Sage Journals: Discover world-class research

Abstract

A sparse wireless sensor network for forest fire detection is considered. It is assumed that two types of malicious nodes can exist in this network. The malicious behaviors are assumed to be concealed through some statistical behavior. A lightweight centralized trust-based model is proposed to detect malicious or misbehaving nodes. We assume that all nodes contribute to this process through the gathering of statistical data related to communication with their neighbors. These data are periodically sent to a base station, where all trust functions are executed. A simulation model is built to evaluate system performance, and the results show that the proposed model is efficient in detecting all types of considered malicious nodes.

Keywords

Trust model Internet of Things network security ad hoc networks malicious node jamming node selfish node

Introduction

The widespread popularity of the Internet has engendered a new form of communication in which all smart objects can be connected together to form what has become known as the Internet of Things (IoT).¹ The IoT has initiated a vibrant research field that combines computer networks and electronics technology. Its most common manifestation is as a Wireless Sensor Network (WSN), which consists of sensor nodes with very limited resources.^2,3 This has made the IoT category vulnerable to malicious attacks and very hard to protect.⁴

A typical application of the IoT can be found in the early detection of forest fires,^5,6 which is important in preserving forests. A forest fire is precipitated by weather conditions or human negligence,⁷ and can quickly become unmanageable and out of control, spreading quickly and causing serious damage. Early detection may aid in environmental protection and minimize damage.⁸ WSNs, which consist of tiny, cheap, and low-power sensor devices, may have the ability to detect fires early through the use of spatially separated sensor nodes that collaboratively collect, process, and disseminate environmental data through a wireless broadcast medium. The immediate notification of a fire occurrence, which is the most critical issue in a forest fire detection system, can be provided through a WSN that will detect any signs of fire in real time with a high degree of accuracy.³

Forest fire detection systems consist of nodes deployed randomly in a forest area. These nodes collect information, such as atmospheric humidity, air temperature, wind speed and direction, smoke, atmospheric pressure, and other fire monitoring parameters. When a significant change in sensor data is detected by some sensor nodes, they broadcast packets that contain their measurements. These packets are received by the nodes that are in the broadcast region of the sender and relay them until they reach the node that acts as the base station.⁵ A typical scenario is shown in Figure 1.

Figure 1.

Typical forest fire detection system.

Detecting and predicting a forest fire promptly and accurately can help minimize the loss of forests, wild animals, and human life. Therefore, any malicious behavior that blocks this information from reaching the base station could cause substantial damage.³ In most cases, WSNs usually exist in hostile environments and are vulnerable to both external and internal malicious attacks. The most common attacks include eavesdropping, fabrication or modification of packets, and clones of nodes. Consequently, to ensure the proper operation of such networks, issues such as privacy, availability, data authentication, and integrity need to be addressed.

These nodes need to be deployed for long periods of time and need to be left operating unattended with a self-powered battery, which requires them to have low processing and communication power. However, these characteristics lead to a favorable environment for easily compromising these nodes. Thus, some means of protection, or at least detection, needs to be devised to isolate any malicious or misbehaving nodes. However, it is unpractical and even unfeasible to equip these sensor nodes with strong and computation-intensive security means. Only lightweight means will be efficient in such situations,⁹ with trust-based means being among the most prominent.

The WSN can be considered as the sensor layer in the IoT three-layer model.¹⁰ The two other layers are the edge (or sink or gateway) layer and the Cloud (or application or end-user) layer. In the current study, emphasis is placed on the sensor layer. Nevertheless, it is assumed that all sensor nodes feed some information to a base station located at the edge layer.

In this paper, we propose a lightweight trust-based model that effectively detects concealed malicious nodes. We consider two types of malicious attacks: jamming and selfishness. The model maintains one level of trust in which each node monitors its one-hop neighbor’s behavior and gathers some pertinent information, which is ultimately gathered by the base station and evaluated using some trust measures. The trust measures are based on current and past trust values to detect a concealed malicious node that is trying to change its behavior after a long period and act as a normal node. The aim of the solution is to propose an efficient trust model that is able to detect concealed malicious nodes with little memory and minimal computational power required. Along with a high detection rate of malicious nodes, there needs to be a low rate of erroneously flagging non-malicious nodes as malicious.

The rest of this paper is organized as follows: Section 2 presents recent related work. In Section 3, we propose a mathematical model for the considered system. In Section 4, the proposed trust model is presented. Finally, performance evaluation, including results and a comparison, are presented in Section 5.

Related work

The broad concept of trust-based security models designed for pervasive computing environments was introduced in Boukerche and Ren¹¹ through a model known as the Trust Computation and Management System (TOMS). The model was set to be applicable for dynamic and agile environments, such as Mobile Ad hoc Networks (MANETs) and WSNs. Each mobile node equipped with TOMS assesses its neighboring nodes according to their activities and contributions, and selects the most trustworthy path in its communication.

Various models have been suggested to evaluate the trust measures in WSNs. The first reputation- and trust-based model that was designed exclusively for sensor networks was presented and developed in Ganeriwal et al.¹² It was a Bayesian-based formulation for the representation of a node reputation and trust evolution. This was achieved through a watchdog mechanism that monitors the behavior of neighboring nodes in terms of data forwarding and raw sensing data consistency. A similar formulation in Liqin and Chuang¹³ provided a mechanism that uses the node’s past trust to predict its future trust. A Bayesian model was proposed by Momani et al.^14,15 that combines the communication components to be used in our model and some data components as well. The method also uses well-known probability density functions to both evaluate the trust values and classify the sensor nodes. Comparatively, our model is both lighter in weight and has a better performance (as will be shown in the comparison section).

A behavioral-based model was proposed in Huang et al.¹⁶ The trust was formulated as a combination of the direct trust value to the target node and was evaluated independently by the trust issuer, based on previous interactions and network traffic monitoring metrics. In the indirect case, the trust value was derived from the recommendations of neighboring nodes. These computations were run in the middleware of every node, in a completely distributed manner. Implementing such a technique is very challenging given the small and stringent node resources. A central repository for storing the reputation of every entity in the system can be suggested to resolve such limitations, as we show in our current proposed model.

