International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 5, May 2014
ISSN 2319 - 4847
Detection of Malicious Cluster Head causing
Hello Flood Attack in LEACH Protocol in
Wireless Sensor Networks
Satwinder Kaur Saini1, Mansi Gupta2
1
2
Department of Computer Science Engineering, PIT (PTU main Campus), Kapurthala, India
Assistant Professor, Computer Science Department, Punjab Technical University, Kapurthala, Punjab, India
Abstract
Wireless Sensor networks have wide range applications using different routing protocols to route the data towards the sink.
However, these protocols being too simple are prone to various attacks. LEACH is a highly secure protocol with dynamic selection
of Cluster Heads based on Received Signal Strength. But as with other protocols, LEACH is prone to HELLO Flood Attack when
the adversary becomes the Cluster Head and sensors being computation and energy constrained cryptographic approaches to
prevent this attack are not too helpful. Some non-cryptographic methods to detect the HELLO Flood attack also exist but they are
not too efficient as they result in large test packet overhead. In this paper an efficient non-cryptographic method for the detection
and prevention of HELLO Flood attack in LEACH protocol is proposed which results in early detection with lesser energy and
communication overhead.
Keywords: Security, WSN, LEACH, HELLO Flood attack, Cluster Head, Adversary.
1. INTRODUCTION
Wireless Sensor networks have unique characteristics and face security challenges as defined below:
1.1 SECURITY ISSUES IN WSN:
1. Data Confidentiality: Ensuring that only the authorized sensor nodes can access the content of the messages.
2. Data Authentication: Ensuring that the data is originated from a valid source [3].
3. Data Integrity: Ensuring that any received data has not been altered or manipulated in transit by unauthorized parties.
4. Availability: Ensuring that services offered by whole WSN or by a single sensor node must be available whenever
required.
5. Data Freshness: Ensuring that no old messages have been replayed in the network [10].
6. Authorization: Ensure that only authorized sensors can provide information to network services or applications.
7. Non-repudiation: It denotes that a node cannot deny sending a message it has previously sent [7].
8. Forward and Backward Secrecy: These should be considered when new sensors are deployed and old sensors leave the
network due to some failure. Forward Secrecy means a sensor should not be able to read any messages after it leaves the
network. Backward Secrecy means a joining node should not be able to read any message that has been previously
transmitted [12].
1.2 LEACH PROTOCOL
Heinzelman, et.al [5] introduced a dynamic, hierarchical clustering protocol for sensor networks, called LEACH (Low
Energy Adaptive Clustering Hierarchy). LEACH forms small clusters of some sensor nodes of which one is the cluster
head and others are the cluster members. The cluster members send their sensed data to the cluster head and cluster head
in turn send this data to the sink by aggregating all the received data from its cluster members, in order to reduce the
redundancy. In LEACH the cluster head nodes are periodically re-elected so that the same node is not repeatedly used for
the high energy task of the cluster head. However, the chosen cluster heads do not ensure the coverage of all the sensors in
the field which is the primary disadvantage of LEACH Protocol. TDMA/CDMA MAC is used to reduce inter-cluster and
intra-cluster collisions or interference. This protocol is used where a constant monitoring by the sensor nodes are required
as data collection is centralized (at the base station) and is performed periodically[10].
1.2.1Operation of LEACH
LEACH operations can be divided into two phases:1. Setup phase
2. Steady phase
In the setup phase, the clusters are formed and a cluster-head (CH) is chosen for each cluster while other nodes in the
cluster are considered as the cluster members. While in the steady phase, data is sensed and sent to the central base
station. The steady phase is longer than the setup phase. This is done in order to minimize the overhead cost [17].
Volume 3, Issue 5, May 2014
Page 384
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 5, May 2014
ISSN 2319 - 4847
Figure 1 LEACH Protocol Phases [6]
1.2.2 Attacks possible on LEACH
LEACH protocol is a secure protocol as compared to the more conventional multi-hop protocols. In the conventional
multi-hop protocols, the nodes around the base station are more attractive to compromise as they are the major points of
aggregation and forwarders of all packets to the base station. Whereas, in LEACH, the Cluster Heads are the only node
that directly communicate with the base station. The location of these Cluster Heads can be anywhere in the network
irrespective of the base station. And more over the CHs are periodically randomly changed. So spotting these CHs is very
difficult for the adversary.
However, as it is a cluster-based protocol, depending solely on the Cluster Heads for aggregation of data and its routing,
attacks involving the Cluster Heads are the most harmful. If any adversary nodes become a CH, then it can facilitate
attacks like Sybil attack, HELLO flood attack and selective forwarding [11].
