An Adaptive Early Node Compromise Detection Scheme for Hierarchical WSNs

Ahmed Al-Riyami, Ning Zhang, John Keane

    Research output: Contribution to journalArticlepeer-review


    Node compromise attacks pose a serious threat to
    WSNs. To launch an attack, an adversary physically captures
    a node and access data or software stored on the node. Even
    worse, the adversary may redeploy the captured node back into
    the network and use it to launch further attacks. To reduce
    the impact of a node compromise attack on network operations,
    the network should detect a node compromise as early as
    possible, ideally soon after a node is being captured, and then
    isolate the node from future network communications. Solutions
    for early node compromise detection are based on distributed
    monitoring of neighbouring nodes’ aliveness. Nodes regularly
    send notification (Heartbeat) messages to their one-hop neighbors
    to indicate their aliveness. If no message is received from a
    node (i.e., if a node is not heard) for a certain period of time,
    then the unheard node is said to have been compromised. This
    approach may have a large number of false positive errors when
    the message loss ratio in the network is high, as missing messages
    could be caused by message loss during transmission, in addition
    to node compromises. This paper proposes a novel scheme, called
    an Adaptive Early Node Compromise Detection (AdaptENCD)
    scheme, to facilitate node compromise attack detection in a
    cluster-based WSN. The scheme is designed to achieve a low
    false positive ratio in the presence of various levels of message
    loss ratios. To achieve this feature, two ideas are used in the
    design. The first is to use cluster-based collective decision making
    to detect node compromises. The second is to dynamically adjust
    the rate of notification message transmissions in response to the
    message loss ratio in the sender’s neighborhood. The performance
    of the scheme, in terms of false positive ratio, false negative
    ratio and transmission overheads, is evaluated using simulation.
    The results are compared against those from the most relevant
    scheme in the literature. The comparison results show that our
    scheme can detect all the node compromises in the network more
    effectively and efficiently, regardless of the message loss ratio in
    the underlying environment.
    Original languageEnglish
    JournalIEEE Access
    Publication statusPublished - 3 Aug 2016


    Dive into the research topics of 'An Adaptive Early Node Compromise Detection Scheme for Hierarchical WSNs'. Together they form a unique fingerprint.

    Cite this