Spoofed Altered Replayed Routing Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The active attacks in states that the unauthorized attackers involves information suspension, alteration assembling the data packets during the effective communication. The types of active attacks are as follows:

Routing Attacks in sensor networks:

The routing attacks present in the network layer with the following list of attacks.

Spoofed, altered & replayed routing information:

The most outstanding attack on routing is to alter, spoof, or just replay

routing information is known as false routing information [2, 4, 5, 10, 12, 14, 15, 16]. Malicious nodes simply,

Drop data packets quietly

Modify data content

Generate false error messages

Traffic redirections

Selective forwarding:

A venomous node which behaves like black hole can compromise the

other nodes by creating an illusion that it is still active by forwarding only selective packets and that data can be routed via it. To minimise the attack of selective forwarding in wireless sensor networks, multi path routing along with implementation of redundancies should be established with high reliable in routing [1, 2, 4, 5, 8, 10, 12, 14, 15].

Sinkhole attack:

In the sinkhole attack, the intention of an adversary's aim is to decoy nearly all the congestion from a specified area which have been passed along with the endangered node , will have a chance to establish a false sinkhole with the adversary at the centre. If the enemy node does not introduce itself as the sink, the node closer to the sink will make more interruptions in the network because the traffic absorbed by enemy node will be more [1, 2, 4, 5, 8, 10, 12, 15, 16].

Sybil attack:

Node replicates itself and involves their existence in the different

locations. In other words it is defined as a "malicious device illegitimately taking on multiple identifiers". The existence of this attack is at physical layer, data link layer and network layer.

By verifying the identities of the valid nodes which having the unique key along with the base station the Sybil attack has been recovered. The shared key has been used for an encryption and also for the verification of link within the nodes of connections around the area. [1, 2, 4, 5, 8, 10, 12, 14, 15]

Wormhole attack:

In the wormhole attack, an adversary burrows messages over a low

latency link which have been received in one part of the network and plays back them in a different part. Wormhole attack is very difficult to detect because it uses out-of-bound channel to route packets. An adversary records packets or bits from whatever location in the mesh that can perforate them to another location and conveys them into the network [1, 2, 4, 5, 8, 10, 14, 15, 16].

Hello Flood attack:

It is a novel attack against sensor networks. The unidirectional

connections between nodes are highly utilized by this attack. Nodes broadcast hello packets with the help of routing protocols to announce themselves to their neighbours and a node inviting such a data packets may assure that it rests inside the (normal) radio range of the sender. Hello flood attack will taken part in the network layer.

This attack will increases the delay since the messages are need to be

routed mulit-hop to their parent nodes. The avoidance of this attack can easily be kept off by verifying the bi-directionality of a link through identity verification protocol before considering the information produced by the link [1, 4, 8, 10, 14, 15, 16].

Fig. 2. Illustration of Hello Flood attack

Denial of service attacks:

It is an event that belittles or eradicates a network's capacity to

perform its expected function. Its act as a path for the adversary to subvert, disrupt or destroy a network. Black hole, resource exhalant, sinkhole, wormhole, flooding, routing loops are the different types of DoS [3, 8, 10, 12, 14].

Node subversion:

An intruder may expose all the encryption information, secret keys and

algorithm by captivating a true node in the network. The adversary use the true node itself as an attacker to launch an inside attack [3, 8, 12].

Node malfunctions:

A malfunctioning node will generate the incorrect data which could expose the integrity of sensor networks by including dropping data packets at a high rate, denying packet forwarding requests. This will affect the performance of the network. [3, 12].

False node:

A false node involves in appending the illegal node in the network which created by an adversary and starts pushing t he malicious data which results to a communication bottleneck, false location claims and bring the network performance to the lower level. [3, 8, 12].

Node replication attack:

Node replication attack is defined as an attacker may add-on the malicious node into the network by imitating the identity of a true existing sensor node. That node will starts to create a problem to a WSN in various ways including message corruption, injection of fake data, deviating the packets direction to other nodes and so on.[3, 12]

1.4. Application of WSN

Wireless sensor network are being deployed widely and they gives an economical solution to many problem. Here some typical and promising applications of WSNs.

Military applications:

It can be used for commanders to monitor the status (position, quantity, availability) of their troops, equipment and battlefield surveillance or reconnaissance of opposing forces and terrain to target the enemy, to detect biological and chemical attack.

Environmental applications:

It can be used to monitor the condition/status of environment such as humidity, temperature, pressure, and pollution in soil, marine, and atmosphere. Also detect a disaster such as forest fire, flood, tsunami, volcano activities that is about to happen.

Health applications:

It can be used to remotely monitor/track/diagnose the condition/status (position, quantity, heart rate, blood pressure) of doctor, patient or drug, equipment, etc.

Commercial applications:

It can be used to detect/track/monitor vehicles, to manage/control inventory/warehouse, to support interactive devices, or to control environment of a building.

Scientific exploration:

WSNs can be deployed under the water or on the surface of a planet for scientific research purpose.

