Analysis Of Flooding Attack In Wireless Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Sensor networks refer to a heterogeneous system combining tiny sensors and actuators with general-purpose computing elements. These networks will consist of hundreds or thousands of self-organizing, low-power, low cost wireless nodes deployed to monitor their surrounding environment. Sensor networks are typically characterized by limited power supplies, low bandwidth, small memory sizes and limited energy. This leads to a very demanding environment to provide security. [1]

In case of wireless sensor network, the communication among the sensors is done using wireless transceivers. However, while the routing strategies and wireless sensor network modeling are getting much preference, the security issues are yet to receive extensive focus. Security is a broadly used term encompassing the characteristics of authentication, integrity, privacy, non-repudiation, and anti-playback. The more the dependency on the information provided by the networks has been increased, the more the risk of secure transmission of information over the networks has increased. Here, explore the security issues and challenges for wireless sensor networks and discuss the crucial parameters that require extensive investigations. [2-3]

1.2 Sensor node Architecture

The Sensor nodes are low-cost and tiny device. Sensor nodes have several constraints such as energy, memory, and communication and computation power. Apart of these constraints it can be used where no one human being can survive. Sensor nodes are deployed in hostile and unattended environment .A sensor node consists of the following major components: [4]

Figure1.1: Components of a sensor node

1.2.1 Processing Unit

The processing unit contains a processor and a small memory. Processor is responsible for control of the sensors and execution of communication protocols. The processing unit performs two main functions: [4]

• Supervising and controlling the working of other components.

• Collaboration with other nodes to accomplish assigned sensing task.

1.2.2 Memory

Memory is used to store data, program code and intermediate result of processing and is also used for various purposes like data aggregation.

1.2.3 Sensors and analog-to-digital converters

The sensors gather data from the environment and send it to the processor. They observe the phenomenon such as thermal, optics or acoustics event. Usually sensors collect analog data from environment and analog to digital convertor, converts the analog data into digital form and will send to processor. [5]

1.2.4 Transceiver unit

The transceiver unit transmits and receives radio or optical signals. It also connects the node with the network.

1.2.5 Power unit

It consists of batteries or solar cells.

In addition to these components it contains additional components such as power generator, global positioning system (GPS) and a location finding unit can also be attached with the sensor node depending upon the application specific requirements. Each sensor node can have Node type ID that describes the functionality of the node. [4-5]

Table 1.1: Basic configuration of a simple sensor node


8-bit, 4 MHz


8K Instruction flash

512 bytes RAM

512 bytes EEPROM


916 MHz radio


10 Kilobits per second

Operating System


OS code space

3500 bytes

Available code space

4500 bytes

1.3 Communication Architecture

The sensor nodes are usually scattered in a sensor field as shown in figure1.2. Each of these scattered sensor nodes has the capabilities to collect data and route data back to the sink and the end users. Data are routed back to the end user by a multi-hop infrastructure less architecture through the sink as shown in figure1.2. The sink may communicate with the task manager node via Internet or Satellite.

This protocol stack combines power and routing awareness, integrates data with networking protocols, communicates power efficiently through the wireless medium, and promotes cooperative efforts of sensor nodes. The protocol stack consists of the application layer, transport layer, network layer, data link layer, physical layer, power management plane, mobility management plane, and task management plane. Depending on the sensing tasks, different types of application software can be built and used on the application layer.

The transport layer helps to maintain the flow of data if the sensor networks application requires it. The network layer takes care of routing the data supplied by the transport layer. Since the environment is noisy and sensor nodes can be mobile, the MAC protocol must be power aware and able to minimize collision with neighbors' broadcast. The physical layer addresses the needs of a simple but robust modulation, transmission and receiving techniques. In addition the power, mobility, and task management planes monitor the power, movement, and task distribution among the sensor nodes. These planes help the sensor nodes coordinate the sensing task and lower the overall power consumption.

The power management plane manages how a sensor node uses its power. For example, the sensor node may turn off its receiver after receiving a message from one of its neighbors. This is to avoid getting duplicated messages. Also, when the power level of the sensor node is low, the sensor node broadcasts to its neighbors that it is low in power and cannot participate in routing messages. The remaining power is reserved for sensing. The mobility management plane detects and registers the movement of sensor nodes, so a route back to the user is always maintained, and the sensor nodes can keep track of who are their neighbor sensor nodes. By knowing who the neighbor sensor nodes are, the sensor nodes can balance their power and task usage.

The task management plane balances and schedules the sensing tasks given to a specific region. Not all sensor nodes in that region are required to perform the sensing task at the same time. As a result, some sensor nodes perform the task more than the others depending on their power level. These management planes are needed, so that sensor nodes can work together in a power efficient way, route data in a mobile sensor network, and share resources between sensor nodes. Without them, each sensor node will just work individually. From the whole sensor network standpoint, it is more efficient if sensor nodes can collaborate with each other, so the lifetime of the sensor networks can be prolonged. The so-called WINS is developed in, where a distributed network and Internet access is provided to the sensor nodes, controls, and processors. Since the sensor nodes are in large number, the WINS networks take advantage of this short distance between sensor nodes to provide multi hop communication and minimize power consumption.

The way in which data is routed back to the user in the WINS networks follows the architecture specified in Figure 1.2. The sensor node, i.e., a WINS node, detects the environmental data, and the data is routed hop by hop through the WINS nodes until it reaches the sink, i.e., a WINS gateway. So the WINS nodes are sensor nodes A, B, C, D, and E according to the architecture in [5].

Task Manager Node


Sensor Field

Sensor Nodes

Internet & Satellite







Figure1.2:- Architecture of WSN

1.4 Application of Wireless Sensor Network

With the rapid advancement in technology anyone can say that wireless sensor networks will be an integral part of our lives, more so than the present-day personal computers. [4, 53, 54]

A sensor network is composed of a large number of sensor nodes, which are densely deployed either inside the phenomenon or very close to it.

