Detection and Prevention of Attacks in Wireless Sensor Networks: A Survey

IDL - International Digital Library for Technology Research Volume I, Issue III, MARCH-2017

Available at: www.dbpublications.org

Detection and Prevention of Attacks in Wireless Sensor Networks: A Survey Ms. K. DEEPA SHREE 1, Mrs. RANJANA S. CHAKRASALI 2 Dept. of Computer Science 1 M-Tech, Student – B.N.M Institute of Technology, Bangalore, India 2 Guide, Assistant Professor – B.N.M Institute of Technology, Bangalore, India

SURVEY PAPER ABSTRACT- Wireless sensor networks will use a communication channel which is insecure and have a poor infrastructure. Wireless sensor networks consists of spatially distributed autonomous devices and using sensors they monitor the physical as well as the environmental conditions, such as pressure, temperature, sound at different locations. As the nodes in the sensor network are deployed in the hostile locations they are vulnerable to the attacks such as Hello flood attack, Jamming, Wormhole, Sybil, Sinkhole attack. These types of potential threats to network are continuously evolving and requires measures to detect and prevent. In this paper, we discuss about Sybil and Wormhole attacks with schemes to detect and prevent these attacks. Keywords: Wireless Sensor Network, security, attacks, Sybil and wormhole attacks, cross layer approach. 1. INTRODUCTION: As the technology is getting advanced there is increase in the use of Wireless Sensor Network. The sensor nodes will be deployed in an open and unprotected region. So, the sensor networks will be vulnerable to the attacks such as Wormhole, Sybil and Sinkhole attack. Usually in many-to- one communication the opponent node will attract the surrounding neighbor nodes with fake identities and false routing information. The existing system will be focusing on single layer attacks, they will target only on one specific layer and will detect the attack, without considering other layers. The most

vulnerable attacks in the network layer are Sinkhole attack, Wormhole attack and Sybil attack, Hello Flood attack. In sinkhole attack, the attacker will introduce itself that it is the shortest path to the destination. So, that all the nodes will forward the packet towards the attacker node. While, forwarding the attacker node will drop the packet. In Sybil attack, the WSN is subverted by the malicious node which will forge large number of fake identities and fake information. In Wormhole attack, the attacker node will record the packet at one location in the network, and then tunnels the packets to another location in the network and will perform modification in the network from that point. The attacks will be detected and prevented using cross layer features and Mobile agent. It is usually done in two phases. In first phase, the attacks are detected by correlating the cross layer features such as MAC and Network layer. During second phase, if the attacks are detected, mobile agents are used to prevent the attack. Mobile agents are used for forwarding the data, to solve the security problem by using three step negotiation. Through this approach, the energy efficiency is improved, false positive rate is reduced. 2 SURVEYS 2.1 Wormhole attack Detection for Dynamic Wireless Sensor Networks “Due to the emergence of WSN in all the fields, security is an issue. They can connect to any network as they are having wireless and distributed nature. The tiny sensor nodes are deployed densely. Wormhole attack is an security issue in this approach. Without knowing the protocol which is used in the network it can damage the network. Detecting them is an big

1|P a g e

IDL - International Digital Library for Technology Research Volume I, Issue III, MARCH-2017

issue, as they are invisible to sensor nodes because they use a private channel. Usually in the existing system they are considered to be static in nature, but in this approach the attack is detected for dynamic nature one’s. So that the accuracy for detection will be good. The data will be broadcasted to the neighbor nodes and to the base station. Usually in the Wormhole attack, the two malicious nodes will be connected with tunnel. The one malicious node will be recording the packets at one area, and forwards that to another malicious node, the another malicious node will be replaying the packets at another location. The remotely located node will think that the neighbor node itself is the sender node, and this becomes the tunnel. Now the malicious node will make the changes in the data. Now the packets will be transmitted faster as it uses tunnel, as the tunnels will gives a faster transmission path. The route which is created by the malicious node will be shorter than the actual path, this makes a confusion in routing protocols to take a decision. A method has been proposed for detecting Wormhole attack in two phases which is dynamic in nature. The two phases are as follows, the rate of change of neighbors is measured for each and every node in first phase, if it is between upper and lower threshold then it will go to second phase. The alternate path concept is considered, if the threshold value is lower than the alternate path then the attack is detected.” 2.2 Sinkhole Attack Detection in Wireless Sensor Networks “The multiple nodes will be sending their sensed data to the base station. Usually in many to one communication there is high risk of attacks which will be occurring, where the nodes which are in the surrounding will be attracted by the intruder with routing information which is unfaithful. While forwarding the data can be modified. The Sinkhole attack is an common threat which will be occurring in WSN. As the sensor nodes will be deployed in an open and unsafe region. An algorithm has been presented for detecting the intruder in the Sinkhole attack. In the algorithm suspected nodes found are listed out by checking the data consistency and the network flow information is analysed to identify the intruder in the list. The algorithm presented will be robust enough as they deal with malicious node that hide the real intruder. The performance will be measured by

