Ijcet 06 07_001

http://www.iaeme.com/IJCET/index.asp 1 editor@iaeme.com
International Journal of Computer Engineering & Technology (IJCET)
Volume 6, Issue 7, Jul 2015, pp. 01-09, Article ID: IJCET_06_07_001
Available online at
http://www.iaeme.com/IJCET/issues.asp?JTypeIJCET&VType=6&IType=7
ISSN Print: 0976-6367 and ISSN Online: 0976–6375
© IAEME Publication
___________________________________________________________________________
SURVEY OF IDENTIFICATION
TECHNIQUES OF ADVERSARY ATTACKS
IN WIRELESS SENSOR NETWORK
Mr. Santosh S. Doifode
PG Student, Dept. of Computer Engineering, KJCOEMR,
Pune, India
Prof. D. C. Mehetre
HOD, Dept. of Computer Engineering, KJCOEMR,
Pune, India
ABSTRACT
Adversary Attackers take the identity of another node in the wireless
sensor network and establish a connection that will allow gaining access to
the other hosts and their important and personnel data. It will reduce the
performance of the network and disrupt many security issues. With the open
medium, distributed cooperation and constrained capabilities, the wireless
sensor nodes are more unprotected to such type of attacks compared with
wired networks. The conventional security approaches such as cryptographic
mechanisms are not always desirable because it requires key management and
additional infrastructural overheads. The detection and localization of
multiple attacks makes complex when the multiple number of attackers attacks
the wireless sensor network. This paper describes to use spatial information
received signal strength, a natural property associated with each node
identity, difficult to falsify, and not relevant process on cryptography, as the
basis for 1) Detection of adversary attacks 2) Determining the number of
attackers when multiple adversaries masquerading as the same node identity
3) Localizing multiple adversary attackers and 4) Detection of Denial of
service attack.
Key words: GMFAD, CDAL-M, RSS, DoS and WSN.
Cite this Article: Mr. Doifode, S. S. and Prof. Mehetre, D. C. Survey of
Identification Techniques of Adversary Attacks in Wireless Sensor Network.
International Journal of Computer Engineering and Technology, 6(7), 2015,
pp. 01-09.
http://www.iaeme.com/IJCET/issues.asp?JTypeIJCET&VType=6&IType=7
_____________________________________________________________________

Mr. Santosh S. Doifode and Prof. D. C. Mehetre
1. INTRODUCTION
As more wireless sensor networks are deployed, they will increasingly become
tempting targets for malicious attacks. Due to the openness of wireless and sensor
networks, they are especially vulnerable to adversary attacks where an attacker forges
its identity to masquerade as another device, or even creates multiple illegitimate
identities. Adversary attacks are a serious threat as they represent a form of identity
compromise and can facilitate a variety of traffic injection attacks. It is thus desirable
to detect the presence of adversary attackers and eliminate them from the network.
Most researchers focus on secure routing between sensors and the between base
stations. Attacks in sensor networks can be classified into the following types Figure 1
indicate the types of attacks. Outsider Vs. insider attacks: Outsider attacks are
attacks from nodes which do not belong to a WSN. Insider attacks occur when
legitimate nodes of a WSN behave in unintended or unauthorized ways.
Figure 1 Different types of Attacks
Vs. active attacks: Passive attacks include eavesdropping on or monitoring packets
exchanged with in a WSN. Active attacks involve some modifications of the data
stream or the creation of a false stream.
Mote-class Vs. Laptop-class attacks: An adversary attacks a WSN by using a few
nodes with similar capabilities to the network nodes in mote-class attacks. Mote class
attackers can jam the radio link in it’s immediate vicinity.
Further, these attackers can easily purchase low-cost wireless devices and use
these commonly available platforms to launch a variety of attacks with little effort.
Among various types of attacks, identity-based spoofing attacks are especially easy to
launch and can cause significant damage to network.
Cryptographic methods are susceptible to node compromise, which is a serious
concern as most wireless nodes are easily accessible, allowing their memory to be
easily scanned. for these reason the non-cryptographic technique such as location
based received signal strength is useful for identification of adversary attacks. Figure
2 shows the different non-cryptographic techniques.
This paper proposes to use RSS-based spatial correlation, a physical property
associated with each wireless node that is hard to falsify and not reliant on
cryptography as the basis for detecting adversary attacks. Since the concern attackers
who have different locations than legitimate wireless nodes, utilizing spatial
information to address spoofing attacks has the unique power to not only identify the
presence of these attacks but also localize adversaries. An added advantage of