Sensor networks may consist of many different types of sensors such as seismic, low sampling rate magnetic, thermal, visual, infrared, and acoustic and radar, which are able to monitor a wide variety of ambient conditions that include the following:

• Temperature: to measure the degree of hotness and coldness on a numerical scale or the local thermal energy of matter or radiation.

• Humidity: to measure the water vapor content in atmosphere to determine the precipitation.

• Vehicular Movement: to monitor the traffic and for surveillances.

• Lightning Condition: to provide critical local lightning information, both for meteorological application as well as threat data, to facilitate advanced warnings, initiate safety procedures, and isolate equipment when needed.

• Pressure: for control and monitoring and to indirectly measure other variables such as

fluid/gas flow, speed, water level, and altitude.

• Soil Makeup: to determine the texture, terrain, topography and overall climate.

• Noise Levels: to measure image and sound noises for various applications.

•Detect the presence or absence of certain objects and materials.

• Stress: mechanical stress levels on attached objects, and

• Other Physical characteristics such as speed, direction and size of an object.

These sensors are developed for continuous sensing and event detection which when combined with the micro sensing, wireless control over actuators pave way for new applications. These applications can be broadly categorized into following categories: [53-54]

Military Applications

Environmental Applications

Health applications

Home Applications

Other Commercial Applications

1.4.1 Military Applications

Since the wireless sensor networks are easily deployed, fault-tolerant and self-organized, hence they form an integral part of military operations such as command, control, communications, computing, intelligence, surveillance, reconnaissance and targeting especially C4ISRT systems.

The position of sensor nodes need not be pre-determined which allows random deployment in inaccessible terrains or disaster relief operations.

These networks are ideal for battlefields as they are based on the dense deployment of disposable and low-cost sensor nodes. The majority of the military applications are as follows: [4] Monitoring friendly forces, equipment and ammunition: A small sensor is attached to every troop, vehicle, equipment and ammunition which reports the status of troops and ammunition. These reports are gathered at the 'sink nodes' from where the data is forwarded to the concerned authorities. The deployed sensors also act as multi-hop nodes thereby enabling routing protocols for communication. Battlefield surveillance: In a battlefield it becomes necessary to keep track of troops at both sides so as to protect the friendly forces and prevent any espionage and damage from the opposition. For any such activity new sensor networks can be deployed easily and quickly on critical terrains, approach routes, paths and straits. [55] Reconnaissance of opposing forces and terrain: An exploratory military survey of the enemy territory with the help of such networks can collect some valuable, detailed, and timely intelligence about the opposing forces and terrain. It would take some time for the reconnoitred force to intercept the sent data within which the damage would have been done.[55-56] Targeting and Damage assessment: The continuous sensing ability enables the sensor networks to be incorporated as guidance systems into the intelligent ammunition. Also these sensors can report an assessment of the damage incurred upon any area. NBC attack detection and reconnaissance: NBC here refers to the Nuclear, Biological and Chemical warfare. During such attacks the sensor networks work as a warning system which helps grant some critical reaction time required to retreat thereby reducing the casualties drastically. Conversely these can also be used for detailed reconnaissance without exposing rescue team to the ill effects of an NBC attack.

1.4.2 Environmental Applications

The environment is the complex combination of several physiological and biological factors and climate that largely influence - the form and the ability to survive, of an organism or even an ecological community. [53]

The wireless sensor networks can be deployed extensively to analyse the environment in any circumstance and terrain to facilitate an in-depth understanding for various applications and research studies. The data thus obtained can be used to find new techniques for sustainable development and monitor and protect the environment from degradation.

Some such applications include tracking the movements of fauna, monitoring conditions for crops and livestock, irrigation, planetary exploration, precision agriculture, monitoring marine life, soil, forest fire detection, meteorological or geophysical research, flood detection; bio-complexity mapping of the environment and pollution study. Forest fire detection: Millions of sensor nodes can be deployed and integrated using radio frequencies/optical systems which may be equipped with effective power scavenging methods such as solar cells. These sensor nodes are strategically, randomly, and densely deployed in a forest to relay the exact origin of the fire before it spreads uncontrollably.[54-56] Bio-complexity mapping of the environment: It involves the observation of the biodiversity both spatially and temporally across any ecological zone. The sensors used should have an automated data collection and must provide higher spatial, spectral, and temporal resolution at a geometrically declining cost per unit area. One such example of bio-complexity mapping of the environment is done at the James Reserve in Southern California. Three monitoring grids have been implemented each having 25-100 sensor nodes. [55] Flood detection: It involves a sensor network to provide a mechanism to provide the information about the water levels, amount of rainfall and possible flooding conditions. One example is the ALERT system deployed in USA which uses the rainfall, water-level and weather sensors to supply data to the centralized database in a pre-defined way. Also research is being carried out on several projects to investigate distributed approaches of interaction with sensors which might provide snapshots and running-queries. Some such projects are - COUGAR project at Cornwell University and Data Space project at Rutgers. [4] Precision agriculture: It involves a sensor network to monitor the pesticides level in the drinking water, the level of soil erosion, and the level of air pollution in real time.

1.4.3 Heath Applications

The wireless sensor networks can also be used to improve the existing facilities in medical care without compromising on the patient's health or adding to the workload of the staff. Sensors may be effectively used to monitor the physiological data of the patient and alert the nursing staff accordingly. It provides continuous remote monitoring of the patients health. [56] Tele-monitoring and Prognosis: The sensors collect the physiological data which can be stored and analysed for diagnostic purposes. They allow doctors to check for medical history and make prognosis based on the same to chart out the correct methodology for the treatment. A ''Health Smart Home'' is designed in the Faculty of Medicine in Grenoble--France to validate the feasibility of such system. Tracking and monitoring doctors and patients: A small and a lightweight sensor node is placed on each of the patient and doctor. While these effectively help locate doctor easily in emergency situations, they can also monitor the pulse and blood pressure of the patient besides their location. [53-54] Drug administration: These systems can also be used to minimize the adverse drug related events as sensor nodes attached to patients easily identify their allergies and prescribed medications. This can reduce the chances of an overdose or administration of a wrong medicine. [4]

1.4.4 Home Applications

WSN can also be used to develop various applications and mechanisms to facilitate the concept of a smart and a safe home further. Home automation: Smart sensor nodes can be embedded inside the domestic devices and appliances which may allow the user to operate them from remote locations. This can be further improved with artificial intelligence. Also the devices may be made to interact with the external network via a satellite or the internet. [55-56] Smart Environment: A smart environment may be envisioned from two different perspectives - the human centred and the technology centred. The computing and sensing for such an environment should be reliable, persistent and transparent.

