Danger theory based node replication attack detection and mitigation in cluster mobile wireless sensor nodes

Mobile wireless sensor networks (MWSNs) comprise a collection of mobile sensor nodes with confined and finite resources. They commonly operate in hostile environments such as battle fields and surveillance zones, and due to their operating nature, MWSNs are often unattended, and generally are not equipped with tamper-resistant tools. With little effort, an adversary may capture the nodes, analyze and replicate them, and surreptitiously insert these replicas at strategic locations within the network. Such attacks may have severe consequences; they may allow the adversary to corrupt network data or even disconnect significant parts of the network. Therefore, the detection of node replication attacks in MWSN is very important. Existing node replication detection schemes depend primarily on centralized mechanisms with single points of failure and slow detection. Moreover, majority of the schemes do not consider node mobility, thus are unsuitable for implementation in MWSN environment. To address these fundamental limitations, this thesis utilizes the concept of Danger Theory (DT) to secure MWSN from node replication attacks. The DT operates based on a multilevel detection, thereby improving the detection of replica in the network. According to this theory, whenever the meeting frequency of any two nodes in the MWSN goes beyond a certain threshold (i.e., derived based on nodes location and time interval), the witness node will broadcast security message to base station (BS), which is then responsible to set up a Danger Zone (DZ) around the infected cluster. Sensor nodes within the DZ area will then initiate the next level of detection and mitigation process by exchanging security information among them. Specifically, the proposed DT scheme is categorized into three stages, namely the 1st level detection, 2nd level detection and 3rd level detection. To recognize malicious replica in MWSN, the first approach is used to highlight the possibility of replica attack and to identify the infected area in the MWSN. The second approach is used to mitigate the attacks by focusing on the fact that a replica node always has higher voltage compared to the original one, as replica is generated after the deployment of the original node or password check. Lastly, the third approach is used to protect the network (i.e., mitigation process), as BS will alert other BSs (and nodes) about the existence of replica. The evaluations of the proposed scheme in respect of security features and performance overheads are carried out through intensive analysis and simulations, as well as extensive comparison with other schemes. The findings from these evaluations indicate that the proposed DT based node replica detection achieve robust, fast and effective detection (i.e., true positive more than 90%, false positive less than 1% and false negative less than 0.2% rates) while introducing reasonable overheads.