1
Artificial Neural Network based Detection of Energy Exhaustion Attacks in Wireless Sensor Networks capable of Energy Harvesting
NABIL ALI ALRAJEH1, SHAFIULLAH KHAN2, JAIME LLORET3, JONATHAN LOO4
1
Biomedical Technology Dept. College of Applied Medical Sciences, King Saud University, Riyadh, Saudi Arabia 2
Kohat University of Science and Technology (KUST), Pakistan
3
Integrated Management Coastal Research Institute, Polytechnic University of Valencia, Valencia, Spain 4
School of Engineering and Information Sciences, Middlesex University, UK
1
[email protected],
[email protected],uk,
[email protected],
[email protected]
Abstract: Energy consumption is the important factor when designing any mechanism for wireless sensor network (WSN). Research community is trying to enable energy harvesting mechanisms to provide long term energy source to WSN. However, energy consumption is generally greater than energy harvesting in WSN. Furthermore, if nodes are under any kind of energy exhaustion security attack, then energy harvesting mechanism cannot extend the lifetime of the WSN. In this paper, we propose a detection mechanism of energy exhaustion attacks that uses an artificial neural network (ANN). It has been developed for cluster-based WSN and takes into account the energy harvesting system. Simulation results show that our mechanism can detect and prevent such kind of attacks, even having lower percentage of false positives than other systems, and thus enlarge the wireless sensor node lifetime.
Keywords: wireless sensor network, security, energy exhaustion attack, cluster, energy harvesting, artificial neural network.
1. Introduction Wireless sensor network (WSN) is used where wired or infrastructure based network is not possible or feasible to deploy. WSN is mostly used to monitor environmental changes such as heat, pressure, or to monitor animal’s habitats and life cycle. A typical WSN consists of a base station and hundreds or thousands of sensor nodes. WSN is facing many constraints in terms of bandwidth, processing, memory and battery power. Energy efficiency plays a vital role in those multi-hop networks which relay on battery power. In such networks, the lifetime of entire network is dependent on battery power. More and rapid energy consumption is directly proportional to the network lifetime. That is why energy efficiency is considered an important factors in designing any mechanism for multi-hop networks
2 especially WSN [1]. Most WSNs are deployed in such areas where it is not possible to recharge the dying nodes. As all WSNs are supposed to be deployed till the achievement of some specific goals, most wireless sensor nodes may die before the completion of project due to limited available battery power. In WSN, the nodes which are located in center or near the base station or sink are under high traffic load. The reason is that, those nodes not only forward their own traffic but also relay traffic towards base station or sink of all neighbors and neighbors of neighbor nodes as well. Such kind of strategically important nodes may drain out energy soon [2]. If such important nodes die, it may result in breakdown of the network [3]. There is a need to supply extra source of energy to all sensor nodes so that they may operate till the achievements of all specified objectives. The researchers are now thinking to support WSN nodes with the facility of energy harvesting mechanisms. In energy harvesting mechanism, sensor nodes can extract energy from the environment. There are many alternate sources of energy which can be used to recharge nodes. Such sources can be solar energy, wind energy, mechanical energy or hydro energy. These sources can provide additional energy to sensor nodes. However, energy consumption use to be more than energy harvested from environment. So there is a need to balance the energy harvested and energy consumption using some sort of intelligent mechanism. There are many security threats which can increase the energy consumption so that to disable the normal operations of WSN. In case of such security attacks, energy harvesting mechanism would not be able to extract sufficient energy to balance the energy requirements. Energy exhaustion is one such kind of security attack in which the attacker tries to increase the power consumption of sensor nodes so that to reduce their lifetime [4, 5, 6]. Cluster-based WSNs can counter efficiently such kind of security threats. The reason is that, in cluster based WSNs, nodes in the same region are wisely grouped together under the supervision of cluster head. Cluster head can monitor the activities of all nodes which are forming its cluster. This kind of cluster head monitoring can be used to monitor energy consumption and harvesting activities. So it s simple to detect energy exhaustion kind of security attacks using node and cluster head mutual interaction. The interaction between nodes and cluster head can be strengthened using an artificial neural network (ANN). ANN is an intelligent technique widely used in WSN [7, 8]. In neural networks, natural neurons use synapses to receive signals. When a strong signal is received, the neuron is activated. The signal is forwarded to other synapses to activate another neuron [9]. ANN considers all the nodes in a given cluster as artificial neurons. These artificial neurons calculate energy consumption and energy harvesting. If node(s) are under energy exhaustion attack, it can be detected using an ANN. The rest of the paper is organized as follows. Section 2 discusses the related literature. Energy exhaustion attacks and energy harvesting is discussed in section 3. Proposed security mechanism based on ANN is presented in section 4. System model behavior is shown in Section 5. Section 6 describes the evaluation and simulation results. Section 7 concludes the paper and draws our future work.
