Black Hole Traffic Anomaly Detections in Wireless Sensor Network

Black Hole Traffic Anomaly Detections in Wireless Sensor Network

Tu-Liang Lin, Hong-Yi Chang
Copyright: © 2015 |Pages: 10
DOI: 10.4018/ijghpc.2015010104
(Individual Articles)
No Current Special Offers


With the flourish of Internet of Things, the security issues in wireless sensor network (WSN), especially traffic anomaly detections, have attracted researchers' attentions. As a distributed wireless network, WSN is vulnerable to many attacks. In this research, the authors investigate the traffic anomaly detections of a well-known attack, black hole attack, in WSNs. With limited computation capacity, sensor nodes are unable to perform sophisticated detection techniques. Therefore, the authors propose a profile based monitoring approach with a restricted feature set to supervise the network traffic. The proposed profile based monitoring approach contains two components, feature selection and anomaly detection. In order to complement the limited computing capacity of a sensor node, feature selection component will extract features with high contribution or high relevance for future monitoring. The anomaly detection component monitors the selected features and alarms the administrator when an anomaly is detected. Two types of combination are proposed, graphic and non-graphic based models. The graphic based approach seems to surpass the non-graphic based approach, but the graphic based approach takes much longer time to select the important features than non-graphic based approach.
Article Preview

1. Introduction

In recent years, wireless sensor networks (WSNs) tend to make life more convenient. A WSN is formed by a group of wireless sensors and each sensor can monitor various properties of an area, e.g., humidity, light, temperature, and so on. WSNs also have been applied to many domains, such as industrial automation (Gungor & Hancke, 2009), health monitoring and prognosis (Pantelopoulos & Bourbakis, 2010), agricultural environment monitoring (Cai et al., 2010) and ecology observations(Yamamoto, Uchiyama, Yamamoto, Nakamura, & Yamazaki, 2012). After data collections, sensors will send the data to the data collection center via multiple hop routing mechanisms. The communications among WSN rely on the cooperation of all sensor nodes in the network. WSN is vulnerable due to the distributed characteristic, the open medium and the dynamically changing of topology. On the way to the data collection center, these sensing data could be sniffed by malicious nodes. Due to the rapid development of Internet of Things (IOT), it’s expected WSNs will have a significant role in our future life. Therefore, security related issues of WSNs are critical research topics. In this research, we focus on the anomalies of black hole attack in WSNs. A black hole attack happens when a malicious node claims a one hop distance to the sink node as Figure 1 and all the traffics are directed to the malicious node. In Figure 1, the black node annotated with M is the malicious node and the gray node annotated with S is the sink node (data collection center).

In wired network, intrusion prevention measures, such as the installation of firewalls, are used to prevent malicious attacks. Firewalls installed at the routers or switches can filter out the malicious network traffics. However, WSNs don’t equipped wiith this kind of facilities. Therefore, intrusion detections or traffic anomaly detections may be more necessary for WSNs. Traffic anomaly detection systems compare the captured system activity logs or network traffic profiles with patterns of well-known attacks to identify potential attacks. There are two different detection methods: the misuse identification and the anomaly detection. The misuse identification compares the “signature” of well-known attacks to captured activity logs. It is not effective to apply misuse detection to new attacks. The anomaly detection filter out the deviated system behaviors from the established profiles. The anomaly detection is more effective for new attacks since it doesn’t operate based on attack patterns. However, in WSNs, each sensor node often only possesses limited computational ability, traditional intrusion detection techniques cannot be easily applied to WSNs directly.

Figure 1.

Black hole attack


Many anomaly detection systems only implement single node self-monitoring. Although self-monitoring is easy and is a natural approach to implement, it also possesses the disadvantages of faking. Since each node has full control of its own anomany detection system and the data traffic passing through a single node is only monitored by itself, it is very easy for a malicious node to forge traffic measurements for itself or the traffic passing through it. Some researcher propose neighbor-monitoring strategy in traffic anomaly detection in Mobile ad hoc network (MANET), in which each mobile node monitors its neighbors’ traffic (Wang, Lin, & Wong, 2005). Since each mobile node is monitored by all its neighboring mobile nodes, it is difficult for all neighboring mobile nodes to forge traffic information for the monitored mobile node unless all of them have been compromised. In this research, we also employ the same neighour-monitoring strategy in WSNs.

Complete Article List

Search this Journal:
Volume 15: 2 Issues (2023)
Volume 14: 6 Issues (2022): 1 Released, 5 Forthcoming
Volume 13: 4 Issues (2021)
Volume 12: 4 Issues (2020)
Volume 11: 4 Issues (2019)
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing