Abstract - Wireless sensor Networks (WSNs) are usually deployed in hostile environments wherever associate degree person will physically capture a number of the nodes, first will reprogram, and then, will replicate them in an exceedingly sizable amount of clones, simply taking management over the network. Some distributed solutions to handle this basic drawback are recently projected. However, these solutions don't seem to be satisfactory. First, they are energy and memory demanding: a significant downside for any protocol to be employed in the WSN- resource strained surroundings. Further, they are risk of the particular person models introduced during this paper. The contributions of this work are threefold. First, the desirable properties of a distributed mechanism for the detection of node duplication attacks are examined. Second, the far-famed solutions for this drawback is shown and don't fully meet the required needs. Third, a replacement self-healing, Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks is projected, and it's shown that it satisfies the introduced needs. The novel Implementation specifies that the user can specify its ID, Location ID (LID), Random range (RN), Destination ID (DID) alongside Destination LID, to the Witness Node (WN). The witness can verify the internally finite user ID with the user given ID. If the verification is success, the packets are sent to the destination. A changed RED theme (MRED) is projected to spot biological research attacks within the network.

1. INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY
VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303
27
Detection of Distributed Clone Attacks for Safety
Transactions in WSN
N.Karthickkumar1
Department of Computer Science & Engineering,
Bannari Amman Institute of Technology,
1
Anna University,
nkarthick82@gmail.com
D.Sasikala2
Department of Computer Science & Engineering,
Bannari Amman Institute of Technology,
2
Anna University,
anjansasikala@gmail.com
Abstract - Wireless sensor Networks (WSNs) are usually deployed in hostile environments wherever associate degree person
will physically capture a number of the nodes, first will reprogram, and then, will replicate them in an exceedingly sizable
amount of clones, simply taking management over the network. Some distributed solutions to handle this basic drawback are
recently projected. However, these solutions don't seem to be satisfactory. First, they are energy and memory demanding: a
significant downside for any protocol to be employed in the WSN- resource strained surroundings. Further, they are risk of
the particular person models introduced during this paper. The contributions of this work are threefold. First, the desirable
properties of a distributed mechanism for the detection of node duplication attacks are examined. Second, the far-famed
solutions for this drawback is shown and don't fully meet the required needs. Third, a replacement self-healing, Randomized,
Efficient, and Distributed (RED) protocol for the detection of node replication attacks is projected, and it's shown that it
satisfies the introduced needs. The novel Implementation specifies that the user can specify its ID, Location ID (LID),
Random range (RN), Destination ID (DID) alongside Destination LID, to the Witness Node (WN). The witness can verify
the internally finite user ID with the user given ID. If the verification is success, the packets are sent to the destination. A
changed RED theme (MRED) is projected to spot biological research attacks within the network.
Index Terms: Distributed protocol, efficiency, node replication attack detection, Wireless sensor networks security,
resilience.
I. INTRODUCTION
Wireless sensing element Network (WSN) could be an
assortment of sensors with restricted resources that
employment along to realize a typical goal. WSNs will be
deployed in harsh environments to meet each military and
civil application. As a result of their operative nature, they
are usually unattended, thence liable to completely different
styles of novel attacks. As an example, associate in nursing
person might overhang drop all network communications;
any, Associate in nursing person might capture nodes
exploit all the data keep there in sensors area unit ordinarily
assumed to be not tamper-proof. Therefore, Associate in
nursing person might replicate captured sensors and deploy
them within the network to launch a spread of malicious
activities. This attack is mentioned because the clone attack
since a clone has legitimate data (code and scientific
discipline material), it's going to participate within the
network operations within the same method as a non
compromised node thence, and cloned nodes will launch a
spread of attacks. A little are represented within the
manuscript. As an example, a clone might produce a part,
initiate a hollow attack with a collaborating person, or inject
false information or combination information in such some
way to bias the ultimate result. Further, clones will leak
information. The threat of a clone attack will be
characterized by two main points: A clone is taken into
account completely honest by its neighbors actually, while
not international countermeasures, honest nodes can't be
alert to the actual fact that they need a clone among their
neighbors. To own an outsized quantity of compromised
nodes, the person ought not to compromise a high variety of
nodes. Indeed, once one node has been captured and
compromised, the most price of the attack has been
sustained. Creating any clones of an equivalent node will be
thought of low cost. Whereas centralized protocols have one
purpose of failure and high communication price, native
protocols don't discover replicated nodes that area unit
distributed in several areas of the network. During this
work, a network self-healing mechanism is taken into
account, wherever nodes autonomously establish the
presence of clones and excluded them from to any extent
further network activity. Especially, this mechanism is
intended to tell as a ―routine‖ event: it's designed for
continuous iteration while not considerably moving the
network performances, whereas achieving high clone
detection rate. During this paper, the fascinating properties
of distributed mechanisms area unit analyzed for detection
of node replication attack. The primary protocol for
distributed detection is analyzed, proposed, and shown that

2. INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY
VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303
28
this protocol isn't utterly satisfactory with relation to the on
top of properties. In fact, while not international
countermeasures, honest nodes can't be alert to the actual
fact that they need a clone among their neighbors. To own
an outsized quantity of compromised nodes, the person
ought not to compromise a high variety of nodes. Indeed,
once one node has been captured and compromised, the
most price of the attack has been sustained. Creating any
clones of an equivalent node will be thought of low cost.
Whereas centralized protocols have one purpose of failure
and high communication price, native protocols don't
discover replicated nodes that area unit distributed in several
areas of the network. During this work, a network self-
healing mechanism is taken into account, wherever nodes
autonomously establish the presence of clones and excluded
them from to any extent further network activity. Especially,
this mechanism is intended to tell as a ―routine‖ event: it's
designed for continuous iteration while not considerably
moving the network performances, whereas achieving high
clone detection rate. During this paper, the fascinating
properties of distributed mechanisms area unit analyzed for
detection of node replication attack. The primary protocol
for distributed detection is analyzed, proposed, and shown
that this protocol isn't utterly satisfactory with relation to the
on top of properties. Lastly, galvanized by a brand new
randomized, efficient, and distributed (RED) protocol for
the detection of node replication attacks is additionally
planned and it's well-tried that this protocol will meet all
the on top of cited necessities. what is more Associate in
Nursingalytical results area unit provided once RED and its
contestant face an person that by selection drops messages
that might cause clone detection. Finally, MRED show that
it's extremely economical as for communications, memory,
and computations needed and shows improved attack
detection likelihood (even once the person is allowed to by
selection drop messages) compared to alternative distributed
protocols.
II. RELATED WORKS
One of the primary solutions for the detection of clone
attacks depends on a centralized Base Station (BS). During
this resolution, every node sends an inventory of its
neighbors and their locations (that is, the geographical
coordinates of every node) to a baccalaureate. The same
node ID in two lists with inconsistent locations can lead to
clone detection. Then, the baccalaureate revokes the clones.
This resolution has many drawbacks, like the presence of
one purpose of failure (the BS) and high communication
value because of the massive variety of messages.
Further, nodes near the baccalaureate are going to be needed
to route far more messages than different nodes, thus
shortening their operational life.
Another centralized clone detection protocol has been
recently planned in. resolution assumes that a random key
pre distribution security theme is enforced within the device
network. That is, every node is appointed a group of
isosceles keys, every which way designated from a bigger
pool of keys. For the detection, every node constructs a
investigating Bloom filter from the keys it uses for
communication.
Centralized clone detection protocol in each network is that
the existing System. This resolution assumes that a random
key pre allocation security theme is enforced within the
device network. That is, every node is appointed a group of
k isosceles keys, haphazardly designated from a bigger pool
of keys. For the detection, every node constructs a
investigating Bloom filter from the keys it uses for
communication. Then, every node sends its own filter to the
bottom Station (BS) of each network. From all the reports,
the baccalaureate counts the quantity of times every secret is
employed in the network. The keys used too typically
(above a threshold) are thought of cloned and a
corresponding revocation procedure is raised. Different
solutions trust native detection. Selection mechanism is
employed inside a section to agree on the legitimacy of a
given node. However, this sort of a thought applied to the
obscurity of duplication coverage fails to note clones that
don't seem to be inside the similar neighborhood.
Line designated Multicast protocol (LSM) is employed, has
just one WN that verifies & detects cloned node. Provided
that the cloned node & original node sends packet
victimization identical WN at identical time, then LSM
would find the cloned copy. Then, every node sends its own
filter to the baccalaureate. From all the reports, the
baccalaureate counts the quantity of times every secret is
employed in the network. The keys used too typically
(above a threshold) are thought of cloned and a
corresponding revocation procedure is raised.
The LSM protocol is analogous to RM; however it
introduces a motivating improvement in terms of detection
likelihood. In LSM, once a node announces its location,
each neighbor 1st domestically checks the signature of the
claim, and then, with likelihood p, forwards it to g_1
haphazardly designated destination nodes. As associate
example, in Figure one, node a, announce sits location and
one amongst its neighbors, node b, forwards the claim to
node. A location claim, once motion from supply to
destination, should tolerate many intermediate nodes that
type the alleged claim message path.
