Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Adversary Detection in Wireless Sensor Networks Under Byzantine Attacks

Download as pdf or txt
Download as pdf or txt
You are on page 1of 3

International Journal of Engineering and Technical Research (IJETR)

ISSN: 2321-0869, Volume-1, Issue-10, December 2013

Adversary Detection in Wireless Sensor Networks


Under Byzantine Attacks
P. Sathya Priya, S. Lokesh
size increases and/or the attack behavior changes. To
Abstract This work discovers reliable data fusion which overcome this limitation, effective sub-optimal schemes with
overcome coverage problem in mobile access wireless sensor low computational complexity are highly desired.
networks under Byzantine attacks. Consider the q-out-of-m First, propose a simplified, topology construction which
rule, in which final decision is made based on the q sensing construct and maintains an efficient network topology. Once
reports out of m polled nodes and can achieve a good trade-off
the initial topology is deployed, especially when the location
between the miss detection probability and the false alarm rate.
In this work, first, propose a simplified, topology construction
of the nodes is random, the administrator has no control over
which construct and maintains an efficient network topology. the design of the network; for example, some areas may be
Second, propose a multicast message transmission where very dense, showing a high number of redundant nodes, which
multicasting requires special techniques that make clear who is will increase the number of message collisions and will
in the intended group of recipients. Finally, propose a simple provide several copies of the same information from similarly
and effective malicious node detection approach, where the located nodes. However, the administrator has control over
malicious sensors are identified by comparing the decisions of some parameters of the network, transmission power of the
the individual sensors with that of the fusion center. This work nodes, state of the nodes, role of the nodes, etc. by modifying
further proposes the adversary node detection approach and
this parameters, the topology of the network can change.
adapts the fusion parameters based on the detected malicious
sensors. Simulation examples are presented to illustrate the Second, propose a multicast message transmission where
performance of proposed approaches. multicasting requires special techniques that make clear who
is in the intended group of recipients. Messages are sent to a
Index Terms Sensor networks, Byzantine attacks, q-out-of-m group of stations that meet a particular set of criteria.
rule. Finally, propose a simple and effective adversary node
detection approach, where the malicious sensors and
I. INTRODUCTION adversary sensors are identified by comparing the decisions of
Wireless sensor networks (WSNs) have been studied the individual sensors with that of the fusion center. It is
intensively for various applications such as environment observed that dynamic attacks generally take longer time and
monitoring, area monitoring and landslide detection [1]. They more complex procedures to be detected as compared to static
usually consist of a processing unit with limited attacks. It is also found that the proposed adversary detection
computational power and limited memory, sensors, a procedure can identify adversarial sensors accurately if
communication device, and a power source usually in the sufficient observation time is allowed. It is shown that the
form of battery [3]. A serious threat to wireless sensor proposed adaptive fusion scheme can improve the system
networks is the Byzantine attack [5], where the adversary has performance significantly under both static and dynamic
full control over some of the authenticated nodes and can attack strategies.
perform arbitrary behavior to disrupt the system. Byzantine
fault encompasses both omission failures as failing to receive II. LITERATURE SURVEY
a request, or failing to send a response and commission
failures as processing a request incorrectly. The MA receives A. Distributed Deployment Scheme
the sensing reports and applies the fusion rule to make the In wireless sensor networks (WSNs) multi-level (k)
final decision. One popular hard fusion rule used in coverage of the area of interest can be achieved by solving the
distributed detection is the q-out-of-m scheme [4], in which k-coverage sensor deployment problem. A WSN usually
the mobile access point randomly polls reports from m consists of numerous wireless devices deployed in a region of
sensors, then decides that the target is present only if q or interest, each able to collect and process environmental
more out of the m polled sensors report 1. It is simple to information and communicate with neighboring devices.
implement, and can achieve a good tradeoff between Sensor deployment is an essential issue in WSN because it not
minimizing the miss detection probability and the false alarm only determines the cost to construct the network but also
rate. In ideal scenarios, the optimal scheme parameters for the affects how well a region is monitored by sensors. In
q-out-of-m fusion scheme are obtained through exhaustive particular, given a region of interest, we say that the region is
search. However, due to its high computational complexity, k-covered if every location in that region can be monitored by
the optimal q-out-of-m scheme is infeasible as the network at least k sensors, where k is a given parameter. A large
amount of applications may impose the requirement of k > 1.
For instance, military or surveillance applications with a
Manuscript received December 10, 2013. stronger monitoring requirement may impose that k > 2 to
P. Sathya Priya, Computer Science and Engineering, Hindusthan
Institute of Technology, Pollachi, India. 9659499974.
avoid leaving uncovered holes when some sensors are broken.
S. Lokesh, Computer Science and Engineering, Hindusthan Institute of Consider two sub-problems: k-coverage sensor placement
Technology, Pollachi, India. 9865723232. problem and distributed sensor dispatch problem. The