A Group-Based Trust-Management Scheme (GTMS) for clustered WSNs was proposed in Shaikh et al.¹⁷ Its aim was to detect and prevent selfish, faulty and malicious nodes. However, it did not take into account the dynamic aspects of trust and pre-deployment knowledge of sensor nodes. Moreover, a GTMS has significant communication overhead in terms of calculations needed to determine a node’s trust value. A remedy was followed in Zhang et al.¹⁸ where the proposed trust-management architecture was hierarchical, and aimed at improving the trust evaluation process by taking into account the dynamic aspects of trust.

A combined trust model that effectively discovers trustworthy devices and eliminates malicious ones was proposed in Denko et al.¹⁹ The model uses both direct experience with other nodes and recommendations related to its services. A probabilistic approach using Bayesian inference was used in the decision-making process. A very similar model that uses both direct and indirect trust computations was presented in Duan et al.²⁰ The differences are in the industrial environment where it is applied and in the centralized computation and decisions executed by the network manager.

A trust-management protocol was proposed in Bao et al.²¹ that is characterized by a hierarchical structure that maintains two levels of trust: sensor node-level trust and Cluster Head (CH)-level trust. Its implementation is based on using periodic peer-to-peer trust evaluations between two sensor nodes and two CHs. The trust metric is composed of social and Quality of Service (QoS) trusts to take into account the effect of both aspects. Social trust in the context of wireless sensors may include intimacy, honesty, privacy, centrality, and connectivity, while QoS trust may include competence, cooperativeness, reliability, and task completion capability.

A design algorithm was presented in Ukil.²² It optimizes both reliability and communication efficiencies at the cost of the possibility of not sending data through the shortest route. The algorithm uses a combination of trust- and reputation-based collaborating computing models, which gives reliability preference over efficiency.

A trust-based access control scheme was proposed in Mahalle et al.²³ The approach uses the notion of trust levels for identity management. A fuzzy approach framework is defined, then the computed fuzzy trust values are mapped to a set of permissions and access credentials. The established trust management was shown to be both scalable and energy efficient.

In a mobile environment, a distributed model was presented in Meghanathan.²⁴ Data aggregation is utilized, taking into account the dynamically changing topology. The beacon data gathered in the neighborhood are used by each sensor node to maintain an estimate of the trust score of each of its neighbors.

In an underwater environment, which is characterized by unreliable communication channel and mobile network environments, the authors in Han et al.²⁵ proposed a trust model that ought to achieve accurate and energy-efficient evaluation. The proposed model is based on multidimensional trust metrics (ARTMMs). ARTMMs mainly consist of three types of trust metrics: link trust, data trust, and node trust.

System model

Considered network

The considered network consists of N static wireless sensor nodes randomly deployed in a sparse manner over a large area of an open forest where the sensors record data pertinent to fire detection. The collected data can include information such as air humidity, ambient temperature, wind speed and direction, smoke level, and atmospheric pressure. These data are sent to the base station through the formed mesh network. The data are then analyzed, and a decision is made as to whether there are any signs of a fire.^26,27

In the event of a fire, the closest neighboring nodes detecting a sign of the fire through one or more of their sensors send an alarm packet to the base station. As time progresses, the fire and its signs may expand to a certain area, where all nodes sense it and send alarm packets to the base station.

Following this operation mode, the network can be modeled by fire events occurring at random locations followed by alarm packets sent by nodes within a certain fixed area. The complexity of such a model will be significant due to the requirements for determining the nodes that exist within a fixed area but with random coordinates. Instead, the network can be approximated by a set of contiguous fixed rectangular zones. The occurrence of a fire within any zone will trigger an alarm that will be sent to the base station by all nodes existing within the boundaries of that zone. As the size of these zones decreases, the approximation may improve, but with an increase in complexity.

It is assumed that events may happen randomly in all zones. Alarm packets are sent by sensor nodes (depending on their energy level) to the base station through the use of a multihop routing protocol. The collected information about the node’s neighbors is assumed to be sent by all nodes on a separate communication channel to the base station. The interactions among sensors are bridged via ZigBee connections.

Normal nodes

A normal node may transmit two types of packet: generated packets by the node itself to send alarms, or relayed packets to be transmitted to the next-hop, and which include all packets arriving from other nodes, using the considered node as a relay node.

Generated packets

Given the sending threshold $e_{s}^{T}$ , a packet generated by the node will be either transmitted or dropped according to Algorithm 1, where $e_{r}^{(n)}$ is the normalized remaining energy in the node at time n, $E_{r}^{(n)}$ the remaining energy at time n, $E_{t}$ the total initial energy, and $P_{N s}^{(n)}$ the sending probability.

Algorithm 1 Generated packet at a normal node.

for every event sensed do

e_{r}^{(n)} \leftarrow \frac{E_{r}^{(n)}}{E_{t}}

e_{r}^{(n)} > e_{s}^{T}

then

P_{N s}^{(n)} \leftarrow 1

else

P_{N s}^{(n)} \leftarrow e_{r}^{(n)}

end if

p \leftarrow rand [0, 1]

p < P_{N s}^{(n)}

then

Generate packet

else

do not generate packet

end if

end for

Relayed packets

Given an energy threshold $e_{r}^{T}$ , a packet received from the preceding nodes will be forwarded to the next-hop node or dropped according to Algorithm 2, where $P_{N r}^{(n)}$ is the relaying probability.

