Multi-Step Detection of Simplex and Duplex Wormhole Attacks over Wireless Sensor Networks

Abrar M.Alajlan

Self-Development Skills Department,Common First Year Deanship,King Saud University,Riyadh,KSA

Abstract:Detection of the wormhole attacks is a cumbersome process,particularly simplex and duplex over the wireless sensor networks(WSNs).Wormhole attacks are characterized as distributed passive attacks that can destabilize or disable WSNs.The distributed passive nature of these attacks makes them enormously challenging to detect.The main objective is to find all the possible ways in which how the wireless sensor network’s broadcasting character and transmission medium allows the attacker to interrupt network within the distributed environment.And further to detect the serious routing-disruption attack“Wormhole Attack”step by step through the different network mechanisms.In this paper,a new multi-step detection(MSD)scheme is introduced that can effectively detect the wormhole attacks for WSN.The MSD consists of three algorithms to detect and prevent the simplex and duplex wormhole attacks.Furthermore,the proposed scheme integrated five detection modules to systematically detect, recover, and isolate wormhole attacks.Simulation results conducted in OMNET++show that the proposed MSD has lower false detection and false toleration rates.Besides,MSD can effectively detect wormhole attacks in a completely distributed network environment,as suggested by the simulation results.

Keywords: Wireless sensor network; wormhole attack; node validation;multi-step detection

1 Introduction

Many applications that use WSNs can be vulnerable to a wide range of security threats [1].The sensors are strategically placed to monitor real-time events that may be utilized for a variety of business and domestic purposes.WSNs, on the other hand, have difficulties dealing with security risks [2].Wormhole attacks, which have significant impacts on the network layer, are one of the biggest dangers.Wormhole attacks, according to research, can disrupt network routing,location-based wireless security, and data aggregation [3-6].A wormhole attack can be launched by a single node or by a pair of cooperating nodes [7].Because it may disrupt the network discretely, this attack is extremely difficult to detect [8].Even if one does not understand the different cryptographic algorithms employed [9], it is usually caused by one or more nodes [10].

The consequences of a wormhole attack are quite severe [11].For example, a wormholeenabled node may conspire to falsify the routing configuration in order to obtain total control of the network traffic [12].As a result, the nodes may disrupt processes that rely on topological proximity [13].These attacks can also raise node power consumption by allocating various resources and transmitting excessive data [14].Wormholes cannot be prevented using various cryptographic algorithms and cryptic keys since they just replay data packets that already exist in WSNs [15].Because WSNs connected to IoT have various hardware flaws, solutions in range-free localization are more likely to seek cost-effective solutions [16,17].The adoption of the DV-hop algorithm to avoid wormhole attacks is one example of a low-cost approach [18,19].

This paper presents a new scheme for the multi-detection of wormhole attacks to address these security concerns.The proposed scheme consists of the following three modules: neighbor node validation process (NNVP), fake link reduction process (FLRP), and wormhole isolation.

The NNVP determines whether or not the node is infected and whether or not it is a neighbor node.The links that originate from a wormhole are referred to as “false links”.These connections can be removed using the FLRP.Finally, the isolation module guarantees that the detection and recovery processes are carried out properly, isolating all traces and instances of the wormhole.This paper contributes as:

• The proposed MSD involves five detection methods, which can detect the successfully classified simplex and duplex wormhole attacks.

• MSD is supported with a valid locator detection feature, which can adjustably fine-tune a threshold value to make a sensor node easily to detect the valid locator(VL).Once VL is identified, then the detection process is used to determine the wormhole-enabled node for the WSN connected with IoT.

• MSD consists of a self-healing procedure that determines the wormhole attack and points to the positions of wormhole-enabled nodes.

• Secret key and signature generation processes are used to guarantee the secure communication process among the sensor node and adjacent sensor nodes or sensor node and base station.

2 Related Work

This section explores into the key aspects of striking approaches.To detect and recover from wormhole attacks in multi-hop WSNs, the distributed self-healing method was suggested [20].It also determines the locations of malicious nodes and separates them from the network.It is the first approach that carries out both routing organization recovery and wormhole node quarantine in response to wormhole attacks.However, it requires proper localization capabilities as well as time analysis.The proposed method relies solely on network connection in a distributed manner.The simulation results showed that the suggested technique detects all wormholeenabled nodes with 100 percent accuracy and zero percent erroneous detection.In terms of power usage and overhead, the result also shows that the suggested technique outperforms other competing alternatives.

