Weighted trust evaluation-based malicious node detection for wireless sensor networks

Abstract: Deployed in a hostile environment, the individual Sensor Node (SN) of a Wireless Sensor Network (WSN) could be easily compromised by an adversary due to constraints such as limited memory space and computing capability. Therefore, it is critical to detect and isolate compromised nodes in order to avoid being misled by the falsified information injected by adversaries through compromised nodes. However, it is challenging to secure the flat topology networks effectively because of the poor scalability and high c… Show more

“…Existing work was mostly based on anomaly detection [15] techniques to discover deviations from expected behaviors, including rule-based [16,17], weighted summation [18], data clustering [19], and Support Vector Machine (SVM) [20]. In rule-based anomaly detection [16,17], typically rules based on QoS metrics are being setup to detect suspected attack behaviors, e.g., if a SN does not forward a packet within a time limit, if a SN forwards the same packet multiple times without suppression, or if a packet is received directly from a non-neighbor SN or from a neighbor SN who is not supposed to send a packet during a particular time interval, then the SN in question is suspected of maliciousness.…”

“…The main drawback of rule-based anomaly detection is that it cannot cope with anomalies not covered by rules, thus leading to high false negatives when unknown anomalies appear. In the weighted summation approach [18], each SN has a weight associated with it representing the trustworthiness of its sensor reading output. The system periodically calculates the average sensor reading output by taking a weighted summation out of all sensor reading outputs.…”

“…A general problem with anomaly detection is high false alarms because noises in wireless transmission may cause uncertainty of information, and limited resources may cause inability to collect accurate and needed information. In this paper, we develop and analyze trust-based intrusion detection and compare its performance with weighted summation [18] and data clustering [19] anomaly detection techniques.…”

“…We perform a comparative performance analysis of our trust-based intrusion detection algorithm with two anomaly detection schemes, namely, weighted summation [18] and data clustering [19]. We use the ROC (Receiver Operating Characteristic) curve [19] as the performance metric since both false negative probability (P fn ) and false positive probability (P fp ) are critical measures and ROC objectively reflects the sensitivity of detection probability (i.e., 1 -P fn ) as the false positive probability varies.…”

“…The first baseline anomaly detection scheme is weighted summation-based IDS [18]. In this approach, each SN has a weight associated with it and this weight changes dynamically, reflecting the trustworthiness of the SN's output relative to the average output out of all SNs.…”

Hierarchical trust management for wireless sensor networks and its application to trust-based routing

“…Existing work was mostly based on anomaly detection [15] techniques to discover deviations from expected behaviors, including rule-based [16,17], weighted summation [18], data clustering [19], and Support Vector Machine (SVM) [20]. In rule-based anomaly detection [16,17], typically rules based on QoS metrics are being setup to detect suspected attack behaviors, e.g., if a SN does not forward a packet within a time limit, if a SN forwards the same packet multiple times without suppression, or if a packet is received directly from a non-neighbor SN or from a neighbor SN who is not supposed to send a packet during a particular time interval, then the SN in question is suspected of maliciousness.…”

“…The main drawback of rule-based anomaly detection is that it cannot cope with anomalies not covered by rules, thus leading to high false negatives when unknown anomalies appear. In the weighted summation approach [18], each SN has a weight associated with it representing the trustworthiness of its sensor reading output. The system periodically calculates the average sensor reading output by taking a weighted summation out of all sensor reading outputs.…”

“…A general problem with anomaly detection is high false alarms because noises in wireless transmission may cause uncertainty of information, and limited resources may cause inability to collect accurate and needed information. In this paper, we develop and analyze trust-based intrusion detection and compare its performance with weighted summation [18] and data clustering [19] anomaly detection techniques.…”

“…We perform a comparative performance analysis of our trust-based intrusion detection algorithm with two anomaly detection schemes, namely, weighted summation [18] and data clustering [19]. We use the ROC (Receiver Operating Characteristic) curve [19] as the performance metric since both false negative probability (P fn ) and false positive probability (P fp ) are critical measures and ROC objectively reflects the sensitivity of detection probability (i.e., 1 -P fn ) as the false positive probability varies.…”

“…The first baseline anomaly detection scheme is weighted summation-based IDS [18]. In this approach, each SN has a weight associated with it and this weight changes dynamically, reflecting the trustworthiness of the SN's output relative to the average output out of all SNs.…”

Hierarchical trust management for wireless sensor networks and its application to trust-based routing

Enhanced multi-attribute trust protocol for malicious node detection in wireless sensor networks

QoS Aware Trust Metric based Framework for Wireless Sensor Networks