ArticlePDF Available

Multi-Layer Approach for Detection of Selective Forwarding Attacks

Authors:

Abstract and Figures

Security is a major threat in wireless sensor networks (WSNs). These networks are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD). The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable.
Content may be subject to copyright.
Sensors 2015, 15, 29332-29345; doi:10.3390/s151129332
sensors
ISSN 1424-8220
www.mdpi.com/journal/sensors
Article
Multi-Layer Approach for the Detection of Selective
Forwarding Attacks
Naser Alajmi * and Khaled Elleithy *
Computer Science and Engineering Department, University of Bridgeport, Bridgeport, CT 06604, USA
* Authors to whom correspondence should be addressed; E-Mails: nalajmi@my.bridgeport.edu (N.A.);
elleithy@bridgeport.edu (K.E.); Tel.: +1-203-576-4703 (K.E.); Fax: +1-203-576-4766 (K.E.).
Academic Editor: Rongxing Lu
Received: 22 September 2015 / Accepted: 16 November 2015 / Published: 19 November 2015
Abstract: Security breaches are a major threat in wireless sensor networks (WSNs). WSNs
are increasingly used due to their broad range of important applications in both military and
civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have
limited capacities and are often deployed in dangerous locations; therefore, they are
vulnerable to different types of attacks, including wormhole, sinkhole, and selective
forwarding attacks. Security attacks are classified as data traffic and routing attacks. These
security attacks could affect the most significant applications of WSNs, namely, military
surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to
detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and
scalability are strong constraints on sensor nodes that affect the security of WSNs. Because
sensor nodes have limited capabilities in most of these areas, selective forwarding attacks
cannot be easily detected in networks. In this paper, we propose an approach to selective
forwarding detection (SFD). The approach has three layers: MAC pool IDs, rule-based
processing, and anomaly detection. It maintains the safety of data transmission between a
source node and base station while detecting selective forwarding attacks. Furthermore, the
approach is reliable, energy efficient, and scalable.
Keywords: wireless sensor networks; selective forwarding attacks
OPEN ACCESS
Sensors 2015, 15 29333
1. Introduction
A sensor node is a small, lightweight sensing device. It is composed of a constrained processing unit
and small amount of memory for its small operating system. Additionally, a sensor node includes a
limited-range transceiver and a battery unit [1]; a mobile node also includes a mobility subsystem. WSNs
often manage thousands of sensor nodes. In fact, these sensor nodes communicate with a huge number
of small nodes via radio links. WSNs applications distinguish between applications based on the type of
data that must be collected in the network [2]. Sensor nodes in a network gather data that are necessary
to include in a smart network environment. These environments include homes, transportation systems,
military installations, healthcare systems, and buildings. WSNs make it technologically possible to
reorganize information and communication technology. The study of WSNs is a significant topic in
computer science and engineering. It has an economic impact and affects industry.
In WSNs, sensor nodes transfer packets from the source to the base station. Because a sensor node is
a limited-transmission device, it uses a multi-hop method to send packets to the base station [3]. While the
communication between sensor nodes in WSNs is accomplished wirelessly by radio, adversaries can use
many types of attacks. Eavesdropping, compromising nodes, interrupting or modifying packets, and
injecting malicious packets compromise privacy, and denial of service attacks are threats to the security
of WSNs [4]. Attackers compromise the internal sensor nodes from which they launch attacks, which
are difficult to detect. A selective forwarding attack is the one of these attacks. It is an attack where a node
sends some of messages to other nodes or base stations whilst dropping the sensitive information [5].
In a selective forwarding attack, malicious nodes attempt to stop the packets in a network by rejecting
message forwarding. It is not easy to detect this type of attack due to the unreliability of communications.
According to Karlof and Wagner [6], selective forwarding attacks can impact some routing protocols,
such as TinyOS beaconing, DSR, and PSFQ. During the launch of a selective forwarding attack, a
compromised node has notable consequences. A compromised node selectively drops packets. Malicious
nodes work in the same manner as other nodes in the network field, but these malicious nodes try to find
the important messages and drop them before sending the whole packets to the next nodes. The attackers
make the sensor network rely on the redundancy forwarding by using broadcast for data to spread in the
network. Based on researchers’ results, limited power and low memory are obstacles that make
conventional security measures inappropriate for WSNs [7]. One of the obstacles in WSNs is also energy
consumption, so data transmission between sensor nodes is the major source of energy consumption and
it is a serious challenge to design an energy efficient routing scheme for extending a network’s lifetime [8].
2. Related Works
Yu and Xiao [9,10] described a Lightweight Security Scheme (LWSS) as an approach that can be
used to detect a selective forwarding attack in the sensor network field. LWSS uses a multi-hop
acknowledgment to launch alarms by obtaining responses from the nodes that are located in the middle
of a path. This approach has as a target the detection of network attackers. The target is to send an alarm
that indicates a selective forwarding attack when a malicious node is discovered. The authors used two
detection processes in the scheme, namely a downstream process and an upstream process. Sending an
acknowledgement packet and alert packet would drain energy during the detection process. In this
Sensors 2015, 15 29334
approach, a node is randomly selected as the checkpoint that sends a message acknowledging the
detection of an adversary. Among the drawbacks of LWSS we may list the following:
Resending the packet by using another route causes energy consumption and delays during
the detection.
Transmission of the acknowledgement packet and one-way key packet also cause
energy consumption.
The scheme lacks scalability.
The scheme spends much effort on detecting the attack thus it lacks efficiency.
The LWSS scheme could not detect the attacks under some certain conditions.
Sending the acknowledgment causes wasted energy.
There is no commitment to reliability if the packet is dropped.
Hai and Huh [11] described an approach to detect selective forwarding attacks. The approach is called
Lightweight Detection (LWD). It consists of a lightweight mechanism where each sensor node is
provided with a detection module that is built on top of an application layer. A sensor node sets its
routing rules and uses information about its two-hop neighborhood to generate an alert packet. Hai and
Huh suggested two routing rules to improve the monitoring system. The first rule is to determine whether
the destination node forwards the packet along the path to the sink. The second rule is that the monitoring
node waits and detects a packet that had been forwarded along the path to the sink. Some of the
drawbacks of LWD are:
The network has a static topology. Therefore, the LWD scheme will not detect the attack if
there is a change in the type of topology.
There is no guarantee of reliability.
The detection scheme is not work if a node is compromised.
Deng et al. [12] proposed Secure Data Transmission (SDT) for detecting a selective forwarding
attack. They used watermark technology to detect malicious nodes. Prior to employing a watermark-based
technique, they used a trust value to find a source path for message forwarding. When the network is
initialized, all of the nodes are assigned the same trust value. Deng et al. used a watermark-based
technique to calculate the amount of packet loss. The base station compares the extracted watermark to
the original watermark to detect a selective forwarding attack. Among the drawbacks of SDT Drawbacks
one can mention:
There is no data resend method if the packet is dropped.
The SDT scheme cannot detect a malicious node if more than two.
The scheme is not convenient for sensor-caused malicious nodes and the BS cannot compromise.
Chanatip et al. [13] proposed Received Single Strength Indicator—Extra Monitor (RSSI-EM). They
used extra monitoring (EM) to eavesdrop and monitor all of the traffic when data were transferred
between nodes. The value of an RSSI is that four EM nodes can be arranged to establish the positions of
all of the sensor nodes, with the base station located at (0, 0). They assumed that the attackers could
capture and damage the nodes. Therefore, all of the sensor nodes must protect themselves or be made
from tamper-resistant hardware. The RSSI-EM drawbacks are:
Sensors 2015, 15 29335
The topology is static thus any change will affect the efficiency of the scheme.
The scheme accuracy is low.
3. Problem Identification
A selective forwarding attack is difficult to detect in a network. The adversary installs a malicious node
in the network area, which drops packets. Once the malicious node is present in the network, it organizes
routing loops that attract or refuse network traffic. Additionally, malicious nodes can perform some
activities that impact the network. These activities include extending or shortening source routes,
generating false messages, and attempting to drop significant messages (Figure 1). Packet drops are
common due to environmental conditions, but it is also possible that an attacker can simply drop a packet
purposefully [14]. Packets that are dropped selectively sometimes come from one node or a group of
nodes. The malicious node refuses to forward the packets. In addition, the base station does not receive
the entire message. There is a need for a new paradigm for detecting selective forwarding attacks that
can increase the detection rate while consuming less energy.
Figure 1. Selective Forwarding Attacks-Redrawn [15].
4. Proposed System
Sensor networks are vulnerable to many types of security attack. A malicious node tries to create
blocks that occur while messages are being transferred between sensor nodes in the network by, for
instance, forwarding a message along another path, generating an inaccurate network route, and delaying
the transfer of packets between nodes. With a limited radio communication range, wireless sensor nodes
communicate with each other by a multi-hop path [16]. In a sensor network area, data are sent to the
base station through routers. An attacker compromises the nodes by attacking the network resources.
Selective forwarding attacks destroy the packets transmitted between the source and base station. For
this purpose, a malicious node refuses to transfer the whole packet, attempting to drop considerable data
and therefore, the whole packet is not transferred to the base station. Furthermore, physical attacks
frequently occur in WSNs because they are easy for adversaries to execute. Selective forwarding attacks
can seriously impact the data collection of WSNs and data will be lost with compromised sensor nodes [17].
Selective forwarding detection (SFD) discovers a secure route for data to be sent from one node to other
Sensors 2015, 15 29336
nodes. In this section of the paper, we introduce the assumptions and a multi-layer approach for detecting
selective forwarding attacks.
4.1. Assumptions
To detect selective forwarding attacks within certain applications we must make some assumptions.
We assume that all nodes have the same specifications. All nodes in the network have the same energy
at the starting point and maximum energy. As well as, we assume that nodes are uniformly distributed
in network in a random manner. Malicious nodes should not drop any packets before launching a
selective forwarding attack, and an adversary cannot attack nodes during their deployment. Nodes can
send data to a base station. Received Signal Strength Indicator-RSSI is the mechanism to measure the
distance between the base station and a node.
4.2. Selective Forwarding Detection (SFD) Using Multi-Layers
Rule-based IDS, also known as signature-based IDS, is one of the mechanisms for protecting a
network from security threats. The network layer in WSNs is threatened with many types of attacks,
including wormhole and sinkhole attacks. Our proposal focuses on the selective forwarding attack. We
design a multi-layer approach to detection that includes the three security layers shown in Figure 2.
Figure 3 shows the details of the algorithm. The first layer is a pool of MAC IDs. In this layer, the
important information is filtered and stored. The information includes message fields (e.g., packet,
destination, and source IDs) that are useful for rule-based processing. The second layer is the rule-based
processing layer. In this layer, there are some rules that must be applied to the stored data. Incoming
traffic is either accepted or rejected. In addition, no rules are applied to a message that fails. The third
layer is the anomaly detection layer, which detects the false negative anomalies that comprise unknown
attacks. The second layer (rule-based processing) and the third layer (anomaly detection-based IDS) can
identify and control selective forwarding attacks in all phases. The three layers are supported by three
algorithms. These algorithms are used to resolve the attacks on the network. The detection approach
saves energy by using little time and memory. It chooses a secure route along which to transfer data
between the source and base station. Furthermore, the SFD approach will be reliable, energy efficient,
and scalable. All of these factors are important for sensor node networks. Additionally, this approach
has a high accuracy rate. We compared our approach with other approaches and found SFD has a 98.3%
accuracy rate so it is higher than others.
Figure 2. Multi-Layers in Rules-Based IDS.
Sensors 2015, 15 29337
Figure 3. Selective Forwarding Attack Detection Flowchart.
