was misbehaving, the central coordinator 20 may send a control signal to one or more neighboring nodes to change its functionalities from sensing (S3, S5, S7) to watchdog (W1, W2, W3).
Then the watchdog nodes W1, W2 and W3 now can monitor the particular sensor node (S6). On confirmation of a possible intrusion or malicious operation of the particular sensor node (S6), the monitoring results of the watchdog nodes W1, W2 and W3 are immediately sent to the central coordinator 20, and then the central coordinator 20 can identify the particular sensor node (S6) as a misbehaving node, and isolate the misbehaving node immediately. The central coordinator 20 would thereafter change the configuration of the isolated node(s) and provide a new key to continue sensing or forwarding data in the network. The central coordinator 20 can transmit information on above-mentioned monitoring and control to a computer 40, and an observer can observe the monitoring and control information displayed on a display of the computer 40.
The method of isolating the misbehavior node will be explained by reference to Figs. 10-13. Note that, in the present exemplary embodiment, all sensor nodes 11 in the sensor network are equally capable and those capabilities of any of the dual function sensor nodes 11 are not needed to distinguish between the hardware and software. However, based on a need determined by the central coordinator 20, the central coordinator 20 can generate a unique secure control signal to alter the operation of a sensor node 11 to the watchdog node 31 or vice-versa. One of examples of algorithm to select a node to become watchdog is explained hereinafter.
The sensor nodes 11 are deployed in the field to sense the desired physical parameters. A sensor data interface such as the central coordinator 20 initially monitors all data coming from the sensor network. In the sensor system 1, based on historical data and heuristics, the central coordinator 20 detects a misbehaving node, or a region of misbehaving nodes within one cell or group of cells as target sensor node(s) or target cell(s).
Detailed behavior of the central coordinator 20
<Step SP11: collect sensor data>
Firstly, the central coordinator 20 collects the sensor data from the sensor nodes 11. The behaviors of sensed data are continuously monitored by the central coordinator 20. The central coordinator 20 analyzes the behaviors of sensed data and evaluates their data pattern in runtime history. The past sensed data information is stored in a route memory (not shown) of the central coordinator 20.
<Step SP12: data corrupt/random change>
The central coordinator 20 continuously monitors if there is data corrupt or random change in monitored sensor data sent from sensor network by comparing the current sensor data with the previous sensor data, or one sensor data with another.
Assuming that the sensor nodes 11 are deployed in a boiler plant and, the temperature historical data should be in the range of 50 to 80 degrees Celsius uniformly anywhere the boiler plant. However sudden change in temperature is detected by the central coordinator 20 in a small region in the boiler plant, this is sign of an anomaly. The particular boiler in the plant may have multiple sensors within one or more cells. The central coordinator 20 needs to confirm the anomaly as True or False information and, further detects and confirms the misbehaving node.
In another example, assume that a city average day time temperature varies between 25 and 40 degrees Celsius in summer. The sensor nodes 11 deployed in a particular area however report 0 degree Celsius. This is highly likely to be anomalous information that needs to be checked.
<Step SP13: change route or re-check senor data>
If the central coordinator 20 observes random behaviors in the sensed data (SP12:YES), the central coordinator 20, for example, immediately changes the present routing table and starts observing the data pattern of a new route (SP13). Assuming that a sensor node 11 which might cause data corrupt or random change or which might be a misbehaver node or an intrusion node in the exemplary embodiment is hereinafter referred to as a tentative target node. The tentative target node might be decided in the later step as a target node in order to be isolated from the sensor network. Note that, assuming that a cell 10 or cells 10 which may cause data corrupt or random change, or which may include a misbehaver node or an intrusion node can be referred to as a tentative target cell(s) instead, and the later step can decide the tentative target cell as a target cell in order to isolate from the sensor network.
Note that when the central coordinator 20 does not observe random behaviors in the sensed data in the SP12 (SP12:NO), the operation returns to the Step SP 11.
<Step SP14: check correctness>
The central coordinator 20 identifies correctness of the data corrupt or the random change of the sensor data (SP14) by comparing sensor data of the previous route such as a first sensor route with sensor data of the new route such as a second sensor route. As described above, the central coordinator 20 can select a new route so as not to include the tentative target sensor node or the tentative target cell, or select the second route so as to include a cell near the tentative target cell or a cell near a cell including the tentative target sensor node.
Another way for identifying the correctness can be done by rechecking the sensor data of the same route. When the central coordinator 20 rechecks the sensor data, the central coordinator 20 may change measurement conditions such as receiving sensibility of the central coordinator 20, transmission sensibility, and operation mode of the central coordinator 20 or the sensor nodes 11 etc.
