TABLE OF CONTENTS
Candidate’s Declaration
i
Acknowledgment
ii
Table of Contents
iii
List of Figures
iv
List of Tables
v
List of Abbreviations
vi-vii
Abstract
1
Chapter 1: Introduction
2
1.1 Introduction to WSN
2-4
1.1.1 Wireless Sensor Network Constraints
4-6
1.2 Security Requirements in WSN
6-8
1.3 Security Attacks on WSN
8-15
1.4 Miscellaneous Attacks in WSN
15-16
Chapter 2: Literature Survey
17-28
Chapter 3: Present Work
29
3.1 Problem Formulation
29
3.2 Objectives
29
3.3 Research Methodology
29-30
3.4 Phase of Detection and Isolation of malicious nodes
32-34
Chapter 4: Examination Result
35
4.1 Network Simulator
35-38
Chapter 5: Conclusion and Future Work
51
5.1 Conclusion
51-52
References
53-58
APPENDIX
59
LIST OF FIGURES
1
Figure 1.1: Wireless Sensor Network
2
Figure 1.2: Component Node of a WSN
4
Figure 1.3: Software Requirement Analysis
9
Figure 1.4: Attacker receive packets
10
Figure 1.5: Wormhole Attack
10
Figure 1.6: Sybil Attack
11
Figure 1.7: Denial of Service Attack
14
Figure 3.3: Flowchart
31
Fig 4.1: Network Simulator 2
35
Fig 4.1 (a): Network Deployment
38
Fig 4.1 (b): Network Deployment
39
Fig 4.2 (a): Data Aggregation
40
Fig 4.2(b): Data Aggregation
41
Fig 4.3(a): Trigger attack
42
Fig 4.3(b): Trigger attack
43
Fig 4.4(a): Deployment of Sensor nodes
44
Fig 4.4(b): Deployment of Sensor nodes
45
Fig 4.5: Detection of malicious nodes
46
Fig 4.6: Malicious node isolation
47
Fig 4.7: Packet loss comparison
48
Fig 4.8: Energy Comparison
49
Fig 4.9: Throughput Comparisons
50
List of Tables
Table 4.1: Simulation Parameters
36
2
ABSTRACT
WSN is a self-arranging network without any centralized control. The sensing devices are
commonly identified as nodes. These nodes are extremely small in size and quite inexpensive.
Primarily, these networks were merely installed in the military areas for monitoring the activities
of conflicting sides. Every movement of enemy was monitored and then the system used this
significant information for taking suitable measures. In some applications, monitoring of
suspicious actions and movements is extremely complicated because of the broad regions.
Therefore, the exploitation of wireless sensor networks is extremely useful in these kinds of
applications. Nowadays, wireless sensor networks are being used in various applications. These
networks can perform several tasks like sensing, processing and sharing of information inside the
areas. The wireless sensor network deploys the monitoring area for the random distribution of
sensor nodes within the area. Wireless sensors networks are installed in such regions which are
not appropriate and do not need any kind of infrastructure. The deployment of approximately
hundreds to thousands sensor nodes is required for the accomplishment of required operation. As
wireless sensor networks are heterogeneous, therefore the study of their deployment way within
several areas is extremely significant. Security and power expenditure are the main concerns of
WSN owing to these properties. The attacker nodes which make their entry inside the system
launch the security intrusions. These safety intrusions are widely categorized into two sorts of
intrusions, identified as active and passive attacks. Sinkhole intrusion comes in the category of
active intrusion. In this kind of intrusion, attacker node spoofs the identity of base station and
behaves like base station itself. The sensor nodes start sending information to the attacker node
in the place of base station. In this investigate study, a new algorithm is introduced for the
discovery and segregation of attacker nodes from the network. The new scheme is based on the
identify confirmation. The presented algorithm is implemented in Network Simulator 2 and
outcomes are scrutinized on the basis of several factors. It is scrutinized that presented approach
shows better performance on every parameter in comparison with the obtainable schemes.
1
Chapter 1
Introduction
1.1 Introduction to WSN
The wireless sensor network (WSN) includes as a combination of various sensing devices or
nodes for getting the information about the contiguous situations of a particular area. The sensing
devices also identified as nodes are extremely small and inexpensive. Primarily, these networks
were merely installed in the military areas for monitoring the activities of conflicting sides [1].
Every movement of enemy was monitored and then the system used this significant information
for taking suitable measures. In some applications, monitoring of suspicious actions and
movements is extremely complicated because of the broad regions. Therefore, the exploitation of
WSNs is extremely useful in these kinds of applications. Nowadays, WSNs are employed to
serve many purposes. These networks can perform several tasks like sensing, processing and
sharing of information inside the areas. The wireless sensor network deploys the monitoring area
for the random dispersal of sensor devices within the area. Because of the broad and unfriendly
applications of these networks, several issues raise.
2
Fig1.1 WSN
As a result of small size, these sensor nodes contain only limited battery energy. These networks
are positioned in subversive applications. The activities of these regions cannot be monitored
because of their inaccessibility for human beings. The nodes deployed in these kinds of areas are
more costly than the nodes deployed in worldly regions.
The multimedia sensor networks install various microphones and cameras inside them with
inexpensive sensor nodes. Larger bandwidth, power and quality of service are some important
factors necessary for the appropriate processing of information. In auditory areas, sensor nodes
are placed for the deployment of networks in order to create sparse environment. The wireless
sensor network faces several constraints such as signal fading, delay and propagation [2].
Wireless sensors networks are installed in such regions which are not appropriate and do not
need any kind of infrastructure. The deployment of approximately hundreds to thousands sensor
nodes is required for the accomplishment of required operation. As wireless sensor networks are
heterogeneous, therefore the study of their deployment way within several areas is extremely
significant.
The sensor nodes installed inside the wireless sensor networks perform various kinds of tasks.
The proper distribution of network within the definite region is necessary for the collection of
3
information. In order to perform general scrutiny, the monitoring of such regions is imperative in
mutual way for the collection of whole applicable information [3]. Aggregation and base station
are the two significant mechanisms occurring inside the wireless sensor networks. The data is
gathered from the sensor nodes present around the areas. This data is transferred to other nodes.
These nodes forward this information to the dominion. The base station is identified as a
component through which all gathered information is deceased. The base station is accountable
for the further transmission of data. The information sharing carried out inside wireless sensor
networks is defenseless and not confidential. This is due to the fact that these networks are
positioned in hazardous areas with only minimum amount of reserves. The employment of
security practices inside these networks is very tricky. But security is extremely imperative for
the proper processing and transmission of data. Because of their properties, these networks face
several issues in terms of security.
Figure 1.2: Component Node of a WSN.
Within a sensor node, five main units are involved named as memory transmitter or receiver,
power or energy unit, sensing unit and embedded processor. These units are integrated in the
sensor nodes according to the type of conditions in which these networks are to be positioned.
The location recognition scheme is utilized for localizing the node’s location. Within the sensor
nodes, a power generator is provided for providing energy to the battery. This scheme increases
the life span of network. In these networks, a mobilize also remains present for the movement of
4
sensor nodes. Two sub-units named as sensor and analog-to-digital converter are integrated for
the creation of sensing components. The sensor node senses the analog signal. Additionally,
ADC component transforms analog signal into digital signal for processing. Processing unit
works on these signals for proper functioning. The sensing device is connected to the network
with the help of a transceiver component. The most vital component of a sensing device is
battery. The battery provides energy for the activation of sensor nodes.
1.1.1 Wireless Sensor Network Constraints
A wireless sensor network is generated with the help of resource-controlled based sensor nodes
mutually, despite of the fact that these networks comprise restricted processing ability and
storage potential. In these networks, the bandwidth is provided according to the available
resources [4]. These networks are experiencing various problems because of the energy scarcity
and mini sensing devices. Within these networks, the execution of security techniques is
extremely difficult because of these restraints. Several restraints of sensor nodes should be
considered for ensuring the development of traditional security algorithms. Several most
imperative restraints being noticed in wireless sensor networks are described below:
i. Power Restraints: Power restraint is the main imperative restraint of WSNs. The three wider
classifications on the basis of power consumption with the help of some mechanisms are given
below:
● Sensor transducer uses definite amount of power.
● The sensor nodes consume certain amount of power for information sharing.
● The microprocessors perform calculations. These microprocessors need power as well.
Each bit travelling within the network utilizes approximately 800 to 1000 instructions of energy.
Therefore, the cost of power for information sharing is higher than the calculation cost. If
message size increases because of the security schemes then definite amount of cost has to be
paid. The cryptographic functions consume large quantity of power for increasing the security
5
range of networks. Thus, in these networks, a number of security levels remain present according
to the required power.
ii. Memory limitations: A small sized device comprising restricted amount of memory and
storage space is identified as sensor node. The sensor node’s memory involves a flash memory
and RAM within it [5]. Mostly downloaded application code is amassed in this memory. The
RAM amassed within the application programs, sense information and performs computations
rapidly. The complex algorithms cannot be executed after the complete loading of operating
system and application code due to the unavailability of storage area. Therefore, the accessibility
of numerous security algorithms to these sensor nodes is imperative.
iii. Unreliable communication: The untrustworthy information sharing is the other main
constraint being faced by these networks. Link less protocols are the base of Packet-based
routing. Thus, intrinsically, the routing is extremely untrustworthy in these networks. The fault
scan occur or the packets can be dropped due to the extremely congested sensor nodes. This
results in the disruption of whole information present inside the packets. These packets can be
either damaged or disrupted because of the untrustworthy wireless information sharing tunnel of
these networks. A number of vigorous fault management techniques are used in these networks
due to the occurrence of large fault rate. The execution of these techniques increases network
overhead. The presence of these kinds of faults results in the un-trust worthy exchanges with in
the network even in the occurrence of a trustworthy channel. Packet collisions may occur. These
packets can be retransmitted because of the broadcasting scenario of these networks. This causes
issues of some other extent.
iv. Higher communication delay: In these networks, larger latency happens due to multi-hop
routing, congestion and processing during the transmission of packets through intermediary
nodes. Thus, in these networks, synchronization is not possible. A lot of concerns may rise at
security level during synchronization as the sharing of significant event reports and
cryptographic key affect the performance of some techniques [6].
6
v. Unattended operation of networks: Within the network, some nodes are not attended as a result
of positioning of WSNs in hazardous situations. Therefore, in these conditions, a physical
intrusion may occur. The distant managing schemes cannot practically observe any type of
objective interference being reasoned in the network as these networks are positioned in hugely
spread areas. Thus, the deployment of a safe wireless sensor network is extremely complicated.
1.2 Security Requirements in WSN
Security of WSNs is extremely essential. For this purpose, some necessities should be kept in
mind. The sensor node needs several kinds of surrounded resources inside it for ensuring the
complete safety of extremely responsive information. The performance keeps this network lively.
A malicious node can easily trigger attack within these networks because of some susceptibilities
and occasions. The clients can go through huge loss because of these attacks.
A. Data Confidentiality
This property can be described as a procedure using which data can be concealed absolutely and
does not remain visible to opponents. The information can be made absolutely imperceptible by
a secret key for the encoding of information. Merely authorized users can assist in the
importation of information. A number of essential dynamics related to the secrecy are needed to
be considered in WSN.
B. Data Authentication
Data verification is the mainly considered aspect meant for several applications of WSN. Here,
any types of illegitimate elements can be blocked. At the same time, the authentic nodes pay
attention to identify any types of illegal nodes or clients. The attainment of information from a
precise source is necessary. Also, the target must be guaranteed to be a fraction of
communication for assuring that the information is not transmitted to any illegal users[7].
C. Data Integrity
7
This property can either adjust or transform the information. Thus, it should be ensured that the
illegal customers cannot modify the recipients during information sharing. The property which
ensures that no modifications are made in the data is identified as data integrity.
D. Data Freshness
This attribute describes the newness of information presented in the network. In some occasions,
earlier accessible information is retransmitted within the network, for avoiding these kinds of
situations, data freshness is measured. The newness of information should be maintained even in
the presence of essential and secret information. This feature also guarantees that the attacker
user is not retransmitting the accessible information.
E. Access Control
This property ensures the inaccessibility of information to illegal consumers. This feature does
not allow any type of illegal interference within the network.
F. Availability
The whole cost of networks is enlarged due to the modification of conventional encoding
algorithms within WSNs. As a result of existence of several techniques, the modification of code
is required so that it can support the code reutilization. Also, some techniques require further
interaction for the attainment of objective. For the simplification of algorithms, limited amount
of approaches has been presented. But these techniques decrease the range of node accessibility.
A number of factors can affect the accessibility and some of them are given below:
● The energy consumption is increased due to the further processing involved in the
network. The information is lost from the network after the absolute utilization of power.
● Power utilization increases because of the existence of supplementary information
sharing processes. The probability of collision increases due to the execution of huge
amount of messaging.
8
● A single point is provided in the network due to the availability of centralized method
within the network. Thus, during the availability of network, a number of intimidations
arise.
Thus, when the intrusion occurs in network functions, the network can be made obtainable.
Therefore, several security means are introduced in these networks.
1.3 Security Attacks on WSN
WSNs are dissimilar from other networks due to their extremely exceptional features. The
possibility of intrusions within these networks is high as well [8]. The susceptibility and
receptiveness of these networks to other security threats is extremely high as they comprise
distributive information sharing. The triggering of intrusion is higher in these networks because
of their deployment in higher and hazardous areas. A number of intrusions may occur at different
layers of the network as all these layers perform in dissimilar way and execute dissimilar
operations. In these networks, a number of routing protocols are involved which do not comprise
any security mechanism. Thus, the malicious can easily break the security of these networks.
Different kinds of attacks or intrusions recognized in every layer of the network are given below:
a. Physical layer attacks
i. Congestion: As the radio frequencies experience intrusion within the sensor nodes, this result
in the generation of a direct attack named as congestion. This kind of intrusion is totally different
from the usual radio broadcasts the networks experience number of issues. The denial-of-service
circumstances are experienced within the network due to the incidence of this kind of intrusion.
ii. Tampering: This kind of intrusion conciliates the node absolutely. There is vast chance of this
kind of intrusion. This attack causes extremely hazardous affects. This attack modifies the sensor
nodes. The occurrence of this attack can destroy the whole network.
B. Link layer attacks
9
i.
Collision:
This
intrusion
occurs
when
the
channel
intercession
experiences
neighbor-to-neighbor information sharing inside the link layer. The whole packet disrupts when
collisions happen in any area of the positioned network. Thus, in this situation packet should be
transmitted again due to the occurrence of single bit error.
ii. Exhaustion: The occurrence of interrogation intrusion exhausts the battery power. The power
consumption is extremely high in this situation due to the retransmission of packets. This causes
absolute battery consumption of sensing devices [9].
C. Network layer attacks
i. Hello flood attack: Higher communication energy is necessary for the transmission of hello
packets so that adjacent can be revealed during this kind of intrusion. The malicious creates a
delusion inside the network which depicts that a node is neighbor of other nodes. Thus, the
incorporated routing protocol will be absolutely interrupted and larger number of intrusions may
occur at this time. The malicious utilizes hello packet as a mace so that the sensor nodes present
in the networks show faith on the attacker node. The attacker node comprises elevated radio
communication rage and processing energy because of which different sensor nodes obtain hello
packets. These nodes are partitioned in big regions. The sensor nodes suppose the opponent to be
their adjacent node. The nodes will get a hello message from the attacker node and start
exchanging extremely responsive information a done another.
Figure 1.3: Attack broadcast packets
10
Figure 1.4: Attacker receive packets
ii. Wormhole attack: In the networks, a low-latency connection is established so that the packets
can be forwarded from to other end quickly using multi-hops. This process launches wormhole
attack or intrusion within the network [10]. This intrusion is a big danger for any routing
protocol accessible within the network. The detection and prevention of this kind of intrusion is
extremely difficult. The wormhole depicts that the node that is though extremely distant, is
extremely close to its adjacent, which is an attacker. This may produce perplexed circumstances
within the network. The commencement of information sharing at this time will result in the
exchange of secret data to the attacker nodes.
Fig: 1.5 Wormhole Attack
11
iii. Sybil attack: A malevolent utilizes an attacker node for creating interference in the network’s
traffic. Therefore, a number of units are established in the network which causes Sybil attack. An
ID is created due to the generations of false accompaniments or due to the generation of replica
of previously existing legal identities [11]. Sybil intrusions make their target to the multi-hop
routing with the error tolerant techniques of sensor networks. A legitimate node produces several
identifies. One or more nodes of the network can use these identifies because of this kind of
intrusion. A distinct node therefore creates the numerous identities.
Figure 1.6: Sybil Attack
The occurrence of this kind of intrusion inside the network disrupts the reliability, safety and
resource consumption. An outsider node can cause any kind of Sybil intrusion. The network
having either verification or encoding method inside it can be prevented from this kind of
intrusion merely. Because of the occurrence of this kind of interior malicious, public key
cryptography is implemented. But the structures are extremely expensive in such case when
resource relied networks are positioned. The possibility about the occurrence of Sybil node
within the network can be measured with the help of the equation given below as:
𝑃𝑟(𝑑𝑒𝑡𝑒𝑐𝑡𝑖𝑜𝑛) = 1 − 𝑃𝑟(𝑛𝑜𝑛𝑑𝑒𝑡𝑒𝑐𝑡𝑖𝑜𝑛)
= 1 − (1 − 𝑃𝑟(𝑛𝑜𝑛𝑑𝑒𝑡𝑒𝑐𝑡𝑖𝑜𝑛)
𝑟
1𝑟𝑜𝑢𝑛𝑑
𝑟
)
1𝑟𝑜𝑢𝑛𝑑
12
(
= 1− 1 −
( )( )( ) 𝑆−(𝑚−𝑀)
𝑐
( )
𝑎𝑙𝑙𝑆,𝑀,𝐺
∑
𝑠
𝑆
𝑚
𝑀
𝑛
𝑐
𝑔
𝐺
)
iv. Sinkhole attack: Because of the occurrence of this kind of intrusion within the network, the
base station cannot attain absolute and precise sensing information from the network. This
generates a solemn danger in the higher-layer applications. In this situation, the malicious draws
whole traffic from the network in its direction. The attacker node looks extremely eye-catching
the another nodes [12].