4.3. Selective Forwarding Detection (SFD) Algorithms
4.3.1. MAC Pool of IDs Layer
The first layer consists of a pool of MAC IDs that filters and matches the traffic. Each traffic packet
is monitored. The packet is matched to identify malicious activity using message fields (e.g., the packet,
destination, and source IDs). It checks whether a node is legitimate or malicious. If a node is assigned a
value of zero, it drops a packet and is considered malicious. Otherwise, it is accepted as a legitimate
node. In our study, we analyze the malicious nodes that are detected in the first step using an algorithm
based on the pool of MAC IDs as shown in Algorithm 1.
Algorithm 1. MAC Pool of IDs Layer
1. Input = (MP: Mac Pool)
2. Network parameter = (SN: sensor node, RT: route, TSN: Total sensor node)
3. For (SN = 0; SN <= TSN; SN++)
4. Set SN = SN + 1
5. If SN MP then
6. Set SN = 0 // the node is declared as malicious node not allowed for communication.
7. Rejected
8. Dropped
9. Else if SN = 1 // Node is declared as a legitimate node and allowed for communication
10. Accept
11. Store
12. Set SN = RT
13. SN RP
14. End if
15. End else
16. End for
Sensors 2015, 15 29338
4.3.2. Rules Processing Layer
The second layer involves rule-based processing. It is the middle layer. It detects known attacks using
rules. These are techniques used to define and describe the normal operations for detecting selective
forwarding attacks. Rules must be applied before nodes are deployed in a network area. The rule-based
processing layer checks the traffic by comparing it to a list of rules. If the traffic satisfies at least 90% of
the rules, the node is confirmed to be legitimate (Algorithm 2). Therefore, the traffic will be returned to
the pool of MAC IDs for release. If the traffic does not satisfy 90% of the rules, the node is considered
doubtful and is rejected. Details of the rules are given in Table 1.
Algorithm 2. Rules Processing Layer
1. Input = (RP: Rules Process)
2. Output = (DT: Selective Forwarding Detector, RU: Rules)
3. Network parameter = (SN: Sensor node, RT: Route)
4. Attacking parameter = (SFAT: Attacker)
5. RL1 = Rules based in IDS (RL1IDS)
6. RP RL1IDS
7. Set RL1 >= RU // 90% from the rules
8. For (SFAT = RL1; SFAT <= RP; SFAT ++)
9. If SFAT RP then
10. DT SFAT
11. Attack alert
12. Rejected
13. Dropped
14. Else if (SFAT RP) then
15. Set SN = RT
16. SN AD
17. End if
18. End else
19. End for
Table 1. Rules based in selective forwarding attack.
Rule No. Rule Description
Rule1 Each node wait to see if the neighbor node forward the message or not.
Rule2 The node that will receives message has to checks the transfer’s identity to make sure it is not
change during transferring.
Rule3 Each node makes sure that the next node has a shared key for negotiation.
Rule4 Each node has a message route when it wants to transfer to other node.
Rule5 Each sensor node must have ACKs.
Rule6 Each sensor node must have the same ACK that use.
Rule7 Each node has not created a new response before the previous one transfer.
Rule8 Each node has to send the message using the correct route.
Rule9 Each sensor node only communicates with other sensor nodes that locate in the same topology.
Sensors 2015, 15 29339
4.3.3. Anomaly Detection Layer Based on Intrusion Detection System
The third layer involves anomaly detection, which is the recognition of unknown attacks. This layer
checks the traffic that comes from the rule-based processing layer. Therefore, it works to analyze the
traffic. The possible results of anomaly detection are false negative, false positive, true negative, and
true positive. If the algorithm determines that an unknown attack is a false negative, it sends an alert and
rejects the relevant packet. Otherwise, the traffic is returned to the pool of MAC IDs by confirming the
legitimacy of the node as shown in Algorithm 3.
Algorithm 3. Anomaly Detection Layer Based on IDS
1. Input = (AD: Anomaly Detection)
2. Output = (DT: Selective Forwarding Detector)
3. Network parameter = (SN: Sensor node, RT: Route)
4. Attacking parameter = (SFAT: Attacker)
5. RL2 = Anomaly detection based in IDS (RL2IDS)
6. AD RL2IDS
7. For (RL2 = 0; RL2 <= AD; RL2 ++)
8. RL2 = RL2 + 1
9. If RL2 AD then
10. Compute FN
11. FN = 1/N FN
12. M = 1
13. Set Alert
14. Rejected
15. Dropped
16. Else if RL2 AD then
17. No Attack
18. Set SN = RT
19. Return
20. SN MP
21. Declared
22. End if
23. End else
24. End for
5. Reliable, Energy Efficient and Scalable (RES) Model
The goal of a reliable, energy-efficient and scalable (RES) model is to extend the network lifetime
while maintaining the Quality of Service (QoS). The network lifetime is the most significant metric of
wireless sensor networks. RES also aims to balance the energy utilization for unevenly distributed sensor
nodes to provide longer secure surveillance for military bases. In the military base surveillance, there is
a high probability that nodes will die by forwarding heavy traffic.
Sensors 2015, 15 29340
In order to develop reliable communication, we have to determine a reliable path from the sender
node to the base station, as the ∀ number of the sensor nodes in the reliable optimal  path is given as:

∀
 (1)
Let us assume that WSNs are perceived as the 2D graph with vertex and edges written as (,)
with transmission range so that the maximum reliable communication can be obtained using Bellman-
Ford algorithm’s link measurement properties  given as:
= 
 (2)
Once, we start searching the reliable path for communication then we can this write as:
 
(,) −
  − 1

(,∈) (3)
Once we are able to find the reliable communication pathway, then we have to balance the energy
consumption. We define the network lifetime when the sensor node first time drains its energy. Ideally,
prolonging the network lifetime requires satisfying the following conditions: total consumed energy for
all sensor nodes in the network, the differences between the node’s individual energy consumption,
average energy consumption of each sensor node, and energy consumed for transmitting the packet and
for receiving the packet.
Total consumed energy for all sensor nodes in the network should be considered as minimal∆.