Available at: www.dbpublications.org

numerical analysis and simulation to show that the algorithm is effective and accurate. The computation and communication overhead will be low. WSN’s have a sensor node which will be geographically distributed, the surroundings are monitored and the data will be forwarded to the base station after sensing through multi hop routing. The monitoring of environment and geographical sensing is an common application of WSN. The surrounding nodes are attracted by the intruder which gives a routing information which is unfaithful, they modify the data by selective forwarding. The attack will prevent the base station in getting the sensing data which is corrected and which is complete leading to a threat. Since the sensors have a battery power which is low and due to the weak computation, and due to the deployment of nodes in an unsafe region, the wireless links are vulnerable to attacks. Several secure mechanisms are proposed with cryptographic technique for protecting network traffic, for high computation overhead. Among the nodes time synchronization is required. An light weight algorithm has been proposed for detecting the sinkhole attack and for identifying the intruder. To defend against the attack cryptographic technique is used, the network flow information has to be observed to identify the intruder as well as the malicious node which is isolated later to protect the network. The algorithms has two parts, the network flow information is collected from the attacked area, analysing the pattern of routing and locating the intruder. Multiple suspicious nodes and the intruders are found by using voting method. Through simulation the performance is measured.” 2.3 Sybil Attack Detection and Prevention “MANET’s does not have a fixed infrastructure. The mobile nodes which are independent communicate with radio waves. As they are fully distributed so they work at any place without having an fixed infrastructure. The attacker can fetch the information easily as the communication medium is air by sniffing the software tool. The network is distracted by an attack called Sybil attack. Multiple fake identities are created by single node. A technique is implemented for detecting and preventing the Sybil nodes in the network. Mobile nodes communicate directly through wireless links to relay the messages as routers. The

2|P a g e

IDL - International Digital Library for Technology Research Volume I, Issue III, MARCH-2017

mobility of the node will cause the change in network topology. As MANET’s does not have infrastructure so there is no authority to control or maintain the network which causes the attacks. Usually these networks are used in battlefields emergency, rescue missions. The nodes will communicate with unique identity which makes an one to one mapping between entity and identity. For two distinct nodes two identities are required. The attack will be having many identities which gives an misjudgment for the nodes in the network. They use identities and create false expression of the nodes in the network. The communication in the network among the nodes will be disturbed. Sybil nodes have to eliminated from the network to have a secure communication.” 2.4 Wormhole Attack Detection using Time Stamp and Security Packet “MANET’s does not have an infrastructure and they organise themselves in the network. The environment in which the data transmission takes place cannot be trusted. The nature of the network will be dynamic for the communication of mobile users. The malicious activity takes place when the expected function is not taking place and the routing in MANET will be disturbed. Due to the dynamic nature of MANET attacks takes place very easily, which degrades the performance of the network. The node which is an attacker will be recording the data at one point in the network and they tunnel the data to another point by retransmitting them throughout the network. If the Wormhole attacker node is present in the network then that will degrade the performance of networks. A routing protocol has been proposed called detection protocol for Wormhole attack, where the security packets are used with time stamp. A field is additionally added called time stamp for finding out the wormhole in the path established by source and destination. Now using the security packet the position of the malicious node is found. The results are obtained for the parameters such as end to end delay, throughput, and packet delivery ratio and compared with each other. There is no centralized administration and fixed infrastructure for the wireless mobile hosts. The communication will be using multi hop paths. The nodes can act as router as well as host. The nodes will perform routing by forwarding data to other nodes based the connectivity of the network. Even though

