Detecting Sinkhole Attacks in IoT-Based Wireless Sensor Networks Using Distance From Base Station

Introduction

Wireless sensor networks (WSNs) have gained popularity within research community because they provide a promising environment for numerous control and monitoring applications (Singh, Yadav, Kanungo, Pal, & others, 2021; Pinar, Zuhair, Hamad, Resit, Shiva, & Omar, 2016). These low-cost networks allow monitoring processes to be conducted remotely, in real-time and with minimal human intervention. The main feature of WSNs is infrastructure less nature (Pal, Singh, & Yadav, 2015). While addressing the network security of WSN, its infrastructure less nature makes it more vulnerable, and the limitation of resources makes it difficult to get a proper security mechanism. The security mechanism for WSN should be lightweight as well as robust enough to handle the attacks faced by these networks. Intrusion detection system (Butun, Morgera, & Sankar, 2013) is a lightweight mechanism as well as can handle the attacks. The primary objective of an intrusion detection system is to convey the information when an attack on network intrusion might be taking place.

There are two types of attacks in WSN- active attacks and passive attacks. An adversary essentially affects the operations in the attacked network in active attacks. Jamming, hole attacks (blackhole, wormhole, sinkhole, etc.), Denial-of-Service (DoS), flooding are examples of active attacks (Wood & Stankovic, 2002). Attackers are typically secret (unseen) and moreover tap the message link to accumulate data or tear down the performance elements of the network in terms of passive attacks. Eavesdropping, node tampering, traffic analysis are examples of passive attacks (Grover, Laxmi, & Gaur, 2013) (Babaeer & Al-Ahmadi, 2020). IDS have been used to detect both types of attacks (Medeira, Grover, & Khorjiya, 2019) (Pundir, Wazid, Singh, Das, JPC Rodrigues, & Park, 2020). Sinkhole attack is an insider attack where an intruder compromises a node inside the network and launches an attack. Then the compromise node tries to attract all the traffic from neighbor nodes based on the routing metric that used in routing protocol. When the malicious node managed to achieve that, it will be able control those data packets passing via it.

The work of the paper presents a sinkhole attack detection mechanism which is primarily based on a parameter distance from base station (DBS). Proposed mechanism works in two phases. In the phase 1, it creates Neighbor_Database for each node. Neighbor_Database for each node contains its neighbor node_IDs and their corresponding DBS values. Whereas phase-2 detects the sinkhole node. At first it calculates a measure called Difference (%) value after that it compares the difference value with the threshold value. If the difference value is greater than the threshold value, it will be detected as a malicious node else it's a legitimate node. Here the constant threshold plays a crucial role at the detection phase. For increasing accuracy if threshold is taken very low then misdetection will occur. Moreover, Detection_Rate will be very low for very high threshold. That's why threshold is taken at an optimum value so that misdetection is almost zero as well as accuracy high. The mechanism proposed by Ibrahim et al. (Ibrahim, Rahman, & Roy, 2015) is unable to detect 1 hop distance sinkhole attack but the proposed method detects 60% - 80% near to base station (BS) attacks. The proposed method detects 100% sinkhole attacks when the DBS is greater than 35m. The proposed method has been simulated and analyzed for 3 different scenarios of network to endorse the scalability. For scenario-1 50 nodes and scenario-2 100 nodes and scenario-3 400 nodes are deployed.

The remainder of this paper is organized as follows: section II presents the related work. Section III describes the problem statement and the proposed detection method for sinkhole attack. The performance of the proposed algorithm has been evaluated and analyzed in section IV through simulations. Finally, section V concludes this work.