3
2. Related Work WSN is deployed in such areas where wired network is not feasible to maintain and configure. WSN network lifetime is determined by the battery life. So in sustainable WSN, it is very important to design such mechanisms which are capable to extend the life of the WSN. Energy harvesting is an emerging technique in which sensor nodes harvest energy from environmental sources to extend its life span. Some important sources of energy harvesting are solar plates, mechanical vibration, heat energy, wind energy and radio frequency radiation as mentioned in [10, 11, 12, 13]. Although energy harvesting mechanism can extend the life span of WSN, there are some security attacks which are used to exhaust energy of sensor nodes in quick manner. There is a need of a security mechanism which should be capable to defend sensor nodes against such attacks. Energy exhaustion or sleep deprivation is one such kind of attack in which the attacker sends unnecessary data to target sensor node(s) to exhaust its energy. In energy exhaustion attack, the attacker keeps sensor nodes in high activity state unnecessarily [6]. An energy exhaustion attack detection mechanism using small handheld mobile device is presented in [14]. However, the purpose of this mechanism is to protect handheld devices not WSN. A dynamic threshold mechanism is presented in [15] to protect handheld computer from energy exhaustion attack. However, this mechanism is fine for such devices which can be recharged later on while WSN nodes cannot be recharged. Furthermore, threshold mechanism cannot perform well in WSN environment, as sometimes normal traffic flow increases in WSN when some important event is sensed. Two phase security mechanism for defending energy exhaustion attack is presented in [16]. However this mechanism is not suitable for other than hierarchical WSN. Anomaly based hierarchical framework based on distributed collaboration is proposed in [17]. This mechanism is much complex as it involves cluster head, sink gateway, sector monitor, sector uncharged and leaf nodes. A dynamic battery management mechanism is given in [18]. In [19], three different approaches are analyzed and it is found that hash based scheme is a better approach to defend against sleep deprivation attacks. Sleep deprivation or energy exhaustion attacks exist in many possible ways. However, such mechanisms are highly desirable which are lightweight and energy efficient. Artificial neural network (ANN) is a kind of technique which is highly used in computation prediction. Research community is using ANN for detection and prevention of different security attacks. In [20], an ANN based system for attacks detection and classification is presented. The two layer ANN based intrusion detection system is capable to detect different network layer attacks. An ANN based encryption system is designed in [21] which is used to encrypt data with secure keys. This mechanism is basically designed to protect data confidentiality. An intrusion detection system using ANN is proposed in [22], which can differentiate unusual activities with accuracy. Password based security mechanism based on ANN is proposed in [23]. In this mechanism, a user authentication is mandatory to access various resources. ANN for misuse detection is proposed in [24]. It is claimed that neural network is capable to detect many security threats. However, this mechanism is yet not introduced as a full scale system. Hash function is implemented using neural networks in [25]. But, the proposed mechanism is resilient against birthday attacks only. Security assessment of ANN is conducted in [26], in which it is observed
4 that ANN provides correct stability assessment. A backpropagation model based on ANN is presented in [27]. This model performs creation of public key using ANN while private key creation process is done using Boolean algebra. From existing literature, it is observed that ANN has many applications in detection and prevention of different security attacks. Furthermore, sustainable WSNs need some durable sources of environmental energy to accomplish objectives. However, the attackers can reduce the life span of WSNs which are equipped with energy harvesting mechanism, using energy exhaustion attacks.
3. Energy harvesting and energy exhaustion attacks in WSN Energy harvesting is a technique in which sensor nodes do not rely only on battery power but also on the energy that they are capable to extract from the environment. This technique is of high importance especially in sustainable sensor networks. This technique can enable WSNs to extend their lifetime. However, harvested energy cannot be specific, as it totally depends on environmental factors which are not controllable. In this section many results are generated using NS-2 to correlate the energy consumption, energy harvesting and effect of energy exhaustion attack in WSN. Simulation parameters are given in Table 1. It should be noted that for normal sensor nodes, the energy consumption is always greater than energy harvesting. Table 1. Simulation parameters Parameter Sensor Node Processor Processor Speed Energy harvesting Distance of the neighbor Type of Battery Energy harvesting mechanism Normal Packet size Malicious packet size MAC protocol
Value 8 bit 200 MHz 55 mA Random (20 meters maximum) Standard (100 mAh) Solar 256 bytes 512 bytes CSMA/CA (used in IEEE 802.11b)
The value of harvested energy greatly varies with time and environmental factors. For example, a sensor node which is based on solar energy harvesting mechanism can harvest more energy at day time as compared to night time. Similarly, at day time, such a node can harvest more energy if under direct sunlight as compared to raining day. A wireless sensor node usually observes three modes, i.e. standby mode, sleep mode and active mode [28]. A node switches to standby mode when no transmission is in process. In sleep mode, a wireless sensor node switches to low power state for some specific interval of time. A node switches to active state when it senses transmission. Energy consumption is high in active state as compared to other two states [29]. Energy consumption depends on many factors [30] such as:
Mutual distance of nodes
Node is sending data
Node is receiving data
5
Node is sensing data
Wireless sensor nodes consume more energy while transmitting and receiving data as compared to sensing operations. It goes in the line of other real experiments on wireless sensor networks [31]. Furthermore, energy consumption in WSN heavily depends on duty cycle of a node. Duty cycle refers to a condition in which a sensor node is in active state of sending and receiving data. Node lifetime with and without energy harvesting with respect to duty cycle is given in Figure 1.
Without energy harvesting
With energy harvesting
Life time (days)
10
5
0
0
20
40
60
80
100
Duty cycle (percentage)
Figure 1. Node lifetime with and without energy harvesting with respect to duty cycle
In figure 2, lifetime of a sensor node with and without energy harvesting is presented. It is interesting to see that energy harvesting is making no great difference. It happens because the result is obtained with 100% duty cycle with limited initial energy. Energy harvesting mechanism can significantly increase the lifetime of the wireless sensor nodes if it is used with efficient power management mechanism.
