• Journal of Information Processing Systems
• /
• v.15 no.1
• /
• pp.203-216
• /
• 2019

The nature of wireless transmission has made wireless sensor networks defenseless against various attacks. This paper presents warning message counter method (WMC) to detect blackhole attack, grayhole attack and sinkhole attack in wireless sensor networks. The objective of these attackers are, to draw the nearby network traffic by false routing information and disrupt the network operation through dropping all the received packets (blackhole attack), selectively dropping the received packets (grayhole and sinkhole attack) and modifying the content of the packet (sinkhole attack). We have also attempted light weighted symmetric key cryptography to find data modification by the sinkhole node. Simulation results shows that, WMC detects sinkhole attack, blackhole attack and grayhole attack with less false positive 8% and less false negative 6%.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.9
• /
• pp.901-905
• /
• 2008

In this paper, we propose a detection scheme for sinkhole attacks in wireless sensor networks. Sinkhole attack makes packets that flow network pass through attacker. So, Sinkhole attack can be extended to various kind of attacks. We analyze sinkhole attack methods in the networks that use LQI based routing. For the purpose of response to each attack method, we propose methods to detect attacks. Our scheme can work for those sensor networks which use LQI based dynamic routing protocol. And we show the detection of sinkhole attack can be achieved by using a few detector nodes.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.3
• /
• pp.31-36
• /
• 2010

In this paper, We propose a transaction signing-based authentication scheme for protecting sinkhole attacks in wireless sensor networks. Sinkhole attack makes packets that flow network pass through attacker. So, Sinkhole attack can be extended to various kind of attacks such as denial of service attacks, selective delivery or data tamper etc. We analyze sinkhole attack methods in directed diffusion based wireless sensor networks. For the purpose of response to attack method, Transaction signing-based authentication scheme is proposed. This scheme can work for those sensor networks which use directed diffusion based wireless sensor networks. The validity of proposed scheme is provided by BAN logic.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.26 no.4
• /
• pp.267-272
• /
• 2016

Wireless sensor networks (WSNs) are vulnerable to external intrusions due to the wireless communication characteristics and limited hardware resources. Thus, the attacker can cause sinkhole attack while intruding the network. INSENS is proposed for preventing the sinkhole attack. INSENS uses the three symmetric keys in order to prevent such sinkhole attacks. However, the sinkhole attack occurs again, even in the presence of INSENS, through the compromised node because INSENS does not consider the node being compromised. In this paper, we propose a method to counter the sinkhole attack by considering the compromised node, based on the neighboring nodes' information. The goals of the proposed method are i) network reliability improvement and ii) energy conservation through effective prevention of the sinkhole attack by detecting compromised nodes. The experimental results demonstrate that the proposed method can save up to, on average, 19.90% of energy while increasing up to, on average, 71.50%, the report reliability against internal sinkhole attacks in comparison to INSENS.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2007.11a
• /
• pp.377-382
• /
• 2007

Mobile ad hoc network(MANET) is a kind of wireless network which has no infrastructure. Each component node of MANET can move freely and communicate based on wireless peer to peer mode. Because of its vulnerable routing protocols, MANET is exposed to many kinds of attacks. A sinkhole attack is one of the representative attacks in MANET caused by attempts to draw all network traffic to a sinkhole node. This paper focuses on the sinkhole problem on Dynamic Source Routing(DSR) protocol in MANET. To detect the sinkhole node, we extract several useful sinkhole indicators through analyzing the sinkhole problem, then propose an efficient detection method based on an incremental learning algorithm. The simulation results show that the proposed method is effective and reliable for detecting sinkhole intrusion.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.44 no.1
• /
• pp.113-121
• /
• 2007

Commonly, in the Sensor Network that composed with multiple nodes uses Ad-hoc protocol to communicate each other. Each sensed data packets are collected by base node and processed by Host PC. But the Ad-hoc protocol is too vulnerable to Sinkhole attack, where the intruder attracts surrounding nodes with unfaithful routing information, and then performs selective forwarding or changes the data passing through it. The Sinkhole attack increases overhead over the network and boosts energy consumption speed to decrease network's life time. Since the other attacks can be easily adopted through sinkhole attack, the countermeasure must be considered carefully. In this paper, we proposed the Hop-depth algorithm that detects intruder in Sinkhole attack and colluded nodes. First, the proposed algorithm makes list of suspected nodes and identifies the real intruder in the suspected node list through the Hop-depth count value. And recalculates colluder's path information to find the real intruder. We evaluated the performance of the proposed algorithm using NS2. We compared and analyzed the success ratio of finding real intruder, false positive ratio, false negative ratio, and energy consumption.