<Step SP15: change functionality to watchdog>
After the central coordinator 20 decides the sensor data from the tentative target sensor node may not be correct (SP15:NO), the central coordinator 20 changes the functionality of some sensor nodes 11 from sensing to watchdog. The detailed Step SP15 will be explained later.
Note that, runtime functionality of the watchdog node 31 can be switched from sensing into monitoring by a control signal sent from the central coordinator 20, when the central coordinator 20 receives information about the abnormality of some sensor node 11. Any sensor node 11 can become the watchdog node 31. The functionality of the sensor nodes 11 can be changed based on input from the central coordinator 20.
Further, when the central coordinator 20 decides the sensor data from the tentative target sensor node is correct in the SP14 (SP14:YES), the operation returns to the Step SP 11.
<Step SP16: find selfish node>
The central coordinator 20 has to perform iteration of Step SP15 until the target node is identified. That is, if one watchdog node 31 is not able to identify the target node, the choice of watchdog node needs to be moved to next.
<Step SP17: isolate selfish node>
If the watchdog node 31 identifies the target node or the target cell (SP16:YES), the watchdog node 31 isolates the target node or the target cell from the network. Then the operation returns to the Step SP11 and continues performing from the Step SP11.
Note that when the watchdog node 31 does not identify the target node or the target cell in the SP16 (SP16:NO), the operation returns to the Step SP 15.
<Detailed Step SP15>
Next, the detailed Step SP15 will be explained. The step 15 shows how the central coordinator 20 makes "a cell list" which is listed cells 10 including possible sensor nodes 11 whose functionality will be changed to watchdog. The central coordinator 20 makes the cell list of cells where watchdog functionality is to be activated (SP 21). Then the cell list generator 25 assigns watchdogs to a cell (i) by using algorithm WD_assignment (Algorithm running at central coordinator to determine the next watchdog within a cell (i)) (SP 22), and keeps performing the step SP22 until all the cells listed in the cell list which the cell list generator 25 made in the step SP21 are assigned with watchdog nodes (SP 23).
<Detailed Step 22>
Next, the detailed Step 22 of how the central coordinator 20 selects sensor nodes 11 whose functionality will be changed to watchdog by using the cell list will be described. The central coordinator 20 selects random node among sensor nodes (possible watchdog nodes) within the cells listed in the cell list (SP 31). The cell list is made by the cell list generator 25 in the step SP21. The first detector 22a of the central coordinator 20 generates a control signal to scan received signal strength of all neighbor sensor nodes and reports this to the central coordinator 20 (SP 32). The data confirmation part 22b checks if all RSSIs (Received Signal Strength Indication) by promiscuous capture of packets are above a threshold (SP 33). If all received RSSIs are above the threshold (SP 33: NO), the second detector 22c excludes the current node from watchdog nodes of the cell list (SP 34), then operation returns to the Step SP31. On the other hand, if all the RSSIs are above the threshold (SP33: YES), the second detector 22c selects the current node as a watchdog node (SP 35). If all the RSSIs are above the threshold, the node can receive packet data from all nodes in a cell. The node which is able to receive packets in promiscuous mode from all the nodes in a cell is selected as watchdog. This ensures that this node can monitor all communication within the cell, and therefore this node can be selected as the watchdog. Then, the function change part 23 will change the functionality of the node.
<Succeeding steps after the step SP35>
Next, succeeding steps after the step SP35 will be explained. These steps perform of how the target detection part 22 of the central coordinator 20 detects the target sensor nodes or the target cell 10 including the target sensor nodes to isolate from the sensor network.
Firstly, the target detection part 22 checks if more watchdog nodes 31 for cell (i) need to be assigned (SP 41). If YES, more watchdogs need to be assigned to identify misbehaving node, and return to the Step 22. If the step SP41 is NO, the target detection part 22 further checks if the number of the watchdog node assigned by the central coordinator 20 is more than one (SP 42). If the step 42 is NO, the central coordinator 20 decides that all nodes in the cell 10 should be isolated, as it is impossible to assign any watchdogs in the cell (SP 43). After the step SP42 and the step SP43, the operation returns to Step SP23 in Fig. 11.
Next, the reasons why anomaly in the sensor data is caused will be explained. The central coordinator 20 would decide to isolate the misbehaving node if the misbehavior continues to exceed a certain threshold of the activity. This threshold may be decided on run-time basis by the central coordinator 20 judging the impact of the sensor node that is misbehaving.
The following shows some (non-exhaustive) conditions under which the watchdog node 31 will inform the central coordinator 20 of detailed reason for anomaly. That is, the watchdog node 31 informs the central coordinator 20 of it, if a misbehaving node tampers or modifies source address, destination address and next hop routing address, etc., in the packet headers, or if a misbehaving node modifies or deletes partial or whole data content from the packet by means of inspection of the Error Correction Code/Cyclic Redundancy Check code, etc., or if a misbehaving node stops forwarding data packets to the next hop, though it was supposed to do so.