1.3 HELLO FLOOD ATTACK
An attacker uses high-powered transmitter to trick a large area of nodes into believing they are neighbours of that
transmitting node. If the attacker intentionally broadcasts a false superior route to the base station, all of these nodes will
choose to transmit through the attacking node, despite many being out of radio range in reality [16] [18]. The intruder
can broadcast a powerful advertisement to all the nodes in the network and hence, every node is likely to choose the
adversary as the cluster-head. The adversary can then selectively forward information to the base-station or modify or
dump it [1] [2] [11].
Figure 2 HELLO Flood Attack
2. LITERATURE REVIEW
Extensive study of work done in the field of detection of HELLO flood attack in LEACH protocol in WSNs is done and
can be categorized into two groups: Cryptographic approaches & non-cryptographic approaches. These are described as
follows:
Table 5 Cryptographic Approaches
S.No
Paper Title
Year
Author
Approach
Advantages
Disadvantages
1
Secure routing in
2003
Chris
Karlof, Sharing a secret Only reachable Spoofing
makes
wireless
sensor
David Wagner
key between any nodes
can the
approach
networks: attacks
two nodes. Key decrypt.
worthless.
and
generated during
countermeasures.[
communication.
8]
2
Defense
against
2006
Md. Abdul Hamid, Secret key for High secrecy Computation
lap-top
class
Md. Mamun-Or- each
different preventing the overhead is high
attacker in wireless
Rashid
and route to a base adversary from during route setup.
sensor network.[4]
Choong
Seon station. Multiple attacking the
Hong
base stations with network.
each covering and
keeping track of
secrets of some
nodes.
3
SecLEACH - A
2006
Leonardo
B. Random Key pre- Provides
Node
capturing
Volume 3, Issue 5, May 2014
Page 385
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 5, May 2014
4
5
Random
Key
Distribution
Solution
for
Securing Clustered
Sensor
Networks.[11]
An
Efficiency
Security Model of
Routing Protocol
in Wireless Sensor
Networks.[7]
Performance
Evaluation
of
LEACH Protocol
in
Wireless
Network.[9]
Oliveira, Hao C.
Wong, M. Bern,
Ricardo
Dahab
and A. A. F.
Loureiro
2008
Jing Chen,
Huanguo Zhang
and Junhui Hu
2012
M.Shankar,
Dr.M.Sridarand
Dr.M.Rajani
S.No
1
Paper Title
Malicious
node
detection
in
wireless
sensor
networks. [13]
Year
2004
2
Signal
Strength
based
HELLO
Flood
Attack
Detection
and
Prevention
in
Wireless
Sensor
Networks. [16]
Detection
of
HELLO
Flood
Attack on LEACH
Protocol[19]
2013
3
2014
distribution
approach,
Symmetric
key
cryptography and
dynamic cluster
formation.
Public
Key
cryptography.
communicatio
n authenticity,
confidentiality,
freshness and
integrity.
attack possible
Resists outside
attackers
Cannot
prevent
inside attacks and
computation
overhead is high
Random pair wise
key distribution
Resists
spoofing,
sinkhole,
wormhole,
selective
forwarding
and
many
other attacks.
Random key
distribution
scheme is
thus efficient
management
mechanisms
required.
Advantages
Both outside
and
inside
attacks can be
detected.
Disadvantages
Spoofing
of
identity by the
adversary
may
result in false
detection.
Information
dissemination by
each node is adds
to
the
communication
overhead.
TEST
packet
communication
overhead is high.
Table 6 Non-Cryptographic Approaches
Author
Approach
Waldir
Ribeiro Signal
strength
Pires
J´unior, and geographical
Thiago H. de Paula information based
Figueiredo,
Hao approach.
Each
Chi Wong and node monitors all
Antonio
A.F. the
heard
Loureiro
transmissions and
maintains a local
reputation
table
for the heard
nodes.
Virendra
Pal Signal
strength
Singh, Aishwarya based
S. Anand Ukey approach.COmpar
and Sweta Jain
ison of RSS with
pre-calculated
threshold
Shikha
and
Kumar
Magotra
Krishan
ISSN 2319 - 4847
Geographical
information based
approach.
Coordinate approach
with
distance
calculation.
Simple
Approach with
less
computation
overhead
Simple
approach with
lesser
detection time
pre
used
key
are
TEST
packet
communication
overhead.