During the occurrence of sinkhole attack within the network, the base station is not able to obtain
accurate sensing information. Therefore, the higher layer applications experience a big threat
because of this intrusion. The attacker node makes itself more eye-catching in comparison with
other sensing nodes because of which whole sensed information is transferred in its direction. A
sinkhole generates during the existence of attacker in the middle. The attacker node draws the
data existing inside the adjacent nodes. Therefore, each bit of information is shared amid the
adjacent nodes is snooped in this situation. The compromised node is made to appear extremely
eye-catching regarding the used routing algorithm. Therefore, the information is promoted in the
direction of this node crosswise the network. For establishing a high-quality path in the direction
of base station such as the malicious can interfere in the network.
D. Transport layer attacks
i. Flooding Attack: This kind of intrusion is produced when large number of information is
flooded across the entire system. Flooding refers the incessant getting of various packets. The
higher processing of authentic link requests is executed for starting the unfinished link requests.
These kinds of numerous links are created with the help of memory buffer because of the
flooding which cannot be completed. The additional links cannot be established after the
complete loading of buffer. This situation causes Denial of Service attack.
E. Application layer attacks
13
i. Denial-of-Service (DoS): The functionality of sensor network is totally disrupted in a case
when an adversary produces a planned intrusion identified as denial of service intrusion. A
number of definite restrictions are caused in the performance of sensor network because of the
incidence of this kind of intrusion. This attack can occur in any one of the OSI layers [13].
Whole resources can be consumed for destructing the arrangement of framework. Denial of
service intrusion absolutely disrupts the network’s competence. In this situation, network
components are disrupted physically because of this intrusion. Additionally, this intrusion
destroys the wireless communication as well. This intrusion produces noise, collision or
intervention at the receiver’s end. The malicious comprises definite targets to be focused on amid
which few are related to the framework of network, server applications and the network entrance.
The sufferer node sends the additional un-needed information in denial of service intrusion. In
this case, the network resources are drained because of which clients cannot access the services
absolutely. In few circumstances, the malevolent completely destroys the network. This
adversary absolutely obliterates the capability of a network to execute definite operations. This
kind of intrusion may probably happen in different network layers. Congestion and interference
occurring inside the physical layer are denial of service kinds of intrusions [14]. Collision,
collapse and injustice are noticed within link layer which belong to this category as well. In
transport layer, flooding and de-management take place because of this kind of intrusion. For
making certain that DoS intrusions do not exist within the network, it is imperative to pay the
network resources and validate the traffic necessities. A number of approaches have been
presented for securing the reprogramming procedure [15]. The network uses the verification
inside itself for making it safe.
14
Figure 1.7: DoS Attack
DoS intrusion gives an option for rekeying the request packet. Therefore, this intrusion is
probable when two successive keys are nullified in the nodes or keys. Denial of service intrusion
occurs because of the repeated rate of rekeying of requests. The packets are dropped in a
constituted time span from the nodes. Packets are retransmitted and denial of service intrusion
commences after the identification of re-keying request packet [16].
ii. Cloning attack: This kind of intrusion occurs when sensor nodes can be captured and
compromised without difficulty. The limitless clones are generated for the compromised nodes in
this situation. Now, all the duplicates can participate very easily in any of the tasks because of
their legal access within the network. A number of internal intrusions are generated in this case
and destroys the whole network. When the network is not able to recognize the secure node, then
in this situation, the malicious can easily makes its entry within the network. Therefore, several
other intrusions may also get the access of network. Therefore, an effectual and proficient
solution should be executed within the network for the prevention of these types of intrusions.
This will provide safe atmosphere for information sharing.
1.4 Miscellaneous Attacks in WSN
a. Energy drain attack
Several batteries are used to provide energy within the networks. The networks are deployed in a
dynamic way. The recharging or replacement of nodes is imperative after the complete
exhaustion of their battery power [17]. In case of battery energized networks, the fixed amount of
power is drained. The intrusions may possibly occur in such a case when the attacker node sends
the packets continuously. This process totally destroys the sensor nodes and degrades the
network’s functionality. The network grid is completely partitioned and a novel sink node is
15
added for handling the component of sensor. The enrooted reports are dropped in this situation to
minimize the harm of this intrusion.
B. Data Integrity Attack
The information requiring transmission across the nodes is compromised because of the changes
created in the information. These changes are presented within the packets because of the
accumulation of fake information [18]. The malicious node comprises advanced processing
memory and energy in comparison with other nodes. The sensor information is snooped
according to the purposes of intrusions. This compromises the discovery of sufferer node. The
routing information is falsified for disrupting the usual function of sensor network. Thus this
attack destroys the network totally. Asymmetric keys are implemented for the prevention of these
kinds of intrusions. These keys provide encoding as well.
C. Sniffing attack
Any interference or eavesdropping occurring within the channels is the reason of this kind of
intrusion. The attacker node is placed in the neighbor of sensor grid for the capturing of
information. The gathered information is sent to the attacker for executing processing by using
some method [19].
But this attack causes no effect on the regular performance of routing
protocol. An outside attacker causes these kinds of intrusions for gathering important
information from the sensor devices.
D. Interference and Jamming
In this kind of attack, radio signals are blocked or interfered so that the information can be
vanished or tainted. A signal is produced within the network when a malicious comprises an
influential communication [20]. This sturdy signal overpowers the targeted signals. This
situation creates disturbance in information sharing.
16
Chapter 2
Literature survey
Panagiotis Sarigiannidis, et.al (2016)described that the technology of WSN was used in large
number of applications. This technology was mainly utilized in military areas, hospitals and
unfocussed functions. The sensor nodes were organized arbitrarily in the hazardous areas where
human could not reach. This network provided free communication atmosphere because of
which this network was vulnerable to several kinds of intrusions. A number of intrusions
affected the network performance [21]. In this study, Sybil intrusion was identified as the main
damaging attack. In this intrusion, numerous identities were acknowledged illegal through single
or several attacker nodes. When attacker nodes showed direct connection to the Sybil nodes, than
this intrusion became more worsen in this situation. Thus, a comprehensive analysis was
performed on the Sybil intrusion in this study. The performance of WSN was measured in the
existence of Sybil intrusion. The possibility of Sybil-free WSN was measured according to the
quantity of sensor devices and their strength. The simulations were executed for evaluating the
performance of proposed technique.
Yali Yuan, et.al (2015) stated that a development was seen in the WSNs due to the growth of
technology. The WSNs were extensively used in almost all applications. In WSNs, the sensor
devices were deployed accurately in hazardous surroundings because of the deployment-aware
applications of this network. This network provided free communication atmosphere because of
which this network was vulnerable for several kinds of intrusions. A number of intrusions
affected the performance of wireless sensor network. Among these intrusions Sybil attack was
17
considered as one of the main intrusions. In this attack, numerous identities were depicted for the
solo node which reduced the localization correctness. This resulted in the destruction of complete
network arrangement [22]. In this study, a new frivolous SF-APIT algorithm was presented for
the removal of this intrusion. This approach was admired because of its range free technique.
The proposed approach could be implemented even at the single node. In wireless networks
because of the minimum overhead, this novel algorithm was proposed as it provided the
competent outcomes based on RSS. In this study, several simulations were executed for
evaluating the performance of presented approach. These simulations estimated the efficiency of
the proposed approach in comparison with other existing techniques for minimizing the
consequences of this intrusion.
Noor Alsaedi, et.al (2015) stated that WSNs were used in several applications because of their
rising technology. Sensor nodes were arranged arbitrarily inside the network because of its
dynamic network topology. This network faced several issues such as inadequate processing
energy of sensor devices and restricted battery because of these issues this network subjugated
occasionally. This network provided free communication atmosphere because of which this
network was vulnerable for several categories of intrusions. A number of intrusions affected the
performance of wireless sensor network. Among these intrusions Sybil attack was considered as
one of the main intrusions [23]. The existence of this intrusion created disturbance in the
complete network because of the occurrence of numerous identities generated from attacker
node. In this study, a lightweight trust system was proposed for the minimization of all those
concerns where power was utilized in the form of a metric parameter for a hierarchical WSN. A
number of tests were conducted to compute the performance of suggested approach. The tested
outcomes demonstrated the efficiency of the proposed approach. A lessening in the network
messaging overhead was seen because of this proposed approach.
Sepide Moradi, et.al (2016) discussed that the WSNs were utilized in several applications and
various regions because of their rising technology. The sensor nodes were dispersed for gathering
of information in the hostile situations [24]. The security in WSNs was imperative as these
unprotected hazardous regions. In order to render security in WSNs, the detection of intrusions
18
was indispensable. Various attacks degraded the performance of the networks and Sybil attack
was one of them. This intrusion was a huge danger for geological routing protocols and
multi-path routing. A distributed technique was proposed with the help of movable agents and
local data of every sensor to detect the Sybil intrusion. The simulation results proved the
effectiveness of proposed techniques in comparison with the existing techniques.
Salavat Marian, et.al (2015)stated that wireless sensor network had been extensively utilized in
common applications. This network provided free communication atmosphere because of which
this network was vulnerable against several categories of intrusions. A number of intrusions
hampered the functionality of WSNs. Among these intrusions Sybil attack was considered as one
of the main intrusions. In this intrusion, malicious nodes transmitted packets to numerous nodes
with fake identities for making their existence in the network. This intrusion generated several
other attacks after obtained the reach of the network. In this study, a safety counter was
proposed. The proposed approach utilized RSSI technique for the easy detection of Sybil
intrusion [25]. The earlier presented techniques were based on the random key allocation. In
wireless sensor networks, two indicators identified as RSSI and LQI were used for estimating the
quality of connection. A number of tests were executed for evaluating the performance of
proposed approach and measured the efficiency of this approach in stationary atmosphere with
high-quality transceivers. The acknowledged energy ought to be the function of remoteness
according to the wireless channel models for their utilization in local Sybil nodes.