If the sensors used adapt to the end-users in terms of input/output capabilities the system caters to the human centred smart environment. If the sensors are embedded into furniture and appliances and allow the communication between them and room servers then it caters to the technological smart environment. Such systems are self- organized and regulated and adaptive on the basis of the control models. An example of smart environment is the ''Residential Laboratory'' at Georgia Institute of Technology.

1.4.5 Other Commercial Applications

The wireless sensor networks may also be developed to improve the quality of service and applications in any commercial system to deliver state-of -the -art services with minimum costs.These may include systems to provide security, interactive systems, tracking and monitoring of objects robot control and guidance. [4] Environmental control in office buildings: A distributed wireless sensor network system can be installed to control the air conditioning equipment for uniform temperature and regulated air flow. It is estimated such distributed technology can reduce energy consumption by two quadrillion British Thermal Units (BTUs) in the US, which amounts to saving$55 billion per year. Interactive Museums: The wireless sensors can be attached to the objects in museums to allow them to interact and respond to touch and speech so as to provide more information to the visitors. An example of such museums is the San Francisco Exploratorium that features a combination of data measurements and cause-and-effect experiments. [53-54] Detecting and monitoring car thefts: Sensor nodes are being deployed to detect and identify threats within a geographic region and report these threats to remote end users by the Internet for analysis. Such techniques may thwart any attempts towards stealing of vehicles. Managing inventory control: Each item can be attached with a small sensor node which helps to track its location and the quantity of each item. An inventory can always be kept up to date with such networks. Vehicle Tracking and Detection: A sensor node attached to a vehicle may help determine its location within a cluster and track its movement too. [55-56]

1.5 Security Issues and Goals

1.5.1 Data Confidentiality

Confidentiality refers to limiting information access and disclosure to authorized users "the right people" and preventing access by or disclosure to unauthorized ones -- "the wrong people.". In sensor networks, the confidentiality relates to the following. [29]

• A sensor network should not leak sensor readings to its neighbors. Especially in a military application, the data stored in the sensor node may be highly sensitive.

• In many applications nodes communicate highly sensitive data, e.g., key distribution; therefore it is extremely important to build a secure channel in a wireless sensor network.

• Public sensor information, such as sensor identities and public keys, should also be encrypted to some extent to protect against traffic analysis attacks. The standard approach for keeping sensitive data secret is to encrypt the data with a secret key that only intended receivers possess, thus achieving confidentiality. [30-31]

1.5.2 Data integrity 

Integrity refers to the trustworthiness or reliability of information resources. 

It includes the concept of "data integrity" namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity.  It also includes "origin" or "source integrity" that is, that the data actually came from the person or entity they think it did, rather than an imposter.[29-31]

1.5.3 Data availability

Availability refers, unsurprisingly, to the availability of information resources.  An information system always is available for authorized user at all time, if not available, it may be much worse.

1.5.4 Data Freshness

When confidentiality and data integrity are assured, should make sure the freshness of each message. Informally, data freshness advice that the data is recent, and it ensures that no old messages have been replayed. Data Freshness especially important when there are shared-key strategies employed in the design. Typically shared keys need to be changed over time. However, it takes time for new shared keys to be propagated to the entire network. In this case, it is easy for the adversary to use a replay attack. Also, it is easy to disrupt the normal work of the sensor, if the sensor is unaware of the new key change time. To solve this problem a nonce, or another time-related counter, can be added into the packet to ensure data freshness. [50-51]

1.6 Attacks on wireless sensor network

In sensor network, there many types of attacks against security. Attacks are such as denial of service attacks, traffic analysis attack, and physical attacks and so on. Denial of service attack can jam's the sensor's communication channels and violate the 802.11 MAC Protocol. It also affects the other layers of WSN. [6][50]

1.6.1 Attacks Classifications Passive and active attacks criteria

Attacks can be classified into two major categories, according the interruption of communication act, namely passive attacks and active attacks. Classification of attack is show into figure1.3. [7-8]

Passive Attacks: Passive attack is an attack to obtain data exchanged in the network without interrupting the communication. Examples of passive attacks are eavesdropping, traffic analysis, and traffic monitoring.

Traffic analysis: Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication.

Active attack: Active attack is an attack which disrupts the normal functionality of the network means information interruption, modification or fabrication. Examples of active attacks include jamming, impersonating, modification, denial of service (DoS), and message replay.

Denial-of-service attack: (DoS attack) or distributed denial-of-service attack (DDoS attack): A Denial-of service attack (DoS attack) or distributed denial-of service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high profile web servers such as banks, credit card payment gateways, and even root name servers [41-43].

Denial of service attack may also occur at physical layer by jamming (by broadcasting mechanism) and/or tampering (modification or fabrication) of the packet. In Link Layer it is by producing collision data, exhaustion of resources and unfairness in use of networks. In network layer, it occurs by way of neglecting and the greediness of packets resulting into path failure. In transport layer, DOS attack occurs due to flooding and de-synchronization [45].