Algorithm 2 Relayed packet at a normal node.

for every packet received do

e_{r}^{(n)} \leftarrow \frac{E_{r}^{(n)}}{E_{t}}

e_{r}^{(n)} > e_{r}^{T}

then

P_{N r}^{(n)} \leftarrow 1

else

P_{N r}^{(n)} \leftarrow e_{r}^{(n)}

end if

p \leftarrow rand [0, 1]

p < P_{N r}^{(n)}

then

Relay packet

else

Drop packet

end if

end for

Malicious nodes

One of the fundamental principles of WSNs is that they are based on the concept of multihop. Multihop means that the sensor node receiving the message will forward the received message to the next node in line. Multihop networks, such as sensor networks, rely on the fact that neighboring nodes will faithfully forward their messages to the base station. However, unfortunately, this is not the case in selective forwarding attacks.²⁸

In selective forwarding attacks, malicious nodes act in a selfish manner by stopping the forwarding of selected packets. Malicious nodes have a condition on the packets that are dropped; not all packets are dropped, and this makes detection of these malicious nodes difficult. This attack can isolate some nodes in the network from connection to the base station, and that will affect data accuracy.²⁸

A selective forwarding attack is considered a kind of black hole attack known as a gray hole attack. This causes the node to selectively drop some received packets. However, a black hole attack drops all received packets. In all previous attacks, an attacker has to include itself in the path to be able to start dropping packets instead of forwarding them.²⁹

Jamming node

A denial of service attack is an explicit attempt to obstruct the legitimate user of a service or data. It is a form of jamming malicious behavior. The common method of attack involves overloading the target node with requests to try to make it unavailable.²⁹ This will affect network performance and increase traffic. This attack will also consume sensor node resources, such as battery, processor, and memory.

The operation of the considered jamming node is based on sending a large number of packets to hinder the accessibility of its next-hop node to other preceding nodes. It follows the steps described in Algorithm 3. To conceal its malicious behavior, when a jamming node detects a fire in its zone, it either transmits with probability $P_{J}^{T}$ , J packets are drawn from a uniform distribution of range $[0, N 0]$ , or it follows a normal node operation.

Algorithm 3 Algorithm for generating jamming packets.

for every activity sensed do

p \leftarrow rand [0, 1]

p > P_{J}^{T}

then

act as non-malicious

else

J \leftarrow rand [0, N_{0}]

Send J packets

end if

end for

As will be described in the next sections, to combat such malicious operations, each node needs to record the number of packets it receives from its preceding neighbor node j during the time interval n.

Selfish nodes

In Misra et al.³⁰ a non-cooperative node model was presented where a mobile Worldwide Interoperability for Microwave Access (WiMAX) network with misbehaving nodes was considered. The behavior of the nodes was modeled with a binomial case of Bernoulli’s trials. The behavior of a mobile node u in the network was described through a random variable X, which follows a Bernoulli distribution given by

X_{k}^{u} = {\begin{matrix} 0 & ; if the node does not cooperate at time k \\ 1 & ; if the node cooperates at time k \end{matrix}

(1)

The probability that a node cooperates, i.e. $\Pr {X_{k}^{u} = 1}$ , is said to be the cooperation probability of node u and is denoted by $p^{u}$ . This parameter may be estimated from the observations of $X_{k}^{u}$ . In Oommen et al.^31,32 an estimator for such a parameter in a non-stationary setup was proposed. After defining $q^{u} = 1 - p^{u}$ , then the recursive estimation algorithm was defined as

p_{k + 1}^{u} = {\begin{matrix} λ {\hat{p}}_{k}^{u} & ; if X_{k + 1}^{u} = 1 \\ 1 - λ {\hat{q}}_{k}^{u} & ; if X_{k + 1}^{u} = 0 \end{matrix}

(2)

where $λ$ $(0 < λ < 1)$ is a user-defined parameter and $q_{k}^{u} = 1 - p_{k}^{u}$ .

In our current model, a selfish node may act in a selfish manner by not relaying the received packets. Therefore, all precedent nodes to a given node j need to record the number of packets that they have sent to node j during the time interval n.

The considered selfish node will operate according to the steps in Algorithm 4. To conceal its behavior, it will not drop all received packets but a random number $N_{S d}^{(n)}$ packets are drawn uniformly from the interval $[0, N_{r}^{(n)}]$ , where $N_{r}^{(n)}$ is the total number of received packets in the time interval n.

Algorithm 4 Selfish node dropping algorithm.

for every update interval ndo

N_{r}^{(n)} \leftarrow

number of received packets

for

j = 1 \leftarrow N_{r}^{(n)}

p \leftarrow rand [0, 1]

p < p^{u}

then

Send packet j

else

Drop packet j

end if

end for

The operation of our considered selfish node is equivalent to the model described in Misra et al.³⁰ with $p^{u} = \frac{N_{S d}^{(n)}}{N_{r}^{(n)}}$ .

Sensor node operation

The operation of a sensor node is assumed to follow a sequence of four transition states during its normal operation, as shown in Figure 2. The four states are as follows:

when there is no event, the sensor node stays in the idle/control mode (also known as listening mode) awaiting an event to occur in its zone;

when an event occurs, the node switches to transmission mode and sends an alarm packet to the base station, then returns to the listening mode;

the node may also be awakened by one of its preceding neighbors to forward its packets. The node switches to receiving mode, receives the packets, sends them to its next-hop node, and returns to the idle/control mode;

to save battery energy, if no activity is sensed for a long period, the node switches to sleep mode.

Figure 2.

Sensor node operation model.

Proposed trust model

In our framework, the base station is where all the trust calculations are executed. Our trust-management protocol maintains one level of trust. The trust component values are obtained through direct observations of the considered node j and its next one-hop neighbors defined through our routing algorithm, as shown in Figure 3. Any node j in the network may have at most one next-hop node k and may be the next-hop of many precedent nodes i, with $1 \geq i \geq n p_{j}$ , where $n p_{j}$ is the number of nodes that use node j as their next-hop node. Since in our considered scenario every node has a unique route to the base station, the following remarks can be made:

Figure 3.

General one-hop routing model.

a jamming node will affect only the next-hop node; thus, the jamming node j will affect only node k;

a selfish node will affect all its precedent neighboring nodes; thus, the selfish node j will affect all its preceding neighboring nodes from 1 to $n p_{j}$ .

Malicious behavior measures

After receiving the required data from all nodes, the base station evaluates the possible malicious behaviors for each node. For this, it computes the two measures described below.