Determining the differences between the node’s individual energy consumption∆(1) and
an average energy consumption ∆ is the minimal energy. The differences can be accumulated as:
=
 (∆−∆
) (4)
where is differences between minimal energy and an average energy of the sensor node.
After determining the differences, we focuses on an average energy ∆ consumption of each sensor
node that can be written as:
∆=(
)
 (5)
As well as, we need to determine the number of generated packets generated by sensor node:
=

∈() −∆

∈() (6)
Once a node joins and leaves the network, the communication performance is affected and the
provision of QoS is degraded. We address scalability in our design to overcome the performance degradation.
Let us consider the number of joining nodes in the network. The size of the network is limited
and it does not accept a load of more than≤1≤. Given that the network will accept sensor
nodes in the network, thus, scalable probability of network can be defined as:
Sensors 2015, 15 29341
=()+
 × ()

& +(p) (7)
where (∆) the number of delivered packets from the sensor nodes that are already part of the network
and ∇p the number of packets delivered by nodes joining the network and the scalable probability
when sensor nodes join the networks.
6. Results and Discussion
The approach to detecting selective forwarding attacks is tested using a simulation. In the simulation,
200 sensor nodes are deployed in a network with an area of 800 × 800 m2 using NS2 (Table 2). Therefore,
each node had a transmission range of 35 m and a sensing range of 30 m. The energetic cost of a node
is 5 J, and there are 180 static and 20 mobile nodes. We calculated the amount of energy consumed.
Figure 4a describes the reliable detection rate of our approach and other works. The reliable detection
rate is important to extend the network lifetime. We proved the number of packets successfully received
at the destination node. It clearly shows that SFD is stable at almost the same level when the time
increased from 0 min to 27 min. The reliable detection rate is 98.4%. The reliable detection rate for the
LWSS, LWD, SDT, and RSSI-EM approaches are not stable and go down when the time increases. The
reliability rates are 88.2%, 90.6%, 89.6%, and 86.3%, respectively. Energy is also an important factor.
Figure 4b shows the energy consumption performance of the LWSS, LWD, SDT, and RSSI-EM
approaches with 180 static nodes and 20 mobility nodes. In comparing our proposed SFD approach with
the other approaches, we assume the 10% of nodes are malicious and 10% of the nodes are mobile. As
a result, we saw different percentages of energy consumption for each one of these approaches, which
consumed 75.1%, 81.8%, 69.1%, and 68.5%, respectively. Thus, the total of malicious nodes and energy
consumption appears. Figure 4c shows the probability detection of selective forwarding attacks and other
competing schemes with 50% malicious nodes and static nodes. As a result, SFD has a high probability
of almost 96%. In Figure 4d we show the packet delivery ratio with 50% malicious nodes and 25%
mobile nodes. Between 5% and 10% malicious nodes, the SFD approach has a ratio of 99.2%, higher
than the values of the other approaches which 94.4%, 94.1%, 94.3%, and 94.2%. The accuracy rate of
SFD and other competing selective forwarding mechanisms are shown in Figure 4e. The accuracy of our
approach is more than 98%. The network consumes less energy when it includes mobile nodes; therefore,
it was 60.4% at the highest point, and the energy cost was low. If there are malicious nodes along the
routes, the SFD approach is able to reduce the communication overhead. The new approach is more
effective while the detection of nodes is increased.
Table 2. Experiment Parameters.
Parameters Description
Transmission Range 35 m
Sensing Range of node 30 m
Initial energy of a node 5 J
Bandwidth of node 60 Kb/Sec
Number of legitimate sensors 120
Sensors 2015, 15 29342
Table 2. Cont.
Parameters Description
Number of Malicious nodes 80
Size of network 800 × 800 m2
Buffering capacity 45 Packets buffering capacity at each node
Data Packet size 128 bytes
Simulation time 27 min
Tx energy 15.2 mW
Rx energy 11.8 mW
Power Intensity 18 dBm to 13 dBm.
(a)
(b)
Figure 4. Cont.
Sensors 2015, 15 29343
(c)
(d)
(e)
Figure 4. (a) Reliable detection rate of selective forwarding attack; (b) Energy
consumptions; (c) Probability detection of selective forwarding attack; (d) Packet delivery
ratio; (e) Accuracy rate.
Sensors 2015, 15 29344
7. Conclusions
Security, reliability, energy efficiency, and scalability are challenging design issues for wireless
sensor networks. We present in this work a new approach, called Selective Forwarding Detection (SFD), to
detect one type of severe attack, selective forwarding attacks. This type of attack severaly affects the
communication network of nodes by breaking the communication links. It is a multi-layer detection
approach. The multi-layer detection framework consists of three layers, each of which is supported by a
different algorithm. In the first layer, we used an algorithm based on a pool of MAC IDs that
authenticates the incoming traffic to determine whether a node is legitimate or malicious. In the second
layer, we used a rule-based processing algorithm, which checks the traffic by comparing it to a list of
rules. In the third layer, we used an anomaly detection algorithm to identify unknown attacks, which
appear as false negatives, send an alert, and reject the traffic. In addition, the framework was validated
using NS2. Based on the simulation results, we demonstrated that this approach’s detection rate and
energy consumption are better than other approaches, therefore, the FD approach is a reliable, energy
efficient, and scalable technique to prevent forwarding attacks.
Author Contributions
This work is done as a part of Naser Alajmi Ph.D. dissertation under the supervision of Khaled Elleithy.
Both authors equally contributed to this work.
Conflicts of Interest
The authors declare no conflict of interest.
References
1. Akyildiz, I.; Su, W.; Sankarasubramaniam, Y.; Cayirci, E. Wireless sensor networks. Comput. Netw.
2002, 38, 393–422.
2. Mamun, Q. A Qualitative Comparison of Different Logical Topologies for Wireless Sensor
Networks. Sensors 2012, 12, 14887–14913.