Moreover, each node that routes this claim message should
check the signature, to store the message, and to envision
the coherence with the opposite location claims received
inside identical run of the detection protocol. Node

3. INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY
VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303
29
replication is detected by the node (if present) on the
intersection of two ways generated by two totally different
completely different} node claims carrying identical ID and
returning from two different nodes. Within the example
shown in Figure one, node a0 may be a twin of node a (it
has identical ID of node a). The claim of a0 is forwarded by
node c to node e. within the example; node w can then lead
to the intersection of two ways carrying the claim of ID a
returning from completely different locations. Node w, the
witness, detects the attack and triggers a revocation
procedure.
Figure 1. Example of LSM protocol iteration.
same ID and coming from two different nodes. In the
example shown in Figure 1, node a0 is a clone of node a (it
has the same ID of node a). The claim of a0 is forwarded by
node c to node e. In the example, node w will then result in
the intersection of two paths carrying the claim of ID a
coming from different locations. Node w, the witness,
detects the attack and triggers a revocation procedure.
Figure 2. Example of intersecting paths without intersection node
in LSM.
In this paper, a review of the contribution is performed and
a thorough investigation on the feasibility of the RED
protocol. The analysis and the further set of simulations
presented show that the RED protocol can be actually
implemented in sensor network. Also, it can be continuously
iterated over the same network, as a self-healing
mechanism, without significantly affecting the network
performance (nodes energy and memory) and the detection
protocol itself. Furthermore, the influence of an attacker is
investigated intervening on message routing both for RED
and LSM.
III. ARCHITECTURAL DESIGN REQUIREMENTS
FOR THE DISTRIBUTED DETECTION PROTOCOL
A: NETWORK CONSTRUCTION
This module is developed so as to form a dynamic network.
During a network, nodes square measure interconnected
with the admin that is observance all the opposite nodes. All
nodes square measure sharing their data with every other.
B: NODE REGISTRATION AND NODE property
Here, the quantity of nodes registers for sharing their data
through constant network or totally different network
maintained. And conjointly it connects the supply node to
the destination node path property for causing knowledge in
secure transfer of the every network maintained within the
Network Construction.
C: NODE IDENTIFICATION FOR CLONE DETECTS
Here each registered yet because the path property nodes
square measure moving into the system generation for those
input data‘s square measure sharing from supply to
destination depends upon the property path. So, it detects
the clone node simply and identifies those nodes through the
Network cluster Maintenance.
D: WITNESS NODE DISTRIBUTION
A major issue in coming up with a protocol to discover
clone attacks are that the choice of the witnesses. ‗Witness‘
is named as a node that detects the existence of a node in 2
totally different locations inside constant protocol run. If the
individual is aware of the longer term witnesses before the
detection protocol executes, the individual might subvert
these nodes so the attack goes undiscovered.
Here, 2 varieties of predictions square measure known,
1. ID-based prediction
2. Location-based prediction.
A protocol for duplicate detection is ID unaware, if it
doesn't give any data on the ID of the sensors which will be
the witnesses of the clone attack throughout subsequent

4. INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY
VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303
30
protocol run. Similarly, a protocol is space unaware, if
chance doesn't rely on the geographical position of node
within the network. Clearly, once a protocol is neither ID
nor space unaware, then a wise individual will have sensible
probabilities of succeeding, since it's able to use this data to
destabilize the nodes that, likely, are the witnesses.
E: VERIFICATION OF USER ID
Each node is assigned associate degree ID as individual,
once it's registered into the network associate degreed
conjointly an ID for the total cluster, i.e., LID is generated
for every and each location. The node ID and LID also are
appended with one (Encrypted with RSA algorithm). Then
the WN can then check the node ID + LID that is generated
with the user data. If each the info square measure matched,
then the WN can make sure that this node thereupon
location is real.
F: VERIFICATION OF RANDOM range
Random key pre-distribution security theme is enforced
within the sensing element network. That is, every node is
assigned variety at random with Time Stamp (TS) from
cluster Leader (GL). Then the GL can transmit RN
(Encrypted with RSA algorithm) that was generated with
relation to those TS to the Witness node. WN can currently
check the RN that is generated with the user data. If each the
info square measure matched then the WN can make sure
that this node is real.
G: biological research DETECTION AND knowledge
TRANSFER
Only the WN confirms the sender node, the info is send to
the destination that is real. If user nominative data and
therefore the internal data square measure varied then the
WN can determine that's biological research or some
malpractice has occurred and therefore the packets square
measure discarded by the WN.