Survey of Identification Techniques of Adversary Attacks in Wireless Sensor Network
employing spatial correlation to detect adversary attacks is that it will not require any
additional cost or modification to the wireless devices themselves.
Adversary attacks can further facilitate a variety of traffic injection attacks such as
attacks on access control lists, rogue access point attacks, and eventually Denial of-
Service attacks [1, 2]. In computing, a denial-of service attack (DoS attack) or
distributed denial-of-service attack is an attempt to make network resource
unavailable to its planned users. Although the means to bring to a successful issue,
producing physical for, and objects of a Denial of service attack may vary, its
commonly composed of efforts to limited periods or indefinitely interrupt or suspend
services of a host connected to the Internet. Therefore it is important to detecting,
determining and eliminate the number of attackers.
Figure 2 Different types of Non-cryptographic technique
2. LITERATURE SURVEY
The existing systems makes use of cryptographic technique of Symmetric algorithm
like Advanced encryption standard. The standard cryptographic technique are often
too costly for the sensor network domain. The distribution of shared secret keys poses
another host of problems. This algorithm includes key distribution and management
technique of overhead. Such cryptographic algorithms require a lot of efforts for
reliable key management; further cryptography considers the Public Key Interface
which can decrease the overhead of key management to some extent.
Cryptographic schemes requires reliable key distribution, management, and
maintenance mechanisms also infrastructural, computational, and management

overhead. These methods are susceptible to node compromise easily accessible and
allowing their memory to be easily scanned.
Some of the following important papers in literature survey describes the
identification techniques for adversary attacks.
802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions In
this paper focuses on the threats posed by denial-of-service (DoS) attacks against
802.11’s MAC protocol. Such attacks, which prevent original users from accessing
the network, are a vexing problem in all networks, but they are particularly
threatening in the wireless context. Without a physical infrastructure, an attacker is
afforded considerable flexibility in deciding where and when to attack, as well as
enhanced anonymity due to the difficulty in locating the source of individual wireless
transmissions. Moreover, the relative immaturity of 802.11-based network
management tools makes it unlikely that a well-planned attack will be quickly
diagnosed. Vulnerabilities in the 802.11 MAC protocol allow an attacker to
selectively or completely disrupt service to the network using relatively few packets
and low power consumption [1].
Access points vulnerabilities to DoS attacks in 802.11 networks. Paper describe
possible denial of service attacks to access points in infrastructure wireless networks
using the 802.11b protocol. To carry out such attacks, only commodity hardware and
software components are required. The experimental results obtained on a large set of
different access points show that serious vulnerabilities exist in any device we tested
and that a single malicious station can easily hinder any legitimate communication
within a basic service set [2].
Detecting Identity Based Attacks in Wireless Networks Using Signal prints. In
this paper describe the identity-based attacks in which a malicious device uses forged
MAC addresses to masquerade as a specific client or to create multiple illegitimate
identities. Several link-layer services in IEEE 802.11 networks have been shown to be
vulnerable to such attacks even when 802.11 and other security mechanisms are
deployed. A transmitting device can be robustly identified by its signal print, a tuple
of signal strength values reported by access points acting as sensors [5].
Secure and Efficient Key Management in Mobile Ad hoc Networks. In mobile ad
hoc networks, due to unreliable wireless media, host mobility and lack of
infrastructure, providing secure communications is a big challenge [10].
Cryptographic techniques are used for secure communications in wired and wireless
networks. Symmetric and asymmetric cryptography have their advantages and
disadvantages. A secure and efficient key management framework for mobile ad hoc
networks builds a public key infrastructure by applying a secret sharing scheme and
using an underlying multi-cast server groups. In SEKM, each server group creates a
view of the certificate authority and provides certificate update service for all nodes,
including the servers themselves. A ticket scheme is introduced for efficient
certificate service. In addition, an efficient server group updating scheme is proposed.
The performance of SEKM is evaluated through simulation [18].
Sequence Number-Based MAC Address Spoof Detection The exponential growth
in the deployment of IEEE 802.11-based wireless LAN (WLAN) in enterprises and
homes takes WLAN an attractive target for attackers. Attacks that exploit
vulnerabilities at the IP layer or above can be readily addressed by intrusion detection
systems designed for wired networks. However, attacks exploiting link layer protocol
vulnerabilities require a different set of intrusion detection mechanism. Most link-
layer attacks in WLANs are denial of service attacks and work by spoofing either

access points (APs) or wireless stations. Spoofing is possible because the IEEE
802.11 standard does not provide per-frame source authentication, but can be
effectively prevented if a proper authentication is added into the standard.
Unfortunately, it is unlikely that commercial WLANs will support link-layer source
authentication that covers both management and control frames in the near future.
Even if it is available in next-generation WLANs equipments, it cannot protect the
large installed base of legacy WLAN [11].
3. GENERALIZED MODEL FOR ATTACK DETECTION
(GMFAD)
The challenge in adversary attack detection is to devise strategies that use the
uniqueness of spatial information, but not using location directly as the attackers’
positions are unknown The detailed survey of attacks can be found in [7].
The Received signal strength, a property closely correlated with location in
physical space and is readily available in the existing wireless sensor networks [13].
Although affected by random noise, environmental bias, and multipath effects, the
Received signal strength measured at a set of landmarks (i.e., reference points with
known locations) is closely related to the transmitter’s physical location and is
governed by the distance to the landmarks [16]. The Received signal strength readings
at the same physical location are similar, whereas the Received signal strength
readings at different locations in physical space are distinctive [6]. Thus, the Received
signal strength readings present strong spatial correlation characteristics.
The Received signal strength value vector as s = {S1, S2, . . . Sn} where n is the
number of landmarks/access points that are monitoring the Received signal strength
of the wireless nodes and know their locations.
Basically this particular model mainly focuses on Detection of Identity based
adversaries Attack for that purpose it consists of the new advanced technique is
Partitioning around Medoids (PaM). As the adversaries attack detection could be
performed by RSS-based spatial co-relation from wireless sensor nodes. It also
showed that the RSS readings from a wireless sensor node may fluctuate and should
cluster together. The observation suggests that we may conduct cluster analysis on top
of RSS-based spatial correlation so as to find out the distance in signal space and
further identified the presence of Adversaries attackers in physical space [14, 15]. In
this work, the Partitioning around Medoids Method to perform clustering analysis in
RSS.
3.1. Partitioning around Medoids
The according to Partitioning Around Medoids Method to perform clustering analysis
in Received signal strength. The PAM Method is a popular clustering algorithm.
Compared to the others method, the PAM method is more robust in the presence of
noise and outliers. Thus, the PAM method is more suitable in determining clusters
from RSS streams, which can be unreliable and fluctuating over time due to random
noise and environmental bias [8].
According to PaM technique first partition the RSS vectors from the same node
identity into two or more clusters no matter how many attackers are using this
identity, since our objective in this phase is to detect the presence of attacks. Then
choose the distance between two Medoids Dm as the test statistic T in our
significance testing for adversary detection, Dm =||Ma−Mb||, where Ma and Mb are
the Medoids of two clusters. Under normal conditions, the test statistic Dm should be

small since there is basically only one cluster from a single physical location.
However, under a adversary attack, there is more than one node at different physical
locations claiming the same node identity. As a result, more than one clusters will be
formed in the signal space and Dm will be large as the medoids are derived from the
different RSS clusters associated with different locations in physical space.
Figure 3 Distance between mediods.
3. 2. System Evaluation
This technique is basically used for identified actual number of attackers in the
wireless system. This method uses Twin-Cluster Model [9]. It means this indicate that
Twin-Cluster Model includes two closest clusters (e.g. clusters a and b) between K
Potential clusters of a data set. Energy computation done by using twin cluster model.
Mathematical model involve 2 types of energies—
1. Partition Energy (Ep (K))
2. Merging Energy (Em(K))
The Partition Energy denotes the border distance between the twin clusters,
whereas the Merging Energy is determined as the average distance between elements
in the border region of the twin clusters. Here the border region includes a number of
sample points chosen from clusters a and b that are nearest to its twin cluster than any
other points within its own cluster. Then further equations of partition energy and
merging energy denote. Where the value of K gives the actual number of Adversaries
attackers in the system.
4. COHERENT DETECTION AND LOCALIZATION MODEL
(CDAL-M).
In this section, we present our integrated system that can use localize adversaries
attackers. The experimental results are presented to evaluate the effectiveness of our
approach, especially when attackers using different transmission power levels.
The conventional localization methods are based on averaged Received Signal
Strength from each node identity inputs to estimate the position of a node. However,
in wireless adversary attacks, the Received Signal Strength stream of a node identity
may be mixed with Received Signal Strength readings of both the original node as
well as attack nodes from different physical locations. The traditional method of
averaging RSS readings cannot differentiate RSS readings from different locations
and thus is not feasible for localizing adversaries [3].