3. Pathan, A.-S.K.; Lee, H.-W.; Hong, C.S. Security in Wireless Sensor Networks: Issues and
Challenges. In Proceedings of the 8th International Conference Advanced Communication
Technology, Dublin, Ireland, 20–22 February 2006; Volume 2, pp. 1043–1048.
4. Perrig, A.; Stankovic, J.; Wagner, D. Security in Wireless Sensor Networks. Commun. ACM 2004,
47, 53–57.
5. Kaplantzis, S.; Shilton, A.; Mani, N.; Sekercioglu, Y.A. Detecting Selective Forwarding Attacks in
Wireless Sensor Networks using Support Vector Machines. In Proceedings of the 3rd International
Conference on Intelligent Sensors, Sensor Networks and Information, Melbourne, Australia,
3–6 December 2007; pp. 335–340.
6. Karlof, C.; Wagner, D. Secure routing in wireless sensor networks: Attacks and countermeasures.
Ad Hoc Netw. 2003, 1, 293–315.
Sensors 2015, 15 29345
7. Martins, D.; Guyennet, H. Wireless Sensor Network Attacks and Security Mechanisms: A Short
Survey. In Proceedings of the 13th International Conference on Network-Based Information
Systems (NBiS), Gifu, Japan, 14–16 September 2010; Volume 1, pp. 313–320.
8. Wang, S.-S.; Chen, Z.-P. LCM: A link-aware clustering mechanism for energy-efficient routing in
wireless sensor networks. IEEE Sens. J. 2013, 13, 728–736.
9. Yu, B.; Xiao, B. Detecting Selective Forwarding Attacks in Wireless Sensor Networks. In
Proceedings of the 20th International Parallel and Distributed Processing Symposiun, Rhodes
Island, Greece, 25–29 April 2006; pp.1–8.
10. Xiao, B.; Yu, B.; Gao, C. CHEMAS: Identify Suspect Nodes in Selective Forwarding Attacks.
J. Parallel Distrib. Comput. 2007, 67, 1218–1230.
11. Hai, T.H.; Huh, E.-N. Detecting Selective Forwarding Attacks in Wireless Sensor Networks Using
Two-Hops Neighbor Knowledge. In Proceedings of the Seventh IEEE International Symposium on
Network Computing and Applications, Cambridge, MA, USA, 10–12 July 2008; pp. 325–331.
12. Deng, H.; Sun, X.; Wang, B.; Cao, Y. Selective Forwarding Attack Detection using Watermark in
Wireless Sensor Networks. In Proceedings of the International Colloquium on Computing,
Communications Control, and Management, Sanya, China, 8–9 August 2009; pp. 109–113.
13. Tumrongwittayapak, C.; Varakulsiripunth, R. Detecting Sinkhole Attack and Selective Forwarding
Attack in Wireless Sensor Networks. In Proceedings of the 7th International Conference on
Information, Communications and Signal Processing, Macau, China, 8–10 December 2009; pp. 1–5.
14. Geetha, V.; Chandrasekaran, K. Enhanced Beta Trust Model for Identifying Insider Attacks in
Wireless Sensor Networks. Int. J. Comput. Sci. Netw. Secur. 2013, 13, 14–19.
15. Sridevi, K.J. Message Authentication in Sensor Networks Using En-Route Filtering. Int. J. Adv.
Netw. Appl. 2015, 6, 127–131.
16. Duan, J.Q.; Yang, D.; Zhu, H.Q.; Zhang, S.D.; Zhao, J. TSRF: A Trust-Aware Secure
Routing Framework in Wireless Sensor Networks. Int. J. Distrib. Sens. Netw. 2014, 2014,
doi:10.1155/2014/209436.
17. Cui, B.; Yang, S.J. NRE: Suppress Selective Forwarding Attacks in Wireless Sensor Networks. In
Proceedings of the IEEE Conference on Communications and Network Security, San Francisco,
CA, USA, 29–31 October 2014; pp. 229–237.
© 2015 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article
distributed under the terms and conditions of the Creative Commons Attribution license
(http://creativecommons.org/licenses/by/4.0/).
... The data/ACK-based detection schemes [13][14][15][16][17][18][19][20][21][22] utilize the abnormal change in the inbuilt information of data packet or ACK packets to detect packet dropping; they regard the abnormal change is made by malicious nodes. But, in fact, the abnormal information may come from the harsh environment even without channel contending collision. ...
... The data/ACK-based detection schemes [13][14][15][16][17][18][19][20][21][22] utilize the abnormal change in the inbuilt information of data packet or ACK packets to detect packet dropping. [13] exploits the auto-correlation function of the packet-loss bitmap to identify the selective forwarding attacks. ...
... The multi-data and multi-ACK scheme can ensure the success rate of packet transmission, and detect selective forwarding attacks effectively. [19] proposed a multi-layer detection framework composed of three layers. The first layer determines whether a node is legitimate or malicious; the second layer checks the traffic by comparing it to a list of rules; the third layer identifies unknown attacks. ...
Article
Full-text available
In the event-driven wireless sensor networks (EWSNs), the event of interests occurs irregularly and at random in the network. Then, sensor nodes near the event sense the event and send out data packets of the event. Next, router nodes (RNs) forward those packets to the sink node (SN) by multi-hop communications. Compromised RNs would become malicious and launch selective forwarding attacks by dropping part of or all the packets from other nodes. On the other hand, a harsh environment makes the channel poor, so the routing nodes under a harsh environment have low packet forwarding rates because they sometimes have to give up forwarding the current packets after many tries to forward them due to poor channel. If the malicious nodes’ forwarding rates become close to those of nodes under a harsh environment, the schemes based on packet forwarding rates for detecting selective forwarding attack may fail because they cannot differentiate the low data packet forwarding rates resulting from the malicious behaviors or harsh environment. To solve this problem, we provide a combined scheme for detecting selective forwarding attack in wireless sensor networks (WSNs) under harsh environments. This scheme employs a data clustering algorithm (DCA) to screen the malicious nodes out by clustering their cumulative forwarding rates (CFRs) and designs a voting decision method to protect the nodes under a harsh environment from being judged as malicious nodes. The simulation results show that our scheme has a low false detection rate (FDR) of 1% and a low missed detection rate (MDR) of 5% respectively with negligible energy consumption in WSNs under a local variable harsh environment.