The projected design relies on a Dynamic En-Route Filter
(DEF) wherever every RISC core is assigned a hard and fast
role i.e. perform is distributed among every code design
core. it's a multi-tier design that performs cluster of
incoming packets then it mines data to spot attacks in
passive manner latter anomaly detection is allotted in
parallel.
Figure 3. Examples of protocols iteration: n ¼ 1;000, r ¼ 0:1,
g ¼ 1, and p ¼ 0:1. (a) LSM protocol. (b) RED protocol.
IV. SYSTEM ARCHITECTURE
In this Project RED, a new protocol is used for the detection
of clone attacks. RED is similar, in principle, to the
Randomized Multicast protocol, but with witnesses chosen
pseudo randomly based on a network-wide seed. In
exchange for the assumption that efficient distribution of the
seed is possible, RED achieves a large improvement over
RM in terms of communication and computation.
Nodes are registered in a location. GL is elected, then the
GL will start transmit a RN to all the nodes which are
attached to that GL. If a node A in the Location 1 wants to
send a data to another node D in the Location 4, then the
following steps are carried.
1. Node ID of A + LID of A – 1 + RN of GL (1) + TS+ DID
of Node D + LID of D – 4 --------------------- 1
2. Internal Sender Node ID and LID is also tagged with 1.
3. Encrypt 1 with RSA Algorithm then send to the Witness
Node.
4. WN will Decrypt 1, then will compare with user specified
node ID and LID with internally tagged node ID and LID,
which is original.
5. If the both those user specified and internally tagged
information‘s are matched, then the WN will check the RN
with respect to the TS by sending the request to the GL of
the Location 1.
6. The GL will transmit RN which was generated with
respect to those TS to the WN.
7. WN will check the RN which is generated with the user
information. If both the data are matched then the WN will
confirm that this node is genuine.

5. INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY
VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303
31
8. Only if the WN confirms the sender node, the data is send
to the destination, which is genuine.
9. If user specified information and the internal information
are varied then the WN will identify that cloning or some
malpractice has occurred and the packets are discarded by
the WN.
RED is used in which GL is elected. GL will multicast a RN
to all its Group Nodes at TS. RED will verify RN, node ID,
LID, and TS via WN which is encrypted automatically from
the user, decrypted and verified by the WN. Here multiple
WN is maintained.
Figure 4: The Detailed Diagram for Clone Attacks
MODIFICATION
This is proposed to compare the RN & also the
node ID given by the user and the original node ID tagged
with the data.
V .DETECTION PROBABILITY WITH MALICIOUS
NODES
In this section, clone detection chance is investigated
throughout a sequence of iterations. it's assumed that the
opponent has cloned a node, it's additionally already
dominant a set of at random selected different nodes, and
no mechanism for preventing packet dropping is enforced,
so malicious nodes will stop claim forwarding.
Further, it's assumed that a node (say a) is cloned and one
amongst its clone (say a‘) is at random deployed inside the
network space. Moreover, it's assumed that no routing
failure happens and from every neighbourhood, precisely
one claim message is shipped (It isn't expressly thought-
about that d, p, and g values are sent). The hypothesis is
controlled and each claims are sent through path of length
l=c/n nodes (with constant network density, the common
path length). The nodes on the 2 ways (the 1st one outgoing
from the honest node a and therefore the other from the
clone a0) are those concerned within the detection method
by the 2 protocols.
In RED, if only one of those 2‗nodes within the 2 ways is
malicious, detection will fail. In fact, the corrupted
forwarding node will merely drop the received location
claim. The chance that a minimum of one malicious node is
gift within the 2 ways.
However, note that the chance in (3) refers to geometric line
intersection. Then, it is, in fact, Associate in Nursing
optimistic boundary (also still forward no failure within the
routing). In fact, 2 decussate ways (geometrically) don't
essentially have a node in common—an example of this
case is shown. Though this reality exists within the
following, optimistically take into account (3) because the
chance that the clone is detected, once no malicious nodes
are gift. Let U be the event that the attack is undetected for
single protocol iteration. For LSM, the subsequent 2 disjoint
events are thought-about. Here, the concept is that malicious
nodes will stop clone detection given that they're within the
path before the witness. Currently define:. Event Eh: All of
the forwarding nodes before the (possibly present) witness
are honest. Event Em: there's a minimum of one malicious
forwarding node before the (possibly present) witness.