Figure 1.3: Attacks Classification ATTACKS ON SENSOR NETWORK ROUTING

Designs of Routing Protocols of wireless sensor network are simple, so they are vulnerable to various attacks. Most network layer attacks against sensor networks fall into one of the following categories: [51]

Spoofed, altered, or replayed routing information

Selective forwarding

Sinkhole attack

Sybil attack

Wormhole attack

HELLO flood attacks Spoofed, altered, or replayed routing information

One direct attack against a routing protocol is to target the routing information exchanged between nodes by spoofing, altering, or replaying routing information. Adversaries may be able to create routing loops, attract or repel network traffic, extend or shorten source routes, generate false error messages, partition the network, increase end-to-end latency by using this type of attack. [51-52]

Figure 1.4: Spoof, Alter or replay routing information and routing loop Selective forwarding

In selective forwarding attack, compromised nodes may refuse to forward certain messages and simply drop them, ensuring that they are not propagated any more. In their simplest form of this attack malicious node refuses to send every packet it receives, behaves like black hole. By this approach neighbors nodes will estimate that node has failed and find a new route to forward packets. A more subtle form of this attack is when an adversary selectively forwards packets. An adversary interested in suppressing or modifying packets originating from few selected nodes can reliably forward the remaining traffic and limit suspicion of its wrong doing. [7-8]

Figure 1.5 Selective forwarding Sinkhole Attack

The sinkhole attack is severe attack than other attack because it prevents the sink/base station from obtaining complete and correct sensing data so it becomes very dangerous attacks for military applications, fire alarm application and so on. In sinkhole attack, compromised node looking attractive and tries to convince their neighboring nodes to forward their packets through it. As a result of this approach neighboring nodes will ready to forward their packets through the compromised node to the sink. The attacker generally targets a node which is closer to sink node, so neighboring nodes will easily ready to forward their packet through targeted node to sink node. In this scenario neighboring nodes treats malicious node as a base station. By taking part in the routing process, it can then launch more severe attacks, like selective forwarding, modifying or even dropping the packets coming through. The figure 1.6 below is showing the sinkhole attack where 'SH' is a sinkhole. This sinkhole attracts traffic from nearly all the nodes to rout through it. [11-13]

Figure 1.6 : Sink Hole Attack Sybil Attack

In Sybil Attack, a node takes multiple illegitimate identities by stealing or fabricating the identities of legitimate nodes. Sybil attack generally used against routing algorithms and topology maintenance. In this attack, Compromised node will forward false message to other sensor nodes, thus Sybil attack reduces the effectiveness of fault-tolerant schemes such distributed storage, multipath routing, and topology maintenance. This attack can occur in a distributed system that operates without a central authority to verify the identities of each communicating entity .Sybil attacks can pose a significant threat to geographic routing protocols. In other words, in Sybil attack, an adversary can ''be in more than one place at once''. Since identity fraud leads to the Sybil attack, proper authentication and encryption techniques can prevent an outsider to launch a Sybil attack on the sensor network. The Figure 1.7 tells about the Sybil attack where an adversary node 'AD' is present with multiple identities. 'AD' appears as node 'F' for 'A', 'C' for 'B' and 'A' as to 'D' so when 'A' wants to communicate with 'F' it sends the message to 'AD'. [13][51-52]

Figure 1.7 : Sybil Attack Wormhole Attack

In Wormhole attack more than two malicious sensor nodes makes a virtual tunnel in the wireless sensor network, forward packets from one end to another end through this hidden tunnel, and then replay this message to entire network. In wormhole attacks an adversary positioned closer to the base station can completely disrupt the traffic by tunneling messages over a low latency link. In other words, in wormhole attack, the attacker uses tunneling mechanism to establish himself between them by confusing the routing protocol. [41]

Figure 1.8 Explains the Wormhole attack, suppose node "B" Wants to send message to node "A", first of all node "B" finds the path from node "B" to node "A". Here, attacker at any how introduces himself as node "A" and will send acknowledgement to node "B". Then node "B" will send packets to "A" but in actually Adversary node "AD" received the packets. Then adversary node "AD" forward packets to node "A" by tunneling. In this case "A" and "B" are not in a single hop but they think they are in a one hop range. The attacker/adversary node "AD" thus may destroy security by interruption, interception, modification and fabrication. [7-8]




Figure 1.8: Wormhole Attack HELLO Flood Attacks

Many protocols require nodes to broadcast HELLO packets to announce themselves to their neighbors, and a node receiving such a packet may assume that it is within (normal) radio range of the sender. This assumption may be false: a laptop-class attacker broadcasting routing or other information with large enough transmission power could convince every node in the network that the adversary is its neighbor. For example, an adversary advertising a very high-quality route to the base station to every node in the network could cause a large number of nodes to attempt to use this route, but those nodes sufficiently far away from the adversary would be sending packets into oblivion. The network is left in a state of confusion. A node realizing the link to the adversary is false could be left with few options, all its neighbors might be attempting to forward packets to the adversary as well. Protocols which depend on localized information exchange between neighboring nodes for topology maintenance or flow control are also subject to this attack. An adversary does not necessarily need to be able to construct legitimate traffic in order to use the HELLO flood attack. She can simply rebroadcast overhead packets with enough power to be received by every node in the network. As a result of this, while forwarding the messages to the base station, the victim sensor nodes try to go through the attacker as they are aware, that it is their neighbor and are spoofed by the attacker.[41][43]

Figure 1.9: HELLO Flood Attack


There are various vulnerabilities in WSN and many defense mechanisms are available. Resource limitation in the WSN prevent us to directly apply the security mechanism of computer networks, there are different set of security protocols are there to defend from these attack. Here our main objective is that to analyze the effect of Hello Flood attack in wireless sensor network. Hello flood attack is evaluated on a given set of parameters.

1.7.1 Objectives of Proposed Research Work:-

To study and analyze the flooding attack in wireless sensor network.

To study and analyze the performance of wireless sensor network.

To study and analyze the flooding attack on various nodes in wireless sensor network.

1.7.2 Performance parameters:-


Number of nodes

Dropped Packets

Received Packets

Packet Delivery Ratio



This section gives a brief overview of the literature surveyed. Contents of this section show various literatures related to flood attack and flooding in wireless sensor network.