Different from conventional localization approaches, our coherent detection and
localization system utilizes the Received Signal Strength medoids as inputs to
localization algorithms to estimate the positions of adversaries [4]. The available
positions from our system includes the location estimate of the original node and the
attackers in the physical space.
Here we use RADAR algorithm.
4.1. Radar Algorithm
The Radar-Gridded algorithm is expanded from scene-matching localization
algorithm [12]. Here the proposed Radar-Gridded makes use of an interpolated signal
map, which is built from a set of averaged RSS readings with known (X, Y) locations.
From the observed RSS reading with an unknown location, Radar returns the x, y of
the nearest neighbor in the signal map to the one to localize, where “nearest” is
defined as the Euclidean distance of received signal strength points in an N-
dimensional signal space, where N is the number of landmarks.
Further it makes use of Euclidean’s distance formula to obtain actual position (X,
Y) co-ordinates of location. So gives the exact location of adversary attackers.
4.2. Bayesian networks
Bayesian Network localization is a multilateration algorithm. It encodes the signal-to-
distance propagation model into the Bayesian Graphical Model for localization [17].
Figure 4 shows the basic Bayesian Network. The vertices X and Y represent location
and the vertex si is the received signal strength reading from the ith landmark. The
vertex Di represents the Euclidean distance between the location described by X and Y
and the ith landmark. The value of si observe a signal propagation model si = b0i + b1i
log Di, where b0i, b1i are the parameters specific to the ith landmark.
The distance depends on the location (X, Y) of the measured signal and the
coordinates (xi, yi) of the ith landmark. The network models noise and described by
modeling the si as a Gaussian distribution around the above propagation model.
Figure 4 Bayesian graphical model
5. DETECTION OF DENIAL OF SERVICE ATTACK
A denial-of-service (DoS) attack is an attempt to make a machine or network resource
unavailable to its intended users. DoS attacks typically target sites or services hosted