6
Without energy harvesting
With energy harvesting
Life time (days)
10
5
0
0.1
0.2
0.3
0.4
0.5
Initial energy
Figure 2. Node lifetime with and without energy harvesting with respect to initial energy
Furthermore, there are some attacks which can reduce the life span of the WSN even in the presence of energy harvesting mechanism. Energy exhaustion or sleep deprivation is a kind of attack in WSNs, in which the attackers try to keep one or more sensor nodes busy for unimportant tasks. The attackers want to drain the energy of the wireless sensor node(s). Energy exhaustion attack can be in many forms such as
The attackers can run a rouge process [14] in sensor nodes. This kind of attack keeps the processor busy and utilizes memory; as a result the sensor node is in wake position which consumes its energy.
The attackers can create routing loops [32] by coordinating few malicious nodes. The network packets will travel in the loop, which keeps busy the target sensor nodes.
Battery exhaustion attack can be launched if the malicious node sends repeated requests for using wireless channel [33]. This attack is conducted by exploiting contention based carrier sense multiple access with collision avoidance (CSMA/CA) mechanism of WSN.
This kind of attack can also be conducted by sending unnecessary packets to target node(s) [3].
From literature, it is clear that energy exhaustion attack can be launched at both network layer and media access control (MAC) layer. Most of existing mechanisms to prevent energy exhaustion attacks can operate in a single layer. Figure 3 shows packet flooding attack against sensor nodes with and without energy harvesting. Flooding is conducted at 10 packets/sec. Although a node with energy harvesting survive a bit more, but no significant difference is observed against energy exhaustion attack. At a duty cycle of 60 % the energy of both nodes is almost exhausted.
7
Without energy harvesting
With energy harvesting
Life time (days)
10
5
0
0
20
40
60
80
100
Duty cycle (percentage)
Figure 3. Node lifetime in the presence of energy exhaustion attack
A prevention mechanism which is capable to counter a network layer attack, generally, it cannot address a MAC layer energy exhaustion attack. To counter all possible forms of energy exhaustion attack, there is a need of some sort of intelligent mechanism.
4. Proposed Security Mechanism The proposed security mechanism is capable to detect and prevent an energy exhaustion attack. We are using a cluster based WSN and an Artificial Neural Network. Important aspects of proposed mechanism are discussed in this section.
4.1 Assumptions We assume that all the nodes in WSN are static in nature. The entire network consists of two types of nodes, i.e. sensor nodes and cluster heads. Sensor nodes are used to collect and gather information from surroundings while cluster heads are responsible to monitor and collect information from all the members of that particular cluster. Our proposed mechanism is based on cluster based WSN. For cluster formation and cluster head election, we are using the same mechanism as LEACH (see [34]). It is low energy adaptive clustering mechanism in nature. However, we are using two hop clustering mechanism in which any node at a distance of two hops from cluster head can join as shown in Figure 4. In this figure, two hop away neighbor nodes can join the cluster head “C”. We assume that all the sensor nodes are capable of energy harvesting using sunlight as the source of external energy.
8
C
Figure 4. Two hop clustering mechanism
4.2 Energy model In our approach, we consider sunlight as the source of energy harvesting. Energy harvesting and a duty cycle is presented in [35] using an analytical model. From this equation we can get the power output from energy source and energy harvested. The equations in [35] also estimate the power consumption of a node during a specific interval of time. In most WSN scenarios, wireless sensor nodes have three operation modes, i.e. active mode, idle mode and sleep mode [36]. In active mode, nodes actively participate in gathering and forwarding data. In idle mode, sensor nodes do not participate in network operations, they just gather data from the environment. In sleep mode, nodes do not interact with external world. Wireless sensor nodes power consumption is lowest during sleep mode. Similarly, with respect to energy exhaustion attacks, there may be three possible conditions such as, normal, low intensity attack and high intensity attack. The relationship between energy exhaustion attacks and wireless sensor nodes operation modes are given in Table 2.
Table 2. Relationship between attacks and operation modes
Normal (N) Low intensity attack (L) High intensity attack (H)
Active mode (A) N, A L, A H, A
Idle mode (I) N, I L, I H, I
Sleep mode (S) N, S L, S H, S
Profiles given in table 2 will later be used to define activation function of the artificial neural network. We define the time in active mode during the sensor node lifetime as TA, the time in idle mode as TI, and the time in sleep mode as TS. It is supposed that the node have been several times in each state during its lifetime. So, we can define TA, TI, TS as it is shown in (1).
(1)
9
Where tA(i) is the time in active mode during the period i and m is the last period in active mode during the node lifetime. tI(j) is the time in idle mode during the period j and p is the last period in idle mode during the node lifetime. tS(j) is the time in sleep mode during the period g and q is the last period in idle mode during the node lifetime. Thus, the sensor node lifetime (TSNL) is represented by equation (2).
TSNL = TA + TI + TS
(2)
We define the energy consumption in active mode as E(A). It is always greater than the energy consumption in idle mode E(I) and the energy consumption in sleep mode E(S). Lowest energy consumption is observed in sleep mode E(S), as shown in equation 3.
EA > EI> ES
(3)
Each mode is allowed to perform different operations. They are shown in table 3. Depending on the operation that is being performed, wireless sensor node will consume more or less.
Table 3. Operations allowed in each mode.