1. Efficient Flooding in Wireless Sensor Networks Secured with Neighborhood Keys

Amin Hassanzadeh et. al. [6] described that Network flooding is a fundamental communication primitive for Wireless Sensor Networks (WSN). Flooding is used for disseminating code updates and parameter changes. It affects the operation of all deployed node in WSN. When flooding occurs each node, typically, broadcasts the flooding packet once. The costs for flooding, however, can become significant if neighborhood keys are used for communication, since, instead of a single broadcast, a node is required to perform several unicast transmissions. For flooding code updates (a common operation in WSN, since they are physically inaccessible) the naive support of broadcasting through multiple unicast transmission can be very costly. They formulate the problem of deciding if it is possible to achieve 100% network coverage by a flooding packet, when each node cleverly chooses one of its keys to unicast the broadcast message.

2. D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks

Jelena Mirkovic et. al. [7] described that defenses against flooding distributed denial-of-service (DDoS) commonly respond to the attack by dropping the excess traffic, thus reducing the overload at the victim. They propose D-WARD, a source-end DDoS defense system that achieves autonomous attack detection or as a source-end component in a distributed defense .It autonomously detects and effectively stops a wide range of DDoS attacks, ensuring good service to legitimate clients, and incurs low operation cost.

3. Monitoring the Macroscopic Effect of DDoS Flooding Attacks

Jian Yuan et. al. [8] described that creating defenses against flooding-based, distributed denial-of-service (DDoS) attacks requires real-time monitoring of network-wide traffic to obtain timely and significant information. Unfortunately, continuously monitoring network-wide traffic for suspicious activities presents difficult challenges because attacks may arise anywhere at any time and because attackers constantly modify attack dynamics to evade detection. , they proposed a method for early attack detection. Using only a few observation points, their planned method can monitor the macroscopic (network-wide) effect of DDoS flooding attacks. They experimented with different attack modes: constant rate, increasing rate, natural-network-congestion-like, pulsing, TCP-targeted, and subgroup attacks. They found that these attacks, which have the apparent effect of inducing network congestion, reveal themselves through shifts in spatial-temporal patterns that exhibit the same signature: congestion at the victim network. They also suggested that macroscopic level monitoring might be both practical and helpful for triggering more focused detection and filtering in transit or source networks.

4. IP Easy-Pass: A Light-Weight Network-Edge Resource Access Control

Haining Wang et. al. [9] described that providing real-time communication services to multimedia applications and subscription-based Internet access often requires that sufficient network resources be reserved for real-time traffic. However, the reserved network resource is susceptible to resource theft and abuse. Without a resource access control mechanism that can efficiently differentiate legitimate real-time traffic from attacking packets, the traffic conditioning and policing enforced at Internet Service Provider (ISP) edge routers cannot protect the reserved network resource from embezzlement. On the contrary to the usual expectation, the traffic policing at edge routers aggravates their vulnerability to flooding attacks by blindly dropping packets. They proposed a fast and lightweight IP network-edge resource access control mechanism, called IP Easy-pass, to prevent unauthorized access to reserved network resources at edge devices. They attached a unique pass to each legitimate real-time packet so that an ISP edge router can validate the legitimacy of the incoming IP packet very quickly and simply by checking its pass. They presented the architecture of Easy-pass and discussed its scalability. Then, they described how to create an Easy-pass at the end-host, and how to verify it at the ISP edge router using the RC-5 encryption/decryption algorithm.

5. Stochastic Modeling of Hello Flooding in Slotted CSMA/CA Wireless Sensor Networks

Mohammad Sayad Haghighi et. al. [10] described that most of the current neighbor discovery protocols rely on a challenge or request broadcast by the discovering node called "Hello." Hello flooding attack was specifically designed to exploit the broadcasting nature of these protocols in order to convince a large group of nodes that the sender is their neighbor by using very high transmission power. They proposed an analytical approach for stochastic modeling of the challenge-broadcasting scenarios in networks using slotted carrier sense multiple access with collision avoidance (CSMA/CA) protocols. They model the non stationary channel right after issuance of the request by a recursive method and then put forward an approach to find the broadcaster's approximate payoff. They described how it can be used to work out the estimation of the optimal attack range for the attackers and development of a flood-resilient MAC protocol that increases the security of neighbor discovery protocols using statistical techniques; this is especially relevant in the case of mobile networks where cryptographic solutions are costly or even infeasible to employ. They also addressed the optimization problems with the MAC protocol and specified the network parameters the network designer deals with in the objective function.

6. To Lie Or To Comply: Defending against Flood Attacks in Disruption Tolerant Networks

Qinghua Li et. al. [11] described that Disruption Tolerant Networks (DTNs) utilize the mobility of nodes and the opportunistic contacts among nodes for data communications. Due to the limitation in network resources such as contact opportunity and buffer space, DTNs are vulnerable to flood attacks in which attackers send as many packets or packet replicas as possible to the network, in order to deplete or overuse the limited network resources. They employed rate limiting to mitigate flood attacks in DTNs, and proposed a scheme which exploits claimcarry- and-check to probabilistically detect the violation of rate limit in DTN environments. Their scheme uses efficient constructions to keep the computation, communication and storage cost low. Also, they analyzed the lower bound and upper bound of detection probability. Their scheme is effective to detect flood attacks and it achieves such effectiveness in an efficient way. Their scheme works in a distributed manner, not relying on any online central authority or infrastructure, which well fits the environment of DTNs.

7. Defense against Lap-top Class Attacker in Wireless Sensor Network

A Hamid et. al. [12] described that in Hello Flood Attack, Hello Packets have high transmission range. This processing power sends HELLO packets to a number of sensor nodes which are deployed in a large area within a Wireless Sensor Network. The compromised sensor node assumed that adversary is their neighbor node. As a result of this they transmitted hello packet through adversary node to base station. They proposed a technique to prevent against Hello Flood Attack, in this scheme two sensors use same secret key. During the communication the new encryption key is generated. This ensures that only reachable nodes can decrypt and checks the message and thereby prevents the adversary from attacking the sensor network.

