International Journal of Pure and Applied Mathematics Volume 118 No. 9 2018, 313-329 ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu Special Issue ijpam.eu

Effectively Suppress the Attack of Sinkhole in Wireless Sensor Network using Enhanced Particle Swarm Optimization Technique

N. Nithiyanandam1 Dr. P. Latha Parthiban2 B. Rajalingam3

1,3Research Scholar 2Assistant Professor 1, 2 Department of Computer Science, School of Engineering, 1,2Pondicherry University, Pudhuvai, India 3Department of Computer Science & Engineering, Annamalai University, 3Annamalainagar, Tamilnadu, India [email protected], [email protected], [email protected]

Abstract Wireless Sensor Networks (WSN) is an emerging field of research with large number of applications and associated constraints like throughput, network lifetime, overhead, reliability, etc.,. To help in these aspects clustering of nodes, multi-hop transmission routing protocol for enhancing the security of WSN. Clustering the nodes in a network provide an efficient way to easily identify the sinkhole even in large set of network nodes. Grouping the nodes narrow down to identify of suspect or a minimum list of suspected nodes can be easily retrieved in which later we can deploy an identification and mitigation algorithm to find and mitigate the sinkhole. The main objective of research work is to modified flocking based clustering algorithm for node clustering to effectively suppress the attack of sinkhole in Wireless Sensor Network. In this research we propose a Flocking model is described as a group of individuals clustered together in common velocity. It consists of three simple steering rules that need to be executed at each instance over time, which includes: (1) Separation: steering to avoid collision with other boids nearby; (2) Alignment: steering toward the average heading and matching the velocity of its neighbour flock mates; (3) Cohesion: steering to the average position of the neighbour flock mates. This algorithm is designed to provide optimal solution for such large instances. We also show; how our proposed model can handle the routes, transmission delay, clustering, etc without facing any problem of network failure.

Keywords: WSN, sinkhole, Enhanced Particle Swarm Optimization, VGM, Particle Swarm Optimization.

1. INTRODUCTION

The networks which holds the capability to interface with this real world which is physical in nature with the virtual world in a vast manner and provides reasonable uses and causes for developing application in large number which results in Internet of Things, sixth sense technology, habitat monitoring, sensor based agriculture, etc,. Though it gives enormous benefits it results in challenge in terms of security. Recent advances in communication and computing Wireless Sensor Network gathered high range of attention in terms of research oriented proposals. These security issues in sensors make the researchers to deploy a security mechanism on it and use nature as their test bed to prove the efficiency of their proposed work. At first this WSN has been designed and deployed for military purposes for sensing and reporting of climate and physical changes in their target area. Later due to its advanced techniques it has been deployed throughout the country for commercial and personal purposes. The main problem occurs during the clustering of nodes and while the communication between nodes to reach sinks, there might be congestion in the network due

313 International Journal of Pure and Applied Mathematics Special Issue

to traffic like collision between nodes or link failure. In order to avoid those problems bio inspired way of clustering can be implementing to cluster the nodes. Our model achieves two different themes, first an efficient way to form cluster and then to deploy a mitigation algorithm to suppress the sinkhole in Wireless Sensor Network.

WSNs are susceptible to a wide class of attacks among which sinkhole attack has been identified as one of the serious threats. In this type of attack, a malicious node advertises itself as a best possible route to the base-station which deceives its neighbours to use the route more frequently. Thus, the malicious node has the opportunity to tamper with the data, damage the regular operation or even conduct many further challenges to the security of the network. An adversary utilizes a compromised node to launch the attack in which a route is advertised to deceive neighbours. Furthermore, the high quality route not only attracts the neighbours of sinkhole but also it attracts almost all the nodes that are closer to the sinkhole than to the base-station (may be from several hops away) which amplifies the threat that depicts a sinkhole attack. Clustering the nodes in wireless sensor network and providing a security mechanism in order to avoid the sinkhole attack are the two set of process which gives the network a greater lifetime and integrity and reliability to the network. (i) Security Goals When dealing with security in WSNs, we mainly focus on the problem of achieving some of all of the following security contributes or services: Confidentiality: Confidentiality refers to data in transit to be kept secret from eavesdroppers. Here symmetric key ciphers preferred for their low power consumption. Integrity: Integrity measures that the received data is not altered in transit by an adversary. Authentication: Authentication enables a node to ensure the identity of the peer with which it is communicating. Availability: The service should be available all the time. Data Freshness: It suggests that the data is recent, and it ensures that no old messages have been replayed. Non-repudiation: It denotes that a node cannot deny sending a message it has previously sent. Authorization: It ensures that only authorized nodes can be accessed to network services or resources. These goals are not ensured by traditional cryptographic techniques. So some new cryptographic measures are needed for sensor network. (ii) Attacks on Wireless Sensor Networks The Sensor networks are self-organizing networks which, once deployed, are expected to run autonomously and without human attendance. Major attacks on sensor networks are as follow: A. Jamming Jamming interferes with the radio frequencies of the sensor nodes. Only a few jamming nodes can put a considerable amount of the nodes out of order. If the adversary can block the entire network then that constitutes complete DoS. B. Tampering