The cloned and wormhole node detection method is introduced in Maheswari et al.[21].This method examines each node’s behavior to determine if it is a wormhole or not.If the node has not received authorization from the base, it is not permitted to participate in the communication.To solve the problem of wormhole and Grayhole attacks, the lightweight trust-driven approach was proposed [22].The suggested method uses direct trust, which is determined based on the node’s characteristics.It has also been utilized to establish indirect trust based on the perspectives of nearby sensor nodes.According to the authors, the suggested technique is energy efficient and would not add extra overhead to data flow.

The directional antennas are introduced to prevent wormhole attacks [23].To avoid a wormhole, each node exchanges a secret key with its neighbors and maintains a current list of all neighbors.The direction in which a signal is heard from a neighbor is used to build all lists in a secure way, provided that all nodes antennas are aligned.However, it only mitigates the threat of wormhole attacks to a limited extent.It only protects against wormhole attacks, in which hostile nodes try to trick two nodes into thinking they are neighbors.In wireless sensor networks, the effects of wormhole attacks are widely examined utilizing IoT [24].

The authors proposed the label-based DV-hop localization method to defend against the possibility of wormhole attacks.Furthermore, the correctness of the approach is also proved using the simulation results.

DAWN: A Distributed detection algorithm is proposed for controlling the Wormhole in WSN [25].The suggested method made an attempt to establish a lower constraint on efficient detection rate.The authors investigated the battle of DAWN against collusion and wormhole attacks.Furthermore, the suggested technique has no increased cost due to the use of additional testing messages.DAWN is supported by substantial experimental findings, as all existing wormhole detection techniques increase communication overhead and false negatives.The proposed technique, on the other hand, has a low communication overhead and a high accuracy rate.

3 Proposed Multi Detection Scheme

This section presents the proposed multi-detection scheme for detecting wormhole attacks.Thus, the data distribution process is of paramount vital before detecting the attacks.The Poisson distribution [26] has been used for the data distribution over the network.The data is available at different locations of a WSN.Each data location has a degree of self-sufficiency, is capable of handling local as well as global applications.Data distribution is shaped either by captivating a prevailing single location or excruciating it over different locations.The data uncertainty of data distribution can be computed as:

wherepi: probability of the event

The proposed scheme consists of the three modules, which are discussed in the subsequent sections:

• Neighbor node validation process (NNVP),

• Fake link reduction process (FLRP),

• Wormhole isolation.

3.1 Neighbor Node Validation Process

For each type of wormhole attack detected, there are corresponding different identification protocols.They are as follows.

There are different types of wormhole attacks.They could be classified as either simplex or duplex wormhole attacks [27,28].In this work, different detection processes have been applied to identify the wormhole attacks.

3.1.1 Duplex Wormhole Link Attack

To detect whether a network is experiencing the problem due to the duplex wormhole attack,the sensor node attempts to recognize all its Valid Locators (VLs) prior to the self-discovery process.Let us takeX2as a locator depicted in Fig.2; when the sensor node initiates the Location Request Message (LRM), thenX2returns a Location Acknowledgement Message (LAM) to the sensor node because it is within the communication range ofX2.Furthermore, LAM also travels from pointZ2through the wormhole attack link to another pointZ1before it arrives at the sensor node.Thus, the sensor node receives several times LAM from theX2.Nevertheless, there are three diverse scenarios:

• The locator is within the range of transmission of the sensor node.Thus, the sensor node received three times message fromX4, as shown in Fig.2.

• The locator is not within the range of the sensor nodes’transmission; then the sensor node receives the message twice from the asX7, as shown in Fig.2.

• The locator is within the range of transmission of the sensor node, then the sensor node receives the message twice from theX2, as shown in Fig.2.Based on the ranges,X2andX4are considered as the VLs, but notX7.The sensor node can apply five VLs processes to identify the V-locators.