8. Hello Flood Counter Measure for Wireless Sensor Networks

Dr. Mohamed Osama Khozium [13] described that the ability of sensor network is not only to sense the desired information but also to communicate among nodes in order to send data to base station. The major resource constraint is energy. Limited battery power force sensor nodes to inform neighboring nodes about their existence by broadcasting hello packets periodically. Beside system faults, sensor nodes are also vulnerable to malicious attacks launched either by compromised nodes or by laptop class adversary. Security solutions against these attacks have to be designed with limited memory, limited battery and limited computational power of sensor node in mind. He had presented a mechanism which presents the collateral damage effect caused by hello packet flood. He suggested that dynamically chosen nodes cast vote against each control packet received, to base station. He used 'turn rolling algorithm' to choose nodes from particular geographical region to cast vote. He observed less energy consumption, longer life of network, and better packet authentication.

9. Forward Secure Communication in Wireless Sensor Networks

Sjouke Mauw and Ivo van Vessem et. al. [14] developed a set of security provisions for communication in wireless sensor networks which establishes authentication of the origin of data, confidentiality of data, forward security (implying a weak form of tamper resistance), and freshness (to mitigate the effect of maliciously delayed data). They find that by using hash function the computational complexity become low and also chip area can be reduced. In order to minimize the communication overhead and chose for encryption algorithms without data expansion. Rather than a communication protocol, they developed a set of security provisions that can be superimposed on several underlying communication models for sensor networks. In order to assure freshness, they had introduced an acceptance window at the base station.

10. Adaptive Defense against Various Network Attacks

Cliff C. Zou et. al. [15] described that there are various types of attack in networks such as Distributed denial of service (DDoS) attacks and worm injection attacks. To deal with these attacks a defense system needs to deal with various network conditions and dynamically changing attacks.They introduced an "adaptive defense" principle based on cost minimization-a defense system adaptively adjusts its configurations according to the network condition and attack severity in order to minimize the combined cost introduced by false positives and false negatives at any time. Actually, this basic "adaptive defense" idea had already been used in many other areas, such as the epidemic disease control in the real world, the five-level terrorism alert system. They presented concrete adaptive defense systems to defend against two major network attacks: SYN flood DDoS attack and Internet worm infection. The adaptive parameter update includes simple estimation and optimization, thus the computational overhead is very small. The adaptive defense is a high-level system design and there are many good but nonadaptive detection and filtering algorithms. Therefore, they believed the adaptive defense can be built on top of various non-adaptive detection and filtering algorithms, which makes it applicable for a wide range of security defenses. , the adaptive mechanism requires the knowledge of the detection tradeoff curve in terms of false positives versus false negatives. They can obtain such a detection performance curve based on past attacks and simulations. However, a new attack that has a different statistical pattern will have a different detection tradeoff. In this case, the adaptive defense system will produce suboptimal defense due to the non-accurate detection tradeoff curve used. . One possible way is to continuously update and derive the correct detection tradeoff for a new ongoing attack based on the observed attack and detection results. in order to understand accurately the impact of false positives/negatives, They evaluated the adaptive defense system based on real monitored traces that include both attack and normal traffic.

11. Detecting VoIP Floods Using the Hellinger Distance

Hemant Sengar et. al. [16] found that Voice over IP (VoIP), also known as Internet telephony, is gaining market share rapidly and now competes favorably as one of the visible applications of the Internet. There are various protocols used in VoIP, so there needs a fast and generic detection mechanism working across different protocol layers. They investigated the protocol attribute behaviors and characterize the network traffic with respect to the intrinsic correlation among protocol attributes. To defend against these attacks they offer the VoIP Flooding Detection System (VFDS) an online statistical anomaly detection framework that generates alerts based on abnormal variations in a selected hybrid collection of traffic flows. It did so by viewing collections of related packet streams as evolving probability distributions and measuring abnormal variations in their relationships based on the Hellinger distance-a measure of variability between two probability distributions.

12. A Puzzle-Based Defense Strategy against Flooding Attacks Using Game Theory

Mehran S. Fallah [17] described that, in recent years, a number of puzzle-based defense mechanisms had been proposed against flooding denial-of-service (DoS) attacks in networks. He found that these mechanisms were not designed through formal approaches. Some design issue such as such as effectiveness and optimality have remained unresolved. He utilized game theory to propose a number of puzzle-based defenses against flooding attacks. He presented that the interactions between an attacker who launches a flooding attack and a defender who counters the attack using a puzzle-based defense can be modeled as an infinitely repeated game of discounted payoffs. He found that the best strategy a rational defender can adopt in the face of a rational attacker. In this way, the optimal puzzle-based defense strategies are developed. He proposed four defense mechanisms i.e., PDM1, PDM2, PDM3, PDM4. PDM1 is derived from the open-loop solution concept in which the defender chooses his actions regardless of what happened in the game history. This mechanism was applicable in defeating the single-source and distributed attacks, but it cannot support the higher payoffs being feasible in the game. PDM2 resolves this by using the closed-loop solution concepts, but it can only defeat a single-source attack. PDM3 extends PDM2 and deals with distributed attacks. This defense is based on the assumption that the defender knows the size of the attack coalition. Finally, in PDM4, the ultimate defense mechanism is proposed in which the size of the attack coalition is assumed unknown. The proposed mechanism can be integrated with reactive defenses to achieve synergetic effects.

13. Information Theory Based Detection against Network Behavior Mimicking DDoS Attacks

Shui Yu et. al. [18] described that DDoS is a spy-on-spy game between attackers and detectors. Attackers are mimicking network traffic patterns to disable the detection algorithms which are based on these features. It is an open problem of discriminating the mimicking DDoS attacks from massive legitimate network accessing. They observed that the zombies use controlled function(s) to pump attack packages to the victim, therefore, the attack flows to the victim are always share some properties, e.g. packages distribution behaviors, which are not possessed by legitimate flows in a short time period. Therefore, once the DDoS attack detection algorithms raise the alarm of a potential attack, their method start to calculate the distance among the different suspicious flows in the community network. If the distance is less than a given threshold, then it is an attack, otherwise, they treat it as a surge of legitimate accessing.

