Formalization of the feature space for detection of attacks on wireless sensor networks

The article describes the formalization of the feature space in order to detect abnormal behaviour of nodes in wireless sensor network using statistical methods. The main methods of destructive impact on the infrastructure of wireless sensor networks based on ZigBee Protocol stack are considered. Special attention is paid to attacks on integrity and availability, which theoretically can be detected using the methods of machine learning and mathematical statistics. On the basis of standards and specifications, as well as considered attacks, the space of more than 50 features is developed. Using the methods of Shannon, Kullback and accumulated frequencies, informative value of formalized signs was evaluated. Conclusions about the existing dependencies between the information content of features, the statistics collection period and sample size used to calculate the information content are drawn. Received the results can be used as a basis for further evaluation of the most suitable characteristics for the classification of attacks depending on the network characteristics. In the future the main aim of the study is to build an intrusion detection system that uses statistics of the interactions for a certain period of time as a source of information about the system.