The document discusses a machine learning-based technique for detecting wormhole attacks in wireless sensor networks. It proposes using a multipoint relay-based Watchdog monitoring and prevention protocol. The technique will use a dynamic threshold to detect wormhole attacker nodes. Then, clustering and Watchdog-based optimistic path selection will be used to communicate packets and reduce packet dropping, improving the network's performance. The approach aims to address limitations of existing Watchdog techniques, such as not being able to distinguish collisions from attacks. It incorporates a cooperative cross-layer monitoring framework to handle falsely reported attacks.
Machine Learning Based Watchdog Protocol for Wormhole Attack Detection in Wireless Sensor Networks
1. MACHINE LEARNING BASED WATCHDOG PROTOCOL FOR WORMHOLE
ATTACK DETECTION IN WIRELESS SENSOR NETWORKS
1
Er.Harpal, 2
Dr.Gaurav Tejpal and 3
Dr.Sonal Sharma
1
Research scholar, 2
Professor and 3
Assistant Professor
1,2
Shri Venkateshwara, University, Gajraula, India.
3
Uttaranchal University, Dehradun, India.
1
Paras.harpal@gmail.com, 2
Gaurav_tejpal@rediffmail.com, 3
Sonal_horizon@rediffmail.com
Abstract: The wormhole attack in Wireless sensor networks (WSNs) decreases the network performance by
dropping the No. of Packets. Many techniques have been proposed to so far reduce the impact of the
wormhole attack by detecting and preventing it. But, related work indicates that no technique is perfect for
every kind of circumstances of WSNs. Among the existing techniques, Watchdog technique has better
performance in preventing the wormhole attack. It utilizes the local knowledge of the next hop node and
eavesdrops it. If it gets that spending time of the Packet is more than the given threshold, then it characterizes
that node as wormhole attacker. However, this method has several shortcomings that it does not track the link
transmission errors, which may be because of congestion in WSNs and also it not offers high mobility for
maximum No. of nodes, which eventually decreases the WSNs performance. In order to handle this issue, a
new multipoint relay based Watchdog monitoring and prevention technique is proposed in this paper. The
proposed technique utilizes the dynamic threshold value to detect the wormhole attacker node, and then
clustering and the Watchdog based optimistic path is selected for communicating the Packets. Thus, it reduces
the overall Packet dropping, which improves the performance of the WSNs.
Index Terms: BLACKHOLE, WIRELESS SENSOR NETWORKs, WATCHDOG, MULTIPOINT RELAYS.
1. Introduction
Wireless Sensor Networks (WSNs) can be characterize as a self-arranged alongside communications less
wireless networks to observe objective or natural situation such while temperature, noise, vibration pressure,
movement otherwise poison toward considerately stretch out beyond their information during network to a
noteworthy position or sink wherever the data be capable of an exploratory and investigate. A sink and support
area execute as crossing point amongst user and networks. A sensor network is accumulation of an enormous
measure of sensor nodes, which be firmly send in addition inside the event or close to it. A sensor node
consume vitality albeit gather, processing transmit and getting information sensor nodes are small scale
electro-mechanical systems (MEMS) that extend a quantifiable an impact to a typical change in various frame
similar to hotness with strain[9]. In WSNs, the real task of a sensor node is toward intellect the information
along with send it toward base position in multi-hop situation for which routing way is crucial.
Figure 1: wireless sensor network
1.1 Component of wireless sensor networks-
The important components of wireless sensor network are discussed below:
Sensor Node: Sensor nodes are electronic devices composed of battery, DAC, actuators processing and
communication unit. This is the key element of sensor network which perform multiple tasks like sensing, data
storage, communication and data processing.
Internet &
Satellite
Task
Manager
Nodes
Sin
k
User
Sensor
Field
Sensor nodes
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
54 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
2. Clusters: Large sensor network is partitioned into smaller groups of nodes to make energy efficient and better
communication. These small organizational units are called cluster.
Cluster Heads: In each cluster, there is one group head which perform assignment of information
conglomeration and choose agenda of correspondence.
Base Station: The base position is on higher stage of various leveled WSNs. It gives correspondence
association flanked by sensor network as well as end-customer.
End User: The information within sensor system is used on behalf of an extensive assortment uses. In this
way, a specific request might be utilize of system data over the web, using a PDA, or even a desktop PC.
Within a queried sensor network (wherever the requisite information is gather as of a request send during the
system). The request is completed through the ending customer.
The necessity for more effective security mechanisms for WSNs is increasing due to its dynamic
nature and continues growth in various fields. WSNs are organized in the unfavorable environments. Different
nodes in the WSNs have an unreliable communication medium which makes it tough to deploy security
mechanism [5]. Therefore, security of different nodes in WSNs is a great challenge against various attacks. A
variety of attacks are possible in WSNs s including jamming, collision, wormhole, flooding, wormhole,
sinkhole, selective Packet drop, Sybil, cloning, denial-of-service, tampering etc. The Wormhole attack is the
most hazardous attack on WSNs [6].
The wormhole launches an attack by constructing a tunnel between one or more pairs of malicious
nodes, as shown in Fig.1. Since there are no differences between malicious nodes and sensing nodes in the
behaviors of mobility and communication, nodes within the wormhole transmission range will receive the
information about neighbors from another wormhole through the tunnel which is wireless or physical.
Therefore, those nodes which are affected by the wormhole attack will rout in the error path; this may cause
rapid battery consumption of nodes and unstable topology. To date, several wormhole attack detection methods
have been proposed, such as improving the routing protocol or additional hardware. However, there are still
some shortcomings to these approaches. This paper proposes a novel method to detect wormhole attacks with a
well-known indicator common to the financial field called MA. The MA indicator utilizes the time series of
price changes to decide on a transaction. The phenomenon of time series information changes corresponds to
the change of the neighbor nodes in a WSN. However, it is a time-consuming and high-cost project, requiring
that various combinations of the MA period be exhaustively examined. As a result, this study uses Quantum-
inspired Tabu Search (QTS) algorithm [10]-[16] to search for the best combination of MA periods in each
scenario in order to enhance the wormhole detection rate and performance.
2. Related Works
Bhattasali and Chaki (2011) presented the cluster-based ID approach for heterogeneous wireless
networks environment. The topology maintenance and an adequate number of nodes participation enhanced the
WSN performance on alternate duty cycle and sleep cycle. Cryptographic schemes illustrated in traditional
research studies provide the necessary solution to the spoofing attacks with higher overhead. Bhattasali and
Chaki (2012) discussed the absorbing Markov chain (AMC) that considered the death time of the node under
the normal activity for DoS attacks prediction. The recharge and replacement of battery nodes were the
difficult tasks and that are regarded as the major reasons for the increase of DoS attacks. The low-power sensor
node operation caused the immediate death of nodes and sleep deprivation that affected the network lifetime.
Bhattasali, Chaki, and Sanyal (2012) considered the distributive collaborative mechanism for DoS attack
prevention and minimised false reduction probability. The major constraints to achieving the secure data
transmission in the sensor network were limited computations and resources. The constraints in the sensor
network for security achievement were limited computations and resources. Butun, Morgera, and Sankar
(2014) presented the survey reports for conventional IDS methods. The information regarding the intrusions,
IDS evolution, IDS applicability to WSN was presented that provided the future research directions for
improvement. The secure transmission against the new attacks was the challenging issue in traditional ID
schemes. Chen, Trappe, and Cheng (2013) utilised the spatial information with the physical property that is
not relied on cryptography to reduce the overhead. The spatial correlation is depends upon the measure of
received signal strength (RSS). They formulated the attacks detection as multi-class detection via behaviour
monitoring process. During the monitoring process, the status of packet delivery (acknowledgment or non-
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
55 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
3. acknowledgement) constitutes the new attacks called stealthy attacks. Choi, Kim, Lee, and Jung (2008)
developed the wormhole attack prevention mechanism that detected the fake route and adopted the measures
for wormhole action. The exploration of diverse locational information of sensors under collaborative spectrum
sensing (CSS) was largely affected by the falsification attacks. Conti, Pietro, Mancini, and Mei (2011)
analysed the properties of distributed mechanism and proposed the RED protocol. The infection propagation
rate and the cost were high in RED implementation. Chen, Hsieh, and Huang (2010) discussed the isolation
table approach for ID that reduced the transmission overhead compared to routing table-based IDS.
Dhurandher, Woungang, Gupta, and Bhargava (2012) proposed the energy efficient scheme (E2SIW) to
predict the wormhole attack in its routing path and changed the routing path. They showed that the E2SIW-
based wormholes detection reduces the overhead and energy effectively. But, the collision problem was the
challenging issue in E2SIW. Duan, Min, Huang, and Shin (2012) proposed the direct /indirect punishments-
based attack prevention mechanism for collision identification. The secondary users follow the decision
regarding the collision made by the fusion centre. The wormhole attacks caused the severe security threat in
the multi-hop wireless network. Fadlullah, Nishiyama, Kato, and Fouda (2013) described the cognitive radio
network (CRN)-based IEEE wireless networks that utilised the cumulative sum for abnormal behaviour
detection.
This paper is organized as: In section 2, the proposed wormhole monitoring technique is discussed. In
section 3, wormhole attack detection for different network layers is discussed. The Simulation results of
proposed technique using the MATLAB 2013a simulator are discussed in section 4. The comparisons of the
proposed technique with available state of the art techniques are provided in section 5. In the last section
conclusion and future directions are also demonstrated.
3. Problem Statement
From the designed systems, the actual WSN AODV standard technique is adopted from [5]. The clustering
based process is utilized in accordance with the good service quality, in which every single node elects by itself
along with the nodes in their transmission range. On deciding upon cluster head, it is responsible to monitor the
No. of multipoint relays (MPRs). It determines the actual cost for every ith node by the following,
,………….. (1)
Where is actually the remainder of the mileage to get out of this path i.e. may be the 1-hop neighbor
nodes in the similar route, Thus, the typical quickness from the ith node.
In comparison to [5] it is considered that the nodes for election simply for elected CHs of which
discuss its going direction. As soon as the attached CHs usually are determined, exactly same solution is
utilized in [5] to find the MPRs. As said before, wormhole strike reasons package lower throughout the vast
majority of the navigation techniques. From the put into practice method, them goals MPR nodes, creating a
considerable effect on multi-level connectivity.[26] For example, it is assumed that about 10% from the MPRs
being malicious. It is remarked that there were totally associated clustering with the direction-finding view
prior to assault took place, and everything the particular nodes can talk collectively easily. Nevertheless, the
moment vicious nodes are available; the particular amount of shut off groupings retains escalating provided
that quantity of nodes increases. This can be just because which, if circle grows more packed, the particular
nodes grow to be nearer together plus associated by means of additional MPRs. For that reason, the quantity of
opponents will increase, which degrades the particular circle connectivity. This particular occasion illustrates
the necessity to establish a discovery process that may diagnose arsenic intoxication vicious vehicles.
Watchdog based mostly techniques usually are put in place inside related work [17].
The fact is that this kind of tracking tactics has got 2 key drawbacks. Very first, they cannot separate
whether or not some sort of small fortune falling function is a result of several vicious assaults or merely legit
causes, like small fortune collision. The 2nd challenge takes place if Watchdogs have got troubles, although
hearing panic or anxiety attack, as well as accuses simple nodes to generally be misbehaving. To handle these
issues, multipoint relay based Watchdog monitoring and prevention technique is proposed in this paper. The
proposed technique will utilize the dynamic threshold value to detect the wormhole attacker node, and then
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
56 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
4. clustering and then Watchdog based optimistic path will be selected for communicating the Packets. Thus, it
reduces the overall Packet dropping, which improves the performance of the WSNs.
In an effort to address the impact of the wormhole attack in WSNs, it demands to enhance the
performance of the well-known Watchdog monitoring scheme in tackling the collision problem while
monitoring [24]. It should be noted that our main threat model assumes malicious behavior from the MPR
nodes during a Packet exchange among several nodes in the network. The classical Watchdog technique fails
to differentiate between collisions and attacks. A remedy to this problem is the use of CL-layering, where
different monitoring nodes from different layers cooperates to enhance the performance of the single
monitoring scheme. Thanks to the cooperative and Cross Layer (CL)-layering features, any falsely reported
attacks can be handled. [20]In this work, our main focus is to propose the cooperative CL layer monitoring
framework, where the Watchdogs are selected randomly. Finally, attacks prior to Packet transmission
specifically during broadcast transmissions can be detected utilizing the Watchdog without the need to adopt
any CL layering schemes as proposed in [17].
4. Machine learning based attach wormhole attack detection
Excessive and also continual exercises of nodes around WSNs are known as a life-threatening concern that will
deteriorate every discovery approach that has to be applied. As a result, supportive mix stratum design is
usually suggested within the recent surveys [19] to help in resolving the following issue. The leading target
associated with a mix stratum design will be to leverage the details concerning sheets, therefore, increase the
system discovery performance. In it, all found these quantities discovery methods as well as procedures,
beginning together with the actual physical stratum discovery, then a MAC stratum discovery approach, as
well as the system layer [27]. From then on, these amounts, mix stratum discovery systems will be proposed.
Exclusively, likely to data alternate concerning: This specific alarm is just like the very first stratum associated
with safeguards in the suggested plans. The place that the Watchdog computer monitors this radio node within
the real levels prior to the idea establishes calling decrease this sign as well as ahead the idea towards the upper
tiers additional diagnosis. This technique makes it possible for xi represents this sign concept routed in the ith
legit end user inside the network. In that case, on the Watchdog, this intercepted got sign backup, can offer a
pair of feasible hypotheses, shown as
……………… (2)
Where is usually additive white Gaussian noise vector (AWGN) together with actually
zero suggest as well as difference every dimension. A null hypothesis, , symbolize the chance that this
gotten indicate is distributed through a burglar, while the choice hypothesis, , symbolizes the chance that
this gotten indicate can be so legit because it's increased with a multiplied by a corresponding signature key .
Within these kinds of system, the likelihood on the gotten indicate programmed upon each and every theory is
usually published while
………….. (3)
…………….. (4)
As a result, by making use of the absolute maximum log-likelihood examination, the detector
identifies some sort of an acquired signal that legitimate, when i.e. when
………………….. (5)
By applying the log theorems, then mathematical formulas, then get
2yixi (1 −δi) + x2i (δ2i −1) H1 H0 0 ………………... (6)
………………… (7)
Which results in the following decision threshold
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
57 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
5. ……………….. (8)
Most Watchdog keeping track of nodes overhear and also checkups the information alternate
developing within their television broadcasting variety, where the signature keys mi=1 are stored in
their buffers. In the event the gotten transmission had been understood for being out of a burglar, then a
Watchdog would certainly decline the actual Packet. Alternatively, in case the actual physical level detector
recognized, since legit, then a gotten sales Packet is usually parsed to MAC plus circle sheets for more
monitoring [23]. Observe right here of which, out of an operating standpoint, it is possibly endure extra miss-
monitoring activities as compared to bogus security activities; Due to characteristics of consist of discovery
process, if the intruding sales Packet had not been discovered through the actual physical level alarm, the idea
would certainly move directly into various other reviewing methods, as opposed to when a real sales Packet
had been known as a break-in erroneously, subsequently it could be dropped. Consequently, it is very
important to characterize the actual miss out on discovery plus bogus security probabilities of consist of alarm,
in order that the computer artist for making educated selections of the option of , determined by a numeral of
predefined fake-alarm or may be miss-monitoring possibility.