Current jamming measure

This measure is used to evaluate how far the node operation is from the jamming behavior. In our current application, a normal node may at most send one packet per event occurrence. Consequently, it will send at most the number of event occurrences during the period over which the data update is sent to the base station. The corresponding average will be denoted by $J^{T}$ , the jamming measure threshold, and may also be related to the operation of Algorithms 1 and 2.

The measure to be used here is an improvement of the one used in Alnasser and Rikli.³³ For each node j, the current jamming measure is computed by

Π_{j}^{(n)} = {\begin{matrix} 1 & ; if N_{g j}^{(n)} \leq J^{T} \\ {0.7}^{(\frac{N_{g j}^{(n)}}{J^{T}} - 1)} & ; if N_{g j}^{(n)} > J^{T} \end{matrix}

(3)

where $N_{g j}^{(n)}$ is the number of packets generated by node j during the nth time interval. The value of 0.7 used in the second term of the equation was the optimal value and was selected based on extensive simulation experiments that compute the jamming parameter [to be defined later in equation (6)].

Current selfish measure

This measure is used to evaluate the level of cooperation of nodes with the forwarding process. Every node located in the routing path of another node should forward the received packets toward the base station. As a node misbehaves, by dropping instead of forwarding received packets, a measure should be defined to carry such information to the base station.

For each node j, the base station computes the current selfish measure using the following equations

Γ_{j}^{(n)} = {\begin{matrix} 1 & ; if D_{j}^{(n)} < D^{T} \\ {0.8}^{(\frac{D_{j}^{(n)}}{D^{T}} - 1)} & ; otherwise \end{matrix}

(4)

where $D^{T}$ is a selfish threshold value (we used $D^{T} = 1$ ) and $D_{j}^{(n)}$ is a special weighted average of the total dropped packets given by

D_{j}^{(n)} = \frac{\sum_{i = 1}^{n} e_{j}^{(i)} γ^{i} N_{d j}^{(i)}}{\sum_{k = 1}^{n} e_{j}^{(k)} γ^{k}}

(5)

where $γ$ is a selfish measure parameter and $N_{d j}^{(n)}$ is the number of packets dropped by node j during the nth trust update period. In this case, extensive simulation experiments that compute the selfishness parameter [to be defined later in equation (7)] showed that the value 0.8 used in the second term of equation (4) was the optimal value.

Trust parameters

Based on the information gathered from all nodes, the base station calculates two parameters for each node and makes its decisions based on their values. These parameters are as follows:

Jamming parameter

The base station decision on a node should not be based only on its current behavior but should include its past as well. This is necessary because on one hand a malicious node tries to hide its malicious behavior by running its attacks in some intervals and behaving normally in others and on the other hand a non-malicious node may temporarily act in a seemingly abnormal manner. For that reason, this measure is computed as the weighted sum of the current jamming measure $Π_{j}^{(n)}$ , representing the present, and the previous jamming parameter $J_{j}^{(n - 1)}$ , representing the past, using

J_{j}^{(n)} = (1 - α) \times J_{j}^{(n - 1)} + α Π_{j}^{(n)}, n \geq 1

(6)

where $α$ is a parameter such that $0 < α < 1$ . The term that has the largest weight is favored in the sum, i.e. if $α > 0.5$ the current jamming measure is favored and if $α < 0.5$ the previous jamming parameter, which includes all the past, is favored.

Selfishness parameter

For the same reasons as the jamming parameter, the selfishness parameter is computed as the weighted sum of the current selfish measure $Γ_{j}^{(n)}$ and the previous selfishness parameter value $S_{j}^{(n - 1)}$ , using

S_{j}^{(n)} = (1 - β) S_{j}^{(n - 1)} + β Γ_{j}^{(n)}, n \geq 1

(7)

where $β$ is a parameter such that $0 < β < 1$ . The choice of its value follows the same logic as that of parameter $α$ .

Trust decision

The trust decision used here is also an improvement over the one used in Alnasser and Rikli.³³ The information gathered by the base station from all nodes is used to calculate a different trust threshold for each parameter, i.e. $T_{J}$ for jamming behavior detection and $T_{S}$ for selfish behavior detection. When applying these tests, the base station may encounter one of four possible situations, as depicted in Figure 4. The possible decisions may be listed as follows:

if $S_{j}^{(n)} > T_{S} and J_{j}^{(n)} \leq T_{J}$ : node declared as jamming;

if $S_{j}^{(n)} \leq T_{S} and J_{j}^{(n)} > T_{J}$ : node declared as selfish;

if $S_{j}^{(n)} \leq T_{S} and J_{j}^{(n)} \leq T_{J}$ : node declared as both jamming and selfish;

if $S_{j}^{(n)} > T_{S} and J_{j}^{(n)} > T_{J}$ : node declared as non-malicious.

Figure 4.

Trust decision mapping.

The decision reached by the base station at this point represents the final result of this phase, which is the goal of our study. To complete the solution, the base station needs to take action against nodes detected as malicious nodes, which will be addressed in future studies. This would probably affect the operation and performance of the complete IoT system. So, an optimal solution, through the selection of appropriate weights and thresholds, should be sought through either simulation or analysis.

Performance evaluation

Network specifications

In our simulation model, we consider a WSN with nine sensor nodes with parameters as shown in Table 1. The nodes were randomly distributed over an area of $300 \times 300$ m² with static locations and included three malicious nodes (red nodes in Figure 5).

Table 1.

Simulation parameters.

Name	Value	Name	Value
Simulation time (s)	$8 \times 10^{5}$	$D^{T}$	1
Number of zones	9	$e_{s}^{T}$	0.5
Zone area (m²)	$100 \times 100$	$e_{r}^{T}$	0.5
Range for base station (m)	150	$P_{j}^{T}$	0.7
Range for sensors (m)	100	$λ^{- 1}$ (s)	400
Number of malicious nodes	3	$γ$	0.2
Number of normal nodes	9	$J^{T}$	250
Trust periodicity (s)	$10^{5}$	$N_{0}$	17
MAC Protocol	802.15.4	$α$	0.6
macMaxCSMABackoffs	5	$β$	0.6
Contention window (CW)	2	$S_{j}^{(0)}$	0.6
Data rate (kbps)	50	$J_{j}^{(0)}$	0.6
Packet size (Bytes)	50	—	—

Figure 5.