Figure five shows the analytical results for RED and LSM
on non detection chance. Prompt that whereas the analysis
for RED is actually tight, the one for LSM is optimistic,
since it depends on the belief that ways that geometrically
see have a node in common. This can be not true,
particularly once the network is dense. The particular
detection rate depends on many factors like node density,
for instance. Nevertheless, RED outperforms LSM even
within the presence of malicious nodes that may stop the
protocol. Figure five shows the analytical results for many
values of c (c controls the length of the common random
path within the network, being the non detection chance.
ensuing protocol iterations (x-axis) are thought-about. The
results are planned for c =0:1; 0:2; . . . ; 1.
It is attention-grabbing to notice that however w and c
influence the detection chance. Larger c means that longer
ways, and thus, higher chance that one amongst the
malicious nodes will stop clone detection. Larger w implies
that the opponent will typically ruin the protocols and
influence detection chance significantly, particularly once c
is giant. All told cases, it's clear that RED will converge to

6. INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY
VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303
32
terribly high detection chance terribly quickly. Note that
RED is additional influenced
Figure. 5. Non detection probability (n ¼ 1; 000 and c ¼ 0:5).
Than LSM by path lengths, since a malicious node will stop
the protocol where it seems within the methods. However,
experiments show that for a network of one, 000 nodes and
communication vary zero.1 in a very network space of
aspect one, c is regarding zero.35. Therefore, it will be
complete that RED has higher detection likelihood and
converges quicker than LSM for all sensible values of the
network parameters.
Only the WN confirms the Sender node, the information is
send to the destination that is real. If user nominative info
and also the internal info are varied then the WN can
determine that biological research or some malpractice has
occurred and also the packets are discarded by the WN.
The planned design relies on a Dynamic En-Route Filter
(DEF) wherever every RISC core is assigned a hard and fast
role i.e. perform is distributed among every computer code
design core. it's a multi-tier design that performs cluster of
incoming packets then it mine info to spot attacks in passive
manner; latter anomaly detection is disbursed in parallel.
VI. CONCLUSION
In this paper, many basic needs of a perfect protocol for
distributed detection of node replicas ought to be enforced.
This can be more improved, conferred and even. Specially,
the most plan of ID-unawareness and space unknowingness
is initiated that conveys a live of the standard of the node
replicas detection protocol; that's, its flexibility to a sensible
person is taken into account. Moreover, the overhead of
such a protocol that was indicated ought to be not solely
tiny, however additionally equally distributed among the
nodes, each in computation and memory. Further, new
person threat models are brought in. However, a significant
contribution of this paper is that the proposal of a self-
healing, randomized, efficient, and distributed (MRED)
protocol to observe node replication attacks. MRED
protocol is analytically compared with RED through this
state of technology, LSM answer and proved that the
overhead introduced by RED is low and virtually equally
balanced among the nodes; RED is each ID-unaware and
space unaware; to boot, RED out performs LSM in terms of
potency and effectiveness. Intensive simulations make sure
these results. Lastly, additionally within the presence of
compromised nodes, it will analytically be shown that RED
is a lot of resilient in its detection capabilities than LSM.
VII. REFERENCES
[1] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci,
―Wireless Sensor Networks: A Survey,‖ Int‘l J. Computer and
Telecomm. Networking, vol. 38, no. 4, pp. 393-422, 2002.
[2] C. Bettstetter, ―On the Minimum Node Degree and
Connectivity of a Wireless Multihop Network,‖ Proc.
MobiHoc ‘02, pp. 80-91, 2002.
[3] S. Capkun and J.-P. Hubaux, ―Secure Positioning of Wireless
Devices with Application to Sensor Networks,‖ Proc. IEEE
INFOCOM ‘05, pp. 1917-1928, 2005.
[4] R. Di Pietro, D. Ma, C. Soriente, and G. Tsudik, ―Posh:
Proactive Co-Operative Self-healing in Unattended Wireless
Sensor Networks,‖Proc.IEEE Symp. Reliable Distributed
Systems (SRDS), pp.185-194, 2008.
[5] D. Ganesan, R. Govindan, S. Shenker, and D. Estrin, ―Highly-
Resilient, Energy-Efficient Multipath Routing in Wireless
Sensor Networks,‖ SIGMOBILE Mobile Computing and
Comm. Rev., vol. 5,no. 4, pp. 11-25, 2001.
[6] S. Kwon and N.B. Shroff, ―Paradox of Shortest Path Routing
for Large Multi-Hop Wireless Networks,‖ Proc. IEEE
INFOCOM ‘07,pp. 1001-1009, 2007.
[7] J. Newsome, E. Shi, D. Song, and A. Perrig, ―The Sybil
Attack in Sensor Networks: Analysis & Defenses,‖ Proc. Int‘l
Symp.Information Processing in Sensor Networks (IPSN ‘04),
pp. 259-268, 2004.