Scribd
Upload
62 views

Sinkhole Attack Detection in Wireless Sensor Nodes

This document summarizes a research paper about detecting sinkhole attacks in wireless sensor networks. The paper proposes using an intrusion detection system architecture that maintains adjacency matrices tracking hop counts and sequence numbers observed in network traffic to detect anomalies indicative of sinkhole attacks. The system works by analyzing a captured network packet file to build the matrices and then identifies potential malicious nodes by looking for nodes reporting high sequence numbers and direct paths to the base station, which are characteristics of sinkhole attacks.

Uploaded by

Hari Venkatesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
62 views

Sinkhole Attack Detection in Wireless Sensor Nodes

This document summarizes a research paper about detecting sinkhole attacks in wireless sensor networks. The paper proposes using an intrusion detection system architecture that maintains adjacency matrices tracking hop counts and sequence numbers observed in network traffic to detect anomalies indicative of sinkhole attacks. The system works by analyzing a captured network packet file to build the matrices and then identifies potential malicious nodes by looking for nodes reporting high sequence numbers and direct paths to the base station, which are characteristics of sinkhole attacks.

Uploaded by

Hari Venkatesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 3

1

Prof:R.Thandeeswaran ,S.Hari Venkatesh, Gampa Shivam


SINKHOLE ATTACK DETECTION IN
WIRELESS SENSOR NODES
Abstract: Currently Wireless Sensor Nodes has become important systems that are used in many applications. They are used to
sense or monitor the environment and in military surveillance. The information collected by the nodes is sent to the base station
that manages the Wireless Sensor Nodes. Unattended nature of sensor node in the environment leads to many security threats in
the Wireless Sensor Nodes. One of the attacks is sinkhole attack. In which the attacker attracts its neighbour nodes to gain
network traffic and the base station is prevented from acquiring the collected data. In this paper, a new IDS architecture is
proposed to provide high detection rate.

Index Terms— Wireless Sensor Nodes, Sinkhole attack, hop count, sequence number, Adjacency matrix

detection are the different types of Sybil attacks. Any


operation from the listed methods can be performed by the
attacker to gain the network
I. INTRODUCTION1
A Wireless Sensor Network (WSN) is made up of several 2.1.2 Wormhole Attack
nodes that are connected to one another wirelessly and a
base station that act as a hub. A node is made up of In wormhole attack, the packets are recorded by the
transceiver, battery, and microcontroller. Based on size the attacker in one location of the network and tunnel those to
cost differs and their performance. These nodes are another location. Even without knowing the protocol of the
mounted in the environment to gather information. The network they can damage the network. It is also known as
collected data are sent to the base station through some Denial of Service attack. It’s a difficult attack to detect.
intermediate nodes on the same network. WSN are scalable This attack can be implemented by one or more nodes in
and able to withstand any conditions in environment. But the network.
they are vulnerable to several attacks.
Sinkhole attack is one of the routing attacks in Wireless 2.1.2 Hello Flood Attack
Sensor Network. In sinkhole attack, the attacker acts as a
node in the network and launches the attack. The attacker A hello message is used by the attacker to convince the
node is known as sinkhole node. neighbor nodes in the Wireless Sensor Network. In the
This node advertises to neighboring nodes, that it has less network each node sends or broadcast hello message, thus
hop count to reach base station. This leads to gather the nodes knows its neighboring nodes. In this attack, to
information and traffic from the neighboring nodes. Thus send a hello message the attacker will have both processing
the information to be sent to base station is dropped. power and the radio transmission range in maximum level.

II.BACKGROUND INFORMATION
Wireless Sensor Network is affected by different kinds
of attacks, given below are common attacks in WSN: 2.1.3 Sinkhole Attack

