Sinkhole Attack Research Articles

Efficient and Secure Data Transmission and Sinkhole Detection in a Multi-Clustering Wireless Sensor Network Based on Homomorphic Encryption and Watermarking

In a wireless sensor network, the sensors periodically transmit sensed data from a specific environment to a centralized station by wireless communication. Deployment in an open environment leads to the potential of security attacks. A sinkhole attack is a destructive attack aimed at the network layer, where the sinkhole node attracts other nodes by advertising itself as the best path to the base station. Subsequently receiving other sensor node packets and compromising network security. Hence, this work proposes a lightweight, secure method based on the Threshold Sensitive Energy Efficient Sensor Network protocol and watermarking techniques to ensure data integrity during transmission. The homomorphic encryption used in this scheme is to provide fast and efficient and consumes less energy while identifying sensor nodes for the purpose of sinkhole detection and prevention. The proposed work has been evaluated using OMNET++ simulation environment to measure the proposed work performance in the following metrics: delay, packet delivery ratio, throughput, and average energy consumption. Compared with previous works, the proposed work shows better results in these metrics. In addition, the proposed scheme consumes less energy compared with similar works due to the use of lightweight watermarking and authentication techniques. The results show that the proposed scheme enhances security by detecting the sinkhole attacker node before the attack is even activated. In addition, the proposed method ensures the integrity and authenticity of the sensed data while transmitting them from the sensor node until receiving it in the base station, and it can detect any tampering of the data.

A key management scheme realising location privacy protection for heterogeneous wireless sensor networks

Key management is the core of wireless sensor network (WSN) security management technology. At present, the protection of the source location information of nodes has also received great attention. In this paper, we combine identity-based encryption (IBE) algorithm with elliptic curve cryptography (ECC) based digital signature authentication to achieve more secure authentication. Then we use the double encryption method to realise the location privacy protection. Finally, we adopt a new routing update scheme to prevent attackers from initiating sinkhole attacks. In addition, we add timestamps to messages transmitted between nodes to defend against resend attacks. The scheme we proposed occupies a small amount of key storage space, consumes relatively more energy to protect the location information of nodes in the heterogeneous sensor network (HSN), and prevents attackers from initiating sinkhole attacks and resend attacks, thereby enhancing network security.

Аналіз проблем безпеки IoT пристроїв

The paper considers the problems securing of protection of access to IoT-devices and their networks. A study by Microsoft experts, who found that the biggest problems in IoT networks are related to network-level security, was analyzed. The presence of a large number of insufficiently protected devices facilitates DDoS-attacks, in which home devices can be used to attack corporate systems. The main reason for the failure of IoT component manufacturers to implement security features is the high computational costs that reduce the service life of device batteries. HPE (Hewlett Packard Enterprise) experts recommend paying attention to both device owner issues and developer issues, and provide some tips on setting up IoT devices. HPE experts have identified about 25 different vulnerabilities in each of the studied devices (TVs, door locks, household scales, home security systems, electrical outlets, etc.) and their mobile and cloud components, compiled a list of major vulnerabilities and made a disappointing conclusion: a safe ecosystem IoT does not exist today. The statistics of attacks on IoT devices recorded during the last 2 years with the help of honeypots, collected by Kaspersky Lab specialists, are considered. It turned out that the number of attacks increases with the number of IP addresses. A list has been compiled of the countries with the highest number of attempted attacks. The largest number of attacks came from China and Brazil. The list of threats provided by Trend Micro is considered. The most common attack technologies, which can cause significant damage, are analyzed. Such technologies include: amplification, change of route information, selective mailing, bottomless funnel Sinkhole Attack, shamanic attack Sybil attack, wormhole attack Wormhole attack, flood attack HELLO flood attack. The list of basic recommendations for security in the IoT system is presented, namely: password protection, use of separate networks, refusal of automatic connection to the network. Keywords: Internet of Things (IoT), industrial devices of the Internet of Things (IIoT), inter-machine interaction (M2M), smart home, smart city, information security (IS), DDoS-attack.

A key management scheme realising location privacy protection for heterogeneous wireless sensor networks

Key management is the core of wireless sensor network (WSN) security management technology. At present, the protection of the source location information of nodes has also received great attention. In this paper, we combine identity-based encryption (IBE) algorithm with elliptic curve cryptography (ECC) based digital signature authentication to achieve more secure authentication. Then we use the double encryption method to realise the location privacy protection. Finally, we adopt a new routing update scheme to prevent attackers from initiating sinkhole attacks. In addition, we add timestamps to messages transmitted between nodes to defend against resend attacks. The scheme we proposed occupies a small amount of key storage space, consumes relatively more energy to protect the location information of nodes in the heterogeneous sensor network (HSN), and prevents attackers from initiating sinkhole attacks and resend attacks, thereby enhancing network security.

Detection and Elimination of Black Hole Attack in WSN

Wireless Sensor Network has become one of the most emerging areas of research in recent days. WSNs have been applied in a variety of application areas such as military, traffic surveillance, environment monitoring and so on. Since WSN is not a secure network and each sensor node can be compromised by the intruder. There are plenty of security threats in sensor networks like Black hole Attack, Wormhole attack, Sinkhole attack. Recently, there are so many algorithms are proposed to detect or to prevent attack by the researchers. Still, the research is continuing to evaluate sensor nodes' trust and reputation. At present to monitor nodes’ behavior direct and indirect trust values are used and most of the detection method uses additional nodes to detect an attack. These method increases the cost and also overhead. This paper proposed a method which detects the Black hole attack without using any additional node to monitor the network. The proposed work uses Attacker Detection metric (AD metric) to detect malicious node based on the average sequence number, time delay and reliability. OLSR protocol is used for routing which improves the network lifetime by minimizing the packet flooding. Besides, to ensure reliable data transmission Elliptical Curve Digital Signature Algorithm is used. Simulation results are obtained and show malicious nodes are eliminated using AD metrics

Intrusion Detection Systems

Intrusion Detection System is competent to detect the intrusions and alerting the administrator of system about the signs of possible intrusions. This paper presents a detailed review of the intrusion detection techniques used in WSNs. More specifically, the existing methods for blackhole and sinkhole attacks detection are reviewed. However, it is noted that most intrusion detection schemes proposed in the literature are either inefficient or have low detection rates/high false positive rates. This survey also highlights the research gap in this domain and provides better scope for the advanced work.

An intrusion detection system for the prevention of an active sinkhole routing attack in Internet of things

Internet of things (IoT) is a complex and massive wireless network, where millions of devices are connected together. These devices gather different types of data from different systems that transform human daily lives by modernizing home appliances, business, medicine, traveling, research, and so on. Security is a critical challenge for a stable IoT network, for instance, routing attacks, especially sinkhole attack is a severe attack which has the capability to direct network data toward the intruder, and it can also disrupt and disconnect the devices from their network. The IoT needs multi-facet security solutions where network communication is protected with integrity, confidentiality, and authentication verification services. Therefore, the IoT network should be secured against intrusions and disruptions; the data exchanged throughout the network should be an encrypted form. In this article, an intrusion detection system for the prevention of an active sinkhole routing attack (PASR) in IoT is presented. The proposed PASR solves the problem of the sinkhole attack; for this purpose, the whole network is divided into the clusters of IoT. All the IoT devices are connected to their respective gateways. The gateway devices are equipped with an intrusion detection system. The intrusion detection system activates intrusion analyzer to detect anomalies in the context of ad hoc on-demand distance vector protocol. The base station is the main device that is responsible to receive data from all devices. Therefore, it detects and prevents sinkhole attacks; the base station keeps the record of all active devices and their possible links. The PASR is implemented and compared with the existing intrusion detection techniques ad hoc on-demand distance vector, and dual attack detection for black and gray hole attack. It was observed from the simulation results that the PASR outperforms in terms of data packet delivery, energy consumption, the detection rate of sinkhole attack, and routing overhead.