The attacker node has a capability of changing the location in order to attack the legitimate node.Let us assume that distance between attacker and victim is symbolized as |Ad-vd|.The random change [-1,1] can be characterized as ‘Δβ’.Thus,cos(2πΔβ)denotes the circular path of the attacker around the victim node.Thus, the control is transferred to the victim node when detection movement of the malicious node is determined that is computed by:

whereAd: Attacker distance;vd: Victim distance

When an attacker node knows that its position is exposed, then it attempts to update the position.However, the victim node can identify whenever an attacker moves away from there based on a random-change.Hence, if the random change is greater than 1 or less than -1 that provides the clue to the victim node.The moving process of the attacker node ‘Am’and identifying process time predicted by and victim node ‘vpp’are mathematically expressed in Eqs.(3) and (4)respectively.

vd(rc)Random change in the attacker node’s distance;G: Constant variable for the global change in the position.

If the response time of victim node is faster then, it can identify the movement of an attacker node efficiently depicted in Fig.1.

Figure 1: Response time of victim node

• Detection Process-1

In the first scenario, if the sensor node gets victim due to a wormhole attack and receives three times LAM of the Neighbor Locator (NL), then a bit of the LAM should be set to 1.Thus NL is declared as a VL that is shown asX4in Fig.2.The sensor node only nullifies the minimum Medium Access Control (MAC) delay of a locator.On the other hand, message traveling and the response time delays get longer when the message comes through the wormhole link.Therefore,the measured distance based on the LAM comes from VL takes the shortest response time.

In the second scenario, if the sensor node gets the LAM twice from the NL, then a bit of the LAM should be set to 1, and NL is considered as a Suspicious Locator (SL) such asX7can be determined and as shown in Fig.2.

Figure 2: Showing Duplex wormhole attack process

Definition 1:Data reiteration rate ‘Drr’of the given samples reflect the malicious behavior of the sensor node because of repetition of the continuous packets.

whereSp: Sent samples;t: Time for sending the samples; repeated samples.

Definition 2:If the observation time for the sample-sendingSs(t)is too large then, it may cause of duplex wormhole link attack.On the other hand, if the sample-sending rate is lower,then it may also cause of duplex wormhole link attack.

whereSsv: The sample-sending value

In the third scenario, if the sensor node gets the LAM twice from the NL, then a bit of the LAM should be set to 0, and NL is regarded as the VL.Also, measured distance based on the LAM is considered as correct with the shorter response time asX2shown in Fig.2.

Let us take a set of locators such thatL= {(a1, b1), (a2, b2),..., (ap, bp)} and corresponding measured distancesS= {l1, l2,..., Sp}, where (ai, bi) is the location ‘L’of the locatorXiandrithat is the distance from a sensor node to Xi, whereJ= (1, 2,3,..., p).Thus estimated location of the sensor node can be determined as (a0, b0).Thus, the mean square error (MSE) rate for the location can be defined as:

The distance dependability property (DDP) of the legal locators demonstrates that the MSE of the estimated location is based on the exact distance that is smaller than a minimum threshold.On the other hand, the MSE of the estimated location is based on the distance that involves some inappropriate distance measurements that is not smaller than a threshold value.More VLs are detected using the DDP of the VLs.

• Detection Process-2

If the sensor node has detected not less than two VLs using Detection Process 1; thus,it detects other VLs by examining whether an estimated distance is dependable.A predefined threshold ‘β’of the MSE is identified (i.e., an estimated distance with the MSE lesser thanβis regarded to be steady).The sensor node can recognizeX2,X3, andX4as VL despite changing the location, as shown in Fig.1.Furthermore, an accurate estimated distance ‘Dacc’can be obtained.

whereΨ: distance of valid locator;γ: distance covered by the sensor in case of mobility.

When a new locator joins the network, then it is of paramount significance to calculate the distance of the new locator ‘Dnl’to avoid and minimize the error rate given by

The objective function is used to analyze the nature of the link, whether wormhole or not.

The sensor node initiates the detection process one by one for the uncertain locators (ULs).For example, to examine whetherX1is the VL.Thus, it is also important that the sensor node should be capable of calculating its own location using measured distance toX1,X2,X3, andX4.If the measured distance toX1is inappropriate, then the MSE of the calculated distance dimension can surpass theβ, which implies thatX1should not be considered as VL.If the sensor node identifies the distance stability ofX2,X3,X4, andX6, it also checks that the MSE is lesser thanβ; therefore,X6should be considered as VL and measured distance toX6should be considered as accurate.After examining each uncertain NL, the sensor node can determine all VLs with the exact measured distance.