Ruixia Liu, et.al (2014)stated that the rising technology of body sensor network (BSN) had been
extensively used in a number of applications. This technology affected the lifestyle of people
very much. The data related to the mental health of the client and privacy were some parameters
linked with this network. Thus, in these networks, security was considered as one of the main
threat. In this network, numerous node identifiers were utilized as messaging medium for the
transmission of information because of which it was easy for Sybil intrusion for the degradation
of the network’s performance [26]. In this study, a novel RSSI was presented to detect all the
existing Sybil nodes within the network when they were regulating their broadcasting energy.
Thus, the proposed approach showed enhanced performance in comparison with other existing
19
techniques. Every node maintained its own identity certificate. Therefore, this approach did not
require any symmetric key encoding technique. Various simulations conducted for evaluating the
suggested approach’s performance. These simulations measured the efficiency of proposed
technique on the basis of high discovery rate and minimum operating cost.
Imran Makhdoom, et.al (2014) described that wireless sensor network were more vulnerable
against various kinds of intrusions because of the free information sharing provided by them. A
number of intrusions hampered the performance of this network for example wormhole, Sybil,
black hole attack and so on. The traditional cryptographic technique provided security against the
external intrusion but this technique was not able to minimize the internal intrusions in which
node compromised [27]. Sybil intrusion was estimated as one of the main intrusions amid all
other intrusions because of the occurrence of the attacker node. All proposed techniques were
scrutinized for minimizing this type of intrusion. In this study, a new One-Way Code Attestation
Protocol (OWCAP) was proposed for wireless sensor network for recognizing its advantages and
disadvantages. This proposed approach was extremely effectual because it minimized not only
the Sybil intrusion but other main intrusions present in this network as well.
Bayrem TRIKI, et.al (2014) proposed a novel approach to detect and prevent the Sybil
intrusions occurring in MWSNs. Two kinds of authentication techniques were used for the
identification of Sybil malevolent within the network. The RFID tags were embedded in the
primary part for the certification to authenticate the army personnel. In the second case, the
soldiers utilized these certificates for revealing their genuineness to their associates [28]. Thus,
this technique proved very beneficial for the prevention of this attack. In this approach, the
soldiers utilized two certificates at the similar time. The verification of soldiers was performed
through the heartbeat of the combatant. The proposed approach identified the Sybil intrusion by
protecting the privacy of soldiers. This approach helped in the detection of intrusion through
recognizing the genuine identity of the combatant.
P. Raghu Vamsi, et.al (2014) stated that a development was seen within the WSNs with the
expansion of technology. A number of intrusions hampered the performance of this network and
20
Sybil attack was one of them. This attack was considered a big threat. Due to the free
communication within this network, this network was prone to different kind of attacks.
Extremely inadequate lightweight models were presented in the obtainable schemes [29]. Thus, a
LSDF was proposed to alleviate the effects of Sybil intrusion. The proposed framework used two
components identified as evidence collection and legalization. Every node monitors the activities
of its adjacent nodes within the network for the collection of evidences. A sequential hypothesis
analysis was performed for the justification of this technique and for identifying the condition of
the node whether it was normal node or Sybil node. Several simulations were carried out for
evaluating the performance of proposed technique. These simulations showed the efficiency of
the projected technique.
Bin TIAN, et.al (2013) stated that advancement in technology expanded microelectronics
technology and wireless communication technology. These technologies proved extremely
beneficial in the easy growth of low power, WSNs and so on. Due to the free communication
provided by wireless sensor networks, these networks were more vulnerable towards the
intrusions. Thus, in these networks, security was the main concern. In these networks, installed
Sensors nodes were dispersed arbitrarily because of which this network comprised dynamic
network topology. Sensor nodes had inadequate resources and battery energy which resulted in
the breakdown of these networks occasionally. In this network, Sybil attack was considered as
one of the main intrusions.
In this study, Sybil discovery techniques were proposed in
accordance with the range of WSNs [30]. The efficiency of the projected technique was
concluded on the basis of executed tests. The tested outcomes demonstrated that proposed
technique minimized the security issue present in these networks.
Xun Li, et.al (2013)stated that the recent development in the Underwater WSNs made possible
the utilization of these networks in various extensive applications. Due to the free
communication provided by wireless sensor networks, these networks were more vulnerable
towards the intrusions. Thus, in these networks, security was the main concern [31]. A number
of intrusions hampered the performance of this network and Sybil attack was one of them. This
attack was considered the most common and destructive intrusion. Thus, an effective method
21
was necessary to detect the Sybil attack. In this study, a new technique was suggested to detect
the Sybil intrusion.
Several mathematical scrutiny and simulations were performed for
evaluating the performance of proposed technique using MATLAB tool. The attained simulation
outcomes demonstrated the efficiency of the proposed technique with the help of which this
intrusion was identified in an effective manner.
James Harbin, et.al (2011) stated that the improvement in wireless sensor network (WSN) was
imperative due to its finite battery power and signal congestion intrusions. Consequently, in this
study, Distributed beam forming clusters were proposed to enhance the WSNs. Lesser numbers
of sensor nodes participated in the communication procedure and caused connection failure in
the network [32]. Due to the free communication provided by wireless sensor networks, these
networks were more vulnerable towards the intrusions. During the intrusion, the attacker nodes
spoofed the identities of their neighbors. For measuring the effect of these nodes, an investigative
scheme was presented in this study.
BinZeng, et.al (2010)stated that WSNs were employed in large number of applications. Due to
the free communication provided by wireless sensor networks, these networks were more
vulnerable towards the intrusions. Thus, in these networks, security was considered an
indispensable factor for example in peer-to-peer networks. A number of intrusions affected the
functionality of these networks and Sybil attack was one of them. In this attack, attack, the
distributed system created the false numerous identities and showed that they were several and
alienated nodes in the system. When attacker node tried to deceive the truthful node, an edge
amid Sybil node and truthful node was existed. In this study, a new protocol was proposed for
minimizing the effects of Sybil intrusion. This proposed protocol utilized ant colony
optimization (Am) algorithm [33]. In this algorithm, nodes were arbitrarily dispersed and they
were free for leaving or joining the network at any time. The tracks of the first node left on each
node became weak. The quantity of edge intrusion could be limited successfully and proficiently
according to the proposed algorithm. Thus, the proposed approach ensured that the truthful node
must be received with high possibility and the Sybil nodes were discarded at larger level.
22
Shanshan Chen, et.al (2010) described that WSNs were utilized in several applications and
various regions because of their rising technology. Limited battery power and security were the
main challenges occurred before the WSNs. In this study, a security system was proposed on the
basis of LEACH routing protocol beside Sybil intrusion. The proposed approach was planned on
the basis of the RSSI by means of which Sybil attack could be identified without difficulty [34].
This technology had been used in such a situation when numerous CHs were above the threshold
level. A number of tests were carried out for evaluating the performance of projected techniques
by means of security and power utilization. The tested outcome demonstrated the efficiency of
the proposed technique in the detection of Sybil intrusions. The proposed approach minimized
the effects of the Sybil intrusions as well.
Ren Xiu –li, et.al (2009) presented a novel approach for the detecting the Sybil attack on the
basis of range. The range of neighboring nodes was verified through every node which was
available within the network for identifying the attacker node [35]. The messages were shared
amid the nodes to detect the Sybil node easily. The results of testing proved that proposed
technique showed better performance in comparison with other existing techniques. This
proposed technique was inexpensive and provided correctness. Thus, this approach was utilized
mostly for the inexpensive networks and the network having restricted number of resources.
Annie Mathew, et.al (2017) stated that a direct path was created from source to target for
information sharing because of the availability of huge amount of sensor devices. This approach
made the sensing procedure simpler [36]. Security was the main threat in these networks because
of the free communication atmosphere provided by these networks. A number of intrusions
affected the working performance of this network for example sinkhole attack, wormhole attack,
gray hole attack and so on. The sinkhole node established a direct route amid the sink or
destination node because of the occurrence of sinkhole intrusion within the network. Up to now,
a number of methodologies had been presented using for the effective detection of sinkhole
intrusion. In this study, sinkhole intrusion was discussed along with its categorizations and
techniques for the detection of this intrusion on the basis of certain aspects.
23
Mahmood Alzubaidi, et.al (2017)stated in wireless network, several kinds of internal intrusions
occurred. This detection of sinkhole intrusion and its effect on the RPL were the main objectives
of this study [37]. In this study, different mechanisms and IDS approach were proposed for the
easy detection of sinkhole intrusion. In this study, every method was scrutinized and reviewed
for highlighting the false positive rate and resource utilization with their merits and demerits. In
this study, a chart was demonstrated which provided the earlier demonstration of detection
methods for sinkhole intrusion. A number of comparisons were performed for the selection of
most efficient technique.