Radio Transmit Radio Receive CPU process Sensing
Active mode (A) Yes Yes Yes Yes
Idle mode (I) No No Yes Yes
Sleep mode (S) No No No No
Although there are some transition processes, which have different consumption [37], the time of the transition process is quite low compared to the time in each mode [38], so we will consider that when a wireless sensor node changes its mode, it will belong immediately to the other mode (and it will consume the energy in that mode). We have seen that this assumption has no impact on the energy consumption model since there are the same times changing from one state to another and vice versa. Taking into account the sensor model lifetime provided in [39] and in [40], we can write the equations in 4
(4)
10 Where, Etx is the transmission energy, and taking into account reference [34]. Etx is given by Etx=Ecir·k + εamp·k·dn, and Erx is given by Erx=Ecir·k. dv is the energy loss due to channel transmission (v=2 to obtain the power loss in free space and v=4 to obtain the power loss given by the multipath fading), k is the number of bits of the message, and the typical value for Ecir (energy consumed by the circuitry) is 50 nJ/bit and for εamp (energy consumed by the wireless amplifier) is 10 pJ/bit/m2 if the system is in the free space or 0.0013 pJ/bit/m4 if the system in multipath fading. ES is a fixed value that depends on the used hardware (we obtained the maximum and the minimum values from references [41] and [42] respectively, after having read much related literature). Finally, ECPU and Esen is the energy consumed by the microprocessor and the physical sensor respectively. Bearing in mind equations provided in [40], we can state that (5) Vth is the device threshold voltage, Vt is the thermal voltage and np is a constant that depends on the processor. Taking into account the power consumption models given in [40] and [43], we can provide how the energy varies along the time in active, idle and sleep modes (see equation 6).
(6)
Where ICPU, VCPU, Isen and Vsen are the current and voltage used by the processor and the sensing hardware respectively. We can see that the first part of the energy consumed in active mode (EA), the one that depends on the energy consumed receiving and transmitting, does not depend on the time, but on the number of bits received or transmitted. TA, TI and TS have been defined for equation (2). In [44], Wireless sensor node lifetime is defined as the time after which the sensor node runs out of its battery. It depends not only on its initial energy but also the average transmission energy and its average residual energy after the lifetime expires. The energy consumption of the battery (or the sum of batteries) used by the wireless sensor node is given by equation (7).
Ebattery (t) = Ibattery·Vbattery · TSNL
(7)
Where Ibattery is measured in Amperes and Vbattery is measured in Volts. Taking into account that, in the wireless sensor node lifetime, the energy consumed by the wireless sensor during all its lifetime (including the one caused by energy exhaustion attacks, EEA) will be the energy provided by the battery, we can provide equation (8).
11 Ebattery (t) = EA + E I + ES + EEA
(8)
Energy exhaustion attacks can greatly affect TSNL. Figure 5 shows how EEA affects the wireless sensor node in active, idle and sleep mode.
100
Remaining Energy (%)
90 80 70
60 50 40 30
Active
20
Idle
10
Sleep
0
-5
10
25
40
55
70
85
100
Time (min)
Figure 5. Sensor node lifetime in different isolated modes with energy exhaustion attack
Figure 5 is obtained using NS 2. Parameters used are mentioned in Table 1. In figure 5, regular operations are carried out till time = 55 minutes. Energy exhaustion attack is started from time = 55 minutes onward. It is observed that energy exhaustion attack is more effective against sensor node(s) in active state. The reason is that, in active state, sensor node actively participates in WSN operations such as gather, receiving and forwarding. So the energy consumption is almost double if a node is under energy exhaustion attack in active mode. However, sensor node in idle and sleep modes also rapidly loses energy once the attack is launched, but less than in active mode. Now, we can join equations (6), (7) and (8) in order to obtain equation (9), which relates TSNL (where the node has been in all modes) with EEA.
(9)
All variables included in this equation have been defined previously.
4.3 Artificial Neural Network
12
A type of network in which nodes are treated like artificial neurons is known as ANN. ANN is inspired from natural nervous system in which if natural neuron receives strong signals activates specific neuron which in turn generates output signals. An artificial neuron consists of four components, i.e. inputs, weights, activation function and output [45]. The generalized architecture of ANN is given in Figure 6.
Weights Inputs
Output Activation value
Figure 6. Generalized artificial neuron
In figure 6, different inputs of different weights are captured, and if some weights match a threshold values, it may activate the function to generate an output. Neural network architecture consists of three types of layers such as input, hidden and output [46]. Our approach is utilizing unsupervised back propagation based learning in which threshold values are used as activation function. Back propagation methodology is used. If output values do not matches, it can be adjusted. The proposed model operates in three phases:
Gathering data – in this phase, every wireless sensor node keeps track of the packets received from neighbors, packets forwarded to neighbors and average energy consumption in a specific period of time. This phase may take several days to get few optimal values of the system usage over a specific period of time.
Training phase – in this phase, ANN is trained to identify different sensor nodes which are located in its surrounding. In this phase, sensor node learns the average number of packets each neighboring is sending over specific time.
Results – In this phase, the performance of ANN is tested. Now the system is capable to differentiate normal and malicious traffic flow.
In the proposed mechanism, the training set will have the pairs shown in equation (10), provided by table 2.
(10)
The problem which we are facing is the identification of normal or malicious traffic flows. As we know, malicious traffic flows will be used to conduct energy exhaustion attack against sensor node(s). This kind of computation requires three-layer ANN. In which
13
Input layer consists of six neurons which represents normal, low intensity and high intensity attack. It also represents active, idle and sleep mode.
A hidden layer of four neurons.
An output layer of two neurons.