In the present specification, problems due to intentional or accidental malfunctioning of sensor nodes within the wireless sensor network (WSN) and the central coordinator are referred to as an internal threat. On the other hand, threats emerging from outside the WSN or the central coordinator 20 are referred to as an external threat. This could be through a computer outside the WSN, which may inject malicious software or intentionally disrupt the communication through interference, posing as the central coordinator to the WSN nodes etc.
The internal threat leads to an intentional/accidental malfunction in existing sensor network nodes. If the central coordinator 20 finds the misbehavior pattern from the one or more sensor nodes to be a confirmed internal threat such as spoofing of information, intentional masquerading of network address, and tamper of data/control information; then the central coordinator 20 concludes that the node is a threat to the proper functioning of the sensor network and commands the watchdog nodes 31 and the sensor nodes 11 to isolate it from the rest of the network. Once the sensor node 11 is isolated from rest of the network, the routing tables in the sensor nodes 11, the watchdog nodes 31 and the central coordinator 20 get updated based on existing routing mechanism, and the data packets are routed accordingly.
After that, the central coordinator 20 changes the configuration of the infected nodes, and provides a new key to the rest of the sensor nodes 11 in order to continue sensing/ hopping for the network.
If the sensing operation is much more critical due to past history or context derived, the higher duty cycle ratio of sensing would be preferred against the monitoring mechanism. For example, after the central coordinator 20 isolates the misbehaving node, the central coordinator 20 may send a control signal to the watchdog nodes 31 to change the functionality into sensing. Thus the sensor system 1 can collect the sensor data by using all of the nodes.
In yet another condition, if the central coordinator 20 learns a single watchdog mode may not be reliable, for example when the watchdog node may itself be incorrectly reporting to the central coordinator 20, it may configure at least one more node to watchdog operation.
Next, a watchdog operation in a duty cycle will be explained. The sensor node 11 may adapt its functionality using a duty cycle mechanism as shown in Fig. 14 based on the context derived in the sensor network. When the duty cycle enabled, the nodes with dual function can function with the sense or watchdog mode as desired by the central coordinator 20. The duty cycling in time, requires a hardware-software tuning when it can associate with either the sensor network or the watchdog network through time division multiplexing operation. The watchdog duty cycle ratio determines the percentage of time the node spends in the watchdog mode versus the node spends in the sense mode. This parameter can be tuned based on the need by the central coordinator 20 to achieve desired result.
The central coordinator 20 can take this decision based on environmental context. For example in the city temperature monitoring example, measuring 0 degree in a small area of the city in summer clearly is an anomaly. The context of summer and outdoor temperature can be used to take this decision. Since this is a non-real time necessity, a dedicated watchdog continuously monitoring the anomalous node may not be required. A low watchdog duty cycle can be implemented in the neighboring nodes by the central coordinator 20 to monitor this situation.
In the scenario described above, it is not only important to switch intermittently between the functionality of sensing and monitoring, but also equally important to do so intelligently based on the context derived from the network. For instance, when the context derived from the network would suggest that the node may encounter an imminent intrusion/DOS attack, it can increase the duty cycle ratio for monitoring versus sensing. This is especially important because a malicious node may also exhibit normal and desired behaviour during the monitoring phase.
Accordingly, the exemplary embodiment of the present invention can identify the misbehaving node, and isolate/exclude it from the sensor network without additional hardware or an intense data analysis algorithm by controlling the functionalities of the sensor nodes 11 with dual function. Moreover, the sensor system 1 of the exemplary embodiment of the present invention can suppress an energy consumption of the sensor network due to the use of the sensor nodes 11 with dual function by reducing additional watchdog nodes. Therefore, the sensor system 1 can use efficiently limited power transfer of the sensor network and prevent conspiracy node.
The sensor system of the exemplary embodiment of the present invention assigns a dual function sensor node to watchdog node only when the central coordinator 20 detects an anomaly. In this manner, the sensor system of the exemplary embodiment of the present invention avoids placement of one or more dedicated watchdog node in each of the cell belonging to a wireless sensor network. The watchdog is more power consuming node and hence minimizing the activity duration of watchdog mode will minimize the power consumption.
Further, the scope of the claims is not limited by the exemplary embodiments described above.
Furthermore, it is noted that, Applicant's intent is to encompass equivalents of all claim elements, even if amended later during prosecution.