Theorem 1:When a sensor node becomes victim due to duplex wormhole link attack, ∀Ljsuch contention locationC(Lj)ρ,Lj∈DA.

Proof:When a sensor node is a victim due to duplex wormhole link attack as depicted in Fig.1.All of the locations inSL(Atk1)USL(Atk2)are NLs for the sensor nodes.According to the given theorem:

Thus, the message cannot be advanced to wormhole link, and there is no anomaly for the interchange of the message interchange between Liand other locators, consequently

Tab.1 shows the notations and their description.

Table 1: Used notations and description

3.1.2 Simplex Wormhole Link Attack

When the sensor node discovers the simplex wormhole attack, then it adopts the VLs’detection processes.

• Detection Process-3

If the sensor node gets the victim due to simplex wormhole link attack as depicted in Fig.2.If the sensor node receives the LAM of an NL twice, then that NL is considered as a VL.For example, ifX3replies a LAM to the sensor node as depicted in Fig.1, this message travels through two different routes to the sensor node: one route goes directly fromX3to the sensor node whereas, the other fromX3toZ1via the wormhole link to the sensor node.Hence, the sensor node is capable of determining thatX3is a VL.To further achieve the accurate measured distance toX3, the sensor node matches the response times of the LAM fromX3through different routes.The measured distance with the shortest response time is deliberated as correct and accurate.Likewise,X4is also recognized as a VL, and its accurate measured distance can be determined.Thus, the spatial property is used to identify VLs.Duplex and simplex wormhole attack detection processes are given in Algorithm 1.

Property 1:The sensor node is unable to get the messages from two NLs concurrently if the measured distance between these two NLs is larger than 2d.

Algorithm 1: Detection process for the wormhole attack 1.Initialization: {Lrm: Location request message; Nl: Neighbor locator; Lam: Location acknowledgement message; Dγ: Detection methods-1-2; Dδ: Detection methods-3-5; Swh: Simplex wormhole attack; Dwh: Duplex wormhole attack}2.Input:{Lrm; Lam}3..Output:{Swh; Dwh}4.Sensor broadcasts a Lrm 5.Each NL sends Lam to sensor node including message abnormality detection outcome.6.Sensor node waits for Lam to measure the distance to each NL and compute the response time of each NL 7.If the sensor node detection =Dγ then 8.Detected as Dwh 9.if the sensor node detection =Dδ then 10.Detected as Swh 11.Else No 12.A simplex wormhole link attack is discovered.13.Else if No wormhole attack 14.End if 15.End if 16.End else if

In Algorithm 1, the simplex and duplex detection processes are explained.In step-1, variables are initialized.Steps-2 provides the input.Step-3 gives the output.In step-4, the sensor node broadcasts the location request message.In step-5, each neighbor locator sends location acknowledgment message to the sensor node, including message irregularity detection result.In step-6,each neighbor locator sends the location acknowledgment message to measure the distance to each neighbor locator and computes the response time for each node locator.In step-7, if the sensor node detection methods fall within the category of dections: 1-2 methods, then the duplex wormhole method is observed.In step-8, if the sensor node detection methods fall within the category of detections; 3-5 methods, then the simplex wormhole method is observed.In step-9,if a sensor node is neither falling within the processes ofDγnorDδ, then it is considered that no wormhole link attack is discovered.

• Detection Process-4

When the sensor node becomes victim due to the simplex wormhole link attack as depicted in Fig.2, if two NLs violate the spatial property, it is noticeable that one of them is a valid locator (VL) and explained in the Algorithm-2, and the other is a Suspicious Locator (SL).Let us take an example ofX2andX5in Fig.2, as the distance betweenX2andX5is larger than 2d.After receiving LAM from them, the sensor node can detect that two NLs cannot hold the spatial property.Thus, VL can be differentiated from SL using the response time of both NLs as the LAM fromX5is transmitted to the sensor node through the wormhole link.It also takes a longer response time than that fromX2.The sensor node considers X as a VL andX5as a SL becauseX2has a shorter response time.Therefore, the distance toX2is also deliberated as correct.The distance consistency property is used of VLs to determine more VLs when the sensor node becomes a victim due to the simplex wormhole link attack.