Available at: www.dbpublications.org

the environment is trusted but there are problems such as communication and routing in military networks, response operations such as earthquake, flood during emergency. As the communication channel is wireless and open in nature, infrastructure less, deployment is fast, so they are easily vulnerable to security problems. The routers will be moving randomly and freely and they organize themselves, so the topology of the network can be unpredictably changed. While designing the routing protocols there are several challenges which will occur they are mobility, multi hop, bandwidth, heterogeneity, battery power.” 2.5 Wormhole attack Detection & Prevention “The next generation WSN’s are the MANET’s. They does not have an infrastructure and they have a topology will be changing dynamically. As the nodes are mobile and they are dynamic in nature the attacks can occur very easily. The nodes which are in close proximity will be grouped together so that the network clustering takes place and the network performance will be improved. The main aim of this approach is to enhance the network performance and improve the nodes durability, extending the life of the network. The AODV routing protocol is used for analyzing the Wormhole attack, to provide security to the network a preventive mechanism is presented. They use multi hop radio relaying and they can work with any infrastructure. Mobile nodes will be having multi hop wireless links. To communicate among the nodes they have to coordinate by distributing the resources and managing them, maintenance of the path, routing. Mobile nodes are collected autonomously in MANET’s. As they do not have an infrastructure and they use the broadcast medium for transmitting the data, so they are easily vulnerable to problems such as security and routing. To have a secure communication among the nodes security is needed. Integrity, availability, confidentiality is an important aspect for authentication. The problems occurring in the network would be, usage of the resources and energy in deploying the network, dynamically changing network topology, lack of information dissemination control, and decentralized control. Using clustering that is getting all the nodes together can improve the performance of the network. The load should be balanced in the network, and robust free environment should be provided. The packets will not be allowed

3|P a g e

IDL - International Digital Library for Technology Research Volume I, Issue III, MARCH-2017

by the attacker to reach the destination, instead they produce their own packets and send them and consume the bandwidth. The nodes in the MANET will be acting as routers.”

3. CONCLUSION– In this survey, we have discussed about the attacks such as Sybil attack, Wormhole attack, Sinkhole attack occurring in the unprotected region during node deployment. Different approaches in detecting and preventing the attacks are also discussed. On preventing the attacks, security problem is solved, efficiency is improved, false positive rate is reduced, communication cost is reduced, network load is also reduced. Results are obtained by comparing the proposed approach with existing System based on the parameters such as throughput, delay, efficiency, overhead and packet delivery ratio.

Available at: www.dbpublications.org

Address”, International Journal of Computer Applications, Volume 122, Page No. 0975 – 8887, July, 2015. [7] Edith C.H.Ngai, Jiangchuan Liu, Michael R.Lyu, Elsevier J, “An efficient intruder detection algorithm against sinkhole attacks in wireless sensor networks”, Computer communications, Volume 30, Page No. 2353–2364, 6 May, 2015. [8] M.Vidhya, V.Srinivasan, R.Sudha, “Multi-layer intrusion detection and prevention in WSN’s using selfhealing module”, IJSETR, Page No. 424-429, Volume 4, Issue 3, March, 2015. [9] Manish M Patel, Akshai Aggarwal, “Two Phase Wormhole Detection Approach for Dynamic Wireless Sensor Networks”, IEEE Transactions, Page No. 21092112, March, 2016.

REFERENCES [1] K.Abirami, B.Santhi, Sybil Attack in Wireless Sensor Network, IJET, Issue 2, Page No. 31-38, May, 2013. [2] Jyoti Thalor, Ms. Monika, “Wormhole Attack Detection and prevention Technique in MANET”, IJREC, Volume 3, Page No. 620-623, Issue 2, February, 2013. [3] Dimple Saharan, “Detection & Prevention of Wormhole Attack on AODV Protocol in Mobile Adhoc Networks”, International Journal Of Engineering And Computer Science, Volume 3, Issue 9, Page No.79797985, September, 2014. [4] Chandraprabha Rawat, “Wormhole Attack Detection Protocol using Time Stamp with Security Packet”, international Journal of Computer Science and Information Technologies, Volume 5, Page No. 621626, March, 2014. [5] Hussein Moosavi, Francis Minhthang Bui, “A Game-Theoretic Framework for Robust Optimal Intrusion Detection in Wireless Sensor Networks”, IEEE Transactions on Information Forensics and Security, Volume No. 9, Page No. 1367-1379, 2014. [6] Pareek, Anamika, Mayank Sharma, “Detection and Prevention of Sybil Attack in MANET using MAC 4|P a g e