Therefore, possibility of fake alarm is knowing a thief as legitimate, can be calculated as where after
some mathematical manipulations, it is arriving at
………………… (9)
……………………… (10)
Where after some mathematical manipulations, it is arriving at
…………. (11)
Where is the standard Q -function, defined as Therefore, it could
define the structure of problem, while selecting some δi to satisfy a target false alarm threshold, such that
…………… (12)
As the selected threshold, it can compute the resultant possibility of monitoring, , as shown
………… (13)
…………. (14)
Which results in
………… (15)
So, in these shows the noises with the shifting method come with a dramatic going downhill effect.
procedure 1 represents the realistic pattern of the proposed physical layer based detector. Where it is
assuming that all the nodes at the same transmission range to be neighbours, and all neighbours are being
monitored.
Procedure 1: Machine learning based wormhole attack detection procedure.
Input:
Consider k_no be the amount of destructive nodes
Let Ś be the th value resulting earlier
Consider X be the neighbors
Consider k be the amount of observing nodes
Consider route should route from the sender to the receiver
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
58 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
6. Consider be the established indicator
Output:
Consider be the physical layer monitoring No.
Consider monitoring_% be the monitoring rate of the physical layer level observing
procedure:
for to k_no do
for I=1 to kX do
if X(L_no(a),kX(I)) = 1 then
for l=1 to size(path) do
if path(P) = m_no(I) then
if p ≤ then
ph_d = ph_d + 1
}} } } } }
monitoring_% = ph_d× kX × 1 k_no ................... (16)
5. Performance Analysis
In order to assess the efficiency and competence of the proposed technique, i.e. proposed technique and other
some well-known wormhole monitoring techniques, MATLAB based simulation is done for WSNs coding
organizations and run wormhole monitoring and prevention techniques. The existing and proposed wormhole
monitoring techniques are implemented on a Windows (2.4 GHz Intel i7 processor with 4 GB RAM and 1 TB
memory). The parameters used for simulation are shown in Table 1.
Table 1: Simulation parameters
Parameter Value
Simulator used MATLAB 2013a
Simulation duration 4000 seconds
Area (meter) 100X100
No. of nodes 200
Communication technique OLSR
Channel type Wireless
Packet size 4000 bytes
Mobility model Two ray ground propagation models
This section represents the comparison between some well-known wormhole attack detection techniques with
the proposed technique. The throughput is taken as primary quality metric for comparison. It represents that
how many packets are successfully delivered within a given time. End-to-end delay is the mean time taken by a
data Packet to travel from source node to the destination node [22]. This average time includes any type of
delay due to route discovery process along with a queue in data Packet transmission. In this, only those Packets
are included which are successfully transferred to the destination node. This is calculated as:
ᵟ= ………….. (22)
Where Arrive Time, end Time, and of Connections.
The lesser value of the end to end delay is an indicator of the better performance of the technique. Figure 8
shows the end-to-end delay comparisons of proposed technique with some existing approaches for preventing
WSNs from wormhole attack. It demonstrates that the proposed technique results in the decrease in end-to-end
delay.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
59 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
7. Figure 2: Delay of proposed technique
Overhead is defined as the additional time taken to deliver Packets at the destination. Overhead in the mobile
WSNs network is increased due to malicious node. The proposed approach results in decreasing the overhead
of WSN as compare to existing procedures used for isolating the wormhole attack as illustrated in Figure 3.
Figure 3: Overhead of proposed technique
Packet loss is the failure of transferring Packets to reach the destination. It happens due to network congestion
or some attacker node in the network. Packet loss is responsible for reducing the Packet delivery ratio. It is
calculated as:
Packet Loss= δ-ρ…………. (24)
δ= No. of Packets send from source and ρ= No. of Packets received at the destination.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
60 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
8. Figure 4: Packet Loss of proposed technique
Figure 4 shows the Packet loss comparisons of proposed technique approach with existing procedures used for
preventing WSNs. The figure clearly shows that the proposed technique results in the decrease in Packet loss.
The throughput may increase if the attacker node is detected as early as possible.
