IDL - International Digital Library for Technology Research
Volume I, Issue III, MARCH-2017
Detection and Prevention of Attacks in Wireless
Sensor Networks: A Survey
Ms. K. DEEPA SHREE 1, Mrs. RANJANA S. CHAKRASALI 2
Dept. of Computer Science
1 M-Tech, Student B.N.M Institute of Technology, Bangalore, India
2 Guide, Assistant Professor B.N.M Institute of Technology, Bangalore, India
SURVEY PAPER
ABSTRACT- Wireless sensor networks will use a
communication channel which is insecure and have a
poor infrastructure. Wireless sensor networks consists
of spatially distributed autonomous devices and using
sensors they monitor the physical as well as the
environmental conditions, such as pressure,
temperature, sound at different locations. As the nodes
in the sensor network are deployed in the hostile
locations they are vulnerable to the attacks such as
Hello flood attack, Jamming, Wormhole, Sybil,
Sinkhole attack. These types of potential threats to
network are continuously evolving and requires
measures to detect and prevent. In this paper, we
discuss about Sybil and Wormhole attacks with
schemes to detect and prevent these attacks.
Keywords: Wireless Sensor Network, security,
attacks, Sybil and wormhole attacks, cross layer
approach.
1. INTRODUCTION: As the technology is getting
advanced there is increase in the use of Wireless
Sensor Network. The sensor nodes will be deployed in
an open and unprotected region. So, the sensor
networks will be vulnerable to the attacks such as
Wormhole, Sybil and Sinkhole attack. Usually in
many-to- one communication the opponent node will
attract the surrounding neighbor nodes with fake
identities and false routing information. The existing
system will be focusing on single layer attacks, they
will target only on one specific layer and will detect
the attack, without considering other layers. The most
1|P a g e
Available at: www.dbpublications.org
vulnerable attacks in the network layer are Sinkhole
attack, Wormhole attack and Sybil attack, Hello Flood
attack. In sinkhole attack, the attacker will introduce
itself that it is the shortest path to the destination. So,
that all the nodes will forward the packet towards the
attacker node. While, forwarding the attacker node
will drop the packet. In Sybil attack, the WSN is
subverted by the malicious node which will forge large
number of fake identities and fake information. In
Wormhole attack, the attacker node will record the
packet at one location in the network, and then tunnels
the packets to another location in the network and will
perform modification in the network from that point.
The attacks will be detected and prevented using cross
layer features and Mobile agent. It is usually done in
two phases. In first phase, the attacks are detected by
correlating the cross layer features such as MAC and
Network layer. During second phase, if the attacks are
detected, mobile agents are used to prevent the attack.
Mobile agents are used for forwarding the data, to
solve the security problem by using three step
negotiation. Through this approach, the energy
efficiency is improved, false positive rate is reduced.
2 SURVEYS
2.1 Wormhole attack Detection for Dynamic
Wireless Sensor Networks
Due to the emergence of WSN in all the fields,
security is an issue. They can connect to any network
as they are having wireless and distributed nature. The
tiny sensor nodes are deployed densely. Wormhole
attack is an security issue in this approach. Without
knowing the protocol which is used in the network it
can damage the network. Detecting them is an big
IDL - International Digital Library for Technology Research
Volume I, Issue III, MARCH-2017
issue, as they are invisible to sensor nodes because
they use a private channel. Usually in the existing
system they are considered to be static in nature, but in
this approach the attack is detected for dynamic nature
ones. So that the accuracy for detection will be good.
The data will be broadcasted to the neighbor nodes
and to the base station. Usually in the Wormhole
attack, the two malicious nodes will be connected with
tunnel. The one malicious node will be recording the
packets at one area, and forwards that to another
malicious node, the another malicious node will be
replaying the packets at another location. The remotely
located node will think that the neighbor node itself is
the sender node, and this becomes the tunnel. Now the
malicious node will make the changes in the data.
Now the packets will be transmitted faster as it uses
tunnel, as the tunnels will gives a faster transmission
path. The route which is created by the malicious node
will be shorter than the actual path, this makes a
confusion in routing protocols to take a decision. A
method has been proposed for detecting Wormhole
attack in two phases which is dynamic in nature. The
two phases are as follows, the rate of change of
neighbors is measured for each and every node in first
phase, if it is between upper and lower threshold then
it will go to second phase. The alternate path concept
is considered, if the threshold value is lower than the
alternate path then the attack is detected.
2.2 Sinkhole Attack Detection in Wireless Sensor
Networks
The multiple nodes will be sending their sensed data
to the base station. Usually in many to one
communication there is high risk of attacks which will
be occurring, where the nodes which are in the
surrounding will be attracted by the intruder with
routing information which is unfaithful. While
forwarding the data can be modified. The Sinkhole
attack is an common threat which will be occurring in
WSN. As the sensor nodes will be deployed in an open
and unsafe region. An algorithm has been presented
for detecting the intruder in the Sinkhole attack. In the
algorithm suspected nodes found are listed out by
checking the data consistency and the network flow
information is analysed to identify the intruder in the
list. The algorithm presented will be robust enough as
they deal with malicious node that hide the real
intruder. The performance will be measured by
2|P a g e
Available at: www.dbpublications.org
numerical analysis and simulation to show that the
algorithm is effective and accurate. The computation
and communication overhead will be low. WSNs
have a sensor node which will be geographically
distributed, the surroundings are monitored and the
data will be forwarded to the base station after sensing
through multi hop routing. The monitoring of
environment and geographical sensing is an common
application of WSN. The surrounding nodes are
attracted by the intruder which gives a routing
information which is unfaithful, they modify the data
by selective forwarding. The attack will prevent the
