Detecting Malicious Node in Wireless Sensor Network Using Packet Delivery Ratio
Wireless Sensor Network is a self-organizing, self-configuring and multi-hop wireless network, which dynamically form a network where nodes can communicate with each other without any existing network infrastructure such as access point or base stations. This is the most advanced technology in recent times, which is the combination of peer-to-peer techniques, wireless communication and mobile computing. It is very useful to overcome geographical constraints in a military operation and also very useful to assist in the disaster relief operation, battle fields. However, it is necessary that the network must be secure. Security in Wireless Sensor Network is very hard due to its lack of centralized organization and dynamic infrastructure and most important is Energy. It is very possible that some malicious or misbehaving node came into the network or some nodes in the network become malicious, compromise the system functionality and make the system insecure. In this situation it is essential to detect the misbehaving node and remove it from the network.
WSN Architecture
The sensor nodes are usually deployed in a sensor field in the scattered manner. Each of these disordered (scattered) Sensor nodes has the capability to gather the data and direct the data back to the sink/gateway and the end-users. Data are rooted back to the customer by a multi-hop infrastructure less architecture via sink. The sink may communicate with the task manager/end-user via the internet or satellite or any type of wireless network (like Wi-Fi, mesh networks, cellular system, Wi-Fi MAX ,etc.) or may be multiple sinks/gateways and multiple end-users in the architecture.
In WSNs, the sensor nodes have the dual functionality of being both data originators and data routers. Hence, communication is performed for two reasons:
1. Source function: Source nodes with event information perform communication functionalities in order to transmit their packets to the sink.
2. Router function: Sensor nodes also participate in far-wording the packets received from other nodes to the next destination in the multi-hop path to the sink.
A Wireless Sensor node mainly consists of the following things:
- Processing unit (micro-controller)
- Battery for power
- Communicational unit (transreceiver)
- Sensing unit (sensors)
Characteristics of WSN
The property of the sensor network or sensor nodes that can be deployed in hostile environments to derive the collection of data from nodes which have the limitation like limited energy, limited memory etc. Sensor networks have the topologies which changes frequently means to say they deployed in unstructured environment, so data transferring depends on the wireless channels. Mainly the sensor node have a transceiver for sending and receiving data(for wireless communication), a sensing unit to sense the data from environment and converts it into the electrical signal, a processor to calculation, a small battery to power the node.
- Easy to deploy in any environment
- Lack of global id
- Constraints applied to sensor nodes for the consumption of energy usage
- In the sensor network nodes are prone to failure
- Dynamic network topology
Advantages of WSN
· They provide access to information and services regardless of geographic position.
· These networks can be set up at any place and time.
· Ability to deal with node Failure.
· Easy to Deploy in any environment.
Disadvantages of WSN
· Limited resources energy and physical security.
· Intrinsic mutual trust vulnerable to attacks.
· Volatile network topology makes it hard to detect malicious nodes.
· Security protocols for wired networks cannot work for wireless sensor networks.
Applications of WSN
To monitor several kind of situation or to get data or information from that situations different types of sensors are present such as magnetic, thermal, visual, infrared, acoustic and radar, seismic. The situation or conditions shown below:
. Temperature
. Humidity
. Vehicular movement
. Lightning condition
. Pressure
. Soil makeup
. Sound levels
. The presence or absence of certain kinds of objects
. Mechanical stress levels on attached objects
VULNERABILITY IN WSN
Despite of the wide use of wireless sensor networks, it still have some vulnerabilities in it. So, there is always a need of safety from such vulnerabilities. These weaknesses are used by intruders to know about the internals of network processes and then further used to attack the network. Some of these vulnerabilities in wireless sensor networks as discussed below: -
A. Radio jamming
The same frequency is used to transmit radio waves, which is used by sensor networks by the attacker. It results in flooding on transport medium so that the nodes can’t communicate.
B. Tampering
When the Hardware of the network is physically attacked, damaged or compromised then it is called as Tampering. So safety against tampering is hiding the nodes, keep away or secure physically from attack.
C. Denial of Service
It is a kind of an active attack which has sole intention of flooding the network with messages sent via single or multiple malicious nodes. This sort of attack renders the wireless sensor network useless and out of operation, also eats up the energy by putting the sensors always in active state.
D. Injecting Message
The aim is to input malicious information for damaging records or to drain the network.
E. Loops
The perpetrator brings in the use of single or multiple malicious nodes to transmit infinite packets on the network thereby making sensors consume energy as packets are endlessly sent by the network .
F. Message modification
A message is intercepted and data packets pertaining to the message are modified by adding or removing information by the malicious node.
G. HELLO Flooding
Hello messages are sent in many ad-hoc network discovery protocols to find nearby nodes and use these nodes to build a network. To compromise the the nodes in the network, one can use the small violence of Hello Flooding with a machine with huge transmission energy. Then HELLO messages are sent by intruder to the other nodes in the network. Such that the neighboring nodes trust that on malicious node as a neighbor node and data have to be sent to it, but packets are sent into oblivion because they are far away from that.
