ABSTRACT
Sensor networks are highly vulnerable to attacks due to the nature of the wireless media. There are several proposed protocols for authentication and encryption that prevent unauthorized nodes from accessing the network and the transferred information.However, a second line of defense is needed, as a broad range of attacks can be launched from compromised nodes that appear as legitimatemembers of the network. An intrusion detection system (IDS) can detect the misbehavior of such nodes and notify other nodes in the network to take necessary measurements. In this chapter, we discuss the general design principles of such systems for sensor networks, their requirements, and available approaches. Then, we present an architecture of a distributed IDS, in which, even though nodes do not have a global view of the network, they can still collaborate with each other and successfully detect an intrusion. Finally, we show how such a system can be implemented in TinyOS, which components and interfaces are needed, and what is the resulting overhead imposed.
