Abstract
Node compromise attacks pose a serious threat to
WSNs. To launch an attack, an adversary physically captures
a node and access data or software stored on the node. Even
worse, the adversary may redeploy the captured node back into
the network and use it to launch further attacks. To reduce
the impact of a node compromise attack on network operations,
the network should detect a node compromise as early as
possible, ideally soon after a node is being captured, and then
isolate the node from future network communications. Solutions
for early node compromise detection are based on distributed
monitoring of neighbouring nodes’ aliveness. Nodes regularly
send notification (Heartbeat) messages to their one-hop neighbors
to indicate their aliveness. If no message is received from a
node (i.e., if a node is not heard) for a certain period of time,
then the unheard node is said to have been compromised. This
approach may have a large number of false positive errors when
the message loss ratio in the network is high, as missing messages
could be caused by message loss during transmission, in addition
to node compromises. This paper proposes a novel scheme, called
an Adaptive Early Node Compromise Detection (AdaptENCD)
scheme, to facilitate node compromise attack detection in a
cluster-based WSN. The scheme is designed to achieve a low
false positive ratio in the presence of various levels of message
loss ratios. To achieve this feature, two ideas are used in the
design. The first is to use cluster-based collective decision making
to detect node compromises. The second is to dynamically adjust
the rate of notification message transmissions in response to the
message loss ratio in the sender’s neighborhood. The performance
of the scheme, in terms of false positive ratio, false negative
ratio and transmission overheads, is evaluated using simulation.
The results are compared against those from the most relevant
scheme in the literature. The comparison results show that our
scheme can detect all the node compromises in the network more
effectively and efficiently, regardless of the message loss ratio in
the underlying environment.
WSNs. To launch an attack, an adversary physically captures
a node and access data or software stored on the node. Even
worse, the adversary may redeploy the captured node back into
the network and use it to launch further attacks. To reduce
the impact of a node compromise attack on network operations,
the network should detect a node compromise as early as
possible, ideally soon after a node is being captured, and then
isolate the node from future network communications. Solutions
for early node compromise detection are based on distributed
monitoring of neighbouring nodes’ aliveness. Nodes regularly
send notification (Heartbeat) messages to their one-hop neighbors
to indicate their aliveness. If no message is received from a
node (i.e., if a node is not heard) for a certain period of time,
then the unheard node is said to have been compromised. This
approach may have a large number of false positive errors when
the message loss ratio in the network is high, as missing messages
could be caused by message loss during transmission, in addition
to node compromises. This paper proposes a novel scheme, called
an Adaptive Early Node Compromise Detection (AdaptENCD)
scheme, to facilitate node compromise attack detection in a
cluster-based WSN. The scheme is designed to achieve a low
false positive ratio in the presence of various levels of message
loss ratios. To achieve this feature, two ideas are used in the
design. The first is to use cluster-based collective decision making
to detect node compromises. The second is to dynamically adjust
the rate of notification message transmissions in response to the
message loss ratio in the sender’s neighborhood. The performance
of the scheme, in terms of false positive ratio, false negative
ratio and transmission overheads, is evaluated using simulation.
The results are compared against those from the most relevant
scheme in the literature. The comparison results show that our
scheme can detect all the node compromises in the network more
effectively and efficiently, regardless of the message loss ratio in
the underlying environment.
| Original language | English |
|---|---|
| Journal | IEEE Access |
| Volume | 4 |
| DOIs | |
| Publication status | Published - 3 Aug 2016 |