Detection and Filtering of Byzantine Attacked Nodes in Mobile Access Wireless Sensor Network

DOI : 10.17577/IJERTCONV3IS27113

Download Full-Text PDF Cite this Publication

Text Only Version

Detection and Filtering of Byzantine Attacked Nodes in Mobile Access Wireless Sensor Network

Akshata Gudadinni

M-Tech in Computer Network Engineering Shree Devi Institute of Technology, Kenjar, Mangalore, Karnataka

Abstract:- The reliable data fusion in mobile access wireless sensor networks under Byzantine attacks. We consider the q- out-of-m rule, which is popular in distributed detection and can achieve a good trade-off between the miss detection probability and the false alarm rate. However, a major limitation with it is that the optimal scheme parameters can only be obtained through exhaustive search, making it infeasible for large networks. In this paper, first, by exploiting the linear relationship between the scheme parameters and the network size, we propose simple but effective sub-optimal linear approaches. Second, for better flexibility and scalability, we derive a near-optimal closed-form solution based on the central limit theorem. Third, subjecting to a miss detection constraint, we prove that the false alarm rate of q- out-of-m diminishes exponentially as the network size increases, even if the percentage of malicious nodes remains fixed. Finally, we propose an effective malicious node detection scheme for adaptive data fusion under time-varying attacks; the proposed scheme is analyzed using the entropy- based trust model, and shown to be optimal from the information theory point of view. Simulation examples are provided to illustrate the performance of proposed approaches under both static and dynamic attacks.

Keywords: Security in wireless sensor networks, Byzantine attacks, Distributed detection.


    There is extensive research in the development of wireless sensor networks as the nodes work in efficient and flexible hardware platform. The wireless sensor networks have ability to deploy large number of tiny nodes that can assemble and configure themselves. Wireless sensor networks are considered to be one of the immense and emerging technologies as there are various usages scenarios for these devices that range from real-time tracking, monitoring of environmental conditions, to monitor remote environments for low frequency data trends. Incorporating security into these wireless sensors is challenging due to the limited memory, processing capability, and restricted energy supply. A serious threat

    [1] to wireless sensor networks is the Byzantine attack [2], where the adversary has full control over some of the authenticated nodes and can perform arbitrary behaviour to disrupt the system.

    These constraints motivated the creation of a new architecture known as sensor networks with mobile access (SENMA) [3]. SENMA provides an energy efficient architecture for large low power sensor and do most of the

    processing required. Mobile agents in SENMA are powerful hardware units, both in their communication and processing capability and high ability to traverse the sensor network. In SENMA, mobile agents are the only receiving terminals in data collection. As a result, sensors spend little energy in receiving signals.

    In this paper, we consider reliable data fusion in wireless sensor networks with mobile access points (SENMA) [5] under both static and dynamic Byzantine attacks, in which the malicious nodes report false information with a fixed or time-varying probability, respectively. In SENMA, the mobile access point traverses the network and collects the sensing information from the individual sensor nodes. The major advantage of the SENMA architecture is that it ensures a line of sight path to the access point within the power range of the sensor nodes, allowing the information to be conveyed without routing. This feature makes it a resilient, scalable and energy efficient architecture for wireless sensor networks. The MA receives the sensing reports and applies the fusion rule to make the final decision. One popular hard fusion rule used in distributed detection [4] is the q-out-of-m scheme, in which the mobile access point randomly polls reports from m sensors, then decides that the target is present only if q or more out of the m polled sensors report 1.

    It is easy to implement and achieve a good trade-off between minimizing the miss detection probability and the false alarm rate. In ideal scenarios, the optimal scheme parameters for the q-out-of-m fusion scheme are obtained through exhaustive search. However, due to its high computational complexity, the optimal q-out-of-m scheme is infeasible as the network size increases and/or the attack behaviour changes. To overcome this limitation, effective sub-optimal schemes with low computational complexity are highly desired.

    The main contributions of the paper can be summarized as follows: First, we propose a simplified, linear q-out-of- m scheme that can be easily applied to large size networks. The basic idea here is to find the optimal scheme parameters at relatively small network sizes through exhaustive search, and then obtain the fusion parameters for large network size by exploiting the approximately linear relationship between the scheme parameters and the network size. It is observed that the proposed linear approach can achieve satisfying accuracy with low false alarm rate. However, there are chances of violating the

    problem constraint. To enforce the miss detection constraint and improve the data fusion accuracy, we further propose to use the linear approximation as the initial point for the optimal exhaustive search algorithm. With this enhanced linear approach, near-optimal solutions can be obtained with much lower computational complexity compared with that of the pure exhaustive search approach.