43 www.erpublication.org
Adversary Detection in Wireless Sensor Networks Under Byzantine Attacks

placement problem asks how to decide the minimum number Multicast Message Transmission
of sensors required and their locations in I to ensure that I is Find Adversarial Node
k-covered and that the network is connected. Note that Tree Maintenance.
coverage is affected by sensors sensing distance, while
connectivity is determined by their communication distance. A. Topology Construction
Considering that sensors are mobile and the area I may In this module, construct a topology structure. Here
change over time, the objective of the dispatch problem is to we use mesh topology because of its unstructured nature.
schedule sensors to move to the designated locations Topology is constructed by getting the names of the nodes and
(according to the result computed by the placement strategy) the connections among the nodes as input from the user.
such that the total energy consumption of sensors due to While getting each of the nodes, their associated port and ip
movement can be minimized. For coverage, consider both the address is also obtained. For successive nodes, the node to
binary and probabilistic sensing models of sensors. Under the which it should be connected is also accepted from the user.
binary sensing model, a location can be monitored by a sensor
if it is within the sensors sensing region. While adding nodes, comparison will be done so
that there would be no node duplication. Then identify the
(1)
source and the destinations.
where is a parameter indicating the physical characteristics
of the sensor and d(u, ) is the distance between u and . In Create new node Update
this way, a location in A is considered as k-covered if the Db
probability that there are at least k sensors which can detect No
this location is no smaller than a predefined threshold , Node
WhetherYES
where 0 < < 1. With the above definitions, an area in A is Node availa
node Yes -ble
considered as k- covered if every location inside that area is available
k-covered.
B. Cut Detection
A wireless sensor network can get separated into multiple Db
connected components due to the failure of some of its nodes,
which is called a cut. Failure of a set of nodes will reduce
the number of multihop paths in the network. Such failures Fig. 1. Topology Construction.
can cause a subset of nodes that have not failed to become B. Multicast Message Transmission
disconnected from the rest, resulting in a cut. Two nodes are
The requester signs and unicast on the selected route
said to be disconnected if there is no path between them.
a multicast activation (MACT) message that includes its
assume that there is a specially designated node in the
identifier, the group identifier, and the sequence number used
network, which we call the source node. The source node may
in the RREQ phase. The MACT message also includes a
be a base station that serves as an interface between the
one-way function applied on the tree token extracted from
network and its users. Since a cut may or may not separate a
RREP, frequenter; tree token, which will be checked by the
node from the source node, which distinguish between two
tree node that sent the RREP message to verify that the node
distinct outcomes of a cut for a particular node. When a node
that activated the route, is the same as the initial requester. An
u is disconnected from the source, say that a Disconnected
intermediate node on the route checks if the signature on
from Source (DOS) event has occurred for u. When a cut
MACT is valid and if MACT contains the same sequence
occurs in the network that does not separate a node u from the
number as the one in the original RREQ. The node then adds
source node, say that Connected, but a Cut Occurred
to its list of tree neighbors the previous node and the next
Somewhere (CCOS) event has occurred for u. Without the
node on the route as downstream and upstream neighbors,
knowledge of the networks disconnected state, it may simply
respectively, and sends MACT along the forward route.
forward the data to the next node in the routing tree, which
During the propagation of the MACT message, tree neighbors
will do the same to its next node, and so on. However, this
use their public keys to establish pair wise shared keys, which
message passing merely wastes precious energy of the nodes;
will be used to securely exchange messages between tree
the cut prevents the data from reaching the destination.
neighbors.
Therefore propose a distributed algorithm to detect cuts,
The source periodically signs and sends in the tree an
named the Distributed Cut Detection (DCD) algorithm. The
MRATE message that contains its data transmission rate _0.
algorithm allows each node to detect DOS events and a subset
As this message propagates in the multicast tree, nodes may
of nodes to detect CCOS events. The DOS detection part of
add their perceived transmission rate to it. Each tree node
the algorithm is applicable to arbitrary networks; a node only
keeps a copy of the last heard MRATE packet. The
needs to communicate a scalar variable to its neighbors. The
information in the MRATE message allows nodes to detect if
CCOS detection part of the algorithm is limited to networks
tree ancestors perform selective data forwarding attacks.
that are deployed in 2D euclidean spaces, and nodes need to
Depending on whether their perceived rate is within
know their own positions.
acceptable limits of the rate in the MRATE message, nodes
Alternate between two states. The initial state of a node is
II. MODULES DESIGN
disconnected; after it joins the multicast group and becomes
The project contains four main modules. aware of its expected receiving data rate, the node switches to
Topology Construction