Manpreet kaur, et.al (2016) described that WSNs were deployed in several applications
because of their rising technology such as military and public regions. In these networks, huge
amount of sensor nodes with restricted resources were organized. These nodes comprised base
station, small cost and low power sensor nodes using which observation was performed [38]. In
this network, small size and huge amount of sensor nodes were the main cause because of which
these networks were affected badly by the intrusions. Thus, sinkhole intrusion was considered as
one of the most disparaging routing intrusions among all intrusions. The sinkhole attack captured
all routing data. This data was promoted through the attacker node which forced other nodes to
route the information in its direction. Thus, the network performance was degraded because of
the severe effect of sinkhole intrusion. The major objective was the scrutiny and recognition of
the sinkhole intrusion within WSNs.
Gauri Kalnoor, et.al (2016) stated that numerous randomly distributed sensor devices were
rooted within the wireless sensor network. Several factors for example pressure, temperature,
movement, resonance and many more were observed in the hazardous atmospheric
circumstances. Sensor nodes had been used for the transmission of information across the
network. An increase in the internet traffic was depicted because of the increase of network size
and quantity of nodes. Security was the main issue faced in this network because of the major
intrusion. This network provided free communication and security played a fundamental role in
the safety of necessary data [39]. Thus, in this study, attack recognition scheme was proposed
because of the security issue. The reliable Quality of Service (QoS) aid for example consistency,
24
congestion handling, power competence and end-to-end delay were the chief challenges
experienced in WSN. A number of security routing protocols were used for protecting the quality
of service parameter of WSN. These protocols were utilized to discover of the attacker as well.
In this study, several routing protocols were reviewed for improving the performance of the
network.
Jianpo Li, et.al (2018) suggested a brief review of wormhole intrusion in and its effect on the
network according to the distance vector routing. The DV-hop was a localization algorithm. In
this study, a security AWDV-hop was proposed for the minimization of several issues occurring
within the wireless sensor networks [40]. In the first algorithm, the neighbor node relationship
list (NNRL) was formed through the utilization of the broadcast flooding. The sensor devices
provided the identity numbers of their neighboring devices inside the network by using NNRL.
The hypothetical and real number of adjacent nodes was compared for the identification of
imaginary beacon nodes. The distance to other beacon was estimated within the NNRL for the
identification of actual intrusion caused by the beacon nodes. They region was marked with 1 or
2 for the completion of this task. In the end, the other unidentified nodes marked themselves with
1 or 2on the basis of the marking done by the beacon nodes. No communication was found amid
the nodes marked with 1 or 2 because of the extrication among the localization rounds. The
tested outcomes demonstrated that a reduction was seen in the localization fault with the help of
proposed AWDV-hop algorithm. This localization error was reduced up to 80% in comparison
with the DV-hop algorithm.
RanuShukla, et.al (2017) described that the WSNs were used in several applications and
various regions because of their rising technology. These areas included wild life, military,
patient observation, tremor forecasting, fire discovery and many more. Due to the free
communication provided by wireless sensor networks, these networks were more vulnerable
towards the intrusions. These networks experienced several issues like limited power, small size,
inadequate resources, and so on. Thus, an exchange was found amid security and power in the
WSNsdue to all these restrictions [41]. The architecture of secure routing protocol was the other
issue experienced in this network due to this exchange. The cryptography technique could not be
25
utilized because of its heaviness for providing security within the wireless sensor networks. For
overcoming this main concern, most advantageous solution was presented in this study which
was identified as TESRP. This technique not only provided security against the wormhole
intrusion but considered the finest trust-based routing protocol among other protocols as well.
Thus, the concept of trust algorithm with sequence number was used for providing protection
against wormhole intrusion.
Bharat Bhushan, et.al (2017) presented a review of extensive applications of the WASN and
sensor networks. These networks were installed in the hazardous situations to monitor the real
time circumstances. This network comprised the main security issue because of its open
commutation atmosphere [42]. The presence of wormhole intrusion degraded the performance of
complete network. The malicious triggered the intrusion inside the network without damaging
any node. The malicious node tracked the record of bits transmission in this intrusion which was
further channelized to the different locations. This malicious node retransmitted packets within
the network. No substitute path was provided to the nodes placed nearer to the malicious. After
this, all the paths were forwarded to the wormholes. The triggering of wormhole intrusion in
optimized link state routing protocols resulted in the transmission of wrong data inside the
network. Thus, the method of wormhole discovery and prevention was reviewed in this study
based on attained location data and time management amid nodes present within the network.
Mayank Kumar Sharma, et.al (2016)stated that the wireless sensor network was identified as
the set of clusters in which sensor nodes were interlinked with one another for performing
communication. The sensor devices were utilized within the hostile environment for sensing the
physical conditions. These devices gathered all the information about environment. This
information was further forwarded to the sink. Thus, the usage of routing protocols was
necessary to create an appropriate route for the efficient transmission of information from one
node to another node. In this study, various routing protocols were built and arranged in
accordance with their features. Because of the limited resources, a proficient and quick routing
procedure was necessary for minimizing the routing overhead [43]. This network suffered
various routing intrusions because of its free communication scenario. In this study, wormhole
26
intrusion was reviewed. This intrusion was considered a major threat to the wireless sensor
networks. Thus, the routing protocols were used for minimizing the effects of this wormhole
intrusion. The comparison of suggested approach was done with other AODV routing protocol
for the scrutiny of threat diminution. The impact of high broadcasting energy on the wormhole
intrusion was scrutinized as well which was the major aim of this study. In this study, various
methods were presented for the efficient minimization of these threats. Qualnet 5.2 simulator was
utilized for simulation procedure to evaluate the performance of proposed technique.
Ali Modirkhazeni, et.al (2016) describes that the WSNs were deployed in several areas
including military, health care, industrial applications and many more. The WSN was a rising
technology. The huge amounts of sensor nodes were deployed in the hazardous atmosphere for
sensing the physical conditions. These sensor nodes collected all the information about
environment. This information was forwarded to the sink for additional processing. Because of
the finite battery, this kind of wireless medium was used for communication purpose. These
networks were more vulnerable against these intrusions because of their free information sharing
surroundings. These intrusions affected the communication of entire network [44]. In WSN,
traditional security schemes were not used because of their heaviness and limited number of
nodes. in this study, wormhole intrusion was reviewed. This attack was considered as one of the
main intrusions since it disrupted the performance of complete network. This intrusion utilized a
distinct wormhole channel for the transmission of information from one location to another.
Thus, this intrusion was considered as the most adverse intrusion to identify in wireless sensor
network. In this study, a distributed network discovery approach was proposed for minimizing
the effects of wormhole intrusion. Several tests were carried out to compute the performance of
suggested technique. The tested outcomes demonstrated the efficiency of the proposed technique
since it minimized the wormhole intrusion up to 100%.
Swati Bhagat, et.al (2016) stated that wireless sensor network was used in several applications
and in various regions because of their rising technology. These areas included military
observation, hospital scrutinizing, forest, and many more. In this study, the wormhole intrusion
was reviewed as well. This attack affected the nodes present in the network. These wormhole
27
nodes were identified as false courses as and smaller than the first course in the system. An issue
was created in the routing of sensor devices on the basis of distance amid the nodes according to
existing situations [45]. In this study, a novel technique was proposed for the powerful
transmission of information.
Mostefa BENDJIMA, et.al (2016) stated that wireless sensor networks were used in large
number of applications. Sensor nodes were deployed in the hostile environment for sensing the
physical conditions. The performance of network was degraded because of the occurrence of
several intrusions. These networks faced several constraints for example restricted resources,
inadequate energy source, huge quantity of nodes, infrastructures less, dynamic network
topology. In this study, a secure network communication was proposed using an appropriate
method for the minimization of all these concerns. Security was the main issue which divided the
network into two sections. In this approach, the mobile agents were used for discarding the
traffic malevolent. These malevolent were the main reason wormhole attack within the network
[46]. The existing attacker nodes in the network launched the wormhole intrusion. This intrusion
was identified as denial of service attack. In this intrusion, a channel was formed for the
transmission of packets from one location to other. Several simulations were performed for
evaluating the performance of proposed technique. For this purpose, SINALGO simulator was
utilized. Decrease in the power utilization and improvement in the life span of network and
packet delivery was seen through the simulation outcomes.
ShaoheLv, et.al (2008)stated that wireless sensor networks were more prone to the intrusions
because of their infrastructure less configuration and free communication. In this study, Sybil
attack was reviewed. One or more malicious node launched this kind of intrusion because of
which network applications were collapsed [47]. A novel identification approach named as
CRSD was proposed for stationary wireless sensor networks. In this network, the received signal
strength (RSS) was used utilized for measuring the remoteness among two identities. The
location of interesting identities could be determined using this RSS information. This
information was gathered from numerous neighboring nodes. The Sybil intrusion identified more
than two identities in the same location. This attack disrupted the network functionality as
28
acknowledged through the scrutiny. Simulations were carried out for evaluating the performance
of proposed technique. The simulation outcomes demonstrated the efficiency of CRSD approach.
Jiangtao Wang, et.al (2007) proposed a novel technique for the detection of Sybil intrusion
within the wireless sensor network (WSN) based on the received signal strength indication
(RSSI). This approach followed the real time network condition where Jakes channel scheme
was installed. The head nodes comprised the signal strength of received nodes and the location
information of associate nodes. These factors were used for measuring the effects of Sybil
intrusion [48]. In this study, two techniques were proposed for the minimization of Sybil
intrusion occurring in the head nodes and associate nodes. These techniques provided wide
ranging applications and demonstrated the effectual outcomes as well.