Area monitoring:

In area monitoring, the nodes have been deployed with a unique ID of connections along with the energy models in a sequenced range of transmissions to monitor the actions of nodes simultaneously. The parameters of connections can be monitored and reported to the base station through the conception of routing techniques. The remedies can be taken place further based on the information it may receive upon the network simulated area of connections.



The perspective view and analysis of flood attack by different authors in different papers have been listed in the TABLE I with the brief descriptions as follows.


The brief descriptions for the methods listed on above table are as follows:

Method 1:

Dynamic Source Routing uses source routing rather than on the routing table at each intermediary device. In[13], the author have considered the neighbouring nodes as strangers, acquaintances and friends with different threshold values by implementing the algorithm in both RREQ flooding attack and DATA flooding attack using the extended DSR protocol.

The following Fig. 3., shows the performance analysis(evaluation) of throughput by varying the parameters such as number of malicious nodes, number of connections and mobility of nodes excluding the measurement of time, using extended DSR rather than regular DSR.

Fig. Malicious Nodes vs Throughput

Method 2:

The authors have considered some primary assumption such as all sensor nodes are homogeneous, communicating within a fixed radio range which knows the fixed signal strength along with a time threshold, to detect the hello flood attack which is grounded on signal strength and client puzzles method in [9]. He uses the two ray propagation model to calculate the signal strength.

If the node receives hello message, have the signal strength equal to that of fixed strength, then it comes under stranger or a friend. Short client puzzles that need less computational and battery power is highly suitable to check the validity of suspicious nodes. The difficulty of puzzles can be made using Dynamic policy technique allotted to the strangers based on the number of hello messages sent.

Method 3:

The Ad hoc On - Demand Distance Vector Routing protocol have the ability to forward the data packets in dynamic network topology, but it could not address all the possible attacks. To overcome the above problem, the Real-time Host Intrusion Detection for Ad hoc Networks (REHIDAN) algorithm is used in [11], to minimize the effectiveness of the attacks. Intrusion detection approach having the functions like Monitoring, analysing, assessing, recognizing, and tracking are examined by author. The REHIDAN algorithm in [11], uses the idea of neighbour suppression algorithm isolating through which, the attacker is isolated from the neighbour nodes. It is implemented, with OPNET.

Method 4:

The main concept of Period based Defense Mechanism (PDM) in [7], is data flooding attack, where the adversary itself first set up the path to all the nodes and starts to send useless packets along the path. The path cut off mechanism is used as a defense against data flooding attack. FAP is not able to distinguish burst traffic from attack traffic.

Method 5:

The main aim of network coding in [6], is to find optimal information dissemination in the network where two information flows are identified. It is intrinsically resistant to selective forwarding adversaries that drop packet in the data flow, due to its multipath nature. Multi-hop multi-stream unicast routing protocol, gradient based routing protocol are used for implementation.

Method 6

Through identity verification protocol, hello flood attack has been counter balanced which further checks the bi-direction link of nodes deployed in an area. The method was being useless if the enemy nodes has been with high range of transmitting powers over an simulated area. This might have not will have chance to detect or control the flooding of hello messages around the connections.

Method 7

Solution framework has been implemented in [17] where the author has used that to avoid the sequence of actions against the denial of service attack. The puzzles have been established to keep on protection from various attacks which allow the all nodes to solve the puzzles.

The importance of punishing attacker's nodes will keep on increasing the difficulty of puzzles by increasing the burden for the other valid nodes also.

Method 8

The author has proposed the security mechanism for the nodes in the simulated area by taking the signals as an input for their modules which will have a chance to detect the attackers around the area of network which having the attack of hello flood.

Method 9

The importance of handshake protocol has been implemented for a network area by keep on connecting the valid nodes with the attackers by performing request and reply from the source to the destination on the basis of neighbours its gets connected. This may have a chance to affect the valid nodes by changing their presence in a valid condition.

The collision will occur between the nodes which was under the range of high density during the time of arrival which will further decoded and they night have a chance to hear the replies of victims.

3.7 Method 10

To check whether the mobile node neighbours are intruders or not , the authors decided to use the threshold values for the mobile nodes proposed in [20] in order to defend against flooding attacks in MANET.

The possible condition to come to a solution of finding the nodes as intruders is if the node value of routing packets outmatches the given value of threshold range of connections.



In the cryptographic technique, where any two sensors can share the same secret key in which each and every new encryption key is generated during communication. The drawbacks have been founded in [21] by which the nodes only who can reach the proper destination can have a chance to check the validity of the messages sponsored around the range of connections in the simulated area. This may have a choice of attracting the valid nodes by spoofing its identity and they may generate more and more attacks.

In the simulated area which have an enormous wide range of connections where the nodes will have a various secrets keys in the formation of tree structure by following the data forwarding technique relies on multi path with multi base station in [22]. Each and every node will have a unique key of establishing connections.

The nodes have been deployed with an effective architectural model in the simulated area of connection with an energy model by implementing the hello flood attack using the existing aodv protocol by scattering the hello messages to the valid nodes to make believe them it has been an attacker to the transmissions.

