Research On Defense Strategies Of False Data Injection Attacks In Wireless Sensor Networks

With the rapid development of electronics and computer technology,wireless sensor networks(WSNs)have been widely used in various applications.In these applications,a number of sensors are deployed in the monitoring field to collect the needed information and transmit the sensed data to the Sink node or base station(BS)through multi-hop wireless paths.The sensor nodes deployed in an unattended hostile environment are at high risk of being captured and compromised.Once a node is compromised,the adversary will get all the information stored in that node.Then,the adversary can easily control it to launch false data injection attacks,which can cause false alarms,damage network function,and waste limited network resources such as energy and bandwidth.In view of the security threat of false data injection attacks,this dissertation focuses on the attack models of false data injection,the en-route data filtering strategies,and the mechanism for detecting and punishing the malicious nodes.The main research achievements are summarized as follows.(1)The existing en-route filtering strategies cannot effectively defend the complex collaborative attacks of false data injection,which results in lower security.In this dissertation,the author designs a new type of false data injection attack,called the “collusion attack with forged locations”.Then,an efficient location information-based en-route filtering scheme(EGEFS)is proposed,in which each forwarding node verifies not only the message authentication codes(MACs),but also the report identifier and the legitimacy and authenticity of locations carried in a data report.Thus,EGEFS can resist various types of false data injection attacks.In addition,the author proposes a new method for electing the center-of-stimulus(CoS)node,which can ensure that only one detecting node will be elected as the CoS node to generate one data report for an event.Both theoretical analysis and simulation results demonstrate that EGEFS outperforms the existing en-route filtering schemes(SEF,GFFS,and DSF)in terms of higher security,filtering efficiency,and energy saving.(2)In order to solve the problem that the en-route filtering probability and filtering efficiency of the false reports are low,the author designs four types of false data injection attacks,and proposes an en-route filtering scheme based on alert mechanism(called EMAS).EMAS improves the en-route filtering probability and filtering efficiency of the false reports by verifying MACs,the IDs and locations of endorsing nodes,and the prev carried in an event report,and by using the alertmechanism.In addition,a report forwarding strategy with balancing the remaining energy of the sensors is proposed to defend against selective forwarding attacks.The theoretical analysis and simulation results demonstrate that,in most cases,EMAS outperforms SEF,GFFS,and EGEFS in terms of security,en-route filtering probability,filtering efficiency,and filtering energy expenditure.(3)To solve the problem that most of the existing en-route filtering schemes do not provide measures for detecting and punishing the malicious nodes,a trust value-based mechanism is proposed to identify and punish the malicious nodes in the network.When a node has any malicious behavior,its trust value will be reduced.When the trust value of a node falls below the predefined threshold,it will be considered a malicious node and will be isolated.This mechanism can mitigate the impact of malicious nodes and save network resources.(4)In order to solve the problem that the existing public key-based en-route filtering schemes are vulnerable to report disruption attacks or selective forwarding attacks,a series of public key-based security mechanisms for WSNs are proposed in this dissertation,including a mechanism for verifying the partial signatures,a substitution mechanism,and an effective report forwarding protocol.Finally,a public key-based authentication and en-route filtering scheme(PKAEF)is proposed,which can resist false data injection attacks,report disruption attacks and selective forwarding attacks,and can mitigate the impact of malicious nodes.Detailed performance analysis and evaluation show that,in most cases,PKAEF outperforms PDF and DSEDA in terms of safety,filtering efficiency,and data availability.