base station in getting the sensing data which is
corrected and which is complete leading to a threat.
Since the sensors have a battery power which is low
and due to the weak computation, and due to the
deployment of nodes in an unsafe region, the wireless
links are vulnerable to attacks. Several secure
mechanisms are proposed with cryptographic
technique for protecting network traffic, for high
computation overhead. Among the nodes time
synchronization is required. An light weight algorithm
has been proposed for detecting the sinkhole attack
and for identifying the intruder. To defend against the
attack cryptographic technique is used, the network
flow information has to be observed to identify the
intruder as well as the malicious node which is
isolated later to protect the network. The algorithms
has two parts, the network flow information is
collected from the attacked area, analysing the pattern
of routing and locating the intruder. Multiple
suspicious nodes and the intruders are found by using
voting method. Through simulation the performance is
measured.
2.3 Sybil Attack Detection and Prevention
MANETs does not have a fixed infrastructure. The
mobile nodes which are independent communicate
with radio waves. As they are fully distributed so they
work at any place without having an fixed
infrastructure. The attacker can fetch the information
easily as the communication medium is air by sniffing
the software tool. The network is distracted by an
attack called Sybil attack. Multiple fake identities are
created by single node. A technique is implemented
for detecting and preventing the Sybil nodes in the
network. Mobile nodes communicate directly through
wireless links to relay the messages as routers. The
IDL - International Digital Library for Technology Research
Volume I, Issue III, MARCH-2017
mobility of the node will cause the change in network
topology. As MANETs does not have infrastructure
so there is no authority to control or maintain the
network which causes the attacks. Usually these
networks are used in battlefields emergency, rescue
missions. The nodes will communicate with unique
identity which makes an one to one mapping between
entity and identity. For two distinct nodes two
identities are required. The attack will be having many
identities which gives an misjudgment for the nodes in
the network. They use identities and create false
expression of the nodes in the network. The
communication in the network among the nodes will
be disturbed. Sybil nodes have to eliminated from the
network to have a secure communication.
2.4 Wormhole Attack Detection using Time Stamp
and Security Packet
MANETs does not have an infrastructure and they
organise themselves in the network. The environment
in which the data transmission takes place cannot be
trusted. The nature of the network will be dynamic for
the communication of mobile users. The malicious
activity takes place when the expected function is not
taking place and the routing in MANET will be
disturbed. Due to the dynamic nature of MANET
attacks takes place very easily, which degrades the
performance of the network. The node which is an
attacker will be recording the data at one point in the
network and they tunnel the data to another point by
retransmitting them throughout the network. If the
Wormhole attacker node is present in the network then
that will degrade the performance of networks. A
routing protocol has been proposed called detection
protocol for Wormhole attack, where the security
packets are used with time stamp. A field is
additionally added called time stamp for finding out
the wormhole in the path established by source and
destination. Now using the security packet the position
of the malicious node is found. The results are
obtained for the parameters such as end to end delay,
throughput, and packet delivery ratio and compared
with each other. There is no centralized administration
and fixed infrastructure for the wireless mobile hosts.
The communication will be using multi hop paths. The
nodes can act as router as well as host. The nodes will
perform routing by forwarding data to other nodes
based the connectivity of the network. Even though
3|P a g e
Available at: www.dbpublications.org
the environment is trusted but there are problems such
as communication and routing in military networks,
response operations such as earthquake, flood during
emergency. As the communication channel is wireless
and open in nature, infrastructure less, deployment is
fast, so they are easily vulnerable to security problems.
The routers will be moving randomly and freely and
they organize themselves, so the topology of the
network can be unpredictably changed. While
designing the routing protocols there are several
challenges which will occur they are mobility, multi
hop, bandwidth, heterogeneity, battery power.
2.5 Wormhole attack Detection & Prevention
The next generation WSNs are the MANETs. They
does not have an infrastructure and they have a
topology will be changing dynamically. As the nodes
are mobile and they are dynamic in nature the attacks
can occur very easily. The nodes which are in close
proximity will be grouped together so that the network
clustering takes place and the network performance
will be improved. The main aim of this approach is to
enhance the network performance and improve the
nodes durability, extending the life of the network.
The AODV routing protocol is used for analyzing the
Wormhole attack, to provide security to the network a
preventive mechanism is presented. They use multi
hop radio relaying and they can work with any
infrastructure. Mobile nodes will be having multi hop
wireless links. To communicate among the nodes they
have to coordinate by distributing the resources and
managing them, maintenance of the path, routing.
Mobile nodes are collected autonomously in
MANETs. As they do not have an infrastructure and
they use the broadcast medium for transmitting the
data, so they are easily vulnerable to problems such as
security and routing. To have a secure communication
among the nodes security is needed. Integrity,
availability, confidentiality is an important aspect for
authentication. The problems occurring in the network
would be, usage of the resources and energy in
deploying the network, dynamically changing network
topology, lack of information dissemination control,
and decentralized control. Using clustering that is
getting all the nodes together can improve the
performance of the network. The load should be
balanced in the network, and robust free environment
should be provided. The packets will not be allowed
IDL - International Digital Library for Technology Research
Volume I, Issue III, MARCH-2017 Available at: www.dbpublications.org