44 www.erpublication.org
International Journal of Engineering and Technical Research (IJETR)
ISSN: 2321-0869, Volume-1, Issue-10, December 2013
the connected state. Upon detecting selective data forwarding complex procedures to be detected as compared to those
attack, the node switches back to the disconnected state. conducting static attacks. The adaptive fusion procedure has
shown to provide significant improvement in the system
C. Find Adversarial Node
performance under both static and dynamic attacks. As to
Wireless-specific attacks such as flood rushing and future work, adaptive detection can be conducted under
wormhole were recently identified and studied. RAP prevents Byzantine attacks and soft decisions can be made based on the
the rushing attack by waiting for several flood requests and sensing reports.
then randomly selecting one to forward, rather than always
forwarding only the first one. Techniques to defend against REFERENCES
wormhole attacks include Packet Leashes, which restricts the
[1] Y.-C. Wang and Y.-C. Tseng, Distributed deployment schemes for
maximum transmission distance by using time or location mobile wireless sensor networks to ensure multilevel
information, Truelink, which uses MAC-level coverage, IEEE Transactions on Parallel and Distributed
acknowledgments to infer if a link exists or not between two Systems, vol. 19, no. 9, pp. 1280 1294, Sept. 2008.
nodes, and the work in , which relies on directional antennas. [2] P. Barooah, H. Chenji, R. Stoleru, and T. Kalmar-Nagy, Cut
detection in wireless sensor networks, IEEE Transactions on
Watchdog relies on a node monitoring its neighbors if they Parallel and Distributed Systems, vol. 23, no. 3, pp. 483
forward packets to other destinations. SDT and Ariadne use 490, Mar. 2012.
multipath routing to prevent a malicious if the sender node [3] C. Chong and S. Kumar, Sensor networks: evolution, opportunities,
forward packet to other destinations. If a node does not and challenges, Proceedings of the IEEE, vol. 91, no. 8, pp.
1247 2056, Aug. 2003.
overhear a neighbor forwarding more than a threshold number [4] R. Niu and P. Varshney, Performance analysis of distributed
of packets, it concludes that the neighbor is adversarial. Use detection in a random sensor field, IEEE Transactions on
multipath routing to prevent a malicious node from selectively Signal Processing, vol. 56, no. 1, pp. 339 349, Jan. 2008.
dropping data. [5] S. Marano, V. Matta, and L. Tong, Distributed detection in the
presence of byzantine attack , IEEE Transactions on Signal
D. Tree Maintenance Processing, vol. 57, no. 1, pp. 16 29, Jan. 2009.
[6] A. Rawat, P. Anand, H. Chen, and P. Varshney, Collaborative
We assume a tree-based on-demand multicast protocol, spectrum sensing in the presence of byzantine attacks in
which maintains bidirectional multicast trees connecting cognitive radio networks, Signal Processing, IEEE Transactions
multicast sources and receivers. Each tree defines a multicast on, vol. 59, no. 2, pp. 774 786, Feb. 2011.
[7] C. Karlof, N. Sastry, and D. Wagner, Tinysec: a link layer
group. The multicast source is a special node, the group security architecture for wireless sensor networks, Proceedings
leader, whose role is to eliminate stale routes and coordinate of the 2nd international conference on Embedded networked
group merges. Route freshness is indicated by a group sensor systems, pp. 162175, 2004.