314 International Journal of Pure and Applied Mathematics Special Issue

A tampering attacker may damage a sensor node, replace the entire node or part of its hardware or even electronically interrogate the nodes to gain access to sensitive information, such as shared cryptographic keys and how to access higher communication layers.

C. Spoofed, altered or replayed routing information This is the most direct attack. By spoofing, altering or replaying routing information the attacker can complicate the network and create routing loops, attracting or repelling traffic, generating false error messages, shortening or extending source routes or partitioning the network. D. Selective forwarding In such an attack the adversary includes itself in a data flow path of interest. Then the attacker may choose not to forward certain packets and drop them causing a sort of black hole. E. The Sybil Attack A malicious node present multiple identities to the network is called Sybil attack. This attack is especially confusing to geographic routing protocols as the adversary appears to be in multiple locations at once. F. Wormholes In these attacks the adversary tunnels messages received in one part of the network over a low latency link, to another part of the network where the messages are then replayed. Wormholes often convince distant nodes that they are neighbors, leading to quick exhaustion of their energy resources. An attacker close to the base station can completely disrupt routing by creating well positioned wormholes that convince nodes multiple hops from the base station that they are only a couple of hops away through the wormhole. G. Hello flood attacks In many routing protocols, nodes broadcast hello messages to announce their presence to their neighbors. A node receiving such a message can assume that the node that sent the message is within its range. An attacker with a high powered antenna can convince every node in the network that it is their neighbor. This section discussed about the wireless sensor networks and sinkhole attack. Rest of the paper is organized as follows: Section 2 provides the review of literature about the Detection of Sinkhole attack using various other approaches. Section 3 explains the proposed methodology. Section 4 discusses the detection of sinkhole attacks in WSNs techniques. Section 5 discusses the experiments conducted and the results. Section 6 concludes the work with future scope.

2. RELATED WORKS

Fabrice Le Fessant, et al. [1] focuses on the (1) understanding the impact of selective forwarding attacks on tree-based routing topologies in wireless sensor networks (WSNs), and (2) investigating cryptography-based strategies to limit network degradation caused by sinkhole attacks. The main motivation of the research stems from the following observations.

315 International Journal of Pure and Applied Mathematics Special Issue

First, WSN protocols that construct a fixed routing topology may be significantly affected by malicious attacks. Second, considering networks deployed in a difficult to access geographical region, building up resilience against such attacks rather than detection is expected to be more beneficial. Thus first provide a simulation study on the impact of malicious attacks based on a diverse set of parameters, such as the network scale and the position and number of malicious nodes. Based on this study, the authors propose a single but very representative metric for describing this impact. Second, present the novel design and evaluation of two simple and resilient topology-based reconfiguration protocols that broadcast cryptographic values. Edith C.H. Ngai, et al. [2] presents a novel algorithm for detecting the intruder in a sinkhole attack. The algorithm first finds a list of suspected nodes through checking data consistency, and then effectively identifies the intruder in the list through analyzing the network flow information. The algorithm consists of two steps: It first locates a list of suspected nodes by checking data consistency, and then identifies the intruder in the list through analysing the network flow information. The algorithm is also robust to deal with multiple malicious nodes that cooperatively hide the real intruder. The author evaluated performance of the proposed algorithm through both numerical analysis and simulations, which confirmed the effectiveness and accuracy of the algorithm. The result of this work also suggests that its communication and computation overheads are reasonably low for wireless sensor networks. H. Shafiei, A. Khonsari, et al.[3]. Proposes two approaches to detect and mitigate such attack in WSNs. It provides a centralized approach to detect suspicious regions in the network using geostatistical hazard model. A distributed monitoring approach has been proposed to explore every neighborhood in the network to detect malicious behaviors.An analytical model is provided to capture the interactions between various contributing parameters in the proposed detection methods.The rationale behind these approaches is that the nodes around the sinkhole deplete their energy faster than other nodes since the routes to the base-station that pass through sinkhole are more attractive thus are used more frequently. Thus, an energy hole forms around each sinkhole. In the first approach the base-station utilizes a geo-statistical method to sample the residual energy of every sensing region and estimates the possibility of existence of the sinkhole in each region using an extracted statistical estimator. Based on the value of the estimator, the base-station instructs all of the nodes to avoid the suspicious region in their routing. The second approach is a distributed monitoring method to detect regions with lower average residual energy level.Author describes a light weight mitigation method to eliminate sinkholes.A mitigation scheme is discussed by author prevents the traffic flow toward sinkholes and thus eliminates the threat of the sinkholes.Nidal Nasser, Yunfeng Chen, [4] proposed routing protocols in the literature focus either only on increasing lifetime of network or only on addressing security issues while consuming much power. Author combines solution to the two challenges. Author proposes a new routing protocol called SEEM: Secure and Energy-Efficient multipath Routing protocol. SEEM uses multipath alternately as the path for communicating between two nodes thus prolongs the lifetime of the network. On the other hand, SEEM is effectively resistive to some specific attacks that have the character of pulling all traffic through the malicious nodes by advertising an attractive route to the destination. N.K. Sreelaja, G.A. VijayalakshmiPai,[5] In this paper, author applies nature inspired computing algorithm an