For example, in the above exemplary embodiment, the data receiving device is explained as hardware. However, an arbitrary processing can be achieved by executing a program by CPU (Central Processing Unit). The program can be stored and provided to a computer using any type of non-transitory computer readable media. Non-transitory computer readable media include any type of tangible storage media. Examples of non-transitory computer readable media include magnetic storage media (such as floppy disks, magnetic tapes, hard disk drives, etc.), optical magnetic storage media (e.g. magneto-optical disks), CD-ROM (compact disc read only memory), CD-R (compact disc recordable), CD-R/W (compact disc rewritable), and semiconductor memories (such as mask ROM, PROM (programmable ROM), EPROM (erasable PROM), flash ROM, RAM (random access memory), etc.). The program may be provided to a computer using any type of transitory computer readable media. Examples of transitory computer readable media include electric signals, optical signals, and electromagnetic waves. Transitory computer readable media can provide the program to a computer via a wired communication line (e.g. electric wires, and optical fibers) or a wireless communication line.
(Supplementary note 1)
A method of controlling a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network being divided into a plurality of cells each including at least one sensor node, the method comprising:
a data collecting step that collects sensor data sensed by the sensing function of the sensor nodes by the central coordinator;
a target detection step that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system;
a function change step that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell; and
an identification step that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
(Supplementary note 2)
The method of controlling a sensor system according a sensor system to Supplementary note 1, further comprising:
a cell list generating step that generates a target cell list including at least one target cell from a result of the target detection step for checking if there is the defect in the at least one target cell,
wherein the function change step changes the sensing function to the monitoring function of at least one sensor node in each target cell listed in the target cell list.
(Supplementary note 3)
The method of controlling a sensor system according to Supplementary note 1 or 2, wherein the target detection step includes:
a first detection step that detects data corrupt or random change of sensor data collected by the data collecting step, and
a second detection step that detects the target sensor node or the target cell from a result of checking for correctness of the data corrupt or the random change of the sensor data detected by the first detection step.
(Supplementary note 4)
The method of controlling a sensor system according to Supplementary note 3, wherein
the target detection step further includes a data confirmation step that confirms the correctness of a result of the first detection step,
the data collecting step collects the sensor data sent from a plurality of routes, a route passing through a plurality of sensor nodes of a plurality of cells,
the first detection step detects a tentative target route, the data corrupt or the random change being detected from sensor data sent from the tentative target route,
the data confirmation step re-collects the sensor data sent from the tentative target route detected by the first detection step, and
the second detection step detects a target route including the target sensor node or the target cell from a result of re-checking for correctness of the sensor data sent from the tentative target route.
(Supplementary note 5)
The method of controlling a sensor system according to Supplementary note 3, wherein
the target detection step further includes a data confirmation step that confirms the correctness of a result of the first detection step,
the data collecting step collects the sensor data sent from a plurality of routes, a route passing through a plurality of the sensor nodes of a plurality of the cells,
the first detection step detects a first route, the data corrupt or the random change being detected from sensor data sent from the first route,
the data confirmation step changes the first route to a second route and collects the sensor data sent from the second route, the second route passing through a plurality of the sensor nodes of a plurality of the cells, and
the second detection step detects a target route passing through the target sensor node or the target cell from a result of the data confirmation step.
(Supplementary note 6)
The method of controlling a sensor system according to Supplementary note 5, wherein
the first detection step detects a tentative target sensor node or a tentative target cell based on a result of the data collecting step, and
the data confirmation step selects the second route so as not to include the tentative target sensor node or the tentative target cell.
(Supplementary note 7)
The method of controlling a sensor system according to any one of Supplementary notes 1-6, wherein the target detection step detects the target sensor node or the target cell by monitoring a change between current sensor data and previous sensor data, or by comparing sensor data of the tentative target sensor node with nodes other than the tentative target sensor node.
(Supplementary note 8)
The method of controlling a sensor system according to Supplementary note 6, wherein