We assigned different weights to different conditions given in Table 4. It represents assigned values to different conditions and modes. In normal conditions, the energy consumption would be normal, which is represented as “X”. In low intensity battery exhaustion attack, the energy consumption will be more as compared to normal condition consumption, which is represented as “Y”, where Y > X. Energy consumption in case of high intensity attack is represented as “Z” where Z >Y, which means that energy consumption in case of high intensity attack is greater as compared to energy consumption in low intensity attack.
Table 4. Different values for different conditions Condition
Active
Idle
Sleep
Normal
Value
2
1
0.5
X
Low intensity attack Y
The proposed ANN architecture is shown in figure 7.
Input
Hidden Output
1
1
2 2
Normal
3 Abnormal
6 4 Figure 7. The proposed architecture with its layers
The proposed mechanism in its training phase observe many important features such as
High intensity attack Z
14
The amount of time a node remains in active, idle or sleep mode
Energy consumption in active, idle and sleep mode
Neighbor nodes transmission pattern and energy consumption for neighbor(s) data forwarding.
The training phase has a length of several days (depending of the accuracy of the system).
The proposed mechanism takes as input the mode (active, idle and sleep) as well as the energy consumption in a specific interval of time. The captured weights are multiplied and processed in the hidden layer. The two possible outputs are “normal” or “abnormal”. Where abnormal means that energy exhaustion attack is going on against node(s). The working mechanism of the proposed model is shown in Figure 8.
Input layer
Hidden layer
Active mode
2
Idle mode
1
Sleep mode
0.5
Normal Energy Consumption More energy consumption High energy consumption
X
Output layer
End No
Attack Compute for attack
Y Z
Error? No attack
Yes Back propagation to adjust weight
Figure 8. Working mechanism of the proposed model
We are using simple databases as given in table 2 and table 4. The values in databases are taken after some time interval in the form of binary format and are feed to input layer. For simplicity purposes, we are using character values such as the ones shown in figure 8.
In order to verify our system, we will consider two scenarios and see what the result in both cases is. In both scenarios we use a network of 20 nodes in a cluster of two hop neighbors. We assume that cluster formation and cluster head selection has been performed according to [34, 47]. -
In the first scenario, we assume a node in active mode with normal energy consumption. In its training phase, ANN has learned the normal energy consumption of active mode sensor node with respect of fixed interval of time. Input layer forwards weights of “2” (for active mode) and “X” (for normal energy consumption learned during training phase) to hidden layer. Hidden layer computes the weights (2xX) and classifies it as normal (no attack).
15 -
In the second scenario, we assume a node in active mode and it is under a severe energy exhaustion attack with high energy consumption. Input layer forwards weights of “2” (for active mode) and “Z” (for high energy consumption learned during training phase) to hidden layer. Hidden layer computes the weights (2xZ) and classified it as attack. This information is forwarded to other neurons as well so that to inform the malicious activities of particular node.
5. System model behavior test We are considering flooding attack against sensor node(s) in order to drain the limited energy resources. Flooding [3, 48] is a kind of attack in which compromised node(s) generates and forwards large number of routing packets either directly to target node(s) (if one hop away) or through other innocent intermediate sensor node(s) (if two or more than two hops away). The target sensor node(s) would receive and transmit such huge number of unnecessary packets, which will result in battery power exhaustion. In this section, many results are obtained using NS-2 to see energy consumption in normal and malicious traffic flows. Simulation parameters are given in Table 5. The topology for normal and malicious traffic flow is given in Figure 9.
5
5
3 4 2
1
3 4 2
(a) Normal
1
(b) Malicious
Figure 9. Network topology for normal and malicious traffic flow Table 5. Simulation parameters Parameter Number of nodes Simulation area Simulation time Normal Packet size Malicious packet size MAC protocol Radio range
Normal traffic transmission is shown in Figure 10.
Value 20 400m x 600m Scenario dependent 256 bytes 512 bytes CSMA/CA (used in IEEE 802.11b) 20m
16
400
Node 1
Node 2
Node 3
Node 4
360 320
Packets
280
240 200 160 120 80 40 0
0
30
60
90
120
150
180
210
240
270
300
Time (sec)
. Figure 10. Normal traffic flow In figure 10, the transmission pattern of node 1, node 2 and node 3 is approximately the same. However node 4 is sending and receiving (relaying) more traffic. The reason is that node 4 is located in the center so it receives and transmits more data as compared to other nodes. The energy consumption of node 1, node 2, node 3 and node 4 in the presence of normal traffic flow is given in Figure 11.
100
Node 1
Node 2
Node 3
Node 4
90
Energy (mA)
80 70
60 50 40 30 20 10 0
0
30
60
90
120
150
180
210
240
270
300
Time (sec)
Figure 11. Energy consumption in normal traffic flow
In flooding attacks, malicious transmission greatly increased, which also resulted in an increased transmission of other intermediate nodes as shown in figure 12.
Packets
17
1200 1100 1000 900 800 700 600 500 400 300 200 100 0
Node 1
0
30
Node 2
60
90
Node 3
120
150
180
Node 4
210
240
270
300
Time (sec)
Figure 12. Malicious traffic flow
In figure 12, node 1 is malicious and is flooding the network with huge number of packets so that to exhaust energy resources of other nodes. In this scenario, node 3 and node 4 are also greatly affected by the flooding of node 1, as node 3 and node 4 are under direct attack. Node 3 and node 4 are receiving packets from node 1 and forwarding to the target node, as both nodes are intermediate nodes between sender (malicious node 1) and destination (node 5). However, node 2 is least affected by this flooding, as node 2 is neither intermediate nor under direct flooding attack. Network layer flooding attacks greatly increase energy consumption of sensor nodes as shown in Figure 13.