Throughput is defined as
Throughput = ……………..(21)
Where ρ =No. of Packets received at the destination, ϒ=Simulation time
Figure 5 shows the throughput analysis of proposed technique with some existing techniques. It depicts that the
proposed technique after isolation of malicious node results in the increase of throughput.
Figure 4: Throughput comparison
6. Conclusion
The wormhole reduces the performance of the network a lot. Among the existing techniques, Watchdog
technique has better performance in preventing the wormhole attack. It utilizes the local knowledge of the next
hop node and eavesdrops it. In Watchdog technique, if the Packet exchange time exceeds the threshold then
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
61 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
9. node is marked as malicious. But, it has several shortcomings; one of them is that it is unable to monitor link
transmission error. In order to handle this issue, a new multipoint relay based Watchdog monitoring and
prevention technique is proposed in this paper. The proposed technique utilizes the dynamic threshold value to
detect the wormhole attacker node, and then clustering and Watchdog based optimistic path is selected for
communicating the Packets. The proposed technique is designed and implemented in the MATLAB 2013a
tool. Comparisons have been drawn with recently proposed techniques for monitoring and preventing against
wormhole attack. The performance analysis has clearly indicated that the proposed technique outperforms over
the available techniques. Thus, proposed technique has reduced the overall Packet dropping, which improves
the performance of the WSNs.
The authors declare no conflict of interest.
References
[1] Bhattasali, T., & Chaki, R. (2011). Lightweight hierarchical model for HWSNET. Arxiv Preprint Arxiv,
1111.1933.
[2] Bhattasali, T., & Chaki, R. (2012). AMC model for denial of sleep attack detection. International
Journal of Computer Applications, 40(15), 19–25.
[3] Bhattasali, T., Chaki, R., & Sanyal, S. (2012). Sleep deprivation attack detection in wireless sensor
network. Arxiv Preprint Arxiv, 1203.0231.
[4] Butun, I., Morgera, S. D., & Sankar, R. (2014). A survey of intrusion detection systems in wireless
sensor networks. IEEECommunications Surveys & Tutorials, 16(1), 266–282.
doi:10.1109/SURV.2013.050113.00191.
[5] Chen, R.-C., Hsieh, C.-F., & Huang, Y.-F. (2010). An isolation intrusion detection system for
hierarchical wireless sensor networks. Journal of Networks, 5(3), 335–342.
[6] Choi, S., Kim, D.-Y., Lee, D.-H., & Jung, J.-I. (2008). WAP: Wormhole Attack Prevention algorithm in
mobile ad hoc networks. Paper presented at the IEEE International Conference on Sensor Networks,
Ubiquitous and Trustworthy Computing, 2008. SUTC’08, Taichung.
[7] Conti, M., Pietro, R. D., Mancini, L. V., & Mei, A. (2011). Distributed detection of clone attacks in
wireless sensor networks. IEEE Transactions on Dependable and Secure Computing, 8(5), 685–698.
doi:10.1109/TDSC.2010.25
[8] Dhurandher, S. K., Woungang, I., Gupta, A., & Bhargava, B. K. (2012). E2SIW: An energy efficient
scheme immune to wormhole attacks in wireless ad hoc networks. Paper presented at the 26th
International Conference on Advanced Information Networking and Applications Workshops
(WAINA), Fukuoka.
[9] Duan, L., Min, A. W., Huang, J., & Shin, K. G. (2012). Attack prevention for collaborative spectrum
sensing in cognitive radio networks. IEEE Journal on Selected Areas in Communications, 30(9), 1658–
1665. doi:10.1109/JSAC.2012.121009
[10] Fadlullah, Z. M., Nishiyama, H., Kato, N., & Fouda, M. M. (2013). Intrusion detection system (IDS) for
combating attacks against cognitive radio networks. IEEE Network, 27(3), 51–56.