the data confirmation step selects the second route so as to include a cell near the tentative target cell or a cell near a cell including the tentative target sensor node.
(Supplementary note 9)
The method of controlling a sensor system according to any one of Supplementary notes 1-8, wherein the identification step identifies and isolates the defect sensor node or the defect cell from the sensor system.
(Supplementary note 10)
A computer program with program code means for carrying out all of the steps of any one of Supplementary notes 1-9 when the program is run on a computer.
(Supplementary note 11)
A computer product tangibly embodied in a machine-readable medium for a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network where the plurality of the sensor nodes are placed being divided to a plurality of cells where at least one sensor node is placed, the computer product comprising:
a data collecting step that collects sensor data sensed by the sensing function of the sensor nodes by the central coordinator;
a target detection step that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system;
a function change step that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell; and
an identification step that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
(Supplementary note 12)
A sensor system comprising:
a plurality of sensor nodes each including a sensing function and a monitoring function; and
a central coordinator that controls the plurality of the sensor nodes, wherein
a sensor network where the plurality of the sensor nodes are placed being divided to a plurality of cells where at least one sensor node is placed,
the central coordinator includes:
a data collecting part that collects sensor data sensed by the sensing function of the sensor nodes,
a target detection part that detects a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system,
a function change part that changes the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell, and
an identification part that identifies a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
(Supplementary note 13)
The sensor system according to Supplementary note 12, further comprising:
a cell list generator that generates a target cell list including at least one target cell from a result of the target detection part for checking if there is the defect in the at least one target cell,
wherein the function change part changes the sensing function to the monitoring function of at least one sensor node in each target cell listed in the target cell list.
(Supplementary note 14)
The sensor system according to Supplementary note 12 or 13, wherein the target detection part includes:
a first detector that detects data corrupt or random change of sensor data collected by the data collecting part, and
a second detector that detects the target sensor node or the target cell from a result of checking for correctness of the data corrupt or the random change of the sensor data detected by the first detector.
(Supplementary note 15)
The sensor system according to Supplementary note 14, wherein
the target detection part further includes a data confirmation part that confirms the correctness of a result of the first detector,
the data collecting part collects the sensor data sent from a plurality of routes, a route passing through a plurality of sensor nodes of a plurality of cells,
the first detector detects a tentative target route, the data corrupt or the random change being detected from sensor data sent from the tentative target route,
the data confirmation part re-collects the sensor data sent from the tentative target route detected by the first detector, and
the second detector detects a target route including the target sensor node or the target cell from a result of re-checking for correctness of the sensor data sent from the tentative target route.
(Supplementary note 16)
The sensor system according to Supplementary note 14, wherein
the target detection part further includes a data confirmation part that confirms the correctness of a result of the first detector,
the data collecting part collects the sensor data sent from a plurality of routes, a route passing through a plurality of the sensor nodes of a plurality of the cells,
the first detector detects a first route, the data corrupt or the random change being detected from sensor data sent from the first route,
the data confirmation part changes the first route to a second route and collects the sensor data sent from the second route, the second route passing through a plurality of the sensor nodes of a plurality of the cells, and
the second detector detects a target route passing through the target sensor node or the target cell from a result of the data confirmation part.
(Supplementary note 17)
The sensor system according to Supplementary note 16, wherein
the first detector that detects a tentative target sensor node or a tentative target cell based on a result of the data collecting part,
the data confirmation part selects the second route so as not to include the tentative target sensor node or the tentative target cell.
This application is based upon and claims the benefit of priority from Japanese patent application No.2013-067373, filed on March 27, 2013, the disclosure of which is incorporated herein in its entirely by reference.
1 SENSOR SYSTEM
10 CELL
11 SENSOR NODE
20 CENTRAL COORDINATOR
21 DATA COLLECTING PART
22 TARGET DETECTION PART
22a FIRST DETECTOR
22b DATA CONFIRMATION PART
22c SECOND DETECTOR
23 FUNCTION CHANGE PART
24 IDENTIFICATION PART
25 CELL LIST GENERATOR
31 WATCHDOG NODE
40 COMPUTER
100 SENSOR SYSTEM
101 SENSOR NODE
110 CELL
120 CONTROLLER
131 LEVEL 1 WATCHDOG NODE
132 LEVEL 2 WATCHDOG NODE
Rs ROUTE FOR SENSOR NETWORK
Rw ROUTE FOR WATCHDOG NETWORK

Claims (16)

  1. A method of controlling a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network being divided into a plurality of cells each including at least one sensor node, the method comprising:
    collecting sensor data sensed by the sensing function of the sensor nodes by the central coordinator;
    detecting a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system;
    changing the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell; and
    identifying a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
  2. The method of controlling a sensor system according to claim 1, further comprising:
    generating a target cell list including at least one target cell from a result of the detecting the target sensor node or the target cell having the defect for checking if there is the defect in the at least one target cell,
    wherein the changing the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node changes the sensing function to the monitoring function of at least one sensor node in each target cell listed in the target cell list.
  3. The method of controlling a sensor system according to claim 1 or 2, wherein the detecting the target sensor node or the target cell having the defect includes:
    detecting data corrupt or random change of sensor data collected by the collecting the sensor data sensed by the sensing function of the sensor nodes, and
    detecting the target sensor node or the target cell from a result of checking for correctness of the data corrupt or the random change of the sensor data detected by the detecting the data corrupt or the random change of sensor data.
  4. The method of controlling a sensor system according to claim 3, wherein
    the detecting the target sensor node or the target cell having the defect further includes confirming the correctness of a result of the detecting the data corrupt or the random change of sensor data,
    the collecting the sensor data sensed by the sensing function of the sensor nodes collects the sensor data sent from a plurality of routes, a route passing through a plurality of sensor nodes of a plurality of cells,
    the detecting the data corrupt or the random change of sensor data detects a tentative target route, the data corrupt or the random change being detected from sensor data sent from the tentative target route,
    the confirming the correctness of the result re-collects the sensor data sent from the tentative target route detected by the detecting the data corrupt or the random change of sensor data, and
    the detecting the target sensor node or the target cell from the result of checking detects a target route including the target sensor node or the target cell from a result of re-checking for correctness of the sensor data sent from the tentative target route.
  5. The method of controlling a sensor system according to claim 3, wherein
    the detecting the target sensor node or the target cell having the defect further includes confirming the correctness of a result of the detecting the data corrupt or the random change of sensor data,
    the collecting the sensor data sensed by the sensing function of the sensor nodes collects the sensor data sent from a plurality of routes, a route passing through a plurality of the sensor nodes of a plurality of the cells,
    the detecting the data corrupt or the random change of sensor data detects a first route, the data corrupt or the random change being detected from sensor data sent from the first route,
    the confirming the correctness of the result changes the first route to a second route and collects the sensor data sent from the second route, the second route passing through a plurality of the sensor nodes of a plurality of the cells, and
    the detecting the target sensor node or the target cell from the result of checking detects a target route passing through the target sensor node or the target cell from a result of the confirming the correctness of the result.
  6. The method of controlling a sensor system according to claim 5, wherein
    the detecting the data corrupt or the random change of sensor data detects a tentative target sensor node or a tentative target cell based on a result of the collecting the sensor data sensed by the sensing function of the sensor nodes,
    the confirming the correctness of the result selects the second route so as not to include the tentative target sensor node or the tentative target cell.
  7. The method of controlling a sensor system according to any one of claims 1-6, wherein the detecting the target sensor node or the target cell having the defect detects the target sensor node or the target cell by monitoring a change between current sensor data and previous sensor data, or by comparing sensor data of the tentative target sensor node with nodes other than the tentative target sensor node.
  8. The method of controlling a sensor system according to claim 6, wherein
    the confirming the correctness of the result selects the second route so as to include a cell near the tentative target cell or a cell near a cell including the tentative target sensor node.