316 International Journal of Pure and Applied Mathematics Special Issue

situated within the context of agent based models that mimics the behavior of ants to detect sinkhole attacks in wireless sensor networks. An Ant Colony Optimization Attack Detection (ACO-AD) algorithm is proposed to identify the sinkhole attacks based on the node ids defined in the rule set. The nodes generating an alert on identifying a sink-hole attack are grouped together. A voting method is proposed to identify the intruder. An Ant Colony Optimization Boolean Expression Evolver Sign Generation (ABXES) algorithm is proposed to distribute the keys to the alerted nodes in the group for signing the suspect list to agree on the intruder.Xiaohui Cui and Thomas E. Potok,[6] propose a bio-inspired clustering model, the Multiple Species Flocking clustering model (MSFC), and present a distributed multi- agent MSFC approach for clustering dynamic updated text information streams. The decentralized architectures and communication schemes of the MSFC multi-agent distributed implementation for load balance and status information synchronization are also discussed in this article. B. Crowther,[7] introduced the applies rules for flocking (cohesion, alignment, separation, and migration) to the problem of managing the flight of a number of autonomous unmanned air vehicles. A six-degree of freedom aerodynamic model of an existing UAV is used to simulate the flocking flight vehicles. It is found that application of the cohesion and alignment rules is sufficient to generate true flocking behaviour in that the flight vehicle density is increased and the flock members converge on a common heading. X. Cui, J. Gao, and T. E. Potok, [8] In this paper, present a novel Flocking based approach for document clustering analysis. Our Flocking clustering algorithm uses stochastic and heuristic principles discovered from observing bird flocks or fish schools. Unlike other partition clustering algorithm such as K-means, the Flocking based algorithm does not require initial partitional seeds. The algorithm generates a clustering of a given set of data through the embedding of the high-dimensional data items on a two-dimensional grid for easy clustering result retrieval and visualization.X. Cui, T. E. Potok,[9] present a hybrid Particle Swarm Optimization (PSO)+K-means document clustering algorithm that performs fast document clustering and can avoid being trapped in a local optimal solution as well. For comparison purpose, we applied the PSO+K-means, PSO, K-means, and other two hybrid clustering algorithms on tfour different text document datasets. Hugo Hernandez, Christian Blum, [10]. Propose the classical minimum energy broadcast (MEB) problem in wireless adhoc networks, which is well studied in the scientific literature, considers an antenna model that allows the adjustment of the transmission power to any desired real value from zero up to the maximum transmission power. However, when specifically considering sensor networks, a look at the currently available hardware shows that this antenna model is not very realistic. A first contribution of this work is therefore the re-formulation of the MEB problem for an antenna model that is realistic for sensor networks. In this antenna model transmission power levels are chosen from a finite set of possible ones. The second contribution concerns the adaptation of ant colony optimization, a current state-of-the-art algorithm for the classical MEB problem, to the more realistic problem version.

3. PROPOSED RESEARCH WORK

317 International Journal of Pure and Applied Mathematics Special Issue

 The clustering provides the facilitation for identifying sinkhole in less time. The available nodes are clustered to avoid time delay in finding the intruder between the source and sink node.  The workload of base station has been divided to the nodes in the network which reduces delay in transmission and the clustering results in scalability for large number of nodes.  The Intrusion Detection System results in the integrity of Wireless Sensor Network for large number of nodes in the network which is suitable to handle large scale WSN.  The use of FleGSens results in efficient way to find the trespassers (i.e. whether the data has been travelled to any other nodes outside the network)  The result of Own path discovery by all the nodes in the network reduces the computational time in the wireless sensor network. Goal:Deduce an enriched swarm intelligence algorithm Flocking based clustering, in order to cluster the nodes in Wireless Sensor Networks for the process of detecting sinkhole in large set of nodes present in the network. Method:A sinkhole of a Wireless Sensor Network will be placed within a large number of nodes present in the network. Identifying such an intruder in a large set of nodes feels a tedious process and also since we use a stochastic based optimization algorithm the results will not be optimal in all the runs. To make an optimization algorithm to work efficiently and result in high convergence rate clustering is needed. For concluding an intruder in efficient manner, clustering is one of the concepts which group the nodes in the network using different methodologies. Forming a cluster is a kind of optimization problem since exhaustive testing is a time consuming process in a dynamic environment. Optimizing using Bio inspired algorithm results in fast convergence since it works with the strategy of guided random. A flocking model is describe3d as a group of individuals clustered together in common velocity. It consists of three simple steering rules that need to be executed at each instance over time, which includes: Separation: steering to avoid collision with other boids nearby. Alignment: steering toward the average heading and matching the velocity of its neighbor flock mates. Cohesion: steering to the average position of the neighbor flock mates. These simple local rules of each boid generate complex global behaviors of the entire flock. The resulted cluster forms optimal solution for data transmission without failure of nodes. The proposed algorithm will be evaluated in large scale Wireless Sensor Network. The performance evaluation will be resulted or tabulated in the form of time taken to detect the intruder, overhead, throughput, Network Lifetime, etc.

318 International Journal of Pure and Applied Mathematics Special Issue

Start

BS: Flood Hello Message

EM Node: Eavesdrop All Traffic

EM Node: NodeID-Source ID & DestinationID = BS

EM Node: Sent Data(Node ID, NextHop ID,RSSI Value) to RBSD

RSSD: RSSI Value -> Locate Node

RBSD: Create a VGM

Finish

Fig. 1: Flowchart of VGM Creation When the network initializes, an assumption is made that an intruder will not attack for atleast the first T periods, termed as Safe period, so that the system can learn about the normal behavior of the network such as routing information, position of all sensor nodes. Then we calculate a Visual Geographic Map (VGM) of the network by using RSSI value from the EM nodes. The visual geographic map is the graphical representation of the network model and simulates the traffic flow from the nodes to the BS [11].

Fig. 2: Two examples of sinkhole attack in wireless sensor networks. (a) Using an artificial high quality route; (b) Using a wormhole. A. Sinkhole Attack Sinkhole attack is an insider attack were an intruder compromise a node inside the network and launches an attack. Then the compromise node try to attract all the traffic from

319 International Journal of Pure and Applied Mathematics Special Issue

neighbor nodes based on the routing metric that used in routing protocol. When it managed to achieve that, it will launch an attack. Due to communication pattern of wireless sensor network of many to one communication where each node send data to base station, makes this WSN vulnerable to sinkhole attack [12]. MintRoute protocol is a type of protocol which is commonly used in wireless sensor network. It was designed purposely for the wireless sensor network; it is light and suitable for sensor nodes which have minimum storage capacity, low computation power and limited power supply. MintRoute protocol uses link quality as a metric to choose the best route to send packet to the Base Station [13]. The following subsections discuss the techniques use in MintRoute protocol and AODV protocol in launching sinkhole attack.

Fig. 3: Sinkhole attack in MintRoute protocol [13]

Fig. 4: Sinkhole in TinyAODV protocol [16] Fig. 3 shows six sensor nodes A, B, C, D, E, and F. Node C is malicious, and it is going to launch a sinkhole attack. The Fig. 3(a) shows a route table of node A with IDs of its neighbors with their corresponding link quality. Originally the parent node was node B but node C advertises its link quality with a value of 255 which is maximum value. Node A is not going to change its parent node until the node B‟s link quality fall to 25 below the absolute value. In Fig. 3(b) the malicious node is sending new update route packet that the link quality fall up to 20 and impersonate node B so that node A believe the packet come from node B. Node A will update its route table and change the parent node to node C [13]. The attacker uses node impersonation to launch an attack. B. Sinkhole Attack in TinyAODV Protocol This is another explanation of sinkhole attack in wireless sensor network and this time the attack is launched under TinyAODV (Ad-hoc On Demand Vector) protocol. TinyAODV protocol is the same as AODV in MANET but this one is lighter compared to AODV and it