    Second, in an effort to search for an easier and more flexible distributed data fusion solutions that can easily adapt to unpredictable environmental changes and cognitive behaviour of malicious nodes, we derive a closed-form solution for the q-out-of-m fusion scheme. It is observed that the closed-form solution is a function of the

    statistically, nodes within the same section have the same chance of detecting the target.

    The below figure describes the system model where the mobile access point act as the fusion centre and collects the detection request and data request from all the sensors in wireless sensor network and finally sends it to the sink.



    network size, the percentage of malicious users, the malicious nodes behaviour, and the detection accuracy of the sensor nodes. We show that the closed-form solution delivers comparable results with that of the near-optimal

    Mobile Access Point

    Aggregated Data



    solution obtained from the enhanced linear approach.

    Finally, we propose a simple and effective malicious node detection approach, where the malicious sensors are identified by comparing the decisions of the individual sensors. It is observed that dynamic attacks generally take longer time and more complex procedures to be detected as


    Figure 1: System Model


    compared to static attacks. It is also found that the proposed malicious detection procedure can identify malicious sensors accurately if sufficient observation time is allowed. The proposed approach is analyzed using an entropy-based trust model. We show that under the same system settings, the proposed malicious node detection approach is optimal from the information theory point of view. We further propose to adapt the fusion parameters based on the detected malicious sensors and their estimated probability of attack. It is shown that the proposed adaptive fusin scheme can improve the system performance significantly under both static and dynamic attack strategies.


    The centralized wireless sensor network is considered. The network is composed of n power-limited sensor nodes and a powerful mobile access point. We assume that the nodes are randomly and uniformly distributed over the network, and the mobile access point traverses the network on a predefined trajectory to communicate with all the sensing nodes. The sensor network performs distributed detection. Each sensor node detects the presence of the target object by applying an application dependent detection algorithm, such as energy detection, and sends its one-bit hard decision report to the mobile access point (1 means that the target is present),which makes the final decision accordingly. This hard decision model is adopted here for two reason: (1) To reduce the transmission and processing burden of the sensor network; (2) To enable more tractable analysis on the effect of the network size on the reliability of the distributed detection under Byzantine attacks. The network covers a large area, we divide the area into smaller sections, and apply the fusion rule over nodes that are within the same section. This setting ensures that,

    The network contains k malicious sensors. The percentage of malicious sensors, k/n, is denoted by , which is assumed to be known or can be estimated at the mobile access point (MA). When no prior knowledge of exists, the MA would start with a majority vote1 and obtain an estimate for by comparing the individual sensing reports with the final decision. Assume that each benign sensor node has a false alarm probability 2Pf and a miss detection probability, while the malicious sensors have their own false alarm probability Pf and miss detection probability Pm. These probabilities are determined by the environmental conditions and the sensors capabilities to detect the target. The MA uses the binary reports of the sensor nodes to make the final decision on whether the target is present or absent. This distributed detection problem can be modeled using the conventional binary hypothesis test, where the hypothesis H0 represents the absence of the target, and the hypothesis H1 represents the presence of the target. Here, we will first discuss different attack strategies that can be adopted by the malicious sensors, then present the problem formulation based on the q-out-of-m scheme.


    Let Po be the probability that each malicious node intentionally reports the opposite information to its actual sensing decision.

    It is assumed that all malicious nodes have the same probability of attack in a particular sensing period.

    We classify the possible attack strategies into two categories:

    1. Static Attack: In this strategy, the malicious nodes send opposite data with an arbitrary probability Po

      that is fixed, with 0 < Po 1.

    2. Dynamic Attack: In this strategy, the malicious nodes change Po after each attacking block, which is composed of one or more sensing periods.


    To develop effective sub-optimal schemes with low computational complexity, it is important to know how the parameters m and q change with the system variables, such as and n. In this section, we consider the case where the malicious sensors attack with probability Pa. We calculate the optimal parameters at different Pa values, under different network sizes and different percentages of malicious sensors. A simplified q-out-of-m scheme by exploiting the linear relationship between the scheme parameters and the network size. The main idea is that we can get the optimal scheme parameters at relatively small network sizes, and use them as reference points. These optimal (m, q) pairs for the different network sizes, Pa values, and ratios, can be obtained and stored in a look- up table, then used to get the suboptimal scheme parameters for large network sizes.