Considered network topology.

The considered area is split into M contiguous zones. The system operates on an event basis, such that each node continuously monitors a predetermined event in its zone, and may send an alarm only when the event occurs.

Practically speaking, a fire can occur anywhere in a forest. The existing sensors surrounding this fire, as time progresses and depending on the climate conditions (wind, terrain, etc.), will initiate alarms to the base station. The zoning principle would be an approximation that simplifies the operation of the simulation model. Furthermore, contiguous zones with rectangular shapes may be the easiest non-overlapping shapes. As the size of the zones decreases, the approximation improves while the model complexity may increase.

All nodes are assumed to have the same power characteristics, as shown in Table 2. The sensor node starts with maximum energy $E_{t}$ and consumes this energy at a rate that depends on its three possible states. The nodes have batteries with a nominal voltage of 1.2 V. Since the considered system is operating in a forest, it is considered to be an untrusted environment. Therefore, the initial values used in our malware measures computation were all assumed to be equal to 0.6.

Table 2.

Energy parameters.

Name	Value
Total energy for sensor node ( $E_{t}$ )	2083.33 mAh
Consumption power in transmission ( $T_{x}$ )	114.3 mW
Consumption power in receiving ( $R_{x}$ )	63.3 mW
Consumption power in listening ( $L_{x}$ )	9.3 mW

To measure the performance of our model, we selected five nodes representing the five types that exist in our network.

Node 2: a normal node situated at the edge of the network that thus does not relay any packets from other nodes.

Node 4: a malicious selfish node that drops packets that need to be relayed.

Node 6: a mixed node that does both jamming and selfish attacks.

Node 8: a normal node not at the edge of the network that thus may relay packets from other nodes, including any jamming nodes.

Node 13: a malicious jamming node.

The node types and locations were chosen to study specific common situations and are supposed to be representative of all topology settings of interest. All common scenarios that could happen in such networks were covered in this proposed topology. For instance, Node 8 may receive a large number of packets, which will deplete its battery and cause packets to be dropped so that the node can save some of its energy. A second example is Node 4, which is a selfish node but will probably drop only a few packets since it will relay packets only from an edge node.

Network operation statistics

As was described in the previous sections, the various measures need some thresholds to be set. In a real system, experiments need to be run to gather the various operational statistics for both malicious and non-malicious nodes. In our current situation, simulation experiments will be used for this aim.

Energy consumption

The energy consumption for all considered nodes is basically the same, and is shown in Figure 6. After each time interval, the node’s energy decreases by 10% so that after the 5th interval it will be less than 50% of its original energy.

Figure 6.

The variation in the percentage of the remaining energy in the considered nodes (relay node shown here).

Packets dropped

The number of packets dropped by each one of the considered nodes is shown in Figure 7. As can be noticed, in the first five intervals only the selfish node and the mixed node (due to its selfish trait) drop packets. The normal node will start dropping relayed packets when its energy level goes below a certain threshold, as is the case for Node 8.

Figure 7.

The number of packets dropped by the considered nodes.

It can also be noticed after the energy threshold is past the 5th time interval, the number of dropped packets by the selfish and mixed nodes decreases. This is due to the decrease in the number of received packets coming from the previous nodes.

Packets generated

The number of packets generated by each of the considered nodes, along with the average number of packets generated by all nodes, is shown in Figure 8. The normal nodes (2 and 8) operate in conformance with Algorithm 1, where they generate, on average, 250 packets before the 5th time interval and then their generation rate drops. The selfish node operates similarly but keeps the same generation rate even after its energy level goes below the threshold, i.e. the 5th time interval.

Figure 8.

The number of generated packets by the considered nodes.

The jamming node and the mixed node (due to its jamming trait) will generate many more packets than the normal or selfish nodes and keep the same generation rate irrespective of their energy level.

Packets transmitted

The number of transmitted packets by each one of the considered nodes, along with the average of all nodes, is shown in Figure 9. The number of transmitted packets consists of generated packets by the node itself and relayed packets received from the previous nodes. Therefore, each node behaves differently as follows.

Normal node (2): as it is an edge node, it has a steady number of transmitted packets up to the 5th time interval and starts decreasing afterwards.

Selfish node (4): behaves similarly to a normal node but keeps the same rate even after the 5th time interval.

Jamming node (13): transmits more packets due to its jamming behavior.

Mixed node (6): carries the jamming trait and operates similarly to a jamming node.

Relay node (8): transmits its generated packets in addition to the relayed packets received from previous nodes up to the 5th time interval. After that, it starts the dropping of received packets and generates fewer packets due to its decreased energy level.

Figure 9.

Number of transmitted packets by the considered nodes.

Results

In this section, we study the various parameters on the total trust measure and relate these to the false-negative or false-positive alarms for malicious and non-malicious nodes, respectively.

Effects of the jamming threshold $(P_{J}^{T})$

The corresponding results for a jamming node are shown in Figure 10. $P_{J}^{T}$ was defined as the value below which a jamming node will act as a jammer. Thus, as $P_{J}^{T}$ increases, it is expected that the jamming node will be more easily detected and will not be confused with a normal node. By inspecting Figure 10, the following remarks can be made:

as can be expected, the jamming value decreases when $P_{J}^{T}$ increases, thus allowing easier detection of the jamming behavior;

for a jamming threshold equal to 0.1, the jamming node will be detected wrongly as a normal node if the trust threshold is less than 0.7;

with all jamming threshold values, the jamming behavior will be detected correctly when the trust threshold is greater than 0.77;

only for $P_{J}^{T} = 0.1$ does the jamming measure worsen with time. In all other cases, the jamming measure improves with time and improves faster as $P_{J}^{T}$ increases;

the selfish value improves with time and is the same for all $P_{J}^{T}$ values.

Figure 10.