100
Node 1
Node 2
Node 3
Node 4
90
Energy (mA)
80 70
60 50 40 30 20 10 0
0
30
60
90
120
150
180
210
240
Time (sec)
Figure 13. Energy consumption in malicious traffic flow
270
300
18
6. System performance evaluation
We conducted simulations using NS-2 with same parameters as used in section 5. Our simulation is based on cluster based WSN having 20 nodes and one cluster head. The area of simulation is 400m x 600m. The network topology is given in Figure 14.
CH
Figure 14. Network topology
We implemented network layer flooding attack against wireless sensor node(s) to observe the energy consumption and performance analysis of our detection mechanism. ANN mechanism first learns about the normal and abnormal events using training phase as given in figure 15.
60
Errors
40
20
0
0
2
4
6 Time (days)
Figure 15. Learning phase of proposed mechanism
8
10
19
Figure 15 represents the number of errors over time. The errors are reduced to almost zero at the end of day 10. In learning phase, ANN observes the environment and different parameters for learning purpose. As time goes on, the error rate decreases and the understanding of different scenarios increase. The detection rates of different energy exhaustion attacks are given in Figure 16. In is clear from figure 16 that our proposed mechanism has almost 98% detection rate of flooding attacks. The reason is that, in training phase, most of the focus was given to handle energy exhaustion attack in the form of flooding, as it is more severe nature of attack as compared to others. We conducted 100 tests to accurately determine detection percentage of various flooding attacks. The proposed mechanism has shown 95% detection of energy exhaustion attack in the form of routing loop. Although less attention is given to this attack in training phase, because as this attack exists on network layer, our proposed mechanism has shown good performance to detect it. The detection rate of medium access, using fake channel request, is quite low (only 55%). The reason for this low detection is that, fake channel requests to medium access is basically data link layer attack, and the proposed mechanism need more enhancement and training to detect it accurately.
100
Detection rate (%)
80
60 40
Flooding Routing loop
20
Channel requests 0
0
20
40
60
80
100
Time
Figure 16. Detection rate of different battery exhaustion attacks
A perfect attack detection mechanism is capable to identify an attack with 100% accuracy. However, it is not possible in real cases. In practice, all detection mechanisms have some sort of false positive or false negative cases. False positive is a condition in which the detection mechanism classifies a normal event as an attack. The false positive rates of the proposed mechanism are presented in figure 17. The proposed mechanism has lowest false positive rate (only 2% for flooding attacks). Initially the false positive rate of routing loop attack is 20%. However, as soon as the system becomes stable, the false positive rate is dropped to only 5%. Again, high false positive rate (45%) is observed in case of flooding of fake channel requests attack.
20
100
Flooding
Routing loop
Channel requests
False positive (%)
80
60 40 20 0
0
20
40
60
80
100
Time
Figure 17. False positive rates of different battery exhaustion attacks.
The detection and the false positive rates are given in table 6.
Table 6. Detection and false positive rates
Flooding Routing loop Channel request
Detection rate (%) 98 95 55
False positive rate (%) 02 05 45
7. Conclusion Energy harvesting is a technique which is used to increase the lifetime of sensor nodes. However, there are varieties of energy exhaustion attacks which are used to reduce the lifetime of sensor nodes. In the presence of such attacks, energy harvesting mechanisms cannot create great difference. In this paper, we presented in detail a secure mechanism to detect energy exhaustion attacks. Our mechanism is appropriate in cluster based WSN and it is based on an artificial neural network. The proposed scheme is especially trained to detect flooding attacks which are more severe in nature and is capable to drain the energy of sensor nodes quickly. Many experiments are conducted to check the performance efficiency of the proposed mechanism. A detection rate of 98% is observed in case of flooding attacks. The detection rate of 95% is observed in case of routing loop attacks. However, low detection rate (only 55%) is observed in case of data link layer attack. Our future work is to enable the proposed mechanism to detect data link layer flooding attacks as well as other type of attacks for WSNs in order to study their impact on the network when our system is running [35, 49]. To detect both network layer
21 flooding and data link layer flooding, there is a need of cross layer design. This kind of enhancement needs more training, improved data sets and trust management [50, 51]. We are going to develop this system in other wireless sensor network structures such as group-based wireless sensor networks [52].
8. Acknowledgement The authors extend their appreciation to the Research Centre, College of Applied Medical Sciences and the Deanship of Scientific Research at King Saud University for funding this research.
References [1] Michael Segal, Improving lifetime of wireless sensor networks, Network Protocols and Algorithms, Vol. 1, No 2. Pp. 48-60. (2009).
[2] Ahlam Hashim Mohsin, Kamalrulnizam Abu Bakar, Adebanjo Adekiigbe, kayhan zrar ghafoor, A Survey of Energyaware Routing protocols in Mobile Ad-hoc Networks: Trends and Challenges, Network Protocols and Algorithms, Vol. 4, No 2. Pp. 82-107. (2012)
[3] Khan, S., Mast, N., Loo, J. (2009). Denial of service attacks and mitigation techniques in IEEE 802.11 Wireless mesh networks. Information: an International Interdisciplinary Journal. 12. 1-8.