... However, this work does not examine how the approach would be deployed and attack signatures stored on low capacity IoT devices. The authors in [141] detect selective forwarding attacks by using a three layered hybrid IDS. In the first layer, a pool of MAC IDs is created by identifying malicious activity using certain message fields and assigning zero to such fields. ...
... Cooja emulates real IoT traffic with additional features like PowerTrace [162], which helps to analyze the power consumption of a sensor node. With native support for 6LoWPAN over IEEE 802.15.4 networks, NS-2 simulator [157] is used to evaluate the IDS by authors in [134], [139], [141]. However, NS2 lacks support for the application layers protocols of IoT, which currently limits its applicability to validate proposals dealing with protocols such as CoAP, RPL or 6LoWPAN. ...
... In this section we consider IDS proposals with respect to attacks and their categories, as expressed in the taxonomy previously discussed and illustrated in Figure 2. From our thorough survey of the literature, we find that the most common attacks in IoT are those against routing operations. In fact, out of the 68 works analysed in this survey, 23 [46], [48], [82], [86], [87], [98], [101], [103], [108], [115], [128], [131], [132], [134]- [136], [141]- [144], [151], [164] focus its research on routing attacks. ...
Article
Full-text available
The Internet of Things (IoT) exemplifies a large network of sensing and actuating devices that have penetrated into the physical world enabling new applications like smart homes, intelligent transportation, smart healthcare and smart cities. Through IoT, these applications have consolidated in the modern world to generate, share, aggregate and analyze large amount of security-critical and privacy sensitive data. As this consolidation gets stronger, the need for security in IoT increases. With first line of defense strategies like cryptography being unsuited due to the resource constrained nature, second line of defense mechanisms are crucial to ensure security in IoT networks. This paper presents a comprehensive study of existing second line of defense mechanisms for standardized protocols in IoT networks. The paper analyzes existing mechanisms in three aspects: Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Intrusion Response Systems (IRS). We begin by providing an overview of standardized protocol stack, its layers and defensive security systems in IoT. From there, we build our narrative by presenting an extended taxonomy of IDS, IPS and IRS classifying them on their techniques, deployment, attacks, datasets, evaluation metrics and data pre-processing methods. We then thoroughly review, compare and analyze the research proposals in this context, considering the unique characteristics involved in these systems. Based on the extensive analysis of the existing defensive security systems, the paper also identifies open research challenges and directions for effective design of such systems for IoT networks, which could guide future research in the area.
... Moreover, when the network suffers Sybil attacks [27,59], malicious nodes refuse to respond when they have matches. Furthermore, when the network has selected forwarding attacks [1,63], selfish nodes do not forward any metadata or request messages. The fact that there is no work applicable to a scenario that contains all four of the cases mentioned above, and thus, this is why I have developed a dynamic adaptive message forwarding algorithm in this paper. ...
... According to [63], malicious nodes might refuse to forward certain messages, or drop the messages passing through them, resulting in a failure to propagate the messages any further. As noted in [1], selective forwarding attacks are even harder to detect in WSN, since sensor nodes all have limited signals. ...
... [30] uses Lightweight Detection to generate the alert packet and detects selective forwarding attacks. Alajmi and Elleithy [1] demonstrate that their system obtains safe data transmission between nodes and effectively detect the selective forwarding attacks, and achieves reasonable design issues. Similarly, Yu and Xiao [62,65] present a Lightweight Security Scheme (LWSS) to detect selective forwarding attacks in WSN, which uses multi-hop acknowledgement techniques to launch alarms by obtaining responses from intermediate nodes. ...
Article
Full-text available
With recent advances in networking technology, emerging networks continue to play an increasing role in the lives of most users. The Internet search and retrieval system is so powerful that it helps us to share information and perspectives from across the world. However, the threat of censorship exists on some centralized search engines, since all of their information is currently controlled by these sites administrators. The restriction and control of information are pervasive enough within governments and organizations to censor or intrude on even the most free and uncontrolled communication media. For this reason, the Peer-to-Peer (P2P) search and retrieval system is designed to resist censorship over the network. Nevertheless, its decentralized nature makes it very difficult to infer information that cannot be measured directly, such as the proportion of subverted and selfish nodes. Moreover, the situation is even more challenging when the network becomes extremely large. Hence, I propose a dynamic adaptive algorithm that can: 1) tackle the censorship and security issues; 2) determine the proportion of subverted and selfish nodes; 3) defend against malicious and selective forwarding attacks by appropriately adjusting the number of requests to ensure high match probability; 4) guarantee robustness and scalability even with different random networks and varied network sizes. In several experiments, I demonstrate that my algorithm can effectively and accurately estimate these metrics and manage the system, even when the network has a large proportion of malicious nodes, a large proportion of selfish nodes, or a mere partial view of network membership.
... This detection mechanism works better than maximum likelihood detection. Alajmi and Elleithy (2015) proposed a multi-layer detection framework, which can reliably and energy-effectively prevent forwarding attacks. Xiao et al. (2007) proposed a multi-hop ACK scheme based on the checkpoint, which can randomly select monitoring nodes to detect packet loss. ...
... Principle MDR FDR Time complexity multi-layer detection (Alajmi and Elleithy, 2015) ACK-based 2% 4% O(n) adaptive& channel-aware (Ren et al., 2016) Reputation-based 4% 4% O(n) SVM (Huang and Wu, 2022) AI-based 1.30% 4.30% O(n) Clustering with game (Li and Wu, 2020) Clustering to be 0 ∼ 2 , and the number of neurons in the full connection feedback layer to be . The calculated algorithm has been run for ( 0 1 + 1 2 + 2 + ) times, and it can be obtained ( ( 0 1 + 1 2 + 2 + 1)) by simplifying it. ...
