Attack Detection And Defense Technologies In Wireless Sensor Networks

Wireless sensor networks are composed by the perceivable micro-device which called sensor nodes. They can be easily deployed in many environments and sense real-time data. Following the recent advances in manufacturing technology and communication technology, it is technically and economically practical to manufacture a large number of sensor nodes. Because of this, wireless sensor networks are widely used in many applications.Wireless sensor networks can satisfy many particular scenarios, and has a wide range of applications in military, industrial, home and environmental monitoring. In these scenarios, the network has very high security requirements. Security has become a major obstacle to restrict the extensive application of wireless sensor. Moreover, the resources of the sensor node itself is restricted, such as computing power, storage capacity and limited energy, thus introducing more challenges to address the security issues.Security issues usually come from a variety of attacks in wireless sensor networks. In fact, if no attack occurred, there is no need for security. In this paper, we research on attacks and countermeasures in wireless sensor networks. According to the stages of data exchange and three elements:node, packet, and route, these attacks are divided into three categories:node-related attacks, packet-related attacks and route-related attacks. Based on the classification, we carried out a detailed study of an attack in every type. The main contribution of this paper is as follows:(1) Sybil attack detection based on space constraintsSybil attack can rig the vote on group-based decisions such as distributed storage, disparity, multipath routing and topology maintenance, so attack detection and defense is very important in wireless sensor networks. In this paper, we proposed a sybil attack detection methods, which ranged from the multi-dimensional analysis. This method can not only detect malicious nodes, but also has good inhibition with anti-detection function of intelligent malicious node. On one hand, this method detects sybil attack by the anchor node localization while the angle is known and the signal strength is stable. On the other hand, the signal strength is susceptible to interference between the anchor node coordinates and sensor nodes malicious node to the angle positioning. The experimental results show that this mechanism can effectively detect sybil attacks, to improve the security of wireless sensor networks, and intelligent anti-detection techniques for malicious nodes, with good detection results. At the same time due to the positioning method is low cost, suitable for different occasions, with a wide range of practicality.(2) Layer cluster topology local-based dynamic key management schemeMajorities of wireless communication use wireless medium and broadcast by nature, attackers monitor the traffics in transmission on communication channels and collect data without senders and receivers’awareness. If these data is not encrypted, attacker can easily get the real content of the message. In this chapter, we designed a dynamic key management scheme based on layer-cluster framework, by reducing the number of rekeying nodes in the dynamic key negotiation process, save under conditions to protect the security key negotiation energy, In this method, sink node assume responsibility for calculating the key update process and send the secret key information to the cluster head node, which is processed by the Chinese Remainder Theorem. Then, the cluster head node broadcasts information to compute the key. According to the brothers cluster head information send by sink node, cluster head node can generate inter-cluster group key alone.(3) Time expenses clustering-based wormhole attack detection schemeWireless sensor networks use multi-hop routing and wireless communication to transfer data, thus incur more attacks. Wormhole attack is a major form of routing attacks, wormhole based on packet relay attack is a more subtle attack, it does not require network authentication, but only relay packets. This type of attack detection methods based on the distance from the boundary principle, specifically divided into two categories:one is to use special equipment to determine the actual location of the node, which requires a higher cost; another is based on the statistical methods to analyze which requires a lot of statistical data. When wormhole attack tunnel is short, the false position rate and false negative rate is high. In this chapter, we used k-means algorithm to detect malicious neighbor through by learning from the time spending, which improve the accuracy of the detection in the shorter wormhole attack tunnel. In the proposed method, a sensor can detect the fake neighbors which cause by wormhole through the neighbor discovery process, and then a k-means clustering based method is used to detect wormhole attack according to the neighbor information. The experiments show that the algorithm has high detection efficiency and very low false positive rate, which can effectively detect the wormhole attack generated by the neighbor discovery phase.(4) Verified system design and experimentIn order to validate the proposed research, we designed wireless sensor attack detection and prevention technology verification system which based on our laboratory-based wireless sensor network platform. And wormhole attack detection scheme based on clustering is deployed to the verification system. The experiments show that the proposed algorithm can accurately detect and prevent attacks.