Chapter 3
Present Work
29
3.1. Problem Formulation:
The sensing devices sense the data in WSN. From there, the sensed information is forwarded to
the sink. WSN is a decentralized kind of network without having any centralized control. This
condition is accountable for the entry of attacker nodes within the network. These attacker nodes
trigger different kinds of active and passive intrusions inside the network. The sinkhole intrusion
decreases network efficacy in regard to throughput, power utilization and packet loss. The
sinkhole intrusion floods the attacker nodes in the tunnel through communication is performed.
This investigation is absolutely based on the discovery of attacker node which further launches
the sinkhole intrusion within the network.
3.2. Objective
1. To isolate the attacker node. This node is responsible for the launching of sinkhole intrusion
within the network.
2. To measure the threshold value of data packets transferred on the wireless link.
3. To implement proposed approach and compare this approach with former techniques with
regard to several factors.
3.3. Research Methodology
30
31
Flowchart
32
3.4 Phase of Detection and Isolation of adversaries
Following are the various phases of adversary discovering: 1. Pre-Processing: -The wireless sensor network is configured with fixed amount of sensing
devices. The clustering on the basis of locality is applied in the entire network. In the proposed
LEACH protocol, power and remoteness of all devices are verified correctly. The node having
utmost powerand least distance is elected as CH. The whole nodes occurring in the network will
send their information to the CH. CH further creates path with the help of other CHs and propels
this information to the sink. AODV routing protocol is utilized to create path among source and
the destination. AODV protocol is a source node protocol which deluges the route reply packets.
The source node selects the most appropriate route towards the destination according to the hop
count and highest sequence number. The source node forwards the information to the preferred
place. Attacker node launches the mis-directional intrusion with the help of selected route.
2. Detection of malicious nodes: -A number of approaches were proposed in the last few years
for the discovery of attacker nodes. The earlier method was monitor mode method. The activity
of the neighboring node can be observed with the help of this method. This method does not give
good performance in the recognition of attacker node. The second method implemented in the
earlier investigation was named as delay tolerance method. This method needs extra hardware
and software for the discovery of attacker nodes. This increases the intricacy and cost of the
arrangement. The base station applies node localization method for the discovery and
segregation of attacker nodes. The node localization technique gathers data with respect to the
established route. Sink can collect the whole data of sensing devices with the help of node
localization method. The sink can collect data about the location of sensor node and their delay
during the information transmission. The sink scrutinizes the quality of service constraints. When
the network throughput goes below a certain threshold level, then base station takes action for
33
the discovery adversary. The base station checks the network throughput on every hop for the
detection of attacker node form the network. The node having throughput below the threshold
level is designated as adversary. The gathered data comprises the remoteness of every node from
sink. The distance creates delay in every hop count which exists on the formed route. The base
station detects this delay. The delay of every hop is calculated due to which node will enhance
the delay within the network and identifies the attacker nodes.
The predictable delay is
computed with the equation number 1
𝐷𝑖𝑠𝑡𝑎𝑛𝑐𝑒 𝑏𝑒𝑡𝑤𝑒𝑒𝑛 𝑒𝑎𝑐ℎ 𝑛𝑜𝑑𝑒
Expected Delay = Time to live * 𝐷𝑖𝑠𝑡𝑎𝑛𝑐𝑒 𝑏𝑒𝑡𝑤𝑒𝑒𝑛 𝑠𝑜𝑢𝑟𝑐𝑒 𝑎𝑛𝑑 𝑑𝑒𝑠𝑡𝑖𝑛𝑎𝑡𝑖𝑜𝑛 ---- (1)
The distance between each node is calculated with the equation number 2
-------------(2)
The predicted delay is defined with the equation number 3
𝐷𝑖𝑠𝑡𝑎𝑛𝑐𝑒 𝑏𝑒𝑡𝑤𝑒𝑒𝑛 𝑒𝑎𝑐ℎ 𝑛𝑜𝑑𝑒
Predicted delay= 𝑇𝑜𝑡𝑎𝑙 𝑛𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑚𝑒𝑠𝑠𝑎𝑔𝑒 𝑒𝑥𝑐ℎ𝑛𝑎𝑔𝑒 -- (3)
When the predicted delay is above the expected delay then the attacker node is discovered. The
threshold delay is the forecasted delay. The threshold delay in the network is described as 2 ms if
the sensor node enhances the delay above the threshold level which is 2 ms, then that node will
be adversary. The multipath routing method is implemented for the removal of attacker nodes
from the route. The projected method follows the threshold system for the discovery of attacker
nodes and the other applied methods. The proposed approach does not need additional hardware
and software components for the discovery of attacker nodes because of this approach is
preferred for the discovery of attacker nodes.
3. Isolation of Malicious nodes: -In the final stage, the segregation procedure is implemented
for the removal of attacker node from the route formed between source and destination. The
multipath routing method is used for the elimination of attacker node. The multipath routing
technique isolates the attacker node from the network. In this technique, the source floods RREP
34
in the network and every node existing close to the destination will reply back with RRPs. The
source node chooses the finest route from source to destination according to the hop count and
sequence number. The source node does not choose the route in which attacker node subsists.
The process used for the separation of attacker nodes is described below:
Initialization: Sensor nodes
Output: Assortment of safe route
1. The source transmits route request messages in the network
2. After receiving the route request messages
Increase the hop count and sequence number
3. if sequence number of novelroute> than sequence number of earlierroute
Process the request
Else
Discard the request
4. if (attacker node is presented in the path )
Reject the path
Else
Check the hop count and sequence number
5. Choose the saferoutefrom source to destination
35
Chapter – 4
EXPERIMENTAL RESULT
4.1 Network Simulator
Network simulator emerges due to ongoing investigative study and expansion which is managed
by the investigators at Berkeley. The network simulator comprises distinct event simulator target
and NS-2 is one of them. This simulator principally utilizes OTcl as command and configuration
language. This network simulator is mainly implemented in C++, with OTcl as the interpreter.
Figure 4.1:Network Simulator 2 [39]
The accumulated hierarchy in C++ controls the class hierarchy. This accumulated hierarchy
performs in the same way as the interpreter hierarchy in OTcl performs. TcL is the root hierarchy
36
in which two classes communicate with each other. There exists single simulator which
establishes the simulator objects with the help of commenced interpreter. The interpreter
establishes the methods defined in the TcL class in automatic manner. These methods are
commenced through the clients. The simulator performs two tasks i.e. the comprehensive
simulation of protocol for making its configuration easier to the customer and transforms the
parameters and can observe these alterations as well. The algorithms are implemented in C++.
This programming language can handle the bytes and headers of the packet easily. Second
scenario is the iteration, in which iteration time is more significant than runtime assignment. Tcl
provide ssupport in the completion of these two tasks. The event scheduler is the main element
of network. The event scheduler considers the schedule timer and pointer of packet in the form
of an event. Timer or switching module uses the event scheduler. The information specified in
the input script is similar to the one or two text files created by the network simulator after the
execution of simulation. Network Animator or NAM in short form is a geographical tool which
is utilized for analyze the text created by NS. The local and wide area network NS is used for
simulation purpose. This network simulator simulates an extensive array of IP network, TCP and
UDP and other network protocols which are executed through it. Traffic source behavior exists
for example FTP, CBR and VBR, Router queue management methods. The NS project is now the
part of the VINT project that produces tools for simulation outcomes, demonstration, scrutiny
and transformers that transform the network topologies produced by eminent generators to NS
arrangement. The existing version of network simulator does not is not compatible with mobile
wireless environment [39].
37
TABLE 4.1 Simulation Parameters [39]
● Number of nodes: This factor denotes nodes utilized for simulation purpose.
● Pause time: This metric denotes time interval for the devices which can be stopped
throughout simulation.
● Traffic type: Traffic of two types, Variable Bit Rate (VBR) and Constant Bit Rate
(CBR). CBR traffic is the reason of maximum time delay.
● Simulation time: The period of time in which simulation is performed is identified as
simulation time.
Quantitative Metrics:
Quantity of quantitative metrics is accountable for the assessment of the working of routing
algorithm for wireless ad-hoc networks. In this proposed scheme, four quantitative metricshave
38
been used and further RFC 25012 defines general notions. Two types of qualitative metrics are
throughput and overhead.
PDR corresponds to the ratio of entire data packets received at the destination to the total amount
of data packets propelled by the sources. It is the most significant metric. The congestion in the
network occurs because of the retransmissions of packets.
𝑃𝑎𝑐𝑘𝑒𝑡 𝐷𝑒𝑙𝑖𝑣𝑒𝑟𝑦 𝑅𝑎𝑡𝑖𝑜 =
𝑇𝑜𝑡𝑎𝑙 𝐷𝑎𝑡𝑎 𝑝𝑎𝑐𝑘𝑒𝑡𝑠 𝑟𝑒𝑐𝑒𝑖𝑣𝑒𝑑
…..(3)
𝑇𝑜𝑡𝑎𝑙 𝑑𝑎𝑡𝑎 𝑝𝑎𝑐𝑘𝑒𝑡𝑠 𝑠𝑒𝑛𝑡
● Average End-to-End Delay
End-to-end delay causes several issues within the network. The delay is added in every
successful data packet delivery and that total is divided through the total successful data packets
received and is utilized for finding standard end to end delay. The delay sensitive application
proved most significant and useful video and voice transmission
∑(𝑇𝑖𝑚𝑒 𝑅𝑒𝑐𝑒𝑖𝑣𝑒𝑑−𝑇𝑖𝑚𝑒 𝑠𝑒𝑛𝑡)
𝐴𝑣𝑒𝑟𝑎𝑔𝑒 𝐸𝑛𝑑 𝑡𝑜 𝐸𝑛𝑑 𝐷𝑒𝑙𝑎𝑦 =
𝑇𝑜𝑡𝑎𝑙 𝐷𝑎𝑡𝑎 𝑃𝑎𝑐𝑘𝑒𝑡𝑠 𝑅𝑒𝑐𝑒𝑖𝑣𝑒𝑑
….(4)
● Overhead
Different protocol executes different tasks on the basis of their enlarged size as the Ad hoc
networks being intended as scalable. The increased size of the network enhances the quantity of
routing traffic. One of the most significant measures of protocol scalability is routing overhead.