  9. The method of controlling a sensor system according to any one of claims 1-8, wherein the identifying the defect sensor node or the defect cell having the defect identifies and isolates the defect sensor node or the defect cell from the sensor system.
  10. A computer product tangibly embodied in a machine-readable medium for a sensor system including a plurality of sensor nodes each including a sensing function and a monitoring function and a central coordinator controlling the plurality of the sensor nodes, a sensor network where the plurality of the sensor nodes are placed being divided to a plurality of cells where at least one sensor node is placed, the computer product comprising:
    collecting sensor data sensed by the sensing function of the sensor nodes by the central coordinator;
    detecting a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system;
    changing the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell; and
    identifying a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
  11. A sensor system comprising:
    a plurality of sensor nodes each including a sensing function and a monitoring function; and
    a central coordinator that controls the plurality of the sensor nodes, wherein
    a sensor network where the plurality of the sensor nodes are placed being divided to a plurality of cells where at least one sensor node is placed,
    the central coordinator includes:
    a data collecting means for collecting sensor data sensed by the sensing function of the sensor nodes,
    a target detection means for detecting a target sensor node or a target cell having a defect due to either an internal or external problem of the sensor system,
    a function change means for changing the sensing function to the monitoring function of at least one sensor node in each target cell or in each cell including each target sensor node to monitor the target sensor node or the target cell, and
    an identification means for identifying a defect sensor node or a defect cell having a defect from a result of monitoring the target sensor node or the target cell.
  12. The sensor system according to claim 11, further comprising:
    a cell list generator that generates a target cell list including at least one target cell from a result of the target detection means for checking if there is the defect in the at least one target cell,
    wherein the function change means changes the sensing function to the monitoring function of at least one sensor node in each target cell listed in the target cell list.
  13. The sensor system according to claim 11 or 12, wherein the target detection means includes:
    a first detector that detects data corrupt or random change of sensor data collected by the data collecting means, and
    a second detector that detects the target sensor node or the target cell from a result of checking for correctness of the data corrupt or the random change of the sensor data detected by the first detector.
  14. The sensor system according to claim 13, wherein
    the target detection means further includes a data confirmation means for confirming the correctness of a result of the first detector,
    the data collecting means collects the sensor data sent from a plurality of routes, a route passing through a plurality of sensor nodes of a plurality of cells,
    the first detector detects a tentative target route, the data corrupt or the random change being detected from sensor data sent from the tentative target route,
    the data confirmation means re-collects the sensor data sent from the tentative target route detected by the first detector, and
    the second detector detects a target route including the target sensor node or the target cell from a result of re-checking for correctness of the sensor data sent from the tentative target route.
  15. The sensor system according to claim 13, wherein
    the target detection means further includes a data confirmation means for confirming the correctness of a result of the first detector,
    the data collecting means collects the sensor data sent from a plurality of routes, a route passing through a plurality of the sensor nodes of a plurality of the cells,
    the first detector detects a first route, the data corrupt or the random change being detected from sensor data sent from the first route,
    the data confirmation means changes the first route to a second route and collects the sensor data sent from the second route, the second route passing through a plurality of the sensor nodes of a plurality of the cells, and
    the second detector detects a target route passing through the target sensor node or the target cell from a result of the data confirmation means.
  16. The sensor system according to claim 15, wherein
    the first detector that detects a tentative target sensor node or a tentative target cell based on a result of the data collecting means,
    the data confirmation means selects the second route so as not to include the tentative target sensor node or the tentative target cell.
PCT/JP2014/001803 2013-03-27 2014-03-27 A method of controlling a plurality of sensor nodes, computer product tangibly embodied in a machine-readable medium, and a sensor system Ceased WO2014156177A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2013-067373 2013-03-27
JP2013067373 2013-03-27