[4] Martin, T., Hsiao, M., Ha, D., Krishnaswami, J. (2004) Denial of-service attacks on battery-powered mobile computers. In Proceedings of Second IEEE International Conference on Pervasive Computing and Communications, , Orlando, FL, USA, March 2004. pp. 309-318
[5] Yoon, Y.J., Lee, K.H., Hong, C.S. (2008) Detecting the compromised node in PDoS attack on WSNs. Proceedings of Korea Institute of Information Scientists and Engineers Fall Conference. Gangwon-do, Korea.
[6] Song, J. (2010). Research on a Denial of Service (DoS) Detection System Based on Global Interdependent Behaviors in a Sensor Network Environment. Sensor. 10. 10376-10386.
[7] Kulakov, A., Davcev, D. ; Stojanov, G., Learning patterns in wireless sensor networks based on wavelet neural networks, 11th International Conference on Parallel and Distributed Systems (ICPADS 2005), 20-22 July 2005, Fuduoka, Japan. Pp. 373 – 377.
22 [8] Kulakov, A., Davcev, D., Tracking of unusual events in wireless sensor networks based on artificial neural-networks algorithms, International Conference on Information Technology: Coding and Computing (ITCC 2005), Las Vegas, NV. 4-6 April 2005. Pp. 534-539. [9] Gershenson, C. (2012). Artificial Neural Networks for Beginners”, A package of Sussex University, UK. Retrieved date, Sept. 20, 2012 from http://arxiv.org/ftp/cs/papers/0308/0308031.pdf.
[10] Chalasani, S., Conrad, J. (2008). A survey of energy harvesting sources for embedded systems. IEEE Conference of Southeastcon. Southeastern USA.
[11] Atwood, B., Warneke, B., Pister, K. (2001). Smart Dust mote forerunners. Proceedings of 14th Annual International Conference on Microelectromechanical Sytsems. Miyazaki.
[12] Park, G., Farrar, C., Todd, M., Hodgkiss, W., Rosing, T. (2007). Energy Harvesting for Structural Health Monitoring Sensor Networks. Technical Report, Los Alamos National Laboratories, LA.
[13] Mateu, L., Moll, F. (2005). Review of Energy Harvesting Techniques and Applications for Microelectronics. Proceedings of the SPIE Microtechnologies for the New Millennium. Sevilla, Spain.
[14] Buennemeyer, T., Gora, M., Marchany, R., Tront, J.G. (2007). Battery Exhaustion Attack Detection with Small Handheld Mobile Computers. IEEE International Conference on Portable Information Devices, PORTABLE07, Orlando, Florida, USA.
[15] Buennemeyer, K, T. (2007). Battery-Sensing Intrusion Protection for Wireless Handheld Computers using a Dynamic Threshold Calculation Algorithm for Attack Detection. Proceedings of the 40th Hawaii International Conference on System Sciences. Waikoloa, Big Island, HI, USA.
[16] Zhao, J., Nygard, K. (2011). A Two-Phase Security Algorithm for Hierarchical Sensor Networks. Third International Conference on Future Computational Technologies and Applications, Future Computing. Rome, Italy.
[17] Bhattasali, T., Chaki, R., Sanyal, S. (2012). Sleep Deprivation Attack Detection in Wireless Sensor Network. International Journal of Computer Applications. 4. 19-25.
[18] Khouzani, M., Sarkar, S. (2011). Maximum Damage Battery Depletion Attack in Mobile Sensor Networks. IEEE Transactions on Automatic Control. 56. 2358-2368.
23 [19] Pirretti, M. (2006). The Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense. International Journal of Distributed Sensor Networks. 2. 267-287.
[20] Moradi, M.; and Zulkernine, M. (2004). A neural network based system for intrusion detection and classification of attacks. IEEE International Conference on Advances in Intelligent Systems - Theory and Applications, LuxembourgKirchberg, Luxembourg.
[21] Khaled, M. Noaman, G., Jalab, H.A. (2005). Data security based on neural networks. TASK Quarterly. 9. 409–414.
[22] Ryan, J., Lin, M., and Miikkulainen, R. (1997). Intrusion Detection with Neural Networks. AI Approaches to Fraud Detection and Risk Management: Papers from the 1997 AAAI Workshop (Providence, Rhode Island), pp. 72-79. Menlo Park, CA: AAAI.
[23] Singh, M. (2009). Password based a generalized robust security system design using neural network. IJCSI International Journal of Computer Science Issues. 4. 1-9.
[24] Cannady, J. (1998) Artificial neural networks for misuse detection. Proceedings of the 1998 National Information Systems Security Conference (NISSC). Arlington, VA.
[25] Kulkarni, V., Mujawar, S., Apte, S. (2010). Hash function implementation using artificial neural network. International Journal on Soft Computing ( IJSC ). 1. 1-8.
[26] Aggoune, M., El-Sharkawi, M., Park, D., Damborg, M., Marks, R. (1991). Preliminary results on using artificial neural networks for security assessment. IEEE Transactions on Power Systems. 6. 890-896.
[27] Shihab, K. (2006). A Backpropagation Neural Network for Computer Network Security. Journal of Computer Science. 2. 710-715.
[28] Halawani, S., Khan, A. (2010). Sensors Lifetime Enhancement Techniques in Wireless Sensor Networks - A Survey. Journal of computing. 2. 34-47.
[29] Sandra Sendra, Jaime Lloret, Miguel Garcia and Jose F. Toledo, Power saving and energy optimization techniques for Wireless Sensor Networks, Journal of Communications, Vol. 6, Issue 6, Pp. 439-459. August 2011. doi:10.4304/jcm.6.6.439-459.