3. PROPOSED M ETHODOLOGY
The Proposed approach is based on the Received Signal Strength (RSS) and the geographical information of the motes
deployed in the sensing region of interest. In the proposed approach random GUIDE nodes are chosen, as these are
randomly chosen their distribution cannot be guaranteed to be uniform over the sensing region. These GUIDE nodes are
chosen randomly in each round as the Cluster Heads depending upon the desired Guide node percentage. The GUIDE
nodes are responsible for the work of detection of malicious Cluster Head and malicious node information dissemination
as well. Larger is the Guide node percentage, more are the chances of early detection; However higher Guide node
percentage will also result in more energy consumption.
3.1 TERMINOLOGY
The terms used in the algorithm refer to specific meanings and are described below:
n: Total Number of Nodes in Network
Volume 3, Issue 5, May 2014
Page 386
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 5, May 2014
ISSN 2319 - 4847
CH: Cluster Head
N: Normal Node
Pthresh: Pre defined Received Power Threshold
G: GUIDE Node
pg: Percentage of GUIDE Nodes
countGs: Counter for GUIDE Nodes
ADV.Power: Power of the Advertisement message sent by the elected CHs
range_normal: range of normal sensor node
dist: distance between the GUIDE node and the ADV sending CH node
detect: counter for detection of malicious node
3.2 ALGORITHM FOR PROPOSED APPROACH:
The algorithm for the proposed GUIDE Approach is given below:
Step 1. Creation of GUIDE nodes
for(i=1;i<=n;i++)
{ random =choose a random number;
if(S(i).E>0&& S(i) ∉ CH&&random<=(pg/(1-pg*mod(r,round(1/pg)))))
{ node.type=’G’;
countGs++;
Transmit GUIDE Signal (x,y,random). } }
Step 2.Detection by the GUIDE nodes
for(i=0;i<=countGs;i++)
{ if(ADV.Power>=PThresh || dist>=range_normal)
{ detect++;
Malicious CH detected;
Store the detected Malicious CH co-ordinates. } }
Step 3. Information Dissemination
if(detect>0)
{ Detecting GUIDE node: Transmits ALERT message with Malicious CH co-ordinates.
Other GUIDE nodes: Retransmit ALERT message. }
Step 4. CH Association (for N nodes)
for(i=0;i<=n;i++)
{ Choose CH such that co-ordinates are not same as those in received ALERT message and maximum Power CH is
chosen as minimum distance CH. }
4. RESULTS
4.1 SIMULATION SCENARIO USING MATLAB
The proposed algorithm has been implemented using MATLAB simulator. HELLO Flood attack has been simulated by
choosing desired percentage of random attackers (here 0.01) in the network with high transmission power as compared to
normal sensor nodes in the network. A sink is placed at a fixed position in the field and sensors are placed randomly in
the field. The field dimensions are 100 x 100. Other simulation parameters are defined below along with their values
used.
Table 7 Parameters used in the simulation Scenario with values
Parameter
Value Used
Field Dimensions(in meters)
100*100
Sink Co-ordinates
0.5*maximum field length,0.5*maximum field width
Number of Sensor nodes(n)
Number of Sink/Base station
Cluster Head Election Probability
Transmission/Reception Energy
Transmitting and Receiving Antenna Gain
Volume 3, Issue 5, May 2014
100
1
0.1
50*0.000000001
1
Page 387
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 5, May 2014
ISSN 2319 - 4847
Transmitting and Receiving Antenna Heights(in
meters)
1.5
Radio Range of normal sensor nodes(in meters)
Diameter of sensing field*sqrt (log (n) /n) [20]
Radio Range of Attacker(in meters)
Path Loss
Percentage of attackers
Maximum number of rounds
Percentage of Guide nodes
Distance threshold between two guide nodes
80
1
0.01
100
0.1
15
Figure 3 Simulation of Proposed Approach
o
*
+
x
*
: Normal node
: Cluster Head
: Attacker
: Sink
: Guide Node
The proposed approach results are compared to two existing approaches that are, Received Signal Strength (RSS) based
Approach and non-cryptographic approach presented in reference []. The performance metrics used for comparison are
detection Time, Detection Energy and Communication Overhead. Each of these metrics is explained below along with the
results obtained in comparison to previously existing approaches.