Algorithm 2: Detection of Valid Locators 1.Initialization: {VL: Valid Locator; Dγ: Detection methods-1-2; Dδ: Detection methods-3-5;Swh: Simplex wormhole attack; Dwh: Duplex wormhole attack; SN: Sensor node}2.Input:{Dγ ;Dδ}3.Output:{VL}4.If SN=Dwh then 5.Set Dγ=1 and detect VLs 6.If SN=Dwh then 7.Set Dγ=2 and detect VLs 8.End if 9.End if 10.If identified VLs ≥2 then 11.Initiate detecting process of other VLs 12.End if 13.Elise if SN=Swh then 14.Set Dδ=3,4 & 5 and detect VLs 15.End else if

In Algorithm 2, the valid locators are identified.In step-1, variables are initialized.In steps-2-3, give the input and output.In steps-4-7, when the sensor node detects the duplex wormhole attack, then it initiates the ‘Dγ’detection method-1 or detection method-2.In steps-8-9, the process of detecting other valid locators is initiated.In step-13-14, when the sensor node detects the simplex wormhole attack, then it starts to use detection methods-3-5.And based on the detection methods, the valid locators are detected.

Let us take a ‘bsi’as a malicious parameter done by a simplex wormhole link attack that can be denoted by

Let us take a ‘Gdk’as a malicious parameter done by a duplex wormhole link attack that can be indicated by

For the data coming from each sensor node is evaluated for every event.As we geti=1,2,...,50,k=1,2,...,50, andk=1,2,...,10.The setbsiis used to generate the template for detection of simplex wormhole link attack for the sensor node ‘i’.While the setgdkis used for the template generation of duplex wormhole link attack.It can be determined if eachgdk∈Gdkcan be segregated from eachbsi∈Bsi.

• Detection Process-5

When the sensor node becomes the victim of the simplex wormhole attack, similar to Detection Process 2, if the sensor node uses detection processes 3-4 for detecting minimum two VLs,it can detect other VLs based on the Distance Consistency Property (DCP) of VLs.Considering the scenario of Fig.3, the sensor node can detectX2,X3, andX4as VLs and obtain the correct measured distance.The sensor node can further detect other VLs by examining distance consistency.A MSE smaller thanβcan be obtained when the sensor node estimates its location based onX1,X2,X3, andX4because they are all VLs.The sensor node can then determine thatX1is a VL and the measured distance toX1is found as correct.

The procedure of the basic VLs detection approach is enumerated in Algorithm 2: When the sensor node gets a victim of the duplex wormhole link attack, then it needs to execute the detection Process 1 to determine the VLs.As the distance stability process requires at least three VLs, if the sensor node classifies no less than two VLs, it can use the detection process 2 to detect other VLs.In case if the sensor node becomes the victim due to simplex wormhole link attack,then it adopts the detection processes 3-4 to identify the VLs.After that, if at least two VLs are identified, the sensor node executes the detection process 5 to identify other VLs.

3.2 Prolonged Node Validation Process

In the basic VL detection process, if the sensor node detects less than three VLs, it terminates the self-localization.This occurs because the statistical method of maximum likelihood estimation(MLE) used in the self-localization needs at least three distance measurements.However, when using detection processes based on the distance consistency property of V-locators, many VLs cannot be determined due to the threshold of MSE,βis set incorrectly at a trivial value.

A prolonged valid locators’identification approach is used to handle the above problem.The proposed approach can adaptively adjust the threshold value ofβto make the sensor node easier to detect more VLs.If the sensor node gets a victim of the duplex wormhole link attack, it conducts detection process 1 to detect VLs.If the sensor node detects no less than two VLs, it replicates to detect other VLs using detection process 2 and updates theβwith an augmentation ofΔτ2 until the minimum three VLs are recognized, orβis higher thanβmax.In case, the sensor node notices that it gets a victim due to simplex wormhole link attack, it adopts the detection processes 3-4 to detect the VLs.If at least two VLs are detected, the sensor node repeats to conduct the detection process 5 to identify other VLs and update β with an increment of Δβ until at least three VLs are recognized, or β is larger than β max.The procedure of the prolonged VLs’detection process is explained in Algorithm 3.

