Intrusion detection system (IDS) is a second line of the security mechanism for the wireless sensor network (WSN), and it has a great influence on confidentiality, integrity, and availability. However, many existing IDS only detect single attack or multiple known attacks. In this paper, a novel intrusion detection algorithm based on change rates of multiple attributes (CRMA) is proposed, which can detect multiple attacks including known and unknown types simultaneously. The change rates of multiple attributes for sensor nodes usually reflect the running states of WSN over a period of time. First, the Observed Change Rate of attributes at different times is obtained by observing multiple attributes of different sensor nodes. Then, the convex optimization is alternately used to obtain the Normal Change Rate and corresponding weights by minimizing the distance between the Observed Change Rate and the Normal Change Rate of each attribute. Finally, the WSN is considered to be attacked when the weighted deviation of the Observed Change Rate and Normal Change Rate is beyond the corresponding threshold. Experimental results show that the CRMA can detect multiple attacks including known and unknown types simultaneously and has a fast convergence rate. The average true positive rates (TPR) of CRMA are high, and the average false positive rates (FPR) of CRMA are low. The detection performance of CRMA is superior to that of the ARMA and NeTMids algorithms.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.