    To enhance the system performance through malicious node detection, where the hostile behaviour is identified and the malicious sensors are discarded from the final decision making. Furthermore, an adaptive fusion procedure, where the fusion parameters are tuned based on the attack behaviour and the percentage of the malicious sensors.

    In this section, we propose a simple malicious node detection scheme, where the sensors decision reports are used to identify the malicious nodes and estimate their attack behaviour. Let Pa,f (i) and Pa,m(i) denote the probabilities that the ith node attacks when the target is absent and present, respectively. Let Pa,f (i) and Pa,m(i) be their estimated versions. We estimate Pa,f (i) and Pa,m(i) by using two counters for each node at the mobile access point. More specifically, for node i,

    • Ti,o: represents the number of times node i sends 0 when the final decision is 1.

    • Ti,1: represents the number of times node i sends 1 when the final decision is 0.

    These counters are updated after each sensing period by comparing the final decision (obtained using the q-out-of- m rule) with the individual sensing reports. Assuming the observation interval is N sensing periods, and the number of observations where the access point decides that the target is present and absent are N1 and N0, respectively. Then, if the node is benign, Ti,o/N1 and Ti,1/N0 would be indications for the ith nodes miss detection probability and false alarm rate, respectively.

    On the other hand, if node i is malicious, Ti,o/N1 and Ti,1/N0 will be estimates for Pa,m(i) and Pa,f (i), respectively. or equal to a certain threshold Nth before taking the decision to discard any node. Nth should be chosen to ensure the accuracy of the time averages, Pa,f

    (i) and Pa,m(i). When Pa,f (i) and Pa,m(i) are in the orders of 101, it is safe to choose Nth 100.

  6. THE ADAPTIVE FUSION ALGORITHM Adaptive fusion can be achieved by updating the value of

    the q-out-of-m fusion parameters based on the average probability of attack. Malicious node detection approach, each nodes behaviour is determined based on the uncertainty in the accuracy of its sensing report. Since uncertainty is generally measured by entropy, in this section, we analyze the proposed approach using the entropy-based trust model.

    Total= Ti,o + Ti,1


    Prediction= (Ti,o /total)*100 (2)

    Prediction=0 ->normal Prediction>30% to 100% -> attacker Prediction>0 to 30% ->suspect

    Entropy trust metrics are in the range [1, 1], where negative values mean that the attack probability of the corresponding node is greater than 0.5. The trust metrics are equal to 1 when the corresponding node is benign with a perfect detection accuracy.


    The overall false alarm rate averaged over observation periods when Nth = 100. The results are further averaged over iterations to get more accurate results. It can be seen that significant performance improvement is achieved for both static and dynamic attacks when the adaptive fusion with malicious node detection is employed. The miss detection constraint is satisfied for all cases. The effect of the observation interval N on the detection accuracy of the malicious node detection scheme. It can be seen that malicious nodes launching dynamic attack require longer observation interval to be detected than nodes adopting static attack. Demonstrates that the proposed malicious node detection scheme is efficient and highly accurate.


The malicious no de detection scheme for adaptive data fusion under time varying attacks. The detection procedure is analyzed using the entropy-defined trust model, and has shown to be optimal from the information theory pointof view. It is observed that nodes launching dynamic attacks take longer time and more complex procedures to be detected as compared to those conducting static attacks. The adaptive fusion procedure has shown to provide significant improvement in the system performance under both static and dynamic attacks.

Further research can be conducted on adaptive detection under Byzantine attacks with soft decision reports.


  1. H. Kumar, D. Sarma, and A. Kar, Security threats in wireless sensor networks, IEEE Aerospace and Electronic Systems Magazine, vol. 23, no. 6, pp. 39 45, Jun. 2008.

  2. B. Awerbuch, R. Curtmola, H. D., N.-R. C., and R. H., Mitigating byzantine attacks in ad hoc wireless networks, Technical report version 1, Mar. 2004.

  3. L. Tong, Q. Zhao, and S. Adireddy, Sensor networks with mobile agents, IEEE Military Communications Conference, MILCOM 2003, vol. 1,pp. 688 693, Oct. 2003.

  4. Y.-C. Wang and Y.-C. Tseng, Distributed deployment schemes for mobile wireless sensor networks to ensure multilevel coverage, IEEE Transactions on Parallel and Distributed Systems, vol. 19, no. 9, pp. 1280 1294, Sept. 2008.

  5. M. Abdelhakim, L. Lightfoot, and T. Li, Reliable data fusion in wireless sensor networks under byzantine attacks, IEEE Military Communications Conference, MILCOM 2011, Nov. 2011.

Leave a Reply