Figure 3: Showing Simplex wormhole attack process

After the wormhole link attack detection and VLs’identification, the sensor node can detect VLs from its NLs.Furthermore, the sensor node can calculate the accurate distance for the VLs.If the sensor node gets minimum three correct measured distances to its NLs, it performs the Maximum Likelihood Estimation (MLE) localization process based on the locations and distances of the associated NLs.

?

(Continued)

?

In Algorithm 3, the Prolonged node validation process is explained.In step-1, used variables are initialized.Steps-2-3 specify the input and output.Steps-4-5 shows the detection process of the duplex wormhole link attack conducted by the sensor node; then it initiates to conduct the detection process-1 to identify the VLs.In steps-6-7, the value of the identified VLs is compared;if identified VLs are greater than or equal to 2, then this process will be continued until determine for the rest of the detection methods.The steps-8-9 show the process of detecting other VLs;then the threshold value is set by adding the maximum threshold value and incremental of a predefined threshold value.

In steps-10-13, the predefined threshold value is compared with the maximum incremental predefined threshold value; this process continues until an identified VLs are greater than or equal to 3.In steps-14-20, the sensor node detects the simplex wormhole attack, then the detection process of valid locators is begun.By applying the detection methods 3-5, then other valid locators are determined.Finally, the threshold values are set in order to identify all the valid locators.

3.3 Secret Key and Signature Generation Process

The sensor nodes are tiny, and their data sending process is vulnerable.Thus, the proposed approach wants to secure the data communication process.Hence, the secret key is generated for sending the data confidentially.In addition, the signature is created to validate the sent message.

3.3.1 Secret Key Generation Process

When the sensor node interacts either with an adjacent sensor node or the base station, then it requires to generate the secret key for interacting and sending the data.

Let us assume that the sensor node ‘SN’ intends to communicate, then a secret key is calculated as:

Fori∈{0,1}, then two hash values ‘Hv’should be calculated.Hence,O1.Thus, the output produces a secret key ‘Sk’calculated by

whereTk: Transaction key.

3.3.2 Signature Generation Process

The signature must be calculated, and the sensor node obtains the received file ‘X’.The file X must be split into ‘m’number of the chunks ‘ck’that can be written as

whereCt: Total number of the chunks

The sensor node computes the pair of the signature

{Sk,Tk}for each file of chuck.

First, Calculating two hash value as:

Hv=L2(filename)

xk=L3(qk,SNid,filename),

qk: chunk’s pointerckin the given fileX, 1 ≤k≤m.

Once two hash values are calculated, then start a file of secret sharingSS(τ,d)withz(x)=Hv+q1x+...+qr-1xr-1and calculatesr-1points.

Up: A universal parameter.

Finally, compute the number of the random variables ‘n’given by

vk∈Kt,1 ≤k≤n, then calculates

wherevk: Random variable

Therefore, the signature generation process is secure that also supports the sensor nodes to avoid impersonation and identity attacks.

4 Experimental Results

To validate the effectiveness of the proposed MSD approach, the simulation is conducted using OMNET++ 5.6.2 simulator.Based on the simulation results, the performance of MSD approach has been analyzed and compared with existing state-of-the-art schemes: Hybrid Algorithm to Eliminate Wormhole Attack (HAW) [20], Dynamic Detection and Prevention (DDP) [21],and Wormhole and Gray attack (WGA) [22].The sensor nodes are distributed randomly to serve the data sending process.The deployed sensor nodes are connected using the end-to-end reliable and bi-directional approach.

The main goal of the simulation is to balance the bandwidth usage and proper data exchange.Several scenarios (Malicious and Non-Malicious) are generated to conclude the realization of the proposed approach.The simulation scenarios resemble the tangible WSN situation.The given outcomes demonstrate alike to a realistic environment.The simulation network consists of 450×450 square meters with 270 sensor nodes.The transmission and sensing ranges are 45 and 30, respectively.Each sensor node has 80 Kb/Sec bandwidth capacity and buffers the 80 frames.The size of the data packet is 512 bytes with 10 seconds’pause time, and the entire simulation takes 15 minutes.The summary of the simulation parameters is given in Tab.2.