[11] Farooqi, A. H., Khan, F. A., Wang, J., & Lee, S. (2013). A novel intrusion detection framework for
wireless sensor networks. Personal and Ubiquitous Computing, 17(5), 907–919. doi:10.1007/s00779-
012-0529-y
[12] Feng, Z., Ning, J., Broustis, I., Pelechrinis, K., Krishnamurthy, S. V., & Faloutsos, M. (2011). Coping
with packet replay attacks in wireless networks. Paper presented at the 8th Annual IEEE
Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks
(SECON), Utah.
[13] Gabrielli, A., Conti, M., Di Pietro, R., & Mancini, L. V. (2009). Security and privacy in communication
networks. In Volume 19 of the series Lecture Notes of the Institute for Computer Sciences, Social
Informatics and Telecommunications Engineering (pp. 265–284). Springer.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
62 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
10. [14] Gupta, A., Verma, T., Bali, S., & Kaul, S. (2013). Detecting MS initiated signaling DDoS attacks in
3G/4G wireless networks. Paper presented at the Communication Systems and Networks
(COMSNETS), 2013 Fifth International Conference on, Bangalore.
[15] Ho, J.-W., Wright, M., & Das, S. K. (2011). Fast detection of mobile replica node attacks in wireless
sensor networks using sequential hypothesis testing. IEEE Transactions on Mobile Computing, 10(6),
767–782.
[16] Khalil, I., & Bagchi, S. (2011). Stealthy attacks in wireless ad hoc networks: Detection and
countermeasure. IEEE Transactions on Mobile Computing, 10(8), 1096–1112.
[17] Kumar, M., Verma, S., & Lata, K. (2015). Secure data aggregation in wireless sensor networks using
homomorphic encryption. International Journal of Electronics, 102(4), 690–702.
[18] Mohan, B., & Sarojadevi, H. (2015). Efficient cluster head selection method with uniform clusters size
to prolong the network lifetime of wireless sensor network. International Research Journal of
Engineering and Technology (IRJET), 2 (4), 863-867
[19] Nadeem, A., & Howarth, M. (2013). Protection of MANETs from a range of attacks using an intrusion
detection and prevention system. Telecommunication Systems, 52(4), 2047–2058.
[20] Pelechrinis, K., Iliofotou, M., & Krishnamurthy, S. V. (2011). Denial of service attacks in wireless
networks: The case of jammers. IEEE Communications Surveys & Tutorials, 13(2), 245–257.
[21] Saleem, M., Di Caro, G. A., & Farooq, M. (2011). Swarm intelligence based routing protocol for
wireless sensor networks: Survey and future directions. Information Sciences, 181(20), 4597–4624.
[22] Shamshirband, S., Patel, A., Anuar, N. B., Kiah, M. L. M., & Abraham, A. (2014). Cooperative game
theoretic approach using fuzzy Q-learning for detecting and preventing intrusions in wireless sensor
networks. Engineering Applications of Artificial Intelligence, 32, 228–241.
[23] Shea, R., & Liu, J. (2013). Performance of virtual machines under networked denial of service attacks:
Experiments andanalysis. IEEE Systems Journal, 7(2), 335–345. doi:10.1109/JSYST.2012.2221998
[24] Shen, W., Han, G., Shu, L., Rodrigues, J. J., & Chilamkurti, N. (2012). A new energy prediction
approach for intrusion detection in cluster-based wireless sensor networks green communications and
networking, GreeNets 2011, LNICST 51(pp. 1–12). Springer.
[25] Wang, L., & Wyglinski, A. M. (2011). A combined approach for distinguishing different types of
jamming attacks against wireless networks. Paper presented at the IEEE Pacific Rim Conference on
Communications, Computers and Signal Processing (PacRim), Victoria, BC.
[26] Yang, J., Chen, Y., Trappe, W., & Cheng, J. (2013). Detection and localization of multiple spoofing
attackers in wireless networks. IEEE Transactions on Parallel and Distributed Systems, 24(1), 44–58.
[27] Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against Distributed
Denial of Service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–
2069.
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 15, No. 9, September 2017
63 https://sites.google.com/site/ijcsis/
ISSN 1947-5500