Article
Malicious nodes launching selective forwarding attacks jeopardize network reliability in event-driven wireless sensor networks. Swift detection and exclusion of these nodes are vital, especially in harsh environments where normal nodes also suffer from decreased forwarding rates due to poor channel conditions. To solve this problem, this paper proposes a deep belief network (DBN) and Density-Based Spatial Clustering of Applications with Noise (DBSCAN) based detection scheme against selective forwarding attacks under harsh environments. The DBN algorithm extracts and analyzes behavior features of nodes, while the DBSCAN clustering algorithm effectively distinguishes between malicious and normal nodes during selective forwarding attacks. Simulation results demonstrate the scheme's effectiveness with a missed detection rate (MDR) of approximately 2% and a false detection rate (FDR) below 5% in harsh environments, providing a robust solution for ensuring the integrity and efficiency of data transmission in event-driven wireless sensor networks.
... In the detection phase, we tackled a challenging problem of converting multiple inputs into a single output, known as the sliding window approach. The crux of the sliding window technique is to utilize recent data to achieve better [10] 0.92% 0.95% ML-based ( ⋅ ) DBSCAN [26] 0.67% 4.54% ML-based immobile ( ⋅ ) DCA-SF [12] 0.12% 0.09% ML-based ( 2 ) Danger model [18] 1.39% 4.31% ML-based immobile ( ) Multilayer approach [4] 4% 2% ACK-based Adaptive & channel-aware [32] 4% 4% Reputation-based inference performance. To assess the impact of the sliding window size on the convergence of LSTM prediction, we varied the size of the window and analyzed the model's performance in terms of RMSE convergence. ...
... However, the simulation settings of them may vary. The DPC-based scheme [10], the DCA-SF scheme [12], the multi-layer approach [4] and the channel-aware scheme [32] didn't consider harsh environments within networks during the detection process. Although the DBSCAN-based scheme [26] and the danger model scheme [18] have employed a harsh environment to evaluate their detection ability, both of them didn't take the time-variant environments into account. ...
Article
Full-text available
Wireless Sensor Networks (WSNs) are susceptible to selective forwarding attacks, which can lead to reduced network efficiency and compromise the integrity of transmitted data. The indistinguishability between malicious behavior and normal packet loss in harsh environments exacerbates the challenge. To address this, in this paper, we provide a combined detection scheme called LSTM-NV, consisting of a training stage and a detecting stage. During the training stage, we integrate variational mode decomposition (VMD) with a long short term memory (LSTM) model to learn normal nodes' forwarding behavior and then predict errors for each node. During the detecting stage, dynamic thresholds are determined to identify local anomaly points and a novel neighbor voting method is employed to differentiate between malicious and normal nodes. Our scheme demonstrates superior performance with a low average missed detection rate (MDR) of 0.6% and a low average false detection rate (FDR) of 3.3% compared to other effective methods, while also offering lower detection algorithmic complexity.
... Regarding WSN, Alajmi [110] proposed an anomaly detection approach to detect selective forwarding attacks in WSN. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks in an attempt to provide a reliable, energy efficient, and scalable approach. ...
Chapter
In recent years, Wireless Sensor Networks (WSNs) are being a torrid research topic due to its fastest communication path via the networks. At the same time, it faces several security attacks. In particular, the selective forwarding attack is an attack where the attacker or the malicious node can selectively drop packets or selectively forward the packets, which will leave the entire network at risk. Typically, this selective forwarding attack occurs at the network layer and also becomes difficult to discover and avoid this occurrence. This will inevitably influence the working routine of the network. Hence, the following retrospection helps to acquire an interpretation of the various strategies for detecting and preventing the selective forwarding attacks.
Article
People are constantly using mobile technologies to exchange perspectives across the world. The search services they use, however, belong to centralized systems that may be easily censored. The Peer-to-Peer retrieval system was created to impede censorship of online information, but the decentralized nature of P2P makes it difficult to infer information that cannot be measured directly, such as the proportion of subversion, selfish nodes, network size, or churn rate. Recent advances have pushed providers toward large-scale wireless networks where data retrieval is difficult. Thus, we propose a defense mechanism that can: (1) tackle censorship issues; (2) employ probability density function, exponential weighted moving average and modified Chi-squared tests to estimate the proportion of malicious and selfish nodes; (3) defend against malicious and selective-forwarding attacks by adjusting the number of forwarding levels and requests to ensure high-match probability; (4) maintain high-retrieval rates even in large and highly mobile networks; and (5) guarantee robustness compared to other search systems. A series of experiments demonstrated our algorithm's high-retrieval rate, reasonable costs, mobility resilience, and robustness, demonstrating that the algorithm can work well when the network size is large and/or has a large proportion of selfish nodes, malicious nodes and mobile nodes.
Article
Full-text available
In recent years, trust-aware routing protocol plays a vital role in security of wireless sensor networks (WSNs), which is one of the most popular network technologies for smart city. However, several key issues in conventional trust-aware routing protocols still remain to be solved, such as the compatibility of trust metric with QoS metrics and the control of overhead produced by trust evaluation procedure. This paper proposes a trust-aware secure routing framework (TSRF) with the characteristics of lightweight and high ability to resist various attacks. To meet the security requirements of routing protocols in WSNs, we first analyze features of common attacks on trust-aware routing schemes. Then, specific trust computation and trust derivation schemes are proposed based on analysis results. Finally, our design uses the combination of trust metric and QoS metrics as routing metrics to present an optimized routing algorithm. We show with the help of simulations that TSRF can achieve both intended security and high efficiency suitable for WSN-based networks.