Clustering and reliability-driven mitigation of routing attacks in massive IoT systems

As an integral component of the 5G communications, the massive Internet of Things (IoT) are vulnerable to various routing attacks due to their dynamic infrastructure, distinct computing resources, and heterogeneity of mobile objects. The sinkhole and selective forwarding attacks stand out among the most destructive ones for infrastructureless networks. Despite the countermeasures introduced by legacy intrusion detection systems (IDS), the massive IoT seeks novel solutions to address their unique requirements. This paper introduces DeTection of SinkHole And SelecTive ForwArding for Supporting SeCure routing for Internet of THIngs (THATACHI), a new IDS against sinkhole and selective forwarding attacks that target routing mechanism in massive and mobile IoT networks. To cope with the density and mobility challenges in the detection of attackers and ensuring reliability, THATACHI exploits watchdog, reputation and trust strategies. Our performance evaluation under an urban scenario shows that THATACHI can perform with a 99% detection rate, 6% of false negative and false positive rates. Moreover, when compared to its closest predecessor against sinkhole attacks for IoT, THATACHI runs with at least 50% less energy consumption.

Sinkhole+CloneID: A hybrid attack on RPL performance and detection method

ABSTRACTDemands for the deployment of large-scale Low power and Lossy Networks (LLN) are growing these days. Internet of Things (IoT) refers to networks that communicate over Internet Protocols (IPs). Routing Protocol for Low power and Lossy Networks (RPL) is a standard routing protocol for networks which has been exposed to a variety of attacks. Previous works have addressed those attacks; however, each study has focused on a single attack. In this work, we propose the hybrid of Sinkhole and CloneID attacks named “Sink-Clone” attack. The paper demonstrates the effect of this hybrid attack on RPL performance and evaluates it against a detection method which is inspired by previous detection methods. The hybrid attack and the Intrusion Detection System (IDS) have been simulated in Cooja simulator where the results show the impacts of the hybrid attack compared to the standalone attacks as well as the capability of the proposed IDS in detecting malicious nodes in a hybrid scenario.

Machine Learning Based Technique for Detection of Rank Attack in RPL based Internet of Things Networks

Internet of Things (IoT) is a new Paradiagram in the network technology. It has the vast application in almost every field like retail, industries, and healthcare etc. It has challenges like security and privacy, robustness, weak links, less power, etc. A major challenge among these is security. Due to the weak connectivity links, these Internet of Things network leads to many attacks in the network layer. RPL is a routing protocol which establishes a path particularly for the constrained nodes in Internet of Things based networks. These RPL based network is exposed to many attacks like black hole attack, wormhole attack, sinkhole attack, rank attack, etc. This paper proposed a detection technique for rank attack based on the machine learning approach called MLTKNN, based on K-nearest neighbor algorithm. The proposed technique was simulated in the Cooja simulation with 30 motes and calculated the true positive rate and false positive rate of the proposed detection mechanism. Finally proved that, the performance of the proposed technique was efficient in terms of the delay, packet delivery rate and in detection of the rank attack.

A multivariant secure framework for smart mobile health application

AbstractWireless sensor network enables remote connectivity of technological devices such as smart mobile with the internet. Due to its low cost as well as easy availability of data sharing and accessing devices, the Internet of Things (IoT) has grown exponentially during the past few years. The availability of these devices plays a remarkable role in the new era of mHealth. In mHealth, the sensors generate enormous amounts of data and the context‐aware computing has proven to collect and manage the data. The context aware computing is a new domain to be aware of context of involved devices. The context‐aware computing is playing a very significant part in the development of smart mobile health applications to monitor the health of patients more efficiently. Security is one of the key challenges in IoT‐based mHealth application development. The wireless nature of IoT devices motivates attackers to attack on application; these vulnerable attacks can be denial of service attack, sinkhole attack, and select forwarding attack. These attacks lead intruders to disrupt the application's functionality, data packet drops to malicious end and changes the route of data and forwards the data packet to other location. There is a need to timely detect and prevent these threats in mobile health applications. Existing work includes many security frameworks to secure the mobile health applications but all have some drawbacks. This paper presents existing frameworks, the impact of threats on applications, on information, and different security levels. From this line of research, we propose a security framework with two algorithms, ie, (i) patient priority autonomous call and (ii) location distance based switch, for mobile health applications and make a comparative analysis of the proposed framework with the existing ones.

Intrusion Detection Systems: A Review

Intrusion Detection System is competent to detect the intrusions and alerting the administrator of system about the signs of possible intrusions. This paper presents a detailed review of the intrusion detection techniques used in WSNs. More specifically, the existing methods for blackhole and sinkhole attacks detection are reviewed. However, it is noted that most intrusion detection schemes proposed in the literature are either inefficient or have low detection rates/high false positive rates. This survey also highlights the research gap in this domain and provides better scope for the advanced work.