Publications (1)

Publication Number Publication Date
WO2014156177A1 true WO2014156177A1 (en) 2014-10-02

Family

ID=50543282

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/001803 Ceased WO2014156177A1 (en) 2013-03-27 2014-03-27 A method of controlling a plurality of sensor nodes, computer product tangibly embodied in a machine-readable medium, and a sensor system

Country Status (1)

Country Link
WO (1) WO2014156177A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108092759A (en) * 2017-12-05 2018-05-29 重庆邮电大学 A kind of radio sensing network node secure state evaluating method based on faith mechanism
DE102017221477A1 (en) * 2017-11-29 2019-05-29 Hochschule für Angewandte Wissenschaften Hamburg Sensor node and secure sensor network

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999057625A1 (en) * 1998-05-06 1999-11-11 Prc Inc. Dynamic system defence for information warfare
WO2012168898A1 (en) * 2011-06-10 2012-12-13 Koninklijke Philips Electronics N.V. Avoidance of hostile attacks in a network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999057625A1 (en) * 1998-05-06 1999-11-11 Prc Inc. Dynamic system defence for information warfare
WO2012168898A1 (en) * 2011-06-10 2012-12-13 Koninklijke Philips Electronics N.V. Avoidance of hostile attacks in a network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
KHALIL I ET AL: "UnMask: Utilizing neighbor monitoring for attack mitigation in multihop wireless sensor networks", AD HOC NETWORKS, ELSEVIER, AMSTERDAM, NL, vol. 8, no. 2, 1 March 2010 (2010-03-01), pages 148 - 164, XP026682845, ISSN: 1570-8705, [retrieved on 20090628], DOI: 10.1016/J.ADHOC.2009.06.002 *
YONGGUANG ZHANG ET AL: "Intrusion detection in wireless ad hoc network", MOBICOM. PROCEEDINGS OF THE ANNUAL INTERNATIONAL CONFERENCE ONMOBILE COMPUTING AND NETWORKING, XX, XX, 1 August 2000 (2000-08-01), pages 275 - 283, XP002973484 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102017221477A1 (en) * 2017-11-29 2019-05-29 Hochschule für Angewandte Wissenschaften Hamburg Sensor node and secure sensor network
CN108092759A (en) * 2017-12-05 2018-05-29 重庆邮电大学 A kind of radio sensing network node secure state evaluating method based on faith mechanism
CN108092759B (en) * 2017-12-05 2021-03-23 重庆邮电大学 A method for evaluating the security status of wireless sensor network nodes based on trust mechanism

Similar Documents

Publication Publication Date Title
Korba et al. Survey of routing attacks and countermeasures in mobile ad hoc networks
Hai et al. A lightweight intrusion detection framework for wireless sensor networks
CN110913357B (en) A sensing cloud double-layer network defense system and method based on security situational awareness
Bhattasali et al. A survey of recent intrusion detection systems for wireless sensor network
Yamini et al. Improving routing disruption attack detection in MANETs using efficient trust establishment
Erritali et al. A review and classification of various VANET Intrusion Detection Systems
Hayajneh et al. Deworm: A simple protocol to detect wormhole attacks in wireless ad hoc networks
WO2009122437A2 (en) Security in mobile ad hoc networks
Roosta et al. An intrusion detection system for wireless process control systems
Mohajer et al. Trusted-CDS based intrusion detection system in wireless sensor network (TC-IDS)
Ismail et al. Malicious cluster head detection mechanism in wireless sensor networks
WO2014156177A1 (en) A method of controlling a plurality of sensor nodes, computer product tangibly embodied in a machine-readable medium, and a sensor system
Datema A case study of wireless sensor network attacks
Midi et al. A system for response and prevention of security incidents in wireless sensor networks
Sahu et al. A comprehensive survey on intrusion detection in MANET
Sen An intrusion detection architecture for clustered wireless ad hoc networks
Narayana et al. Energy-efficient and secure routing strategy for opportunistic data transmission in WSNs
Latha et al. Secure routing through trusted nodes in wireless sensor networks a survey
Rai et al. Energy-efficient model for intruder detection using wireless sensor network
Bhattasali et al. Lightweight hierarchical model for HWSNET
Huh et al. Lightweight intrusion detection for wireless sensor networks
Thillaikarasi et al. Adaptive DSR to mitigate packet dropping attacks in WMNs using cross layer metrics
Reddy et al. An effective analysis on intrusion detection systems in wireless mesh networks
Rughinis et al. TinyAFD: Attack and fault detection framework for wireless sensor networks
KR101570733B1 (en) Apparatus and method for detection of selective forwarding-based denial of service attack

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14718783

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase

Ref document number: 14718783

Country of ref document: EP

Kind code of ref document: A1