Effects of $P_{J}^{T}$ on the malware parameters for a jamming node.

Figure 11 shows the corresponding results for a mixed node, which basically follows the same trends as a jamming node except for the selfish measure where it is also detected as a selfish node.

Figure 11.

Effects of $P_{J}^{T}$ on the malware parameters for a mixed node.

Effects of the jamming measure threshold $(J^{T})$

In this case, the simulation experiments were run with all parameters unchanged except $J^{T}$ . It is expected that this parameter will have a significant effect on the jamming and mixed nodes but only limited effect on the normal and selfish nodes. The results are presented by node type as follows:

(1) Normal Node

The corresponding results are shown in Figure 12. The following remarks can be made:

all jamming values are unaffected by $J^{T}$ except when it is 150 or less. This makes the detection threshold for the normal node smaller when $J^{T} \leq 150$ than when $J^{T} > 150$ . The reason for this is because the average number of packets for a normal node is 250. When a jamming measure threshold is 150, which is less than the average of 250, the normal node is considered to be malicious when sending a number of packets between 150 and 250;

in all cases, the jamming value improves as time progresses;

a normal node will always be detected correctly when the trust threshold is greater than or equal to 0.7;

Figure 12.

Effects of $J^{T}$ on the malware parameters for a normal node.

(2) Selfish Node

The corresponding results are shown in Figure 13. The results are generally very similar to that of a normal node, in particular the following remarks can be made:

for $J^{T} \geq 250$ , the jamming values improve with time and are basically unaffected by changing the values of $J^{T}$ (for 250 there is a slight decrease);

when $J^{T} < 250$ , the jamming value improves with time also but is always smaller than the other cases;

where this node is a selfish node, the selfish value will decrease with time.

Figure 13.

Effects of $J^{T}$ on the malware parameters for a selfish node.

(3) Jamming Node

The corresponding results are shown in Figure 14. The following remarks can be made:

when $J^{T} < 350$ , the jamming value decreases with time, while when $J^{T} \geq 350$ , it increases with time. This is due to the fact that when $J^{T}$ is increased, this allows a jamming node to send a larger number of jamming packets and still be classified wrongly as a normal node;

the selfish value increases with time and is not affected by changes to the jamming measure threshold.

Figure 14.

Effects of $J^{T}$ on the malware parameters for a jamming node.

(4) Mixed Node

The corresponding results are shown in Figure 15. It is quite clear that the mixed node follows the same trends as the jamming node when $J^{T}$ is varied.

Figure 15.

Effects of $J^{T}$ on the malware parameters for a mixed node.

Effects of the selfish measure parameter ( $γ$ )

The selfish measure parameter $γ$ defined in equation (5) was suggested to alleviate the problem encountered when using the measure suggested in Alnasser and Rikli.³⁴ In that case, a normal node may be detected as selfish when its energy decreases and starts dropping many packets. The following results will check the feasibility of this parameter on a relay node and a selfish node:

(1) Relay Node

The variations of $Γ_{j}^{(n)}$ are shown in Figure 16 for a relay node. The operation of the node may be divided into two time phases:

before the 5th time interval where the remaining energy is above the dropping threshold $e_{r}^{T}$ (in this case equal to 0.5). In this case, the selfish values improve with time;

after the 5th time interval, the selfish value continues with the same improvement trend for $γ \leq 0.2$ , while for $γ > 0.2$ , the trend is reversed and the selfish value starts decreasing as time progresses.

Figure 16.

Effects of $γ$ on the selfish measure for a relay node.

Therefore, $γ$ has to be less than 0.2 for the new measure to be effective.

(2) Selfish Node

To ensure that the new measure did not affect the detection of selfish nodes, the variations of $Γ_{j}^{(n)}$ are shown in Figure 17 for a selfish node. Effectively, the measure is unaffected by the variations of $γ$ .

Figure 17.

Effects of $γ$ on the selfish measure for a selfish node.

Effects of the relaying threshold ( $e_{r}^{T}$ )

Since the relaying threshold is the value above which a received packet will be relayed to the next-hop node, as can be expected, the effects of this parameter are mainly restricted to normal nodes that are in the routing path of other neighboring nodes. Its effects on the average false-negative of malicious nodes, as the simulation results confirmed, were minimal. Hence, only results related to the relay node shown in Figure 18 are presented and analyzed. The following remarks can be made:

when the relaying threshold is 0.9, the relay node will be detected all the time as a malicious node at a trust threshold less than 0.35;

when the relaying threshold is 0.7, the selfish value will increase and then start to decrease after the 3rd interval where the remaining energy goes below 70% of total energy; then the node will start dropping packets. The node will be detected as malicious all the time when the trust threshold is less than 0.87;

when the relaying threshold is less than 0.7, the selfish value will steadily increase with time, and the node becomes more trusted as time progresses;

the jamming value also increases with time and is not affected by changes to the relaying threshold where it is a normal node.

Figure 18.

Effects of $e_{r}^{T}$ on the malware measures for a relay node.

Comparison with the Bayesian model

We use the Bayesian model³⁵ as a benchmark to evaluate the performance of the proposed model.

Measures definition

The Bayesian model uses the expected value of beta PDF defined by

T_{j B}^{(n)} = \frac{a_{j}^{(n)}}{a_{j}^{(n)} + b_{j}^{(n)}}

(8)

where the parameters $a_{j}^{(n)}$ and $b_{j}^{(n)}$ represent the ratings of node j at time slot n of $r_{j}^{(n)}$ positive and $s_{j}^{(n)}$ negative outcomes with $a_{j}^{(n)} = r_{j}^{(n)} + 1$ and $b_{j}^{(n)} = s_{j}^{(n)} + 1$ , respectively. The value of $T_{j B}^{(n)}$ is compared to the trust value or the trust component value (jamming or selfishness) $T_{j P}^{(n)}$ in the other three proposed models.

The Bayesian parameters $r_{j}^{(n)}$ and $s_{j}^{(n)}$ are related to the number of generated packets and the corresponding normal limit at a node for the jamming parameter, and the number of received and dropped packets at a node for the selfishness parameter, according to the following equations.