Artificial bee colony based sinkhole detection in wireless sensor networks

Sinkhole attack in wireless sensor networks (WSN) is most vulnerable attack in WSN that prevents the base station from gathering complete and unmodified data from its origin. A simple authentication mechanism is not adequate to prevent WSN from sinkhole attacks as signed routing can also be easily done by compromised nodes. Hence in this paper we addressed the problem sinkhole attack detection in WSN using swarm-based algorithm namely artificial bee colony algorithm. This algorithm finds the compromised node by comparing the node ID’s defined in the rule set. ABC reduces the overall time complexity taken to find the compromised node which turns to reduces the packet loss percentile and increases the packet delivery ratio. The performance of the proposed algorithm is evaluated and compared with the existing methodologies. The results show that the proposed algorithm outperforms the existing methodologies in terms of packet loss, packet delivery ratio and energy consumption.

Intrusion Detection Systems: A Review

Intrusion Detection System is competent to detect the intrusions and alerting the administrator of system about the signs of possible intrusions. This paper presents a detailed review of the intrusion detection techniques used in WSNs. More specifically, the existing methods for blackhole and sinkhole attacks detection are reviewed. However, it is noted that most intrusion detection schemes proposed in the literature are either inefficient or have low detection rates/high false positive rates. This survey also highlights the research gap in this domain and provides better scope for the advanced work.

Safety detection algorithm in sensor network based on ant colony optimization with improved multiple clustering algorithms

The Sensing network attack connection has the characteristics of behavioral variability and complexity. It is not feasible to construct an abnormal intrusion detection model by using behavior mining technology based on traditional clustering. According to the characteristics of Sensing network attack behavior, this paper proposed a Sensing network attack detection algorithm based on improved multi-cluster. Firstly, it used improved spatial clustering algorithm to reduce spatial data feature dimensions and feature computational complexity during attack detection. Secondly, it used improved K-means clustering algorithm to classify spatial datasets. Ant colony optimization algorithm is used to detect whether there is Sinkhole attack in routing and generate alert information of sensor nodes. Finally, it used improved evidence accumulation clustering algorithm to calculate the difference distance between each isolated point and the cluster centroid and it also used matrix clustering algorithm to calculate the detection threshold and determine the attack behavior in the Sensing network. P2P trust model is used to calculate the trust value of each node in the list of suspect nodes, and the node whose trust value is lower than the preset threshold is regarded as the attack node. Through the attack detection experiment based on KDD 99 dataset, the comparison with the detection results of different algorithm s shows that the proposed algorithm has higher detection rate and lower false positive rate.

Detection of Sink Hole Attack Using Decision Tree in Manet

Detection of Sink Hole Attack Using Decision Tree in Manet

LB-IDS: Securing Wireless Sensor Network Using Protocol Layer Trust-Based Intrusion Detection System

Wireless sensor network (WSN) faces severe security problems due to wireless communication between the nodes and open deployment of the nodes. The attacker disrupts the security parameters by launching attacks at different layers of the WSN. In this paper, a protocol layer trust-based intrusion detection system (LB-IDS) is proposed to secure the WSN by detecting the attackers at different layers. The trust value of a sensor node is calculated using the deviation of trust metrics at each layer with respect to the attacks. Mainly, we consider trustworthiness in the three layers such as physical layer trust, media access control (MAC) layer trust, and network layer trust. The trust of a sensor node at a particular layer is calculated by taking key trust metrics of that layer. Finally, the overall trust value of the sensor node is estimated by combining the individual trust values of each layer. By applying the trust threshold, a sensor node is detected as trusted or malicious. The performance of LB-IDS is evaluated by comparing the results of the three performance parameters such as detection accuracy, false-positive rate, and false-negative rate, with the results of Wang’s scheme. We have implemented jamming attack at the physical layer, back-off manipulation attack at the MAC layer, and sinkhole attack at the network layer using simulations. We have also implemented a cross-layer attack using the simulation where an attacker simultaneously attacks the MAC layer and network layer. Simulation results show that the proposed LB-IDS performs better as compared with Wang’s scheme.

Secure and Energy-Efficient Data Aggregation Method Based on an Access Control Model

Wireless sensor networks (WSNs) consist of a large number of sensor nodes that are distributed to capture the information about an area of interest. In WSN, many of the secure data aggregation works are conducted without addressing the authentication process. It is challenging to implement authentication while preserving the energy consumption in the network. The previous research that focus on these issues have several limitations, such as sharing the security key and the key length with a base station node, and not much attention is given to enhance the authentication of the Medium Access Control (MAC) server. This makes the data aggregation network are exposed to malicious activities. This paper presents a new protocol to address the security and energy issue in Wireless Sensor Network (WSN). This newly developed protocol is named Secure and Energy-Efficient Data Aggregation (SEEDA), which is the extension of SDAACA protocol. The proposed protocol aims to enhance authentication by generating a random value and random timestamp with a secret key. The base station node will verify the fake aggregated data when the packets are received using the generated key earlier. Furthermore, the attacks are detected and prevented by utilizing secure node authentication, data fragmentation algorithms, fully homomorphic encryption, and access control model. The secure node authentication algorithm prevents attacks from accessing the network. To avoid network delays, the base station node utilizes the distance information between the participating nodes. To ensure the reliability of our proposed method, we simulate two well-known attacks, called Sybil and sinkhole attacks. Several experimental scenarios are conducted to observe their effect. Evaluation metrics such as malicious activity detection rate, energy consumption, end-to-end delay, and resilience time are measured. The performance of the proposed protocol is compared with SDA, SDAT, SDALFA, EESSDA, SDAACA, and EESDA, which is a widely used protocol in the area of secure data aggregation. The simulation results show that the proposed SEEDA method outperforms the existing scheme with 98.84% malicious nodes detection rate, 3.04 joules for energy consumption, the maximum delay of 0.038 seconds, and the resilient time 0.054, 0.075 seconds when 8%,16% of malicious nodes affecting the network.

Research on the intrusion detection model based on improved cumulative summation and evidence theory for wireless sensor network

In this paper, a new hybrid intrusion detection model which combines the distributed and centralized strategies is proposed in this paper as follows. Firstly, considering the network anomalies, situation cannot be captured in real time on the base station; by introducing the CUSUM (cumulative summation) GLR (generalized likelihood ratio), an anomaly detection model which runs on the node is given. It can conduct real-time network monitoring. Based on the “link quality” and “majority rule,” a new algorithm to detect the “Sinkhole attack” in the base station is proposed, and a new model CUSUM_MV to detect intrusion is given. Secondly, the evidence theory is introduced to detect intrusion in wireless sensor network. We give the redundant information process mechanism in the relay node, an evidence-based intrusion detection model deployed on the base station and the intrusion detection model CUSUM_HDST. The hybrid model can detect not only Sinkhole and DoS attacks, but also other specific vulnerabilities. A simulation experiment on Castalia simulator is carried out, and results show that the proposed method has better performance than the traditional Sinkhole attacks detection method.

RETRACTED ARTICLE: Improved encryption protocol for secure communication in trusted MANETs against denial of service attacks

MANET(Mobile Adhoc Networks) possess the open system condition, absence of central server, mobile nodes that make helpless to security assault while conventional security components couldn’t meet MANET security prerequisites in view of restricted correspondence data transfer capacity, calculation power, memory and battery limit in addition to the vitality enabled environment. The trusted MANETs provide a reliable path and efficient communication but the secrecy of the trust values sometimes may be overheard by the masqueraders. Due to the need of the clustered MANETs the exchange of mathematical values remains to be a necessary part. In the proposed security of the trusted MANETs is focused so as to provide rigid and robust networks when additional resources are added. For clustering of the nodes LEACH protocol is suggested in which the CHs and CMs are fixed for the data transfer in the network. The energy is disseminated in the LEACH as to avoid the battery drain and network fatal. Hence to add resistance and to make an authentic network, the encryption and decoding is incorporated as a further supplementary to avoid the denial of service attacks, we have utilized DoS Pliancy Algorithm in which the acknowledgment based flooding attacks is focused. Likewise the encoded messages from the source node in one cluster can be recoded in the transmission stage itself to reproduce the messages. Contrasted with the past works, QoS of our proposed work has been made strides when tested with black hole and sink hole attacks. Simulation results shows that the DoS pliancy scheme works better and efficient when compared to the existing trust based systems.