Article
Full-text available
Wireless Sensor Networks (WSNs) are formed by a large collection of power-conscious wireless-capable sensors without the support of pre-existing infrastructure, possibly by unplanned deployment. With a sheer number of sensor nodes, their unattended deployment and hostile environment very often preclude reliance on physical configuration or physical topology. It is, therefore, often necessary to depend on the logical topology. Logical topologies govern how a sensor node communicates with other nodes in the network. In this way, logical topologies play a vital role for resource-constraint sensor networks. It is thus more intuitive to approach the constraint minimizing problems from (logical) topological point of view. Hence, this paper aims to study the logical topologies of WSNs. In doing so, a set of performance metrics is identified first. We identify various logical topologies from different application protocols of WSNs, and then compare the topologies using the set of performance metrics.
Conference Paper
Full-text available
Wireless sensor networks are specific adhoc networks. They are characterized by their limited computing power and energy constraints. This paper proposes a study of security in this kind of network. We show what are the specificities and vulnerabilities of wireless sensor networks. We present a list of attacks, which can be found in these particular networks, and how they use their vulnerabilities. Finally we discuss about different solutions made by the scientific community to secure wireless sensor networks.
Article
Full-text available
This paper describes the concept of sensor networks which has been made viable by the convergence of micro-electro-mechanical systems technology, wireless communications and digital electronics. First, the sensing tasks and the potential sensor networks applications are explored, and a review of factors influencing the design of sensor networks is provided. Then, the communication architecture for sensor networks is outlined, and the algorithms and protocols developed for each layer in the literature are explored. Open research issues for the realization of sensor networks are also discussed.
Conference Paper
Selective Forwarding (SF) attacks impact the data transmission integrity by not forwarding a subset of received packets from time to time. The 'selective' characteristic makes SF attacks hard to be distinguished from the normal packet drops or poor receptions in a volatile wireless environment. To understand this stealthy attack, an analytical model is developed to estimate the wellness of a node's forwarding behavior. Further analysis examines the cases where multiple nodes launch SF attacks in a Wireless Sensor Network (WSN), where we borrow the idea of the PageRank algorithm to estimate the most susceptible nodes to SF attacks in a network. Based on the analyses, we develop a novel reactive routing scheme that bypass suspicious nodes by estimating parent node's reliability and link quality in an integrated manner. The proposed scheme is compared to traditional approaches that also use the Node Reliability Estimator (NRE). The simulation results show that the bypass scheme provides resilience to SF attacks by achieving over 95% data delivery ratio (DDR) consistently and signif cantly outperforms the baseline Collection Tree Protocol and other algorithms without incurring additional overhead across a comprehensive set of test scenarios.
Conference Paper
Security in Wireless Sensor Networks (WSNs) is especially challenging and quite different from traditional network security mechanisms. There are two major reasons. Firstly, there are severe constraints on these devices namely their minimal energy, computational and communicational capabilities. Secondly, there is an additional risk of physical attacks such as node capture and tampering. Moreover, cryptography based techniques alone are insufficient to secure WSNs [1]. Hence, intrusion detection techniques must be designed to detect the attacks. Further, these techniques should be lightweight because of resource-constrained nature of WSNs [2]. In this paper, we present a new approach of robust and lightweight solution for detecting the Sinkhole attack and the Selective Forwarding attack based on Received Signal Strength Indicator (RSSI) readings of messages. The proposed solution needs collaboration of some Extra Monitor (EM) node apart from the ordinary nodes. We use RSSI value from four EM nodes to determine the position of all sensor nodes which the Base Station (BS) is origin position (0,0). Later, we use this information as weight from the BS. Another functions of EM nodes are eavesdropper and monitor all traffics, in order to detect the Selective Forwarding attack in the network. Our solution is lightweight in the sense that monitor nodes were not loaded any ordinary nodes or BS and not cause a communication overhead.
Article
In wireless sensor networks, nodes in the area of interest must report sensing readings to the sink, and this report always satisfies the report frequency required by the sink. This paper proposes a link-aware clustering mechanism, called LCM, to determine an energy-efficient and reliable routing path. The LCM primarily considers node status and link condition, and uses a novel clustering metric called the predicted transmission count (PTX), to evaluate the qualification of nodes for clusterheads and gateways to construct clusters. Each clusterhead or gateway candidate depends on the PTX to derive its priority, and the candidate with the highest priority becomes the clusterhead or gateway. Simulation results validate that the proposed LCM significantly outperforms the clustering mechanisms using random selection and by considering only link quality and residual energy in the packet delivery ratio, energy consumption, and delivery latency.
Conference Paper
With the widely use of wireless sensor network (WSN), data forwarding security has become more and more important to the whole network. In order to avoid the selective forwarding attack, we proposed a scheme of secure data transmission which can forward the data safely, and detect the selective forwarding attack. In this paper, we judge the trust value of each node to select a secure path for message forwarding and then use the watermark technology to detect the malicious nodes which are suspected to launch selective forwarding attack. Different from the multi-path routing which only defends the selective forwarding attack, our method may find the malicious nodes. Extensive simulation proves that even when the channel error rate is 10%, the detection accuracy of the proposed scheme is over 95%.
Conference Paper
Presently, the wireless sensor networks (WSNs) are widely used in many areas of communication systems and its security system becomes very important. However, the security mechanism for WSNs has to be considered differently from traditional network. Firstly, there are severe constraints on WSNs devices such as minimal energy, computational and communicational capabilities. Secondly, there is an additional risk of physical attacks such as node capture and tampering. Moreover, cryptography based techniques alone are insufficient to secure WSNs. Hence, intrusion detection techniques must be designed and developed to detect the any kind of undesirable attacks. Further, these techniques should be lightweight because of resource-constrained nature of WSNs. Therefore, we present a new approach of robust and lightweight solution for detecting the sinkhole attack based on received signal strength indicator (RSSI) readings of messages. The proposed solution needs collaboration of some extra monitor (EM) nodes apart from the ordinary nodes. We use values of RSSI from four EM nodes to determine the position of all sensor nodes where the base station (BS) is located at origin position (0,0). We use this information as weight from the BS in order to detect sinkhole attack. The simulation results show that the proposed mechanism is lightweight due to the monitor nodes were not loaded with any ordinary nodes or BS. Moreover, the proposed mechanism does not cause the communication overhead.