The attackers can easily violate the valid nodes to make them believe that they are the neighbours for them by keeping them in a valid range of shortest distance between the connections to establish the communication. The flooding attack has been implemented with the black hole attack by spreading the hello messages to other neighbours around the simulated area of connections. This may violate the security of an area which has been further focussed in the proposed system of connections.


Easy attack of nodes

Reduces energy of nodes

No formation of key for nodes.

No usage of IDS model


Intrusion detection system (IDS) supervisors the nodes which have been deployed in a simulated area through the linkage of nodes together. It is responsible for the avoidance of malicious traffic by performing actions like stopping the source or destination ip address by making them not accessing the network.

The major goal is the effective monitoring sense of connections have been established around the simulated area by keep on tracking the nodes which are creating traffic in the form of attackers.

The RSA consist of three key generation techniques. The authentication is a key barrier in the network information system security field. RSA is a open network environment technology, using public key cryptogram system theory has implemented and supplied a universal security infrastructure for security services, it has two main application, include encryption and digital signature. Along with the modern times autoimmunization improvements, a great deal of no face-to-face electronic trades are increasing.

A veracity, and security, and practicable automatic personal identification are even more highly demanded and required in our life. Developed a suit of simple identity authentication system for encryption and authentication, it supply a base of research and development.

 RSA encryption, supplies unique and stability technology advantages, presents a authentication system. Using the public key (PKA) or asymmetric key algorithm, the usage of both public and private key will provide the effective secur connections around the simulated area of deployment.

The sharing of public key is used by the nodes in an area to encrypt and decrypt the data's. Whereas the private key is not shared to other nodes due the concept of secure connections to be implemented in the network area.

Black hole Attack

Different securities threats i.e. attack that are carried out against them to disrupt the normal performance of the networks. Black hole AODV attacks physically stay outside of the network and deny access to network traffic or creating congestion in network or by disrupting the entire network. External attack can become a kind of internal attack when it take control of internal malicious node and control it to attack other nodes.




The control packets and data packets are transmitted during the communication involved among the nodes around the simulated network area by considering the path of shortest distance to reach the source and destination, implemented using the method of aodv protocol.

Packets will be in a position to travel along the shortest path to reach the nearest neighbours executed using the aodv protocol as it is being a reactive protocol and it will establish a perfect route to destination only on demand. In aodv, the source node and an intermediate node will maintain the information about the next hop information.


In our proposed we use RSA based key generation. And then we use of hashing technique for memory optimization. We create one pair wise key and one shared key.

 RSA encryption, supplies unique and stability technology advantages, presents a authentication system. Using the public key (PKA) or asymmetric key algorithm, the usage of both public and private key will provide the effective secure connections around the simulated area of deployment.

The sharing of public key is used by the nodes in an area to encrypt and decrypt the data's. Whereas the private key is not shared to other nodes due the concept of secure connections to be implemented in the network area.

The method of implementing the generation of new keys to the nodes especially to the valid nodes by excluding the attackers from the simulated area of connections will improve secure connections between all different deployed nodes.

The valid nodes will not have a chance to communicate with the nodes in the form of attackers in which the secure communication and transmission of data can be established.


To prove our model we need to formulate an adversary model in our network. Adversaries are intruders in our network they do false things against the protocol. The adversary model here for monitoring the network activities such as record data, time and size of the packet sent over the network also it observes the source and destination nodes id for disrupting the packet transmission.

Intrusion detection system (IDS) supervisors the nodes which have been deployed in the simulated area with help of linkage of nodes together. It is responsible for the avoidance of malicious traffic by performing actions like stopping the source or destination ip address by making them not accessing the network.

The major goal is the effective monitoring sense of connections have been established around the simulated area by keep on tracking the nodes which are creating traffic in the form of attackers.

Intrusion Detection Systems help information systems prepare for, and deal with attacks. They accomplish this by collecting information from a variety of systems and network sources, and then analyzing the information for possible security problems.

Intrusion detection provides the following:

Monitoring and analysis of user and system activity

Auditing of system configurations and vulnerabilities

Assessing the integrity of critical system and data files

Statistical analysis of activity patterns based on the matching to known attacks

Abnormal activity analysis

Operating system audit

Advantages of IDS

The IDS CAN provide the following:

CAN add a greater degree of integrity to the rest of you infrastructure

CAN trace user activity from point of entry to point of impact

CAN recognize and report alterations to data

CAN automate a task of monitoring the Internet searching for the latest attacks

CAN detect when your system is under attack

CAN detect errors in your system configuration

CAN guide system administrator in the vital step of establishing a policy for your computing assets

CAN make the security management of your system possible by non-expert staff

An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. There are several ways to categorize an IDS: misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.


The file is created on the code to display the routing details of source and destination which relies on the request and the reply messages that are transmitted between them at a given range of simulated area.

The contents in routing table file will have collected information about hop count, next hop, flags, source id, and destination id along with current time of transmission in the given range of simulated area.