320 International Journal of Pure and Applied Mathematics Special Issue

was modified purposely for wireless sensor network [16]. The number of hops to base station is the routing metric that used in this protocol. Generally the route from source to destination is created when one of the nodes send a request, the source node sends a RREQ (Route request) packet to his neighbors when wants to send packet. Next one of the neighbors close to destination is reply by sending back RREP (Route Reply) packet, if not the packet is forwarded to other nodes close to that destination. Finally, the source receives RREP packet from neighbor then select one node with less number of hops to destination. The sinkhole node or compromised node launches an attack by send back RREP packet. In RREP packet it gives small number of hops which indicates closeproximity to the base station. Then the source node decides to forward packet to sinkhole node. The compromised node then performs the same technique to its entire neighbors and tries to attract as much traffic as possible [16]. For instance, Fig. 4 shows node M launches sinkhole attack in Tiny AODV. Node A sends RREQ to nodes BCM. However node M instead of broadcast to node E like nodes B and C does to node D, he replies back RREP to node A. Then node A will reject node B and C, then forward packet to M because node A and B are very far to F compare to node M.

4. CHALLENGES IN DETECTION OF SINKHOLE ATTACK IN WSNS

Based on the literature review of sinkhole attack in wireless sensor network, the following are the main challenges in detecting sinkhole attack in wireless sensor network. A. Communication Pattern in WSN; All the messages from sensor nodes in wireless sensor network are destined to base station. This created opportunity for sinkhole to launch an attack. Sinkhole attacks normally occur when compromised node send fake routing information to other nodes in the network with aim of attracting as many traffic as possible. Based on that communication pattern the intruder will only compromised the nodes which are close to base station instead of targeting all nodes in the network. This is considered as challenges because the communication pattern itself provides opportunity for attack. B. Sinkhole attack is unpredictable; In wireless sensor network the packet are transmitted based on routing metric that used by different routing protocols [26]. The compromised node used its routing metric that used by routing protocol to lie to his neighbors in order to launch sinkhole attack. Then all the data from his neighbors to base station will pass through compromised node. For example the techniques used by compromised node in network that used TinyAODV protocol is different to the one used another protocol like MintRoute protocol. In MintRoute they used link quality as route metric while in Tiny AODV they used number of hop to base station as routing metric. Therefore the sinkhole attack techniques are changed based on routing metric of routing protocol. C. Insider Attack Insider attack and outsider attack are two categories of attack in wireless sensor network. Outside attack is when intruder is not part of network. In inside attack the intruder compromises one of the legitimate node through node tempering or through weakness in its

321 International Journal of Pure and Applied Mathematics Special Issue

system software then compromised node inject false information in network after listen to secret information. Inside attack can disrupt the network by modifying routing packet. Through compromised node sinkhole attack attract nearly all the traffic from particular area after making that compromised node attractive to other nodes. The fact is that compromised node possesses adequate access privilege in the network and has knowledge pertaining to valuable information about the network topology this created challenges in detecting. Base to that situation even cryptographic cannot defend against insider attack although it provides integrity, confidentiality and authentication (Pathan, K [22]). Therefore the internal attack has more serious impact on victim system compared to outsider attack. D. Resource Constraints; The limited power supply, low communication range, low memory capacity and low computational power are the main constrained in wireless sensor network that hinder implementation of strong security mechanism. For example the strong cryptographic method that used in other network cannot be implemented in this network due to low computational power and low memory capacity. Therefore less strong key are considered which is compatible with available resources. E. Physical attack; A wireless sensor network normally deployed in hostile environment and left unattended. This provides a opportunity for an intruder to attack a node physically and get access to all necessary information [12]. (i) Data Collection Once the sensor network is established, nodes start communicating with each other. Source node id, Destination node id, Packets sent, Packet received and size of packets are the data collected from the communication between nodes. A. Detecting Sinkhole attacks using Ant Colony Optimization To detect sinkhole attacks, one of the effective swarm intelligence techniques namely, ant colony optimization is used. Ant Colony Optimization algorithm (ACO) is a probabilistic technique for solving computational problems which can be reduced to find good paths through graphs. In ACO, ants work in a distributed way with the use of local information; it finds multiple loop-free routes between the source and the destination node [10]. There are three major procedures: establishing the separation procedure, the pheromone updating procedure and the alternative procedure zone to search [11]. Each ant iteratively adds items in a probabilistic way. Each item can be added at most once. An ant‟s solution construction ends if no item can be added anymore. Ant colony optimization can be applied in Scheduling problem, Vehicle routing problem, Assignment problem, Set problem and Image processing. Flowchart of ACO is given below in Fig. 5. B. Detecting Sinkhole Attacks using Particle Swarm Optimization In this section, sinkhole attack is detected using Particle Swarm Optimization. Particle swarm optimization (PSO) is a population based stochastic optimization technique, inspired by social behaviour of bird flocking or fish schooling. Particle Swarm has two primary operators: Velocity update and Position update. In each iteration, a new velocity value for each particle is calculated. The new velocity value is then used to calculate the next position of the particle in the search space [12].

322 International Journal of Pure and Applied Mathematics Special Issue

Fig. 5: Flow Chart of art Colony Optimization The PSO algorithm consists of just three steps, which are repeated until some stopping condition is met [13]: i. Evaluate the fitness of each particle ii. Update individual and global best fitnesses and positions iii. Update velocity and position of each particle. PSO is suitable for solving non-linear optimization problems with constraints. The movement

of a particle xt at time „t‟ to time „t+1‟ is obtained by updating the velocity and position of the

particle. The velocity vt of the particle xt at time „t‟is updated using the formula, Vt+1 = c1v t+ c2.rand1().(xt–pbest) + c3.rand2().(xt– gbest) where rand1() and rand2() are two random numbers between 0 and 1. Applications of Particle swarm optimization algorithm are Distributed networks, Electronics and electromagnetic and scheduling. Flowchart of PSO is given in Fig. 6.

323 International Journal of Pure and Applied Mathematics Special Issue

Fig. 6: Flow Chart of Particle Swarm Optimization C. Detecting Sinkhole Attacks using Enhanced Particle Swarm Optimization It is observed that, out of ACO and PSO, PSO method is found to be efficient in sinkhole attack detection. Hence, the existing PSO is enhanced. In this mechanism, hash table are used to obtain more accurate suspect list. Hash table is also used in voting method. Hashing has been previously proposed to record the solutions encountered during recent iterations. All solutions investigated during a search are stored in a list, called solution list. A hash table is used as a pointer to quickly access the solutions stored in solution list. A second list, called collision list is used to store solutions with a hash collision. This mechanism works effectively in detecting attacks. Fig. 7 shows the flow diagram of the proposed method. In PSO, the fitness value is the main variable. To evaluate the fitness value, variables namely g, k, n are initialized. Here „g‟ denotes the number of groups, „k‟ denotes the number of agents in each group and „n‟ denotes the number of dimensions. Next, nodeids are initialized k,g k,g k,g randomly by the group g and the agent k, x n and v n. X and Y denote nodeids. Fitness (i) denotes the fitness of agent k in the group g at instant i. If this fitness value is the best value k,g k,g found by „k‟in „g‟ then, particle best solution p best,n(i)= x n(i) will be calculated.

Fig. 7: Flow Chart of Enhanced Particle Swarm Optimization

Similarly, the fitness value is the best value found by all the agents. After that the global best g k,g solution g best,n(i)= x n(i) is calculated. Next, hash table is used. Hash table HT is an integer array. SL denotes the solution list and CL denotes the collision list. By comparing solution

324 International Journal of Pure and Applied Mathematics Special Issue

list, collision list and rule set, a list called suspect list is generated which is the input for the next step. All the three algorithms discussed are experimented and the results are presented in the next section.

5. RESULTS AND DISCUSSION

A. Experimental Setup Network Simulator 2 is used to create the experimental setup. It supports simulations of TCP and UDP, MAC layer protocols, routing and multicast protocols in Wireless Sensor Networks. Simulation parameters are shown in the Table 3. In this simulated network, standard routing protocol AODV is used. Number of nodes in the network varies from 50 to 250. The Number of sinkhole attacks varies upto 10% of the total number of sensor nodes.

Table 1: Simulation Parameters Simulation Parameters Value Channel Type Channel/Wireless Channel Propagation Model Propagation/TwoRayGround Medium Phy/WirelessPhy Queue Length Queue/DropTrail/PriQueue Antenna Antenna/OmniAntenna Routing Protocol AODV Nodes 50-250 Sinkhole Nodes 5-25

B. Performance Evaluation The parameters used to evaluate the performance of sinkhole attack detection techniques are Detection Rate (DR), False Alarm Rate (FAR), Packet Delivery Ratio (PDR), Message Drop and Average Delay. (1) Detection Rate: Detection rate is defined as the percentage of correct attacks detected by the total number of attacks present in the network. The formula to estimate the detection rate is, 푁푢푚푏푒푟 표푓 푎푡푡푎푐푘푠 푑푒푡푒푐푡푒푑 퐷푒푡푒푐푡푖표푛 푅푎푡푒 = 푥100 푇표푡푎푙 푛푢푚푏푒푟 표푓 푎푡푡푎푐푘푠 푝푟푒푠푒푛푡 (2) False Alarm Rate: False alarm rate is the ratio between numbers of attacks notdetected to the total number of attacks in the network. 푁푢푚푏푒푟 표푓 푎푡푡푎푐푘푠 − 푁푢푚푏푒푟 표푓 푎푡푡푎푐푘푠 푐표푟푟푒푐푡푙푦 푓표푢푛푑 퐹푎푙푠푒 퐴푙푎푟푚 푅푎푡푒 = 푥100 푇표푡푎푙 푛푢푚푏푒푟 표푓 푎푡푡푎푐푘푠 (3) Packet Delivery Ratio: Packet Delivery Ratio is defined as the percentage ofnumber of received packets and the total number of sent packets. 푁푢푚푏푒푟 표푓 푃푎푐푘푒푡푠 푟푒푐푒푖푣푒푑 푃푎푐푘푒푡 퐷푒푙푖푣푒푟푦 푅푎푡푖표 = 푥100 푁푢푚푏푒푟 표푓 푝푎푐푘푒푡푠 푠푒푛푡 (4) Message Drop: Message drop is defined as the ratio between number of messagesnot received to the total number of messages.

325 International Journal of Pure and Applied Mathematics Special Issue

푇표푡푎푙 푁표. 표푓 푀푒푠푠푎푔푒푠 − 푁표. 표푓 푀푒푠푠푎푔푒푠 푟푒푐푒푖푣푒푑 푀푒푠푠푎푔푒 퐷푟표푝 = 푥100 푇표푡푎푙 푛푢푚푏푒푟 표푓 푚푒푠푠푎푔푒푠 (5) Average Delay: Average delay is defined as the ratio between sum of all packetsdelayed to the total number of packets received. 푆푢푚 표푓 푎푙푙 푝푎푐푘푒푡푠 푑푒푙푎푦 퐴푣푒푟푎푔푒 퐷푒푙푎푦 = 푥100 푇표푡푎푙 푛푢푚푏푒푟 표푓 푟푒푐푒푖푣푒푑 푝푎푐푘푒푡푠 The average results obtained from different network scenarios are tabulated in thefollowing table. From the table 4, it is observed that EPSO gives the better results whencompared to ACO and PSO. Table 2:Performance Evaluation No. of nodes in network 400 Size of network 200m x 200m Transmission range 10m Location of BS (100,100) Location of sinkhole (50, 50) Percentage of colluding codes (m) 0 – 50% Message drop rate (d) 0 – 80% No. of neighbors which a message is forwarded to (k) 1 – 2 Packet size 100bytes Max. number of reply messages per packet 5

Success rate in intruder identification 100 False-positive rate in intruder identification 100

80 80

60 60

40 40 Success rate (%) d=0

d=0.2 d=0 False-positive rate (%) 20 d=0.4 d=0.2 20 d=0.4 d=0.6 d=0.6 d=0.8 d=0.8 0 0 0 5 10 15 20 25 30 35 40 45 50 0 5 10 15 20 25 30 35 40 45 50 Ratio of malicious nodes (%) Ratio of malicious nodes (%) Fig. 8: Success Rate Fig. 9: False-positive

False-negative rate in intruder identification Communication cost for collecting network flow information 100 80

80 60

60

40

40 packet receive (k=1)

d=0 Packets per node packet receive (k=2)

False-negative rate (%) d=0.2 20 packet send (k=1) 20 d=0.4 packet send (k=2) d=0.6 d=0.8 0 0 0 5 10 15 20 25 30 35 40 45 50 0 1 2 3 4 5 6 7 8 Ratio of malicious nodes (%) Hops to base station

Fig.10: False-negative Rate Fig. 11: Communication Cost

326 International Journal of Pure and Applied Mathematics Special Issue

Energy consumption for intruder identification 1000

900

800

700

600

500

400

300 k=1

200 k=2 Energy consumption per node (uJ) 100

0 1 2 3 4 5 6 7 8 Hops to base station Fig.11: Energy Consumption 6. CONCLUSION AND FEATURE WORK In this research paper, we presented an effective method for identifying sinkhole attacks in a wireless sensor network. Intrusion detection based upon computational intelligence is currently attracting considerable interest from the research community. Swarm intelligence is an effective method used for optimization. The two methods namely Ant Colony Optimization and Particle Swarm Optimization are applied to detect Sinkhole attack in wireless sensor network. The method is called Enhanced Particle Swarm Optimization. In future, other swarm intelligence algorithms like Artificial Bee Colony Optimization, Bees Algorithm, Bat Algorithm, Glow worm Swarm Optimization, Multi-Swarm Optimization can be applied to detect the sinkhole attack. Swarm intelligence algorithms experimented in this study namely, ACO, PSO and EPSO can be applied to detect other wireless sensor network attacks like Sybil attack, Wormhole attack, Hello Flood attack and Node Replication attack.The functionality of the detection scheme is tested and the performance is analyzed in terms of detection accuracy. The simulation results show the efficient detection of the Sinkhole attacks in WSNs. We achieve detection with 100% completeness and less percentage of false positive rates.

REFERENCES

[1] Fabrice Le Fessant, Antonis Papadimitriou, Aline Carneiro Viana, Cigdem Sengul, Esther Palomar, " A sinkhole resilient protocol for wireless sensor networks: Performance and security analysis” Computer Communications, Elsevier, Science Direct, 2012.

[2] Edith C.H. Ngai, Jiangchuan Liu, Michael R. Lyu, "An efficient intruder detection algorithm against sinkhole attacks in wireless sensor networks" Computer Communications, Elsevier, Science Direct, 2007.

[3] H. Shafiei, A. Khonsari, H. Derakhshi, P. Mousavi, "Detection and mitigation of sinkhole attacks in wireless sensor networks" Journal of Computer and System Sciences, Elsevier, Science Direct, 2014.

[4] Nidal Nasser, Yunfeng Chen, "SEEM: Secure and energy-efficient multipath routing protocol for wireless sensor networks" Computer Communications, Elsevier, Science Direct, 2007.

[5] N.K. Sreelaja, G.A. VijayalakshmiPai, "Swarm intelligence based approach for sinkhole attack detection in wireless sensor networks" Applied Soft Computing, Elsevier, ScienceDirect, 2014.

[6] Xiaohui Cui and Thomas E. Potok, “A Bio-inspired Clustering Approach for Dynamic Document Distributed Analysis”.

[7] B. Crowther, "Flocking of autonomous unmanned air vehicles" Aeronautical Journal, vol. 107, no. 1068, SPEC, 2003.

327 International Journal of Pure and Applied Mathematics Special Issue

[8]X. Cui, J. Gao, and T. E. Potok, "A Flocking Based Algorithm for Document Clustering Analysis" Journal of system architecture, Special Issue on Nature Inspired Applied Systems, July 2006.

[9] X. Cui, T. E. Potok, "Document Clustering Analysis Based on Hybrid PSO+K-means Algorithm”, Journal of Computer Sciences, Special Issue, 2005.

[10] Hugo Hernandez, Christian Blum, "Minimum energy broadcasting in wireless sensor networks: An ant colony optimization approach for a realistic antenna model" Applied Soft Computing, 2011.

[11] UmashriKarkikatti, Dr.Nalini N, “Detecting Sinkhole Attack in Wireless Sensor” International al Journal of Scientific & Engineering Research, Volume 5, Issue 6, June-2014.

[12] Jaydip Sen, “A Survey on Wireless Sensor Network Security”, International Journal of Communication Networks & Information Security, 2009.

[13]. Krontiris, I., Giannetsos, T. and Dimitriou, T, “Launch Sinkhole Attack in Wireless Sensor Network the Intruder Side in Networking and Communications”, WIMOB‟08- IEEE International Conference on Wireless and Mobile Computing, pp. 526-531, IEEE, 2008.

[14]. Pathan, K., AI-S, “Security of Self Organizing Networks-MANET” WSN, VANET, WMN. ISB N- 13:978-1-4398-1920-3. Taylor and Francis Group, 2011.

[15]. Suman Deb Roy, SnehaAman Singh, SubhrabrataChoudhury, and N. C. Debnath, “Countering Sinkhole and Black hole Attacks on Sensor Networks using Dynamic Trust Management”, In computers and Communications, ISCC, IEEE Symposium on (pp.537-542).IEEE, 2008.

[16]. Teng, L., and Zhang, Y, “Secure Routing Algorithm against Sinkhole attack for Mobile Wireless Sensor Network”, In Computer Modeling and Simulation, 2010. ICCMS‟10-Second International Conference, Vol. 4 pp.79-82, IEEE, 2010.

[17] H Saxena, Dr. V Richariya, “Intrusion Detection System using K- means, PSO with SVM Classifier: A Survey”, International Journal of Emerging Technology and Advanced Engineering, Volume 4, Issue 2, pp. 653- 657, 2014.

[18] Rajesh, M. & Gnanasekar, J.M. Wireless Pers Commun (2017) 97: 1267. https://doi.org/10.1007/s11277- 017-4565-9

328 329 330