4.2 PERFORMANCE RESULTS
The performance of the proposed approach has been compared to two existing approaches in terms of performance
metrics like detection time, energy required for detection and communication overhead. The comparison is described
below:
4.2.1 Detection Time: It is the time the network takes to detect the malicious cluster Head node or the
adversary in each round in LEACH Protocol. Results are shown below:
4.2.2
Table 8 Comparison based on the detection Time (in Seconds)
LEACH Round
RSS Based Approach
Approach in ref [19]
Proposed GUIDE
Approach
round=20
4.64
1.11
0.443
round=40
5.93
1.40
0.382
round=60
5.73
1.39
0.149
round=80
7.42
1.09
0.421
round=100
5.47
1.20
0.432
Volume 3, Issue 5, May 2014
Page 388
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 5, May 2014
ISSN 2319 - 4847
Figure 4 Comparison based on Detection Time (in Seconds)
4.2.2 Detection Energy: it is defined as the amount of energy dissipated by the network nodes for the detection of the
attacking node per round in LEACH Protocol. Results are given below:
Table 9 Comparison based on Detection Energy required (in milliJoules)
LEACH Round
RSS Based Approach
Approach in ref [19]
Proposed GUIDE
Approach
round=20
9.27
2.37
1.6
round=40
10.47
2.57
1.4
round=60
11.43
2.9
2
round=80
11.37
2.11
2
round=100
10.37
2.37
1
Figure 5 Comparison based on Detection Energy (in milli Joules)
4.2.3 Communication Overhead: It is defined as the overhead incurred by the network in terms of additional packets for
the purpose of successful detection of Attacker node in the network. Results are shown below:
LEACH Round
Table 10: Comparison based on Communication Overhead
RSS Based Approach
Approach in ref [19]
round=20
round=40
round=60
round=80
round=100
37
28
20
28
26
14
12
13
14
11
Proposed GUIDE
Approach
8
7
10
10
5
Figure 6 Comparison Based on Communication Overhead incurred
Volume 3, Issue 5, May 2014
Page 389
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 5, May 2014
ISSN 2319 - 4847
The above analysis clearly shows that the proposed approach gives better results in terms of performance metrics defined
above. Thus, the HELLO Flood attack can be detected with lesser detection time, lesser energy and lesser computation
overhead with the proposed GUIDE approach in comparison to the previously existing approaches.
5. CONCLUSION
LEACH protocol is difficult for an adversary to attack except the case when the adversary node become a Cluster Head, it
makes it easy for the attacker to launch a HELLO flood attack by simply broadcasting a powerful advertisement to all the
nodes deployed in the sensing field. In this paper, a new non-cryptographic approach to detect and prevent HELLO Flood
attack in LEACH protocol in WSN is proposed. The results of the proposed approach have been compared with the
existing approaches and the comparison proves that the proposed approach is more effective with less detection time,
energy and computational overhead. The proposed approach improves the network performance by early detection of
adversary and preventing the nodes from associating with such a malicious Cluster Head.
6. FUTURE SCOPE
The proposed approach in LEACH protocol works well with detection of the adversary and prevention from associating
any normal node to such node as cluster member. However the proposed work does not include any plan for the isolation
of the attacker nodes in the network. In future, work can be enhanced to isolate such nodes from the rest of the network
for the smooth functioning of the network. Furthermore, the simulated scenario defines a homogeneous network whereas
real life environment is heterogeneous. So in future, work can be done for the same. Also the guide nodes are not
uniformly placed in the field so their connectivity and even distribution in the network cannot be guaranteed. The work
can be enhanced in future to ensure the even distribution of guide nodes in the sensing region.
REFERENCES
[1] Anand, D.G.; Chandrakanth, H.G.; Giriprasad, M.N.; “Security Threats & Issues in Wireless Sensor Networks,”
International Journal of Engineering Research and Applications (IJERA), ISSN: 2248-9622, vol. 2, Issue 1, pp.911916, Jan-Feb 2012.
[2] Chaudhari, H.C.; Kadam, L.U.; “Wireless Sensor Networks: Security, Attacks and Challenges,” International
Journal of Networking, vol. 1, Issue 1, pp-04-16, 2011.
[3] Chee-Yee Chong; Kumar, S.P., "Sensor networks: evolution, opportunities, and challenges," Proceedings of the
IEEE, vol.91, no.8, pp.1247,1256, Aug. 2003.
[4] Hamid, A.; Mamun-Or-Rashid; Choong-seon Hong, "Defense against lap-top class attacker in wireless sensor
network," Advanced Communication Technology, 2006. ICACT 2006. The 8th International Conference , vol.1, no.,
pp.5 pp.,318, 20-22 Feb. 2006.
[5] Heinzelman, W.R.; Chandrakasan, A.; Balakrishnan, H.; "Energy-efficient communication protocol for wireless
microsensor networks," System Sciences, 2000. Proceedings of the 33rd Annual Hawaii International Conference on,
vol. 2, pp.10 pp., 4-7 Jan. 2000.
[6] Heinzelman, W.B.; Chandrakasan, A.P.; Balakrishnan, H.; "An application-specific protocol architecture for wireless
microsensor networks," Wireless Communications, IEEE Transactions on, vol.1, no.4, pp.660, 670, Oct 2002.