on high-profile web servers such as banks, credit card payment gateways, and even
root name servers. Denial-of-service attacks are also common in business and
responsible for website attacks.
In general terms, DoS attacks are implemented by either forcing the targeted
computer to consuming its resources so that it can no longer provide its original
service or obstructing the communication media between the intended users and the
victim so that they can no longer communicate adequately.
A denial-of-service attack may involve sending forged requests of some type to a
very large number of nodes that will reply to the requests. Using Internet Protocol
address attacks, the source address is set to that of the targeted victim, which means
all the replies will go to the target.
6. CONCLUSION
Here identification techniques using Received signal strength (RSS) instead of
previous approaches like Cryptography, so as to detect Identity-based Adversaries
attacks and in advancement the Denial-of-Service attacks more effectively as
compared to the existing one. Received signal strength it’s a physical property
associated with each node, which is hard to falsify and also not reliant on
cryptography. Here the Partition around medoids technique useful for Adversaries
attack detection, Twin-cluster model are use to obtain the exact number of adversaries
attackers in the system (i.e. Generalized Model For Attack Detection) and also
Coherent Detection and Localization Mode to localize Adversaries attackers in the
network. Also with Received signal strength new algorithm to detect Denial-of-
Service attack. Experimental results shows that all these techniques are more efficient
and effective than existing ones. Also that acceptably reduces the overhead
requirements of existing approaches, as those proposed techniques don’t require any
additional implementations.
REFERENCES
[1] Bellardo, J. and Savage, S. 802.11 Denial-of-Service Attacks: Real
Vulnerabilities and Solutions. Proc. USENIX Security Symp., 2003, pp. 15–28.
[2] Ferreri, F., Bernaschi, M. and Valcamonici, L. Access Points Vulnerabilities to
Dos Attacks in 802.11 Networks. Proc. IEEE Wireless Comm. and Networking
Conf., 2004.
[3] Yang, J., Chen, Y., Trappe, W. and Cheng, J. Detection and Localization of
Multiple Spoofing Attackers in Wireless Networks. IEEE Transactions on
parallel and distributed systems, 24(1), Jan 2013.
[4] Chen, Y., Yang, J., Trappe, W. and Martin, R. P. Detecting and Localizing
Identity-Based Attacks in Wireless and Sensor Networks. IEEE Transactions on
vehicular technology, 59(5), June 2010.
[5] Faria, D. and Cheriton, D. Detecting Identity-Based Attacks in Wireless
Networks Using Signalprints. Proc. ACM Workshop Wireless Security (WiSe),
Sept. 2006.
[6] Sheng, Y., Tan, K., Chen, G., Kotz, D. and Campbell, A. Detecting 802.11 MAC
Layer Spoofing Using Received Signal Strength. Proc. IEEE INFOCOM, Apr.
2008.
[7] Li, Q. and Trappe, W. Relationship-Based Detection of Spoofing-Related
Anomalous Traffic in Ad Hoc Networks. Proc. Ann. IEEE Comm. Soc. on IEEE
and Sensor and Ad Hoc Comm. and Networks (SECON), 2006.

[8] Zhou, G., He, T., Krishnamurthy, S. and Stankovic, J. A. Models and Solutions
for Radio Irregularity in Wireless Sensor Networks. ACM Trans. Sensor
Networks, 2, 2006, pp. 221–262.
[9] Kaufman, L. and Rousseeuw, P. J. Finding Groups in Data: An Introduction to
Cluster Analysis. Wiley Series in Probability and Statistics, 1990.
[10] Guo, F. and Chiueh, T. Sequence Number-Based MAC Address Spoof Detection.
Proc. Eighth Int’l Conf. Recent Advances in Intrusion Detection, 2006, pp. 309–
329.
[11] Bahl, P. and Padmanabhan, V. N. RADAR: An in-Building RF Based User
Location and Tracking System. Proc. IEEE INFOCOM, 2000.
[12] Sarkar, T., Ji, Z., Kim, K., Medouri, A. and Salazar-Palma, M. A Survey of
Various Propagation Models for Mobile Communication. IEEE Antennas and
Propagation Magazine, 45(3), June 2003, pp. 51–82.
[13] Wang, K. Estimating the Number of Clusters via System Evolution for Cluster
Analysis of Gene Expression Data. Technical Report NO. 2007-258, Computer
Science Dept., Xidian Univ, P. R. China, 2007.
[14] Chen, Y., Francisco, J., Trappe, W. and Martin, R. P. A Practical Approach to
Landmark Deployment for Indoor Localization. Proc. IEEE Int’l Conf. Sensor
and Ad Hoc Comm. and Networks (SECON), Sept. 2006.
[15] Madigan, D., Elnahrawy, E., Martin, R., Ju, W., Krishnan, P. and Krishnakumar,
A. S. Bayesian Indoor Positioning Systems. Proc. IEEE INFOCOM, Mar. 2005,
pp. 324–331.
[16] Wu, B., Wu, J., Fernandez, E. and Magliveras, S. Secure and efficient key
management in mobile ad hoc networks. In Proc. IEEE IPDPS, 2005
[17] Anurag. Hierarchical Intrusion Detection System In Cluster Based Wireless
Sensor Network Using Multiple Mobile Base Stations. International Journal of
Computer Engineering & Technology (IJCET), 5(6), 2014, pp. 82–87.
[18] Mr. Mehta, O. and Prof. Raval, G. 3-D Localization In Wireless Sensor Network.
International Journal of Computer Engineering & Technology (IJCET), 5(3),
2014, pp. 9–22.

Ijcet 06 07_001

More Related Content

What's hot

Viewers also liked

Similar to Ijcet 06 07_001

More from IAEME Publication

Recently uploaded

Ijcet 06 07_001