A Synopsis

On

Detection of Sinkhole attack

in
Wireless Sensor Network
Submitted in partial fulfillment of the requirements
For the award of the degree of
Master of Technology
In
Computer Science & Engineering
Submitted by
Monika kamra
Under the supervision of
Mrs.Seema Kharb
(Assistant Professor)

Bhagwan Mahavir Institute Of Engineering and Technology

Fazilpur, Sonipat
Affiliated to DCRUST University, Sonipat

1.1PROBLEM STATEMENT

To design a mechanism that can efficiently handle various security aspects.

1.2OBJECTIVES

To design mechanism that can detect the intrusion in the network.

To design mechanism that can handle resource constraints.

1.3INTRODUCTION
WIRELESS SENSOR NETWORK(WSN) are small, light weight nodes deployed over a large region
to sense the environment physical parameters like temperature, pressure, humidity etc. Wireless sensor
nodes collects the data from environment, sent the data to sink that processes the data and sent it to sink
via the internet[6].

Fig1.Wireless sensor network architecture[5]

Fig.1 shows the architecture of wireless sensor network. It consist of large number of sensor nodes,
sink that acts as a gateway. Data is sent from sensor nodes to gateway and then to user via the internet.
[4]WSN has many applications in various fields like ocean and wildlife monitoring, military
application, industries, offices, homes, highway traffic, wildfire, water quality, heart rate monitoring
etc.
In all these applications the main purpose is to convert raw data into aggregated information. Also they
are deployed in wireless medium, Hence protecting the data and providing security is the main issue in

WSN. Also there are many reasons except wireless transmission medium that makes Security as one of
the main research area. These are:1.The nodes are deployed in accessible areas and closely related to physical environment, therefore
adding security threat is easy.
2.Broad nature of transmission medium.
3.Nodes are placed in dangerous and hostile environment where they are vulnerable to physical attack.

2.LITERATURE REVIEW

2.1SECURITY REQUIREMENTS
[1,2,5]These provides a deep light on the various requirements which are essential for providing a
complete security solution to the WSN.These can be classified as:- Traditional security requirement and
Specific to WSN.
TRADITIONAL SECURITY REQUIREMENTS ARE:[5]2.1.1DATA CONFIDENTIALITY:-A sensor network should not leak sensor reading to its
neighbors. It should be encrypted to some extent to protect against traffic analysis attack.
2.1.2INTEGRITY:-Received data must not be altered in transit. A malicious node may not be able to
add or manipulate the data within fragments.
2.1.3AVAILABILITY:-Data must be available on time when user requires and protect from
unauthorized user.
2.1.4AUTHENTICATION:-Receiver must ensures that data comes from original source.
REQUIREMENTS SPECIFIC TO WSN ARE:2.1.5SELF ORGANIZATION:-Every sensor node must be independent and flexible enough enough
to be self organizing and self healing according to different situation.
2.1.6TIME SYNCHRONIZATION:-A sensor node must computes end to end delay of a packet when
as it travels to another node.
2.1.7DATA FRESHNESS:-It stated that data is recent and no old messages have been replayed.

2.2ATTACKS
There are 2 types of attack on Sensor Nodes:2.2.1.Active attack
2.2.2.Passive attack

2.2.1ACTIVE ATTACK
[3]The unauthorized attackers monitors, listen to and listen the data stream in the communication
channel are called as active attack.
The following attacks are active in nature:2.2.1.1.ROUTING ATTACKS IN SENSOR NETWORK:-The attack which act on network layer is
called routing attack.

The following are the attacks that happen while routing the messages2.2.1.1.1Spoofed, altered and replayed routing information:-An unprotected ad hoc routing is
vulnerable to such type of attacks, as every node acts as router and can therefore affect routing
information. It creates routing loops, extend or shorten service routes, generates false error messages,
increase latency.
2.2.1.1.2.Selective forwarding:-A malicious node selectively drop only certain packets, especially
effective when combined with an attack that gather much traffic via that node.
2.1.1.1.3.Sinkhole attack:- Attracting traffic to specific node is called as sink hole attack. Adversary
attract all the traffic from particular areas. It work by making the compromised node look attractive to
surrounding node.
2.1.1.1.4.Sybil attack:-A single node duplicates itself and presented itself at multiple location as a
different identity. It target fault tolerant schemes such as topology maintainance.
2.1.1.1.5.Wormhole attack:-An attacker records packets at one location in the network, tunnels them
to another location and retransmit them in the network.
2.1.1.1.6HELLO flood attack:-An attacker sends or replays a routing protocols HELLO packets from
one node to another with more energy.
2.2.1.2.DENIAL OF SERVICE ATTACK:-It is produced by unintentional failure of nodes or
malicious actions. This attack is not meant only for adversary to disrupt, or destroy a network but also
for event that diminishes a networks capability to provide a service i.e is performed at different layers:
At physical layer, it can be jamming or tampering.
At link layer, it can be collision, exhaustion and unfairness.
At network layer, It can be homing or misdirection, black holes.
At transport layer, it can be malicious flooding or desynchronisation.
2.2.1.3 MESSAGE CORRUPTION:-Any modification to content of message by an attacker
compromises its integrity.