Table 2: Summary of simulation parameters

Based on simulation outcomes, the following metrics have been achieved.

• Accuracy

• Detection (false negative, true positive and false positive)

4.1 Accuracy

Accuracy requires both precision and authenticity.Fig.4 shows the accuracy of the proposed MSD and other contending schemes (HAW, DDP, and WGA).The accuracy of the proposed approach and contending approaches has been measured using the variable number of valid sensor nodes up to maximum 180 with the 10% malicious sensor nodes.The result demonstrates that the MSD produced a maximum of 99.93% accuracy.Whereas other contending schemes produced 98.74%-99.47%.

Figure 4: Accuracy of proposed MSD and contending with 180 nodes

When the number of sensor nodes increase then, accuracy is marginally affected with 10%malicious nodes.The results demonstrate that proposed MSD obtain 99.904% accuracy with 270 sensor nodes.Whereas, the contending approaches obtain the accuracy 97.9%-98.6% with 270 sensor nodes.HAW produced less accuracy with 270 sensor nodes as shown in Fig.5.The testing procedure involves true negative, and true positive.Thus, the accuracy is given by:

whereTp: True positive,Tn: True negative,Twm: Total wormhole attacks.

Figure 5: Accuracy of proposed MSD and contending HAW, DDP, and WGA with 270 sensor nodes

The reason behind better accuracy for the proposed approach is to use five detection methods and secret key and signature generation processes that determine the precise true negative and true positive successfully.

Figure 6: False positive rate and true positive rate for proposed MSD and competing schemes(HAW, DDP, and WGA)

4.2 Detection(True Positive,False Negative and False Positive)

The proposed MSD and contending schemes (HAW, DDP, and WGA) have been measured using False-positive ‘Fpos’and true positive ‘Tpos’rates.True positive and false positive rates are depicted in Fig.6.It has been observed, based on the outcomes of the simulation that the proposed MSD possesses a greater true positive rate.On the other hand, contending schemes have a lesser true positive with the false positive rates.DDP gets lower positive rate.False negative‘Fneg’and true positive rates have been depicted in Fig.7.

Figure 7: False negative rate and true positive rate for proposed MSD and competing schemes(HAW, DDP, and WGA)

The trend of the result in the graph demonstrates that the proposed MSD gets a higher true positive rate, and only 0.015 false-negative rates are detected, while contending schemes show the higher false-negative rate that is counted as 0.023-0.072.MSD gains the higher false-negative rage that is measured to be 0.072.Based on the outcomes, it has been confirmed that the proposed scheme attains the true higher positive and gains lower false-negative rates.Thus, true positive,false positive and false negative rates can be calculated using Eqs.(17)-(19).

whereFpos(r): False positive rate;Tneg: True negative;Fneg(r): False negative rate, andTpos(r): True positive rate.

5 Conclusion

A new multi-detection scheme has been executed for detecting the wormhole attacks in WSNs over the distributed environment.In the proposed scheme, different integrated detection modules implemented to systematically detect, recover, and isolate wormhole attacks.In this multi-step detection (MSD) scheme, the neighbor node validation process plays a crucial role in identifying the infected nodes and the false neighbors.In addition, the proposed MSD can be used to eliminate all fake links (i.e., the links which originate from a wormhole).Finally, the performance of isolation module ensured that detection and recovery are highly effective and thereby isolates the wormhole completely from the network.To support the proposed scheme, different algorithms were executed that provide specific details of how exactly each component (e.g., Wormhole attack detection scheme and Extended Node Validation process) of the proposed scheme was effectively detected and successfully recovered the network inside the distributed environment.Current limitations on assessing after the rerouting and rescheduling in real time traffic management for the detection model should be taken into consideration towards further research.In future, attacks in integrated network scenarios around the distributed environment will be evaluated through nontraditional algorithms for optimum desirability to detect and recover the WSN from the wormhole attacks.

Acknowledgement:This research was supported by the Deanship of Scientific Research, King Saud University, Kingdom of Saudi Arabia.

Funding Statement:The author received no specific funding for this study.

Conflicts of Interest:The author declares that she has no conflicts of interest to report regarding the present study.