sequence number updated by the group leader and broadcast [8] H. Kumar, D. Sarma, and A. Kar, Security threats in wireless
sensor networks, IEEE Aerospace and Electronic Systems
periodically as a message in the entire network. For
Magazine, vol. 23, no. 6, pp. 39 45, Jun. 2008.
convenience, we call this message a Group Hello message. [9] W. Zhang, N. Subramanian, and G. Wang, Lightweight and
Higher group sequence numbers denote fresher routes. compromise-resilient message authentication in sensor networks,
Three main operations ensure the tree maintenance: tree IEEE 27th Conference on Computer Communications,
pruning, broken-link repair, and tree merging. Tree pruning INFOCOM 2008, pp. 1418 1426, Apr. 2008.
[10] W. Wang, H. Li, Y. Sun, and Z. Han, Catchit: Detect malicious
occurs when a group member that is a leaf in the multicast tree nodes in collaborative spectrum sensing, IEEE Global
decides to leave the group. To prune itself from the tree, the Telecommunications Conference, GLOBECOM 2009, pp. 1 6,
node sends a message to indicate this to its parent. The 2009.
pruning message travels up the tree causing leaf nodes that are [11] M. R. Fellows, F. V. Fomin, D. Lokshtanov, F. Rosamond, S.
Saurabh, and Y. Villanger, Local search: Is brute-force
not members of the multicast group to prune themselves from avoidable? Journal of Computer and System Sciences, vol.
the tree, until it reaches either a non-leaf node or a group 78, no. 3, pp. 707 719, 2012.
member. A non-leaf group member must continue to act as a [12] H. Chan, A. Perrig, and D. Song, Secure hierarchical in-network
router and cannot prune itself from the multicast tree. aggregation in sensor networks, Proceedings of the 13th ACM
conference on Computer and communications security, ACM
CCS 2006, pp. 278 287, 2006.
III. CONCLUSIONS
In this work, the reliable data fusion is provided for P. Sathya Priya received the B.E. degree in
wireless sensor networks under Byzantine attacks where Computer Science and Engineering from Anna
fusion center randomly polls m out of n users and relies on University in 2012 and currently pursuing M.E.
q-out-of-m rule for final decision. The proposed work degree in Computer Science and Engineering at
Anna University. The current research focuses on
simplifies construction of initial topology and multicast
secure communications in sensor networks.
message transmission among group of nodes. An important
observation is that, even if the percentage of adversary
sensors remains fixed, the false alarm rate diminishes
exponentially with the network size. This implies that for a S. Lokesh received the B.E. and M.E. degrees in Computer Science and
Engineering from Anna University in 2003 and 2005, respectively.
fixed percentage of adversary nodes, network performance Currently working as Asst. professor in department of Computer Science and
can be significantly improved by increasing the density of the Engineering at Hindusthan Institute of Technology. His major research
nodes. Furthermore, obtain an upper bound on the percentage interests are in network security, wireless networks, and future Internet
of adversary nodes that can be tolerated using the q-out-of-m architectures.
rule. It is found that the upper bound is determined by the
sensors detection probability and the attack strategies of the
malicious and adversary nodes. It is observed that nodes
launching dynamic attacks take longer time and more

45 www.erpublication.org

You might also like