2.2.2 PASSIVE ATTACK

The monitoring or listening of the communication channel by unauthorized attackers are known as
passive attack.
The following attacks come under passive attack:-

2.2.2.1 ATTACK AGAINST PRIVACY:- Most information of sensor network comes direct
from direct site surveillance sensor node intensify privacy problem as most of the information easily
available through available access. Adversary need not to be present physically to maintain
surveillance. They can gather information at low risk in anonymous manner. Some of the attacks are:-

2.2.2.1.1Monitor and Eavesdropping:-Most common attack to privacy. By snooping to the data,

adversary could easily discover the communication content.
2.2.2.1.2Traffic Analysis:-When messages transferred are encrypted, it still leaves the high possibility
of communication patterns and adversary reveals the information to cause malicious harm to sensor
network.
2.2.2.1.3.Camouflage Adversaries:-One can insert their node or compromise the node to hide in
sensor network .after that these node can copy as normal node to attract the packets, then misroute the
packets causing privacy analysis.
Of the various attacks Sinkhole attack is considered as the biggest threat in WSN which
spoils the overall communication by preventing the base station from obtaining complete and correct
sensing data. Hence,in this dissertation w will focus on detection of sinkhole attack.

2.3SINKHOLE ATTACK
[8]It is a type of network layer attack where the adversary tries to attract traffic from nearby areas
through malicious node and thus creating sinkhole with adversary at the centre. The malicious node
looks attractive to all the nearby nodes.
For e.g:-an adversary plays the trick by advertisement for high quality route to a base station. Due to
the real or imaginary high quality route through the malicious node,the neighboring nodes of the
adversary will forward all the packets destined to the base station through the adversary and also
propogate the attractiveness of the route to its neighbors.In this way,the adversary creates large sphere
of influence attracting all traffic destined for a base station from several nodes away from the malicious
node.
There are two scenarios in which sinkhole attack can work
1.Intruder has more power than other nodes.
2.Intruder has same power than other nodes.
But in both the cases Intruder claims to have shortest path to the base station,so that it can attract
network traffic.

Fig.2.sinkhole attack
Fig2. Shows the sinkhole attack.All the nodes attracts towards the malicious node and prevent the base
station from obtaining complete and correct information
Sinkhole attack enables many other attacks. for e.g:-selective forwarding.

2.3.1CHALLENGES IN DETECTING SINKHOLE ATTACK

[10]As per literature,there are various challenges in sinkhole attack detection in
WSN. These are:2.3.1.1COMMUNICATION PATTERN IN WSN
All the messages from sensor nodes are destined for the base station. Therefore, the intruder needs the
malicious node to be close to the base station instead of targeting all nodes in the network.
2.3.1.2DYNAMIC NATURE OF WSN
Sensor network is a type of ad hoc network and is used for communication. Not always but in some
cases it can move.
2.3.1.3.RESOURCE CONSTRAINTS
The limited power supply, low communication range,low memory capacity and low computation power
of the sensors are the main constraints that hinders the implementation of strong security.
2.3.1.4VULNERABILITY TO PHYSICAL ATTACK
Wireless sensor nodes are deployed in hostile environment and left unattended. This provides the
intruder to attack a node physically and get access to all necessary information.
2.3.1.5VULNERABILITY TO KEY COMPROMISES
An intruder may crack key stored inside the sensor node.

2.3.2SINKHOLE DETECTION METHODS

[7]As per literature ,some of the sinkhole detection methods:2.3.2.1DATA CONSISTENCY AND NETWORK FLOW INFORMATION APPROACH
It involves base station in detection process,resulting in high communication cost for the protocol. The
base station floods the network with request message containing the IDs of affected nodes.The affected
nodes reply to the base station with message containing the IDs,IDs of the next hop and associated cost.