[7] Jing Chen; Huanguo Zhang; Junhui Hu, "An Efficiency Security Model of Routing Protocol in Wireless Sensor
Networks," Modeling & Simulation, 2008. AICMS 08. Second Asia International Conference on, vol., no., pp.59, 64,
13-15 May 2008.
[8] Karlof, C.; Wagner, D., "Secure routing in wireless sensor networks: attacks and countermeasures," Sensor Network
Protocols and Applications, 2003. Proceedings of the First IEEE.2003 IEEE International Workshop on, vol., no.,
pp.113, 127, 11 May 2003.
[9] M.Shankar; M.Sridar; M.Rajani; “Performance Evaluation of LEACH Protocol in Wireless Network,” International
Journal of Scientific & Engineering Research, vol 3, Issue 1, January-2012.
[10] Modares, H.; Salleh, R.; Moravejosharieh, A.; "Overview of Security Issues in Wireless Sensor
Networks," Computational Intelligence, Modelling and Simulation (CIMSiM), 2011 Third International Conference
on, vol., no., pp.308, 311, 20-22 Sept. 2011.
[11] Oliveira, L.B.; Wong, H.C.; Bern, M.; Dahab, R.; Alfredo Ferreira Loureiro, Antonio; "SecLEACH - A Random Key
Distribution Solution for Securing Clustered Sensor Networks," Network Computing and Applications, 2006. NCA
2006. Fifth IEEE International Symposium on, vol., no., pp.145, 154, 24-26 July 2006.
[12] Pathan, A.K.; Hyung-Woo Lee; Choong-seon Hong; "Security in wireless sensor networks: issues and
challenges," Advanced Communication Technology, 2006. ICACT 2006. The 8th International Conference, vol.2,
no., pp.6 pp., 1048, 20-22 Feb. 2006.
[13] Pires, W.R., Jr.; de Paula Figueiredo, T.H.; Wong, H.C.; Loureiro, A. A F, "Malicious node detection in wireless
sensor networks," Parallel and Distributed Processing Symposium, 2004. Proceedings 18th International, vol., no.,
pp.24, 26-30 April 2004.
Volume 3, Issue 5, May 2014
Page 390
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 3, Issue 5, May 2014
ISSN 2319 - 4847
[14] Suraj Sharma; Sanjay K. Jena; “A survey on secure hierarchical routing protocols in wireless sensor networks,”
ICCCS ’11 Proceedings of the 2011 International Conference on Communication, Computing & Security, pp.146,
151,2011.
[15] Uddin, M.Y.S.; Akbar, M.M.; "Addressing Techniques in Wireless Sensor Networks: A Short Survey," Electrical
and Computer Engineering, 2006. ICEC '06. International Conference on, vol., no., pp.581, 584, 19-21 Dec. 2006.
[16] Virendra Pal; Aishwarya S.; Sweta Jain; “Signal Strength based HELLO Flood Attack Detection and Prevention in
Wireless Sensor Networks,” International Journal of Computer Applications (0975 – 8887) vol. 62– No.15, January
2013.
[17] Yassein, M.B.; Al-zou’bi, A.; Khamayseh, Y.; Mardini, W.; “Improvement on LEACH protocol of Wireless Sensor
Network,” International Journal of Digital Content Technology and its Applications, vol. 3, issue 2, June 2009.
[18] Yong Wang; Attebury, G.; Ramamurthy, B., "A survey of security issues in wireless sensor
networks," Communications Surveys & Tutorials, IEEE, vol.8, no.2, pp.2, 23, Second Quarter 2006.
[19] Magotra, S.; Kumar, K., "Detection of HELLO flood attack on LEACH protocol," Advance Computing Conference
(IACC), 2014 IEEE International , vol., no., pp.193,198, 21-22 Feb. 2014.
[20] Simek M., Moravek P. and Silva J., “Wireless Sensor Networking in Matlab: Step-by-Step”, January 2010.
AUTHORS
Satwinder Kaur Saini received B.Tech degree in Computer Science Engineering from Sant Baba Bhag Singh
Institute Of Technology in 2012. She is now pursuing M.Tech degree in Computer Science (Networking
Systems) from Ambika Paul Institute of Technology (Punjab Technical University, Main Campus),
Kapurthala, Punjab, India.
Mansi Gupta received B.Tech degree from SUSCET, Mohali in 2010. She worked as Assistant Professor at
National Institute of Technology, Kurukshetra for 1 year and pursued her M.Tech degree from LPU Phagwara
during 2011-2013. Now she is working as Assistant professor at PITK, (PTU Main Campus), Kapurthala.
Volume 3, Issue 5, May 2014
Page 391