Jamming measure

r_{j}^{(n)} = {\begin{matrix} J^{T} & ; if N_{g j}^{(n)} \leq J^{T} \\ 17 \times J^{T} - N_{g j}^{(n)} & ; otherwise \end{matrix}

(9)

and

s_{j}^{(n)} = {\begin{matrix} 0 & ; if N_{g j}^{(n)} \leq J^{T} \\ N_{g j}^{(n)} - J^{T} & ; otherwise \end{matrix}

(10)

Selfishness measure

r_{j}^{(n)} = N_{r j}^{(n)} - N_{d j}^{(n)}

(11)

and

s_{j}^{(n)} = N_{d j}^{(n)}

(12)

where $N_{r j}^{(n)}$ and $N_{d j}^{(n)}$ are the number of received packets and dropped packets, respectively, at node j during the time interval n.

Performance

The two models were run with typical network conditions and model parameters, and the corresponding results displayed in Figure 19 for three typical nodes: relaying, selfish, and jamming.

From these results we can draw the following conclusions:

the selfish node will be detected more easily in our model than in the Bayesian model. In our model, the selfish measure starts at around 0.4 and decreases to 0.02 by the 7th time interval, while in the Bayesian model it stays almost unchanged at 0.75;

the jamming measures in both the proposed model and the Bayesian model stay almost unchanged as time progresses but with a net advantage of around 0.4 for our model;

in the case of the relay node, the Bayesian model starts with an advantage due to the fact that the proposed model starts with an initial jamming measure of 0.6. As time progresses, the proposed model catches up with the Bayesian model and surpasses it after the 5th interval when the relaying starts dropping packets.

Figure 19.

Comparison of the proposed model with the Bayesian model for typical nodes and network conditions.

Conclusion

In this paper, we have presented some new statistical representations for the operation of concealed malicious nodes and non-malicious nodes and have devised a new trust model to detect malicious nodes of jamming and selfish types. Although the general concept is not new, there are novelties in its application to an IoT system in the proposed nodes algorithmic operations (non-malicious, jamming, and selfish) and in the designed measures for the classification and detection of nodes.

Furthermore, the proposed model is lightweight in various aspects. First, the information used in the decision is basic communication statistical data. Second, the formula used in the decision is based on simple recursive algorithmic operations that require little memory and need few computations. Third, the nodes are relieved from the computations and decision process, which is completely delegated to the base station. The results showed the adaptation of the models to the changing nodes operations, the high detection rate of malicious nodes, and the low detection errors of non-malicious nodes.

A thorough parameter sensitivity study was conducted to evaluate the performance of the model for various parameter combinations. Some general rules have been drawn up to balance between the two important performance measures, i.e. false-positive and false-negative alarms. A comparison of the proposed model with the Bayesian model showed its superiority and adaptation of detection with almost all types of nodes.

In setting the model components, the limited available energy, the low memory capacity, and the limited computational power of the sensor nodes were carefully considered. In future work, the model should be tested in other network scenarios and with different malicious behaviors.

Footnotes

Declaration of conflicting interests

The authors declare that there is no conflict of interest.

Funding

This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors.

References

Gubbi

Buyya

Marusic

. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Gener Comput Syst 2013; 29(7): 1645–1660.

Fantacci

Pecorella

Viti

. A network architecture solution for efficient IoT WSN backhauling: challenges and opportunities. IEEE Wireless Commun 2014; 21(4): 113–119.

Aslan

Korpeoglu

Ulusoy

Ö.

A framework for use of wireless sensor networks in forest fire detection and monitoring. Comput Environ Urban Syst 2012; 36(6): 614–625.

Patton

Gross

Chinn

. Uninvited connections: A study of vulnerable devices on the internet of things (IoT). In: IEEE joint intelligence and security informatics conference (JISIC), The Hague, 24–26 September 2014, pp.232–235. Washington, DC: IEEE Computer Society.

Xugang

Xue

. IoT forest environmental factors collection platform based on ZIGBEE. Cybern Inf Technol 2014; 14(5): 51–62.

Dan

Nihong

Application of localization algorithm for internet of things based on forest fire monitoring. J Northeast For Univ 2011; 8: 040.

Ganteaume

Camia

Jappiot

. A review of the main driving factors of forest fire ignition over Europe. Environ Manage 2013; 51(3): 651–662.

Spruce

Hargrove

Gasser

. Monitoring regional forest disturbances across the US with near real time MODIS MDVI products included in the ForWarn forest threat early warning system. In: American Geophysical Union fall meeting, San Francisco, CA, 09 December 2013, vol. 1, p.1. Stennis Space Center, MS: NASA Stennis Space Center.

Szalachowski

Perrig

. Lightweight protection of group content distribution. In: 1st ACM workshop on IoT privacy, trust, and security, Singapore, 14–17 April 2015, pp.35–42. New York: ACM Press.

10.

Phan

Suzuki

Omura

. Toward sensor-cloud integration as a service: Optimizing three-tier communication in cloud-integrated sensor networks. In: 8th international conference on body area networks, Boston, Massachusetts, 30 September–2 October 2013, pp.355–362. Brussels, Belgium: ICST.

11.

Boukerche

Ren

A trust-based security system for ubiquitous and pervasive computing environments. Comput Commun 2008; 31(18): 4343–4351.

12.

Ganeriwal

Balzano

Srivastava

MB.

Reputation-based framework for high integrity sensor networks. ACM Trans Sens Networks 2008; 4(3): 15.

13.

Liqin

Chuang

. Computation and analysis of node intending trust in WSNs. In: IEEE international conference on wireless communications, networking and information security (WCNIS), Beijing, China, 25–27 June 2010, pp.496–499. Piscataway: IEEE Press.

14.

Momani

Challa

Alhmouz

. BNWSN: Bayesian network trust model for wireless sensor networks. In: Mosharaka international conference on communications, computers and applications (MIC-CCA), Amman, 8–10 August 2008, pp.110–115. Piscataway: IEEE Press.

