This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Wireless Sensor Network (WSN) consist of small devices that can monitor physical or environmental condition such as temperature, sound, vibration, pressure or motion and scatter around wide area for many purposes like surveillance, environmental monitoring, battlefield and many others. This small devices known as sensor nodes operate using battery as it power source which limiting the device resources like computational power, bandwidth, memory, energy and range. Usually the sensor nodes operate in unattended area for a long time and nodes must be able to withstand it until the end of operation.
Thus, an attack in sensor nodes may increase the computational load, memory, energy and disrupt the network or reduce nodes accuracy. A security scheme must be implemented to avoid such problem from arise. Security functions in WSN become a major concern to protect the sensor nodes from attacks, but with the node limited resources, it needs different types of security. The solution proposed Parno, et al. (2006) in the literature generally fall into two main categories; prevention-based techniques and detection technique.
Prevention techniques tries to prevent an attacker to access the network which like a method develop by Perrig, et al. (2001) known as Security Protocols for Sensor Networks (SPINS) using a broadcast authentication, two party authentication and data confidentiality with symmetric cryptography. SPINS has two secure building blocks functioning behind Secure Network Encryption Protocol (SNEP) and Timed Efficient Stream Loss-tolerant Authentication (TESLA). SNEP working in provides data confidentiality, authentication and evidence of data freshness. TESLA provides authenticated broadcast for severely resources constraint environments. This method used by Perrig, et al. (2001) is to prevent attackers gain entry into the network without a proper authentication and cryptography key.
Derrig, et al. (2006) proposed another secure protocol named Intrusion Tolerant Routing in Wireless Sensor Networks (INSENS). This protocol is designed to be an intrusion tolerant routing protocols for wireless sensor networks. INSENS also utilize cryptography to limit flooding and act as authentication tool. The differences from SPINS are INSENS focusing secure upstream data traffic flow from sensor node through the routing topology.
Detection techniques try to detect malicious nodes that broken into the networks and most of these techniques involve detecting abnormalities from normal operation in the networks. An example from Shihavuddin A.S.M (2008) research, a Pair Based Approach is to detect an abnormal node in a sensor network where the whole network will be segregated into number of pairs. A pair consists of two member node where they are adjacent to each other. Nodes can send and receive message with other node where source and destination location can be within pair, pair-to-pair or group-to-group. So, if malicious nodes detected, this approach will know at which group, pair and at which nodes within pairs that is malicious.
According to Lemos, et al. (2009) the prevention method in WSN is not sufficient to guarantee the security of the network since in many applications, the sensor nodes are deployed in open areas, making it possible for attacker to gain physical access to a sensor and retrieve data including cryptographic key. This makes the detection techniques more suitable for WSN security to handle attacks in the networks since, if an attacker already bypasses prevention technique, a detection techniques still able to prevent further attacks.
1.2 PROBLEM STATEMENT
Many of the applications of WSN are mission critical; making it a target to potential attacker that are interested in harming the sensing level or even bring down
the entire network. This fact is made worse by the very nature of the wireless sensor network since sensor nodes are deployed in a remote or hostile area like in battlefield or environmental monitoring making them unprotected and susceptible to attacks.
Due to the characteristic of WSN, implementation of security in for WSN is not the same like in normal network where there is high computational power, battery, bandwidth and memory compared to sensor nodes. This is the challenge, and WSN security fall into two main categories; prevention-based techniques and detection technique. Each technique has its own advantages which result a different approach and will cater different anomaly detection based on its own algorithm.
Architecture of WSN also plays part to detect an anomaly activity successfully. A centralized architecture put the intrusion detection system in one point within the network, usually the base station. Decentralized architecture will put the intrusion detection system in sensor node.
In WSN, a wormhole known to be challenging to deal (Ronghui et al, 2009) since the adversary does not to compromise any nodes and considered very dangerous (Kaissi et al, 2007) because it can be launched even if all network communications is authentic and confidential.
The objective of this project is:
To investigate the performance of Collaborative Approach anomaly detection for the wireless sensor network against Wormhole attacks.
1.4 PROJECT SCOPE
This project scope focus on messages that been send and received to the Base Station in the WSN for detecting Wormhole attacks within the network.
Sinalgo simulator is being used to create a wireless sensor network environment to runs the experiment to detect anomaly activity.
Detection of the anomaly is the only criteria that have been measured and all nodes are assumed working without compromised physically or by wormhole node
1.5 ORGANIZATION OF THE REPORT
This paper is organized in 5 chapters. Chapter 2 present the literature review of the related works, Chapter 3 will describe about the project methodology in details, Chapter 4 will discuss on the result obtain after running the simulation and the Chapter 5 summarize the project and recommendation for further works.
In this chapter, the information that is relevant to this research project is explored. All of the information is gathered from different sources and medium such as articles, journals and as well as from online reading
2.1 WIRELESS SENSOR NETWORK ARCHITECTURE
There are number of different topologies for radio communication networks. For wireless sensor networks only star network (single point to multipoint), mesh networks and hybrid star-mesh networks.