Overhead is described as the total amount of routing protocol forwarded over the network.
Routing overhead is represented in terms of bits or packets per second. The route error packet
and network jamming are the main cause of routing overhead. The presented study has been
scrutinized on the NS2 and the outcomes have been estimated in regard to throughput, power
utilization and packet loss. Three situations are compared within the network which involves
39
sinkhole intrusion andbase papermethod for the recognition and separation of sinkhole intrusion
from the wireless sensor networks.
Fig 4.1(a): Network Deployment
The network is positioned with fixed amount of sensing r nodes as described by the figure
4.1(a).The entire network is separated into many clusters of finite size. Location-based clustering
is implemented for the clustering of entire network.
40
Fig 4.1(b): Network Deployment
The network is positioned with fixed amount of sensor nodes as described by the figure
4.1(b).The entire network is separated into many clusters of finite size. The location-based
clustering is implemented for the clustering of entire network. LEACH protocol is implemented
for the selection of CH in every cluster. CHs are chosen in regard to remoteness and power.
41
Fig 4.2(a): Data Aggregation
The network is positioned with fixed amount of sensor nodes as described by the figure
4.2(a).The entire network is separated into many clusters of finite size. The location-based
clustering is implemented for the clustering of entire network. LEACH protocol is implemented
for the selection of CH in every cluster. CHs are chosen in regard to remoteness and power.
42
Fig 4.2(b): Data Aggregation
The network is positioned with fixed amount of sensor nodes as described by the figure
4.2(b).The entire network is separated into many clusters of finite size. The location-based
clustering is implemented for the clustering of entire network. LEACH protocol is implemented
for the selection of CH in every cluster. CHs are chosen in regard to remoteness and power. The
required information will be transferred to the sink with the help of CH.
43
Fig 4.3(a): Trigger attack
The network is positioned with fixed amount of sensor nodes as described by the figure 4.3
(a).The entire network is separated into many clusters of finite size. The location-based
clustering is implemented for the clustering of entire network. LEACH protocol is implemented
for the selection of CH in every cluster. CHs are chosen in regard to remoteness and power. The
required information will be transferred to the sink with the help of CH. A direct route is created
between two CHs. In this route, the attacker node occurs that launch sinkhole intrusion.
44
Fig 4.3(b): Trigger attack
The network is positioned with fixed amount of sensor nodes as described by the figure 4.3
(b).The entire network is separated into many clusters of finite size. The location-based
clustering is implemented for the clustering of entire network. LEACH protocol is implemented
for the selection of CH in every cluster. CHs are chosen in regard to remoteness and power. The
required information will be transferred to the sink with the help of CH. A direct route is created
between two CHs. In this route, the attacker node occurs that launch sinkhole intrusion.
45
Fig 4.4(a): Deployment of Sensor nodes
WSN is positioned with finite number of sensing devices as described in figure 4.4(a).The entire
network is separated into many clusters of finite size. The location-based clustering is
implemented for the clustering of entire network. LEACH protocol is implemented for the
selection of CH in every cluster.
46
Fig 4.4(b): Deployment of Sensor nodes
WSN is positioned with finite number of sensing devices as described in figure 4.4(b). The entire
network is separated into many clusters of finite size. The location-based clustering is
implemented for the clustering of entire network. LEACH protocol is implemented for the
selection of CH in every cluster.
47
Fig 4.5: Detection of malicious nodes
WSN is partitioned into a number of sensing devices as depicted by the figure 4.5. The base
station provides a unique identification to these sensor nodes. The node which is not provided
this identification is identified as the attacker node.
48
Fig 4.6: Malicious node isolation
The network is positioned with fixed amount of sensor nodes as described by the figure 4.6.The
entire network is separated into many clusters of finite size. The location-based clustering is
implemented for the clustering of entire network. LEACH protocol is implemented for the
selection of CH in every cluster. CHs are chosen in regard to remoteness and power. The
required information will be transferred to the sink with the help of CH. A direct route is created
between two CHs. In this route, the attacker node occurs that launch sinkhole intrusion.
49
Fig 4.7: Packet loss comparison
A comparison amid the fundamental leach and leach protocol is performed under the influence of
sinkhole intrusion and proposed method on the basis of packet loss as demonstrated by the figure
4.7. The LEACH protocol exhibits highest effect and decreased packet loss after the separation
of the sinkhole.
50
Fig 4.8: Energy Comparison
The proposed method, basic LEACH protocol and LEACH protocol are compared under the
influence of sinkhole intrusion as depicted by the figure 4.8.The power utilization reduces after
segregation of sinkhole intrusion.
51
Fig 4.9: Throughput Comparisons
Network throughput, basic LEACH protocol and LEACH protocol were compared under the
impact of sinkhole intrusion as depicted by the figure 4.9. It has been evaluated that the network
throughput is enhanced at stable rate after the separation of sinkhole intrusion.
52
Chapter - 5
CONCLUSION AND FUTURE WORK
5.1 Conclusion
In this study, it has been analyzed that the LEACH protocol is most efficient approach utilized
for the reduction of power utilization within wireless sensor networks. This network can sense
the ecological circumstances using sensor nodes occurring inside them. These small sized sensor
nodes reduce the life span of these networks. The sinkhole attack is identified as an active
intrusion which decreases the efficiency of LEACH protocol. this research study presents mutual
authentication for discovering and segregating sinkhole intrusion. Network efficiency is
scrutinized on the basis of packet loss which is decreased by 15%, power utilization is reduced
by 18% and network throughput is improved by 25%. The approach proposed in this study is
used for discovering and segregating adversaries from these networks. Sink evaluates the delay
per hop according to the threshold level. The attacker node is discovered in regard to delay. The
node causing maximum delay is known as the attacker node. This reduces the power utilization,
increases the network throughput and decreases the time delay.
5.2 Future Work
Different future perspectives of this study are given below:The proposed approach can be used for the detection of different kinds of intrusions such as
Sybil intrusion within the network. Several comparisons between the proposed approach and
various other secure methods will be performed for testing their trustworthiness. In wireless
53
sensor networks, secure routing and power utilization issues occur due to the absence of any
centralized control. The Sinkhole attack is an active kind of intrusion which decreases the
performance of network on the basis of certain factors. In future, a structure can be designed in
for the reduction of power utilization of the network with the help of information collection. This
future approach is based on the proposed LEACH protocol which is a multi-hierarchal protocol.
This proposed protocol is compared with other data aggregation protocols as well for checking
their genuineness.
54
References
[1] I.F.Akyildiz et al., “A Survey on Sensor Networks”, IEEE Commun.Mag.,Vol. 40, No. 8,
pp.102-114, Aug. 2002.
[2] E.Shi and A.Perrig, “Designing Secure Sensor Networks”, Wireless Commun. Mag., Vol. 11,
No. 6, pp.38-43, Dec 2004.
[3] Culler, D. E and Hong, W., “Wireless Sensor Networks”, Communication of the ACM, Vol.
47, No. 6, pp. 30-33, Jun. 2004.
[4] Al-Sakib Khan Pathan, Hyung-Woo Lee, Choong Sean Hong, “Security in Wireless Sensor
Networks: Issues and Challenges”, Proc. ICACT 2006, Volume 1, 20-22, pp. 1043-1048, Feb.
2006.
[5] David J. Malan, Matt Welsh, Michael D. Smith, “A Public-Key Infrastructure for Key
Distribution in TinyOS Based on Elliptic Curve Cryptography”, Division of Engineering and
Applied Sciences, Harvard University, Dec 2007.
[6] Dr. G. Padmavathi, Mrs. D. Shanmugapriya, “A Survey of Attacks, Security Mechanisms and
Challenges in Wireless Sensor Networks”, International Journal of Computer Science and
Information Security, Vol. 4, No. 1 & 2, 2009.
[7] A. Perrig, J. Stankovic, and D. Wagner, “Security in Wireless Sensor Networks”,
Communications of the ACM, 47(6):53–57, Jun. 2004.
55
[8] Shahnaz Saleem, Sana Ullah, HyeongSeonYoo, “on the Security Issues in Wireless Body
Area Networks”, International Journal of Digital Content Technology and its Applications Vol. 3,
No. 3, Sep. 2009.
[9] Kalpana Sharma. M K Ghose, “Wireless Sensor Networks: An Overview on its Security
Threats”, IJCA Special Issue on Mobile Ad- hoc Networks 2010.
[10] David Martins, and HerveGuyennet, “Wireless Sensor Network Attacks and Security
Mechanisms: A Short Survey”, 2010 IEEE.