by the attacker to reach the destination, instead they
produce their own packets and send them and consume
the bandwidth. The nodes in the MANET will be
acting as routers.
3. CONCLUSION In this survey, we have discussed
about the attacks such as Sybil attack, Wormhole attack,
Sinkhole attack occurring in the unprotected region
during node deployment. Different approaches in
detecting and preventing the attacks are also discussed.
On preventing the attacks, security problem is solved,
efficiency is improved, false positive rate is reduced,
communication cost is reduced, network load is also
reduced. Results are obtained by comparing the
proposed approach with existing System based on the
parameters such as throughput, delay, efficiency,
overhead and packet delivery ratio.
REFERENCES
Address, International Journal of Computer
Applications, Volume 122, Page No. 0975 8887, July,
2015.
[7] Edith C.H.Ngai, Jiangchuan Liu, Michael R.Lyu,
Elsevier J, An efficient intruder detection algorithm
against sinkhole attacks in wireless sensor networks,
Computer communications, Volume 30, Page No.
23532364, 6 May, 2015.
[8] M.Vidhya, V.Srinivasan, R.Sudha, Multi-layer
intrusion detection and prevention in WSNs using self-
healing module, IJSETR, Page No. 424-429, Volume
4, Issue 3, March, 2015.
[9] Manish M Patel, Akshai Aggarwal, Two Phase
Wormhole Detection Approach for Dynamic Wireless
Sensor Networks, IEEE Transactions, Page No. 2109-
2112, March, 2016.

[1] K.Abirami, B.Santhi, Sybil Attack in Wireless

Sensor Network, IJET, Issue 2, Page No. 31-38, May,
2013.

[2] Jyoti Thalor, Ms. Monika, Wormhole Attack

Detection and prevention Technique in MANET,
IJREC, Volume 3, Page No. 620-623, Issue 2, February,
2013.

[3] Dimple Saharan, Detection & Prevention of

Wormhole Attack on AODV Protocol in Mobile Adhoc
Networks, International Journal Of Engineering And
Computer Science, Volume 3, Issue 9, Page No.7979-
7985, September, 2014.

[4] Chandraprabha Rawat, Wormhole Attack Detection

Protocol using Time Stamp with Security Packet,
international Journal of Computer Science and
Information Technologies, Volume 5, Page No. 621-
626, March, 2014.

[5] Hussein Moosavi, Francis Minhthang Bui, A

Game-Theoretic Framework for Robust Optimal
Intrusion Detection in Wireless Sensor Networks,
IEEE Transactions on Information Forensics and
Security, Volume No. 9, Page No. 1367-1379, 2014.

[6] Pareek, Anamika, Mayank Sharma, Detection and

Prevention of Sybil Attack in MANET using MAC

4|P a g e