15.

Momani

Bayesian methods for modelling and management of trust in wireless sensor networks. PhD Thesis, University of Technology Sydney, Australia, 2008.

16.

Huang

Tan

Behavior-based trust in wireless sensor network. In: Advanced web and network technologies, and applications. New York: Springer, 2006, pp.214–223.

17.

Shaikh

Jameel

d’Auriol

. Group-based trust management scheme for clustered wireless sensor networks. IEEE Trans Parallel Distrib Syst 2009; 20(11): 1698–1712.

18.

Zhang

Shankaran

Orgun

. A trust management architecture for hierarchical wireless sensor networks. In: 35th IEEE conference on local computer networks (LCN), Denver, CO, 10–14 October 2010, pp.264–267. Piscataway: IEEE Press.

19.

Denko

Sun

Woungang

Trust management in ubiquitous computing: A Bayesian approach. Comput Commun 2011; 34(3): 398–406.

20.

Duan

Yang

Zhang

. A trust management scheme for industrial wireless sensor networks. In: 39th annual conference of the IEEE industrial electronics society (IECON), Vienna, Austria, 10–13 November 2013, pp.5576–5581. Piscataway: IEEE Press.

21.

Bao

Chen

Chang

. Hierarchical trust management for wireless sensor networks and its applications to trust-based routing and intrusion detection. IEEE Trans Network Serv Manage 2012; 9(2): 169–183.

22.

Ukil

Trust and reputation based collaborating computing in wireless sensor networks. In: 2nd international conference on computational intelligence, modelling and simulation (CIMSiM), Bali, Indonesia, 28–30 September 2010, pp.464–469. Piscataway: IEEE Press.

23.

Mahalle

Thakre

Prasad

. A fuzzy approach to trust based access control in Internet of Things. In: 3rd international conference on wireless communications, vehicular technology, information theory and aerospace & electronic systems (VITAE), Atlantic City, NJ, 24–27 June 2013, pp.1–5. Piscataway: IEEE Press.

24.

Meghanathan

. A distributed trust evaluation model for wireless mobile sensor networks. In: 11th international conference on information technology: new generations (ITNG), Las Vegas, NV, 7–9 April 2014, pp.186–191. Piscataway: IEEE Press.

25.

Han

Jiang

Shu

. An attack-resistant trust model based on multidimensional trust metrics in underwater acoustic sensor network. IEEE Trans Mobile Comput 2015; 14(12): 2447–2459.

26.

Zhang

Yin

. Forest fire detection system based on wireless sensor network. In: 4th IEEE conference on industrial electronics and applications (ICIEA), Xi’an, China, 25–27 May 2009, pp.520–523. Piscataway: IEEE Press.

27.

Tunca

Isik

Donmez

. Performance evaluation of heterogeneous wireless sensor networks for forest fire detection. In: 21st signal processing and communications applications conference (SIU), Haspolat-Nikosia, North Cyprus, Turkey, 24–26 April 2013, pp.1–4. Piscataway: IEEE Press.

28.

Xiao

Detecting selective forwarding attacks in wireless sensor networks. In: 20th international parallel and distributed processing symposium (IPDPS), Rhodes Island, Greece, 25–29 April 2006, pp.351–351. Piscataway: IEEE Computer Society.

29.

Erdene-Ochir

Minier

Valois

. Resiliency of wireless sensor networks: Definitions and analyses. In: 17th international conference on telecommunications (ICT), Doha, Qatar, 4–7 April 2010, pp.828–835. Piscataway: IEEE Computer Society.

30.

Misra

Kapri

Wolfinger

BE.

Selfishness-aware target tracking in vehicular mobile WiMAX networks. Telecommun Syst 2015; 58(4): 313–328.

31.

Oommen

Rueda

Stochastic learning-based weak estimation of multinomial random variables and its applications to pattern recognition in non-stationary environments. Pattern Recognit 2006; 39(3): 328–341.

32.

Oommen

Misra

Fault-tolerant routing in adversarial mobile ad hoc networks: an efficient route estimation scheme for non-stationary environments. Telecommun Syst 2010; 44(1–2): 159–169.

33.

Alnasser

Rikli

. New trust-based detection model for concealed malicious nodes in a wireless sensor network. In: 1st workshop on security and privacy for internet of things and cyber-physical systems (ICC), London, UK, 8–12 June 2015, pp.10359–10364. Piscataway: IEEE Press.

34.

Alnasser

Rikli

. Design of a trust security model for smart meters in an urban power grid network. In: 10th ACM symposium on QoS and security for wireless and mobile networks, Montreal, Canada, 21–22 September 2014, pp.105–108. New York: ACM Press.

35.

Jøsang

Quattrociocchi

Advanced features in Bayesian reputation systems. New York: Springer, 2009.

Lightweight trust model for the detection of concealed malicious nodes in sparse wireless ad hoc networks

Abstract

Keywords

Introduction

Related work

System model

Considered network

Normal nodes

Generated packets

Relayed packets

Malicious nodes

Jamming node

Selfish nodes

Sensor node operation

Proposed trust model

Malicious behavior measures

Current jamming measure

Current selfish measure

Trust parameters

Jamming parameter

Selfishness parameter

Trust decision

Performance evaluation

Network specifications

Network operation statistics

Energy consumption

Packets dropped

Packets generated

Packets transmitted

Results

Effects of the jamming threshold ( P J T )

Effects of the jamming measure threshold ( J T )

(1) Normal Node

(2) Selfish Node

(3) Jamming Node

(4) Mixed Node

Effects of the selfish measure parameter ( γ )

(1) Relay Node

(2) Selfish Node

Effects of the relaying threshold ( e r T )

Comparison with the Bayesian model

Measures definition

Performance

Conclusion

Footnotes

Declaration of conflicting interests

Funding

References

Effects of the jamming threshold $(P_{J}^{T})$

Effects of the jamming measure threshold $(J^{T})$

Effects of the selfish measure parameter ( $γ$ )

Effects of the relaying threshold ( $e_{r}^{T}$ )