[11] AnithaS.Sastry, ShaziaSulthana and Dr.SVagdevi, “SecurityThreats in Wireless Sensor
Networks in Each Layer”, International Journal of Advanced Networking and Applications, Vol.
04 Issue 04, pp. 1657-1661, 2013.
[12] David R. Raymond and Scott F. Midkiff, “Denial-of-Service in Wireless Sensor Networks:
Attacks and Defenses”, IEEE Pervasive Computing, Vol. 7, No. 1, pp. 74-81, 2008.
[13] Chris Karlof and David Wagner, “Secure routing in wireless sensornetworks: attacks and
countermeasures,” Ad Hoc Networks Journal, Vol.1, Issue 2-3, pp. 293-315, 2003.
[14] Yan Sun, Zhu Han, and K. J. Ray Liu, “Defense of Trust Management Vulnerabilities in
Distributed Networks,” IEEECommunications Magazine, Vol 46, Issue 2, pp.112-119, 2008.
[15] Yanli Yu, Keqiu Li, Wanlei Zhou, and Ping Li, “Trust mechanisms in wireless sensor
networks: attack analysis and countermeasures,” Journal of Network and Computer Applications,
Elsevier, 2011.
[16] W. Xu et al., “The Feasibility of Launching and Detecting Jamming Attacks in Wireless
Networks,” MobiHoc ’05: Proc. 6th ACM Int. Symp. Mobile Ad Hoc Net. and Comp., pp.
46–57, 2005.
56
[17] W. Xu, W. Trappe, and Y. Zhang, “Channel Surfing: Defending Wireless Sensor Networks
from Interference”, in Proc. Of Information Processing in Sensor Networks, 2007.
[18] Shih, E., Cho, S., Ickes, N., Min, R., Sinha, A., Wang, A. &Chandrakasan, A., “Physical
layer driven protocol and algorithm design for energy-efficient wireless sensor networks”,
Proceedings of the 7th Annual International Conference on Mobile Computing and Networking,
Rome, Italy, pp. 272-287.
[19] Woo, A. and Culler, D., “A Transmission Control Scheme for Media Access in Sensor
Networks”, Proceedings of the Seventh Annual ACM/IEEE International Conference on Mobile
Computing and Networking, MobiCom, Rome, Italy, 2001.
[20] Sohrabi, K., Gao, J., Ailawadhi, V., and Pottie, G. J., “Protocols for Self-Organization of a
Wireless Sensor Network”, IEEE Personal Communications, pp. 16-27, 2000.
[21] Panagiotis Sarigiannidis, Eirini Karapistoli and Anastasios A. Economides, “Analysing
Indirect Sybil Attacks in Randomly Deployed Wireless Sensor Networks”, IEEE, 2016
[22] Yali Yuan, LiuweiHuo, Zhixiao Wang and Dieter Hogrefe, “Secure APIT Localization
Scheme against Sybil Attacks in Distributed Wireless Sensor Networks”, JOURNAL OF LATEX
CLASS FILES, VOL. 14, NO. 8, AUGUST 2015
[23] Noor Alsaedi1, 2, Fazirulhisyam Hashim, A. Sali, “Energy Trust System for Detecting Sybil
Attack in Clustered Wireless Sensor Networks”, 2015 IEEE 12th Malaysia International
Conference on Communications (MICC), Kuching, Malaysia (23 - 25 Nov 2015)
[24] Sepide Moradi, MeysamAlavi, “A distributed method based on mobile agent to detect Sybil
attacks in wireless sensor networks”, 2016 Eighth International Conference on Information and
Knowledge Technology (IKT)
57
[25] Salavat Marian, Popa Mircea, “Sybil Attack Type Detection in Wireless Sensor Networks
based on Received Signal Strength Indicator detection scheme”, 10th Jubilee IEEE International
Symposium on Applied Computational Intelligence and Informatics • May 21-23, 2015
[26] Ruixia Liu, Yinglong Wang, “A New Sybil Attack Detection for Wireless Body Sensor
Network”, IEEE, 2014
[27] Imran Makhdoom, Mehreen Afzal, Imran Rashid, “A Novel Code Attestation Scheme
Against Sybil Attack in Wireless Sensor Networks”, 2014 National Software Engineering
Conference
[28] Bayrem TRIKI Slim Rekhist Noureddine Boudriga, “An RFID based System for the
detection of Sybil attack in Military Wireless Sensor networks”, IEEE, 2014
[29] P. Raghu Vamsi and Krishna Kant, “A Lightweight Sybil Attack Detection Framework for
Wireless Sensor Networks”, IEEE, 2014
[30] Bin TIAN, Yizhan YAO, Lei SHI, Shuai SHAO, Zhaohui LIU, Changxing XU, “A NOVEL
SYBIL ATTACK DETECTION SCHEME FOR WIRELESS SENSOR NETWORK”, IEEE,
2013
[31] Xun Li, Guangjie Han, Aihua Qian, Lei Shu, Joel Rodrigues, “Detecting Sybil Attack based
on State Information in Underwater Wireless Sensor Networks”, 2013
[32] James Harbin, Dr Paul Mitchell, “Reputation Routing To Avoid Sybil Attacks In Wireless
Sensor Networks Using Distributed Beamforming”, 2011 8th International Symposium on
Wireless Communication Systems, Aachen
[33] BinZeng, Benyue Chen, “SybilACO: Ant colony optimization in defending against Sybil
attacks in the wireless Sensor Network”, 201O International Conference on Computer and
Communication Technologies in Agriculture Engineering
58
[34] Shanshan Chen, Geng Yang, Shengshou Chen, “A Security Routing Mechanism against
Sybil Attack for Wireless Sensor Networks”, 2010 International Conference on Communications
and Mobile Computing
[35] Ren Xiu –li, Yang Wei, “Method of Detecting the Sybil Attack Based on Ranging in
Wireless Sensor Network”, IEEE, 2009
[36] Annie Mathew and J.Sebastian Terence, “A Survey on Various Detection Techniques of
Sinkhole Attacks in WSN”, International Conference on Communication and Signal Processing,
April 6-8, 2017
[37] Mahmood Alzubaidi, Mohammed Anbar, Samer Al-Saleem, Shadi Al-Sarawi, Kamal
Alieyan, “Review on Mechanisms for Detecting Sinkhole Attacks on RPLs”, 2017 8th
International Conference on Information Technology (ICIT)
[38] MANPREET KAUR, AMARVIR SINGH, “Detection and Mitigation of Sinkhole Attack in
wireless sensor network”, IEEE, 2016
[39] Gauri Kalnoor, Jayashree Agarkhed, “QoS based Multipath Routing for Intrusion Detection
of Sinkhole Attack in Wireless Sensor Networks”, 2016 International Conference on Circuit,
Power and Computing Technologies
[40] Jianpo Li1 , Dong Wang1 , Yanjiao Wang, “Security DV-hop localisation algorithm against
wormhole attack in wireless sensor network”, IET Wirel. Sens. Syst., 2018, Vol. 8 Issue 2, pp.
68-75, the Institution of Engineering and Technology 2018
[41] RanuShukla, Rekha Jain, P. D. Vyavahare, “Combating against Wormhole Attack in Trust
and Energy Aware Secure Routing Protocol (TESRP) in Wireless Sensor Network”, Proceeding
International conference on Recent Innovations is Signal Processing and Embedded Systems
(RISE -2017) 27-29 October,2017
59
[42] Bharat Bhushan, Dr. G. Sahoo, “Detection and Defense Mechanisms against Wormhole
Attacks in Wireless Sensor Networks”, IEEE, 2017
[43] Mayank Kumar Sharma, Brijendra Kumar Joshi, “A Mitigation Technique for High
Transmission Power based Wormhole Attack in Wireless Sensor Networks”, ieee, 2016
[44] Ali Modirkhazeni, SaeedehAghamahmood, Arsalan Modirkhazeni, NaghmehNiknejad,
“Distributed Approach to Mitigate Wormhole Attack in Wireless Sensor Networks”, IEEE, 2016
[45] Swati Bhagat, TrishnaPanse, “A Detection and Prevention of Wormhole Attack in
Homogeneous Wireless Sensor Network”, IEEE, 2016
[46] Mostefa BENDJIMA, Mohammed Feham, “Wormhole Attack Detection in Wireless Sensor
Networks”, SAI Computing Conference 2016 July 13-15, 2016
[47] ShaoheLv, Xiaodong Wang, Xin Zhao and Xingming Zhou, “Detecting the Sybil Attack
Cooperatively in Wireless Sensor Networks”, 2008 International Conference on Computational
Intelligence and Security
[48] Jiangtao Wang, Geng Yang, Yuan Sun, Shengshou Chen, “Sybil Attack Detection Based on
RSSI for Wireless Sensor Network”, IEEE, 2007
60
APPENDIX
Network simulator is the outcome of the ongoing work of research and development which is
administrated by the researchers at Berkeley. It has discrete event simulator target in which NS-2
is one of them and primarily uses OTcl as command and configuration languages. This NS is
particularly executed is C++, with OTcl as the interpreter. The hierarchy of class is controlled by
the compiled hierarchy in C++. This compiled hierarchy is work in the similar manner to the
interpreter hierarchy in OTcl. TcL is the root hierarchy in which two classes are one to one
correspondence. There is presence of one simulator which creates the simulator objects through
initiated interpreter. The methods which are defined in the TcL class are automatically
established by the interpreter and are initiated by the users.
61