A. Attacks on WSN In Sinkhole attack, the attacker node attracts the traffic
and neighbouring nodes in the network with respective to
There are several security threats in WSN; these the routing algorithm. This attack leads to selective
attacks affect the network layer. Few attacks are forwarding or wormhole attack. The neighbouring nodes
explained here: are attracted by the high quality link provided to reach base
station by the malicious node. Nodes in the network send
the packets through this attacker node. Due to this, the
2.1.1 Sybil Attack sequence number of the attacker node is increased. The
node drops the collected packets instead of forwarding it to
In this attack, the infected node can be in any place. the base station.
This node can have multiple identities. It can be classified
as direct vs indirect communication, fabricated vs stolen III. RELATED WORK
identities, simultaneity. Distributed storage, routing, data In this section we take overlook at some of the related
aggression, voting, fair resource allocation, misbehaviour work which has already done in this field.
1
In [1], Wireless sensor network security attacks are iv. Extract the last octa digit of source and
discussed in this paper. It provides short notes on destination IP address
security goals and challenges. It gives brief information v. If source and destination IP address are same and
about various kinds of attacks like Sinkhole attack, hop count zero
Wormhole attack, Sybil attack and its counter then do nothing
measures. else
a) If the position in matrix for that IP address is
0 then insert the respective hop count and
In [2], the paper explains about Black hole attack
sequence number
and uses Watchdog technique. In which each node hear b) If hop count matches and sequence number is
the neighboring node communication. A cluster head is less than the previously recorded number then
appointed for monitoring the data traffic in a network. change it
They have used hop count and sequence number to find c) If hop count is less than previously recorded
malicious node and there is a possibility that the cluster number and not equal to zero then store the
head, itself acts as an attacker node. new number
Repeat from step 5 until end of file.
In [3], the paper deals with a novel algorithm for
detecting the sinkhole attacks in WSNs. They have Algorithm to detect the sinkhole :
discussed about sinkhole attack and described system
model and energy consumption. Three situations are Labe1;
discussed, i) arrival of data at Base Station (BS) If (Hopcount =1 and sequence number = Max)
properly ii) while manipulated, and data arrive at base Option=1;
station iii) data never arrives at BS. If ii) and iii) Else
situation occurs, it looks for malicious node. The BS Option=0;
checks and compares the path of the node each time in
If (Option=1)
its memory with new path and detects the malicious
“It is malicious node”;
node. Else
“goto Label”;
IV. PROPOSED WORK

Some limitations in existing system are watchdog


technique in which the nodes have or monitor their A node is said to be a malicious node, if it satisfies the
neighboring nodes communication. It is based on sensor above conditions.note the following.
broadcast communication. In this method, a cluster head is
appointed as a watchdog node. This method brings a
overhead to the nodes, because each node monitor the V. FIGURES
packet transfer of its neighboring nodes and the watchdog
node is assigned with the assumption that it in not a
malicious node. So this method provide extra work load to
the nodes and there is also a chance that the watchdog
node itself can be a malicious node. Secondly, in some
mechanisms a table is maintained by the nodes called
supplementary table that contains timely data. This
requires additional memory of the nodes.
In this proposed work, a pcap (capture) file, that has
all information about the packet transferring in the
network is filtered using Wireshark software based on
AODV Protocol (Fig 2) and it is extracted as a csv file
(Comma Separated file) with respective source address,
destination address, hopcount and sequence number (Fig
3). With this csv file as input two adjacency matrix is
formed based on hopcount and sequence number (Fig 4).
Pseudo code for generating the matrix is given below:
Figure 1: Before retrieving AODV using
i. Read data from csv file Wireshark
ii. Create two matrix one for hop count and other for
sequence number
iii. Initialize the matrix to zero
3

Figure 2: After retrieving AODV using


Wireshark

Figure 4 : Constructed matrix

References

Maliheh Bahekmat, Mohammad Hossein Yaghmaee,


Ashraf Sadat Heydari Yazdi,Sanaz Sadeghi (2012) : A
Novel Algorithm for Detecting Sinkhole Attacks in WSNs.
International Journal of Computer Theory and
Engineering, Vol. 4, No. 3, June.

Figure 3: Extracted csv file (input file) Manish M Patel, Akshai Aggarwal (2013) : Security
Attacks in Wireless Sensor Networks: A Survey.
International Conference on Intelligent Systems and Signal
Processing (ISSP).

Umashankar Ghugar, Jayaram Pradhan, Monalisa


Biswal (2016) : A Novel Intrusion Detection System for
Detecting Black Hole Attacks i n Wireless Sensor Network
Using AODV Protocol. IJCSN International Journal of
Computer Science and Network, Volume 5, Issue 4, August

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy