INTRODUCTIONRELATED WORKTHE DPDSN APPROACHCOMPARISON WITH EXISTING APPROACHES AND SIMULATIONALTERNATIVE APPROACHES TO DETECTION OF PACKET-DROPPING ATTACKSCONCLUSIONFUTURE WORKACKNOWLEDGEMENTREFERENCESDPDSN: Detection of packet-dropping attacks for wireless sensor networks, V. Bhuse, A. Gupta, and L. Lilien 1 DPDSN: Detection of packet-dropping attacks for wireless sensor networks Vijay Bhuse, Student Member, IEEE, Ajay Gupta, Senior Member, IEEE, and Leszek Lilien, Senior Member, IEEE Abstract- Denial-of-service (DoS) attacks on wireless sensor networks (WSNs) can deplete network resources and energy without much effort on the part of an adversary. Packet-dropping attacks are one category of DoS attacks. Lightweight solutions to detect such attacks on WSNs are needed. Current techniques for detecting such attacks in ad hoc networks need to monitor every node in the network. Once they detect malicious nodes that drop packets, a new path has to be found that does not include them. In this paper, we propose a lightweight solution called DPDSN. It identifies paths that drop packets by using alternate paths that WSN finds earlier during route discovery. Responding to a packet-dropping attack incurs no additional cost because one of the alternate paths is utilized for all subsequent communication. DPDSN does not require monitoring individual nodes, making it feasible for WSNs. We formulate the probability of success and failure of DPDSN in the presence of malicious nodes that drop packets. We compare our approach with existing techniques. Our analysis found that the overhead of DPDSN is at most )( NΟ for a two-dimensional grid network of N nodes. Our simulations show that the overhead of DPDSN for a WSN with 100 nodes is less than 3% of energy consumed on route discovery when using DSR or Directed Diffusion routing protocols. Keywords- Denial-of-service, intrusion detection, wireless sensor networks. I INTRODUCTION ireless sensor networks (WSNs) consist of small devices—called sensor nodes—with a radio, a processor, a memory, a battery and sensor hardware. With a widespread deployment of these devices, one can precisely monitor the environment. Sensor nodes are resource-constrained in terms of the radio range, processor speed, memory size and power. The resource-constrained nature forces designers to design application-specific systems. This leads to specific communication patterns in WSNs. Traffic is not as random as in ad hoc networks. Karlof and Wagner [KW03] classify WSN traffic into one of three categories: 1. Many-to-one: Many sensor nodes send readings to a base station or aggregation point in the network. 2. One-to-many: A single node (typically a base station or an aggregator) floods several sensor nodes with query or control information. 3. Local communication: Neighboring nodes send localized messages to discover and coordinate tasks. All three authors are with the Department of Computer Science, Western Michigan University, Kalamazoo, MI 49008, USA, Email: {vsbhuse, gupta, llilien}@cs.wmich.edu Apart from this, sensor nodes are generally static and the traffic rate in WSNs is very low. Traffic is periodic as well. There may be long idle periods during which sensor nodes turn off their radio and go to sleep to save energy consumed by idle listening. MAC protocols like S-MAC and TDMA-MAC [YH02, CK04] have been introduced to harness this WSN property to save energy. Sensor nodes use batteries, so energy is a precious resource. Recharging or replacing batteries is expensive and may not even be possible in some situations. Therefore, WSN applications need to be extremely energy-aware. WSNs are mostly unguarded and the wireless medium is inherently broadcast in nature. This makes WSNs vulnerable to all kinds of denial-of-service (DoS) attacks. Without proper security measures, an adversary can launch various kinds of attacks in hostile environments. These attacks can disrupt the normal working of WSNs and can even defeat the purpose of their deployment. An adversary can launch some attacks without even cracking keys used for cryptography-based solutions. DoS attacks (like packet dropping, false route request, or flooding) can deplete the network of energy without much effort on the part of an adversary. Therefore, intrusion detection mechanisms to detect DoS attacks are needed. To be practical for implementing on WSNs, solutions for detecting intrusions should be lightweight. In this paper, we address the problem of detecting packet-dropping attacks in WSNs. Apart from malicious intent; there can be other reasons of packet dropping like collisions, buffer overflows, congestion, etc. It is important to find solutions that take these factors into account, for example, to prevent false alarms. Existing solutions for detecting packet dropping in ad hoc networks work by monitoring individual nodes. Sleep-wakeup schedules followed by nodes in a WSN [YH02] make continuous monitoring impractical. Also, monitoring individual nodes is too expensive for WSNs. Our approach, called DPDSN (Detection of Packet-Dropping attacks for wireless Sensor Networks), uses the observation that alternate routing paths are readily available in WSNs, which are typically dense. DPDSN monitors paths and detects whether any node on a path drops packets. Once we detect such an event, we switch to an alternate path for communication. We always keep an alternate path ready to minimize the switching delay. The cost of finding an alternate path is minimized by having it embedded in route discovery of source-initiated and receiver-initiated routing protocols such as the ones proposed in [JM96, IG00]. WDPDSN: Detection of packet-dropping attacks for wireless sensor networks, V. Bhuse, A. Gupta, and L. Lilien 2 Keeping alternate paths readily available is justified even if no packet-dropping attacks are detected. First, the alternate paths can be used for load-balancing transmissions. Second, uneven consumption of energy is a biggest threat to lifetime of a WSN because it can partition the network. Use of alternate paths for transmission can protect nodes on the original path from expending all their energy too soon. DPDSN can be extended to detect individual nodes that drop packets. We do so only if there is a real need, because finding such nodes is costly for resource-constrained WSNs. II RELATED WORK Marti et al. [M01] discussed two