[30] Kansal, A., Hsu, J., Zahedi, S., Srivastava, M. (2007). Power Management in Energy Harvesting Sensor Networks. ACM Transactions on Embedded Computing Systems (TECS). 6. 1-35.
24 [31] Jaime Lloret, Sandra Sendra, Hugo Coll, Miguel Garcia, Saving Energy in Wireless Local Area Sensor Networks, The Computer Journal, Vol. 53, Issue 10, Pp. 1658-1673, December 2009. DOI: 10.1093/comjnl/bxp112.
[32] Chan, H., Perrig, A. (2003). Security and Privacy in Sensor Networks. Computer. 36. 103-105.
[33] Pathan, S. (2010). Advances in Communications and Media Research (1). Nova Science Publishers.
[34] Heinzelman, W., Chandrakasan, A., Balakrishnan, H. (2000). Energy-Efficient Communication Protocols for Wireless Microsensor Networks. Proceedings of Hawaiian International Conference on Systems Science. Maui, Hawaii.
[35] Kansal A, Hsu J, Zahedi S, Srivastava MB. (2007) Power management in energy harvesting sensor networks. ACM Transactions on Embedded Computing Systems, Vol. 6, No. 4, pp.1–35.
[36] Maheswar, R., Jayaparvathy, R. (2011). Optimal Power Control Technique for a Wireless Sensor Node: A New Approach. International Journal of Computer and Electrical Engineering. 3. 37-41.
[37] Hai-Ying Zhou, Dan-Yan Luo, Yan Gao, De-Cheng Zuo, Modeling of Node Energy Consumption for Wireless Sensor Networks, Wireless Sensor Network, 2011, 3, 18-23, doi:10.4236/wsn.2011.31003.
[38] Chung, Yun Won; Hwang, Ho Young. 2010. "Modeling and Analysis of Energy Conservation Scheme Based on Duty Cycling in Wireless Ad Hoc Sensor Network." Sensors, 10, no. 6: 5569-5589.
[39] Joseph Polastre, Jason Hill, David Culler, Versatile Low Power Media Access for Wireless Sensor Networks, SenSys’04, November 3–5, 2004, Baltimore, Maryland, USA.
[40] M. N. Halgamuge, M. Zukerman, and K. Ramamohanarao, H. L. Vu, An Estimation of Sensor Energy Consumption, Progress In Electromagnetics Research B, Vol.12, 259–295, 2009.
[41] Manikanden Balakrishnan, Eric E. Johnson and Hong Huang, TEAN-Sleep for Distributed Sensor Networks: Introduction and α-Metrics Analysis. IEEE Military Communications Conference, 2007 (MILCOM 2007). 29-31 October 2007. Orlando, FL, USA.
[42] Matthew J. Miller and Nitin H. Vaidya, Minimizing Energy Consumption in Sensor Networks Using a Wakeup Radio, IEEE Wireless Communications and Networking Conference (WCNC 2004), 21-25 March 2004. Atlanta, GA, USA.
25 [43] María Gabriela Calle Torres, Energy Consumption In Wireless Sensor Networks Using GSP, University of Pittsburgh, Master of Science in Telecommunications, April, 2006.
[44] Vivek Rai and Rabi N. Mahapatra, Lifetime Modeling of a Sensor Network, Proceedings of the conference on Design, Automation and Test in Europe - Volume 1 (DATE '05), 7-11 March 2005, Munich, Germany. Pp. 202 – 203. Doi: 10.1109/DATE.2005.196.
[45] A basic introduction to neural networks. Date retrieved Sept 10, 2012, from http://pages.cs.wisc.edu/~bolo/shipyard/neural/local.html.
[46] Abraham, A. (2005). Artificial neural networks, Handbook of Measuring System Design. Publisher, John Wiley & Sons.
[47] Hussaini, M., Bello-Salau, H., Salami, A., Anwar, F., Abdalla, A., Islam, M. (2012). Enhanced Clustering Routing Protocol for Power-Efficient Gathering in Wireless Sensor Network. International Journal of Communication Networks and Information Security (IJCNIS). 4. 18-28.
[48] Popescu, A., Tudorache, G., Peng, B., Kemp, A. (2012). Surveying Position Based Routing Protocols for Wireless Sensor and Ad-hoc Networks. International Journal of Communication Networks and Information Security (IJCNIS). 4. 41-67.
[49] Kuncha Sahadevaiah, Prasad Reddy P.V.G.D., Impact of Security Attacks on a New Security Protocol for Mobile Ad Hoc Networks, Network Protocols and Algorithms, Vol. 3, No 4. Pp. 122-140. (2011). [50] X. Li, Z. Li, M. Stojmenovic, V. Narasimhan, A. Nayak, “Autoregressive Trust Management in Wireless Ad Hoc Networks”, Ad hoc and Sensor Wireless Networks (AHSWN), Vol. 16, No. 1-3, pp. 229-242, 2012. [51] L. Xie, G. Wei, “Asymmetric Analytical Model for MAC Layer in Unsaturated Wireless Ad Hoc Networks”, Ad hoc and Sensor Wireless Networks (AHSWN), Vol. 14, No. 3-4, pp. 315-329, 2012
[52] Lloret, M Garcia, J Tomás, F Boronat, GBP-WAHSN: a group-based protocol for large wireless ad hoc and sensor networks, Journal of Computer Science and Technology 23 (3), 461-480