H. False node
If an enemy add a sensor node in the network to mislead the good nodes and exchange suspect able or manipulated information or data, block routes, and so on, may lead to a bottleneck, false location claims, degrades the network performance, and so on. Because of this attack network damage or even complete destruction can happen.
Malicious Node
The nodes which have predefined behaviors are called as normal nodes and the nodes who behaves unexpectedly or different kind of behavior such as packet dropping, injecting false information in messages are called as malicious nodes. To find any malicious node first we have to identify malicious behavior or activity. If we find that there is any malicious behavior than it is easy to detect malicious node. If a packet is send by the source node to the destination after a specific time and if any intermediate node response improperly, the source node continues the process again. But if again this activity was observed, the source node will broadcast a packet to declare the malicious activity in the network. Each nodes in this range maintains a list of sent and dropped packets and when number of dropped packets by a particular node exceeds from a certain threshold T max (maximum threshold value), the monitoring node in that range declares that node as misbehaving node since a malicious activity have already been observed in the network .
Detection Techniques
1: Identify malicious nodes in wireless sensor networks through detection of malicious message transmissions in a network. A message transmission is considered suspicious if its signal strength is incompatible with its originator’s geographical position
2: The malicious nodes are detected by computing the average number of event cycles. In addition, each sensor node maintains the trust values of its neighboring nodes to reflect their behavior in decision-making. Every node maintains a list of its neighbors and his trust value. The trust value is updated at regular intervals for security reasons. Before packets are transmitted to neighbor node the trust value of that node is checked. If trust value of that node is good than packet will be transmitted otherwise transmitting node will change the trust value in his list and broadcast that for neighbor nodes. We have seen that when a node is malicious than all neighbor nodes report his trust value is not good.
3: Identify malicious nodes in wireless sensor networks through detection of malicious message transmissions in a network. A message transmission is considered suspicious if its signal strength is incompatible with its originator’s geographical position. There is a GPS which provide location or geographical position to every node which helps to node to define him uniquely in network.
4: In auto regression based on past/present values provided by each sensor of a network for detecting their malicious activity. Basically, we will compare at each moment the sensor’s output with its estimated value computed by an autoregressive predictor. In case the difference between the two values is higher than a chosen threshold, the sensor node becomes suspicious and a decision block is activated
EXPRIMENT
Experiments are done in fixed area means no node can be outside the boundary if this happens than node is considered as out of network and nobody will communicate with that node or the node is declared as malicious node and detected based on packet delivery ratio.
A. Simulation Parameters
Table summarizes the parameters used in this experiment like time, protocol, topology etc.
B. Simulation
For execution ns-2 compiler is used. Which produce two files as output, one is trace file and another is nam file. Trace file contains information about the packets sent, dropped, received and lost for all the nodes during the run.
NAM is an animation tool for viewing simulation environment. Tcl file can be executed to get the trace files as output. The trace files are again executed by a command “gawk –f awkfilename filename.tr”. “gawk” is a package who helps to execute .tr files. AWK file is a script that contains source code to calculate the parameters like packet delivery ratio, packets sent and received from the trace file.
Experimental results
The time of presence of malicious node is fixed to 1sec. The total number of nodes present in the network is 25, 35 and 45 and number of malicious nodes in the network is 0, 1 and 3. The packet delivery ratio is degraded when the number of malicious nodes is increased. The packet delivery ratio is increased along with the number of nodes increased in the network.
Firstly, run the Tcl source code and get a trace file. After executing the command “gawk -f awkfilename tracefilename” in different scenarios, it is found that Packet delivery ratio is 100% even total number of nodes is increased from 25 to 35 and 45. This is shown in figure 1, 2 and 3 that run the awk script with trace file.
After that, malicious node is inserted in Tcl source code and run awk script to get the PDR and this time it degrades. Malicious node is inserted for 1 second in the network of 25, 35 and 45 nodes. Total time of experiment is 10 seconds and malicious nodes are created for 3sec to 4sec period. The PDR in these situations is shown in figure 4, 5 and 6 below
The number of malicious node is increased in Tcl source code from 1 to 3 also, and the PDR decreases more and more. Here 3 malicious nodes are inserted in the network with 25, 35 and 45 nodes. The time for all malicious nodes is fixed in this experiment. The PDR in these situations is shown in figures 4, 5 & 6 below:
From figure 1 to 9 above, it is observed that when number of nodes are increased in network the PDR is also increased. And if the number of malicious nodes in network is increased than PDR degrades quickly
Conclusion
In this study, detection of malicious node and variation in Packet Delivery Ratio in network is done. Detecting a malicious node among communicating nodes in the network is vital security issue in multi-hop wireless networks. Proposed work finds Packets Delivery ratio and detect the malicious node based on a certain threshold value for this ratio. Further, in this work, no attacks are considered except the malicious node. In future several other parameters like packet dropping, packet delay, and packet fabrication can also be used for malicious node detection and they can be compared with other in terms of performance and accuracy terms.