14. On Remote Exploitation of TCP Sender for Low-Rate Flooding DoS Attack

V. Anil Kumar et. al. [19] low-rate flooding Denial-of-Service (DoS) attacks are potentially harmful attack scenarios identified recently. In low-rate attacks, the attacker imposes significant damage to its target with a minimal volume of flood. The low flood rate in these attacks allows them to remain undetected besides significantly reducing the cost or effort of launching the attack. The best known example for low-rate attacks is the induced Shrew attack which consists of a series of high-intensity short duration periodic pulses. Induced-shrew attack in which a malicious TCP receiver remotely controls the transmission rate and pattern of a TCP sender to exploit it as a flood source for launching low-rate Denial-of-Service (DoS) attacks. They proposed a scheme called cumulative nonce to detect Induced-shrew attack, in which a TCP sender can follow a challenge-response mechanism in which the sender, along with data, throws a challenge to its receiver and validate the incoming ACK, based on receiver's response to the challenge.

15. Scalable Network-Layer Defense Against internet Bandwidth-Flooding Attacks

Katerina Argyraki et. al. [20] described that, In a bandwidth-flooding attack, compromised sources send high-volume traffic to the target with the purpose of causing congestion in its tail circuit and disrupting its legitimate communications. In order to defend bandwidth-flooding attack, they presented Active Internet Traffic Filtering, a network-layer filtering mechanism that preserves a significant fraction of a receiver's tail circuit in the face of bandwidth flooding, while requiring a reasonable amount of resources from participating ISPs. They represented that (1) AITF enables a receiver to preserve more than 80% tail's circuit capacity to 10 times in against of SYN-Flooding attack. (2) Each participating ISP requires a few thousand filters and some megabytes of DRAM per client, so per client cost will not increase. The first two AITF-enabled networks can maintain their communication in the face of flooding attacks, as long as the path between them is not compromised. By using AITF, the network layer of internet becomes an effective, scalable, incrementally deployable against bandwidth-flooding attack.

16. Zero Knowledge Protocol to design Security Model for threats in WSN

Vishal Parbat et. al. [21] described that there were many challenges in distributed wireless sensor network, such as detecting the relevant quantities, monitoring and collecting the data, assessing and evaluating the information, formulating meaningful user displays, and performing decision-making and alarm any malicious event. They proposed a new security model to address three important active attacks namely cloning attack, MITM attack and Replay attack. They used the concept of zero knowledge protocol which ensures that legitimate receiver only get the information send by legitimate sender. For accomplish this they uses social finger print together with ZKP to detect clone attacks and avoid MITM and replay attack.

17. Wireless Sensor Network Based Model for Secure Railway Operations

Emad Aboelela et. al. [22] described that there were a problem to detect immediate and long-term railway track to avoid collision and accidents of trains. To inspect the problem or breakage of track, Inspectors walking through the rail track lines and used the train cars, this is instrumented with accelerometers and ultrasonic sensors. To overcome this Problem they proposed the model of our safe railway system with its different components including the wireless sensor nodes along with the control centers. They used the multi-layer and multi-path routing scheme in wsn and used fuzzy logic based aggregation Technique. Their established aggregation technique maximizes information gain while minimize resource usage and false alarm.

18. Model Checking Wireless Sensor Network Security Protocols: TinySec + LEAP + TinyPK

Llanos Tobarra et. al. [23] did a formal analysis of security protocols in the field of wireless ensor networks. They modeled the TinySec, LEAP and TinyPk protocol using the HLL HLPSL.To check and verify these models they used the tool AVISPA. They checked two security principle, authenticity and confidentiality. As an outcome of this analysis, two attacks had been found: a man-in-the-middle- attack and a type flaw attack. In both cases confidentiality is compromised and an intruder may obtain confidential data from a node in the network. To maintain the authenticity and confidentiality, they combined the main properties of three protocols: TinySec, which is provide the authentication and encryption of messages; LEAP, which is responsible for the key distribution mechanism and TinyPK, which allows establishing an authenticated conversation with an external third party.

19. Security Model for Hierarchical Clustered Wireless Sensor Networks

Kalpana Sharma et. al. [24] proposed a security framework for WSN which is based on the WSN security principles. Their design goal was that to design a completely secure WSN. They provide the security at the node level itself and network level also. Means nodes computed most of the work independently; outcome of this, energy of nodes can go longer. Because nodes was not totally depends on Base station. Their proposed work focused on two component of security, the secure management module and secure routing scheme. The proposed security framework viz. 'Secure and Hierarchical, a Routing Protocol' (SHARP) is designed for the WSN applications which is deployed mainly for data collection reason in a battleground where the security portion of the network cannot be compromised at any cost. Their security scheme was energy efficient as well as network never compromised. This was possible because of clustering in terms of tracking and sectoring.

20. Energy-Efficient Communication Protocol for Wireless Microsensor Networks

Wendi Rabiner Heinzelman et. al. [25] found that conventional protocols of direct transmission, minimum-transmission-energy, multihop routing and static clustering was not be optimal for sensor networks in term of energy efficiency, because sensor nodes had limited energy source i.e., are energy constraint. They proposed LEACH (Low-Energy Adaptive Clustering Hierarchy).it was a clustering-based routing protocol that minimizes energy dissipation in sensor networks. There were three core features of this protocol; first, localized coordination and control for cluster set-up and operation. Second, Randomized rotation of the cluster "base stations" or "cluster-heads" and the corresponding clusters. Third, local compression to reduce global communication. They show that LEACH reduces communication energy by as much as 8 times compared with direct transmission and minimum transmission- energy routing protocol.

21. The Flooding Time Synchronization Protocol

Miklos Maroti et. al. [26] described that WSN applications require a scalable time synchronization service enabling data consistency and coordination in the same way to other distributed systems. They Developed the Flooding Time Synchronization Protocol (FTSP) for WSN. The protocol was implemented on the UCB Mica and Mica2 platforms running TinyOS. This Protocol was introduced for applications requiring high accuracy on resource limited wireless platforms. The accuracy in the single hop is 1.5μs case and the average precision of 1.7μs per hop in the multi-hop. The proposed time synchronization protocol utilizes low communication bandwidth, scales well for medium sized multi-hop networks, and is robust against topology changes and node failures. FTPS periodically broadcast the synchronization message and it implicitly capture topology updates to achieve robustness. They Used MAC-layer time-stamping, comprehensive error compensation, including linear regression in FTSP protocol which reduces time skew, to achieve high performance and keeps network traffic overhead low.

22. Routing Techniques in Wireless Sensor Networks: A Survey

Jamal N. Al-Karaki et. al. [27] described that Wireless Sensor Networks (WSNs) be composed of small nodes with sensing, computation, and wireless communications capabilities. They found, there were many routing, power management, and data dissemination protocols. They described that the routing protocol are divided into three categories based on the underlying network structure, they were 1) flat, 2) hierarchical, and 3) location-based routing. Furthermore, these protocols are classified into multipath-based, query-based, negotiation-based, and QoS-based routing techniques depending on the protocol operation. They also focused on the design tradeoffs between energy and communication overhead savings in some of the routing paradigm. They also presented advantages and disadvantages of each routing protocol.

23. An Efficient Key Management Scheme for Secure Sensor Networks

DU RuiYing et. al. [28] described that wireless sensor networks are deployed in hostile environment, so there were need an efficient security scheme, because current security scheme were not enough. They proposed an efficient key management scheme for WSN's, which had two advantages. One is that every node has a pre-deployed key and hash function. Other is that it is based on EBS and provides a optimal scheme for group key management. In this scheme, whenever a node want to join a network, it must encrypt its identity with pre-deployed key afterwards it used has function to compute its communication key, so energy-cost were reduced. Therefore, it can maintain the security without increasing energy cost. and in their scheme workload distributed between base station and process center, so network become more secure.

24. Common Security Issues and Challenges in Wireless Sensor Networks and IEEE 802.11 Wireless Mesh Networks

Kok-Keong Loo et. al. [29] investigated that both Wireless Mesh Network (WMN) and Wireless Sensor Network (WSN) are multi-hop wireless networks.WMN was an integrated broadband technology provides high bandwidth to internet user's and it can also integrate with wired and wireless networks.WMN had low-cost, easily deployable, self healing and self configure network. Wireless sensor nodes had computation, memory and power limitations, so could not allow for implementation of complex security mechanism.WSN is purpose-based application-specific wireless network which ensure large scale real time data processing in complex environment. Few applications of WSN are traffic controlling, territory monitoring, flood informing, health care etc. Both These wireless network had some common security threats. They discussed the common limitations and vulnerable features of WMN and WSN, along with the associated security threats and possible countermeasures. Both these wireless networks have some common vulnerable features which may increase the chances of different sorts of security attacks. The security challenges are imposed due to the open wireless medium, multi-hop architecture, power restrictions and shared MAC. These may be physical threats such as jamming and scrambling, MAC related risks such as MAC selfishness or exploitation of RTS/CTS mechanism, routing attacks such black hole, grey hole, Sybil, and sleep-deprivation attacks to drain the power resources. They also demonstrated the drawbacks in the existing protective measures and how they are not suitable. It further implores that intrusion detection systems can be considered as good candidates for sensor gateways.

25. The Price of Security in Wireless Sensor Networks

Jongdeog Lee et. al. [30] analyzed the cost of using security in WSNs. They found that there was several applications of WSNs, such as in military application, commercial, environmental and home monitoring and they felt that data in the network was most critical and it travels securely in the network. They analyzed the cost of security; to better understanding they studied three aspect of security, i.e. 1) encryption algorithms, 2) modes of operation for block ciphers, and 3) message authentication algorithms. They had extensively worked on block ciphers and their changing parameter and saw the energy consumption and level of security. They had measured and compared their memory and energy consumption on both MicaZ and TelosB sensor motes. They had also analyzed the advantages and disadvantages of different modes of operation and MAC algorithms and tried to suggest combinations that provide a sufficient level of security while being suitable for use in a WSN environment.

26. Secure Data in Wireless Sensor Network By Using DES

Jagbir Dhillon et. al. [31] described that main objective of sensor networks is to provide accurate information about a environment or any subject. They said that wireless sensor networks operate in hostile environment and interacts with sensitive data so there were care about important data and node itself. These networks composed of hundred to many more sensor nodes and function independently in hostile environment. They proposed security goals and some technique against some attacks in WSN. They implemented a algorithm just like Data encryption Standard (DES), which provide enough level of security for protecting the confidentiality of data in WSN networks. They defined that cryptography is used to protect data in moving state and when data stored in a vulnerable medium. They also used Advanced Encryption Standard(AES) to provide security of data in WSN.

27. The Network and Security Analysis for Wireless Sensor Network : A Survey

Alok Ranjan Prusty [32] surveyed the wireless sensor networks and find that WSN is composed of many sensors nodes and they are operate independently in hostile environment. He found that sensor nodes was cheap and easily deployable so it can be used to create great network for great purposes , but WSN had several constraint like low computation capability, small memory, limited energy, susceptible to physical capture, lack of infrastructure etc. He also Found that rather than these constraint, they operates in hostile environment so there were security as a critical issue and challenges. He surveyed many types of attack, security loop holes, their consequences and proposed counter measure against such attacks.

28. A Study of Security in Wireless Sensor Networks

M.J. Carmel Mary Belinda et. al. [33] described that WSN very useful in battlefield and also in everyday security and commercial application such building monitoring, traffic surveillance, whether prediction etc., but wireless sensor network had heavy security challenges. Generally WSN were used in hostile environment so they were vulnerable to many attacks. They had constraint such as limited power, limited memory, and low-computation power so to make an effective security mechanism is difficult to implement because of these constraint. They presented a security framework WSNSF (Wireless Sensor Networks Security Framework) to provide a comprehensive security solution against the known attacks in sensor networks. WSNSF take the consideration of communication and computation limitation of sensor networks.

29. Novel Defense Mechanism against Data Flooding Attacks in Wireless Ad Hoc Networks

Hyojin Kim et. al. [34] described that mobile user use their device anywhere and anytime to access multimedia data. These types of ad hoc networks form any topology with low cost during operation. Electronic device installed with battery had limited power supply so they are vulnerable to many attacks like data flooding a