• Journal of Internet Computing and Services
• /
• v.11 no.2
• /
• pp.85-98
• /
• 2010

An advanced and proactive response mechanism against diverse attacks on All-IP network should be proposed for enhancing its security and reliability on open network. There are two main research works related to this study. First one is the SPIE system with hash function on Bloom filter and second one is the Sinkhole routing mechanism using BGP protocol for verifying its transmission path. Therefore, advanced traceback and network management mechanism also should be necessary on All-IP network environments against DDoS attacks. In this study, we studied and proposed a new IP traceback mechanism on All-IP network environments based on existing SPIE and Sinkhole routing model when diverse DDoS attacks would be happen. Proposed mechanism has a Manager module for controlling the regional router with using packet monitoring and filtering mechanism to trace and find the attack packet's real transmission path. Proposed mechanism uses simplified and optimized memory for storing and memorizing the packet's hash value on bloom filter, with which we can find and determine the attacker's real location on open network. Additionally, proposed mechanism provides advanced packet aggregation and monitoring/control module based on existing Sinkhole routing method. Therefore, we can provide an optimized one in All-IP network by combining the strength on existing two mechanisms. And the traceback performance also can be enhanced compared with previously suggested mechanism.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.10
• /
• pp.2733-2740
• /
• 2009

An advanced and proactive response mechanism against diverse attacks on All-IP network should be proposed for enhance its security and reliability on open network. There are two main research works related to this study. First one is the SPIE system with hash function on Bloom filter and second one is the Sinkhole routing mechanism using BGP protocol for verifying its transmission path. In this study, we proposed an advanced IP Tracing mechanism based on Bloom filter and Sinkhole routing mechanism. Proposed mechanism has a Manager module for controlling the regional router with using packet monitoring and filtering mechanism to trace and find the attack packet's real transmission path. Additionally, proposed mechanism provides advanced packet aggregation and monitoring/control module based on existing Sinkhole routing method. Therefore, we can provide an optimized one in All-IP network by combining the strength on existing two mechanisms. And the Tracing performance also can be enhanced compared with previously suggested mechanism.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5354-5369
• /
• 2019

Sensor networks are deployed in unheeded environment to monitor the situation. In view of the unheeded environment and by the nature of their communication channel sensor nodes are vulnerable to various attacks most commonly malicious packet dropping attacks namely blackhole, grayhole attack and sinkhole attack. In each of these attacks, the attackers capture the sensor nodes to inject fake details, to deceive other sensor nodes and to interrupt the network traffic by packet dropping. In all such attacks, the compromised node advertises itself with fake routing facts to draw its neighbor traffic and to plunge the data packets. False routing advertisement play vital role in deceiving genuine node in network. In this paper, behavior based routing misbehavior detection (BRMD) is designed in wireless sensor networks to detect false advertiser node in the network. Herein the sensor nodes are monitored by its neighbor. The node which attracts more neighbor traffic by fake routing advertisement and involves the malicious activities such as packet dropping, selective packet dropping and tampering data are detected by its various behaviors and isolated from the network. To estimate the effectiveness of the proposed technique, Network Simulator 2.34 is used. In addition packet delivery ratio, throughput and end-to-end delay of BRMD are compared with other existing routing protocols and as a consequence it is shown that BRMD performs better. The outcome also demonstrates that BRMD yields lesser false positive (less than 6%) and false negative (less than 4%) encountered in various attack detection.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.23 no.6
• /
• pp.558-564
• /
• 2013

Wireless sensor networks (WSNs) contain limited energy resources and are left in open environments. Since these sensor nodes are self-operated, attacks such as sinkhole attacks are possible as they can be compromised by an adversary. The sinkhole attack may cause to change initially constructed routing paths, and capture of significant information at the compromised node. A localized encryption and authentication protocol (LEAP) has been proposed to authenticate packets and node states by using four types of keys against the sinkhole attack. Even though this novel approach can securely transmits the packets to a base station, the packets are forwarded along the constructed paths without checking the next hop node states. In this paper, we propose the next hop node selection method to cater this problem. Our proposed method evaluates the next hop node considering three factors (i.e., remaining energy level, number of shared keys, and number of filtered false packets). When the suitability criterion for next hop node selection is satisfied against a fix threshold value, the packet is forwarded to the next hop node. We aim to enhance energy efficiency and a detour of attacked areas to be effectively selected Experimental results demonstrate validity of the proposed method with up to 6% energy saving against the sinkhole attack as compared to the LEAP.