The received information is used by the base station to construct network flow graph for identifying the
sinkhole.
Pros:-1.It is robust to deal with malicious node that tries to hide the real intruder.
2.It suggests that its communication and computation overheads are low for WSN.
2.3.2.2HOP COUNT MONITORING SCHEME
It detects the presence of sinkhole attack by hop count monitoring as hop count is easily obtained from
routing table.
Pros:-1.Is is simple to implement
2.It detects attack with almost 100% accuracy and gives no false alarms.
2.3.2.3RSSI BASED SCHEME
It detects sinkhole attack based on Received Signal Strength Indicator. It uses values of RSSI from
EM(extra monitor) nodes to determine position of all sensor nodes where base station is located at
origin.This information is used to detect sinkhole attack.
Pros:-1.I is light in weight and robust.
2.It does not cause communication overhead.
2.3.2.4.MONITORING NODES CPU USAGE
It is used for large scale WSN for detection of sinkhole attacks.It is formulated as a change point
detection problem.The CPU usage of each sensor node is monitored and analyzes the consistency of the
CPU usage.The base station calculates the difference of CPU usage of each node.by comparing the
difference with the threshold. The base Station identify whether the node is malicious or not.
Pros:-It is used to differentiate between malicious and ordinary nodes.
2.3.2.5.MOBILE AGENT BASED APPROACH
The mobile agents is used to defend against sinkhole attacks. Mobile Agent is a program which is self
controlling.They navigate from node to node and transmitting data and doing computation
Mobile nodes collect information about all sensor nodes to make every node aware of entire network so
that node will not listen to cheating information from malicious node which leads to sinkhole attack.
Pros:-1.It doesnot need any encryption and decryption mechanism to detect the sinkhole attack.
2.It doesnot require more energy than normal routing protocol.
2.3.2.6.MESSAGE DIGEST ALGORITHM
In this exact sinkhole is detected by using one way hash chains.Destination detects the attack only

when the digest obtained from trustable forward path and digest obtained from trustable node to the
destination are different.
Pros:-1.Data integrity of message is ensured.
2.Robust to deal with malicious node.

2.3.2 LEADER BASED MONITORING APPROACH FOR SINKHOLE

ATTACK
It is cost effective and resource effective technique in which a leader is elected for solving the IDS in
WSN. The WSN area is split into regions. Each region is considered as sub network and nodes is
assigned with energy value 100 and base station is assigned highest energy value.
In the initial stage, there is a random node considered as a leader node and the other nodes as regular
nodes,While constructing the nodes,it has to register its information to the clusterhead. At the time of
data transaction the leader will be elected on the basis of highest energy.This approach detects the
intrusion on the basis of algorithm as explained below:-

Phase I: Leader Election Algorithm

1. Start procedure leader_election_model()
2. G = {N, E}, network G with N number of nodes are connected with edges E.
3. G = {{G1},{G2},{G3},....{Gi},....{Gm}}
4. Find center of G and elect a leader in that place as C
5. for i= 1 to m
6. N = {n1,n2,n3...ni,...nn } // number of nodes in group Gi
7. Assume Eo = 100, To =0; // initial energy to all nodes and time starts from 0.
8. At every time ti, calculate ei for all the nodes
9. Elect the cluster Ci = e(ni) > e(n1,n2,n3...nm)
10. Repeat step 7 and 8 for all the Gi
11. Call LBIDS()
12. End procedure
Phase II: Algorithm For Avoid Malicious

1. Start procedure LBIDS()

2. ni <- source node
3. nj<- destination node
4. Find route from nito nj
5. Let route R = {ni, na,nb,nc,....,nj}
6. Call checkIDS(R)
7. End if
Phase III: CheckIDS Algorithm
1. Start procedure checkIDS(R)
2. Route <- get nodes of R
3. Compare ID and location of route nodes
4. if ID, location exists in the info table
5. return " continue"
6. else
7. return "change the path"
8. end if

REFERENCES
[1]. Babli kumari, Jyoti Sukla Secure Routing In Wireless sensor Network,IJARCSSE,pp,746-751,vol.3,issue 8,aug 2013.
[2].Parveena Chaturvedi Introduction to Wireless Sensor NetworkIJARCSSE,pp.33-36.vol.2,issue 10,October 2012.
[3].G. Padmavathi,D Shanmugapriya,A Survey On Attacks and Security Mechanisms and challenges in wireless sensor
network,IJCSIS,vol.4.no.1 &2,2009.
[4].Jennifer Yick,Biswanath mukherjee,dipak ghosal,Wireless Sensor network Survey,Elsevier Publicaton,2008
[5].John Paul Walters, Zhengqiang, wireless sensor network security: a survey security in distributed, grid and pervasive
computing, Auerbach Publications, CRC Press,2006.
[6].Chee-yee and Srikantap kumar, Sensor Networks: evolution, Opportunities and challenges,proceeding of
IEEE,vol.91,no.8,august 2003.
[7].Vinay soni,Pratik modiDetecting Sinkhole Attack in WSN,IJAIEM,vol-2,Issue 2,feb 2013.
[8].Junaid Ahsenali et al,Dealing With Sinkhole Attack in WSN,Advanced Science and Technology Letters,vol.29,pp.7-12
[9].Udaya Suriya Rajkumar,Rajamani Vayanaperiumai,A LEADER BASED MONITORING APPROACH FOR
SINKHOLE ATTACK IN WSN,journal Of Computer Science,ISSN:1549-3636.
[10].Junaid Ahseli Chaudhary et al,Sinkhole Vunerabilities In WSN,vol.8,no.1(2014).