In this type of network attack, malicious nodes turn down the request of facilitating some packets of information and makes sure that they are not passed on any further. The adversary may drop packets selectively or randomly. The attacker tries to corrupt the network with respect to packet loss rate.
The 2 ways in which the attacker may attack the network are:
- Insider Attack:
The authentication of the authorized sensor nodes might be compromised or the adversary might steal some key or information from the nodes and attack the whole network. It becomes difficult to detect such an attack.
- Outsider Attack:
By jamming the routing path between legitimate nodes.
There are various types of selective forwarding attack:
- The malicious node prohibits the flow of information from authorized nodes to the base station. Thus, leading to a Denial of Service Attack which can be transformed into a black hole attack by attacking the whole network and restricting flow of information from every node to the sink.
- The unauthorized nodes neglect to forward the information and drop them randomly. Instead, they become greedy and send their own packets of information to the other nodes. Such a type of attack is called Neglect and Greed.
- Another form of this attack is when unauthorized nodes delay the messages flowing through them to mislead the routing data between the nodes.
- The last type is Blind Letter attack. When a packet is forwarded from a legitimate node to a malicious node, it guarantees the legitimate node that the information is forwarded to next node and ultimately drops the packet without being noticed. It can attack various multi hop routing protocols like Geographic routing, TinyOS beaconing, etc.
Detection and Prevention schemes are categorized either on the basis of scheme or on basis of defense of scheme:
I. On the basis of nature of scheme, it is divided into 2 sub-parts:
- Centralized and Distributed:
In centralized schemes, either sensor nodes head or sink is accountable for detecting and preventing this attack while in distributed schemes, both base station and cluster head are accountable for preventing such an attack.
II. On the basis of defense of scheme, they are divided into following 2 parts:
- Detection and Prevention:
Prevention type schemes are incapable of detecting the attacks or faulty nodes instead they ignore the faulty nodes and cuts them off the network. while detection type schemes are capable enough to detect the attack or faulty nodes or even both.
Various Schemes to Counteract such Attacks:
- A security scheme that detects attack and raises alarms by using multi hop acknowledgements from various sensor nodes in the network. In this, both source nodes and base station can detect the attack and make decisions accordingly even if one of them is compromised.
This follows a distributed scheme approach and can detect if any malicious node tries to drop the packet instead of forwarding it to the next node. It claims to have an accuracy of 95% in detecting these selective forwarding attacks.
- An intrusion detection system (IDS) can detect any possible loophole that can be exploited by the attacker and warns the network about the malicious nodes that might be involved. An intrusion detection system is designed based on specification-based detection.
This technique uses a watchdog approach in which neighboring nodes can keep track of a node’s activities and see if it forwards the actual packet to the other nodes. If it drops the actual packet, counter increments and produces an alert when this value attains a certain limit. If many of the watchdog nodes produced an alert, the base station is informed and the compromised node is removed.
- A distributed prevention scheme that uses multi-hop acknowledgement to fight selective forwarding attacks.in this scheme, it is assumed that all the sensor nodes are aware of their location and the number of faulty nodes and energy level of network is either known or estimated.
All the data delivery paths are deduced by an indefinite logic taking into account the energy constraint and the faulty nodes present. In case multipath routing protocol could not provide authentic information, then propagation limiting method comes into use.
- Another scheme which uses hexagonal mesh topology. Routing algorithm is applied to find the best path for packet transmission. The nodes near the routing path examines the information transmission of its neighbor nodes, determine the location of the attacker and send these dropped packets again where it was supposed to reach.
This exposes the selective forwarding attack which in turn alerts the neighboring nodes about the attacker’s location and neglects the attacker node in forwarding further messages. This method ensures authentic data delivery and also consumes less energy and storage.