Sinkhole Attack in Wireless Sensor Networks
Sinkhole attacks are carried out by either hacking a node in the network or introducing a fabricated node in the network.The malicious node promotes itself as the shortest path to the base station and tries to guide the traffic from other nodes towards itself. This not only lures all the nodes near the sinkhole but also each and every node closer to the base station than the sinkhole.The intruder node or the sinkhole can then easily alter the data compromising the security of the network.
Sinkhole attack can be initiated from within the network as well as from outside. In the first scenario the attacker may use a bugged node to begin the intrusion and in the second case the invader may form a direct path to the base station through it tempting other nodes to send their traffic through it.
1. Anomaly Dependent:
In Anomaly dependent intrusion prevention, the system activity is observed and it is categorized as anomalous or normal. Here any type of interference or invasion is considered as an anomalous activity. In order to successfully identify attack traffic the system must initially be trained to identify normal system activity.
Mostly the anomaly detection systems consists of a training stage where system is configured to detect normal activity and a testing phase. The problem with this technique is that it may not always be accurate in identifying the sinkhole and can raise false alarms. Both statistical and rule based techniques are a sub division of anomaly dependent approach.
2. Rule/Signature Based:
In this type of intrusion detection system certain rules are defined which are to be followed by each node in the WSN. These rules are laid out the basis of the style and manner in which the sinkhole attacks are carried out. Nodes which are found violating the rules are labeled as intruder nodes and hence are disbanded.
Drawback of this type of detection mechanism is that it is only able to detect already registered attacks and is vulnerable to new attacks.
This is another subset of the anomaly based detection technique.In this method the info related to different tasks performed by the node is recorded and analyzed . The info could be anything from CPU usage to packet transfer between nodes. The intruder node is then found by matching its behavior with the reference data.
This approach is a combination of both anomaly and signature based Intrusion Detection Systems and eliminates the drawbacks of both of them. It is capable of catching even those attacks whose signatures are not a part of the database. Also the accuracy is improved considerably in contrast to the anomaly based approach.
5. Key Management:
This method is based on the principal of cryptography in which the data transferred between nodes is encoded and can only be decoded with the help of a key. Even a small change in the message can easily be detected in this method.
Nodes can conveniently verify the legitimacy of the message and also ascertain if the data is sent from the Base Station with the aid of the key.