2.1.1 Star Networks (Single Point to Multipoint)
A star network is a communication topology where a single base station can send/or receive a message to a number of remote nodes. The remote nodes can only send or receive message from the single base station, they are not permitted to send message to each other. The advantage of this type of network for WSN is in its simplicity and the ability to keep remote node's power consumption to a minimum and lower latency. The disadvantage of such network is that the base station must within radio transmission range of all individual nodes and not robust.
Figure 2.1.1 Star Networks
2.1.2 Mesh Network
A mesh network allows for any node in the network to transmit to any other node in the network that within its radio range. This allows for multihop communications; that is, if a node wants to send a message to another node that is out of radio communication range, it can use an intermediate node to forward the message to desired node. This network topology has the advantage of redundancy and scalability. If an individual node fails, a remote node still can communicate to any other node in its range. The disadvantage of this type of network is in power consumption for the nodes that implement the multihop communication are generally higher than nodes that don't have this capability.
Figure 2.1.2 Mesh Network
2.1.3 Hybrid Star - Mesh Network
A hybrid between star and mesh network provides for a robust and versatile communications network, while maintaining the ability to keep the wireless sensor nodes power consumption to a minimum. In this network topology, the lowest power sensor nodes are not enables with the ability to forward messages. This allow for minimal power consumption to be maintained. However, other nodes on the network are enabled with multihop capability, allowing them to forward messages from the low power nodes to other nodes in the network.
Figure 2.1.3 Hybrid Network
2.2 ANOMALY ACTIVITY IN WSN
Jamming - interference with radio reception to deny target's user to communicate.
Tampering - data from sensor nodes is being altered to provide inaccurate reading.
Collisions - similar to jamming, attacker willfully cause collisions or corruption at the link layer.
Exhaustion - attacker inducing repeated retransmission and nodes continually retransmit until it energy depleted.
Selective Fowarding - nodes neglect to forward certain messages or drop the packet that is bound for particular destination.
Spoofing - attacker impersonating another node by falsifying the identity field in routing message, eventually result forward message to wrong path.
Sinkhole Attacks- an attempt to lure all traffic from the nodes to pass through compromised nodes.
Sybil Attacks - most protocols assume nodes present a single unique identity. In Sybil attacks, attackers present multiple identities in the network and can appear multiple places at same time.
Wormholes - malicious node tunnels message between two different parts of the network by provide low latency side-channel for communication and make distant nodes appear closer in the network.
Flooding - overwhelms a victim limited resources by broadcast message and other nodes reply to the requested message which result flood in the link.
Hello Floods - single broadcast by a powerful adversary to many members of the WSN and announcing false neighbor status.
DoS Attacks - an event that eliminates a network capacity to perform its expected function or in timely manner.
2.3 WORMHOLE ATTACK CHARACTERISTICS
Wormhole attacks are one of most easy to deploy anomaly and can cause great damage to the network. Maheshwari et al.(2007) define that wormhole attacks
is done by attracting a lot of data traffic between sensor nodes which can disrupt the data flow between sensors, dropping or modify data packet and attacker can also simply record the traffic for future analysis. When launching a wormhole attacks, a malicious nodes connect between two points in the network and form a wormhole link. This link can be established in many ways like using long range wireless transmission or logical link. When connection been established, the wormholes nodes will start capture the message between one ends and send it to another end.
2.3.1 Example of wormhole
Figure 2.3.1 Wormhole example
From the above figure, node X and Y are the two end-points of wormholes. Y received message from area A and send it to area B where node X reside. Nodes in area B will think that their neighbor from area A. The process can be vice versa between the nodes and the area affected.
General wormhole attacks can be concludes as below:
An attacker has two trusted nodes in two different locations of a network with a direct link between the two nodes.
The attacker records packets at one location of a network.
The attacker then tunnels the recorded packets to a different location.
The attacker re-transmits those packets back into the network location from step 1
2.4 ANOMALY DETECTION IN WSN
Review on anomaly detection method below is based on related works in distributed/decentralized, collaborative approach and wormhole attacks.
2.4.1 Information Sharing for Distributed Intrusion Detection Systems
Peng, et al. (2005) using the Cumulative Sum algorithm (CUSUM) to collect statistics at each local system, and use a machine learning approach to coordinate the information sharing among the distributed detection systems. Its major contributions are two-fold which the first is a simple but robust scheme to monitor the change in the local statistics. Second, a learning algorithm to decide when to share information so that both the communication overhead among the distributed detection systems and the detection delay will minimizes. The application of information sharing model is demonstrate to a specific distributed intrusion detection scenario. This approach is able to optimize the trade-off between the time required to detect an attack, and the volume of communication between the distributed intrusion detection systems.
2.4.2 LIDeA: A Distributed Lightweight Intrusion Detection Architecture for Sensor Networks
Krontiris, et al. (2008) propose LIDeA that based on a distributed architecture, in which nodes overhear their neighboring nodes and collaborate with each other in order to successfully detect an intrusion. It also shows how such a system can be implemented in TinyOS to detect wormhole, which components and interfaces are needed, and what is the resulting overhead imposed.
2.4.4 A distributed intrusion detection system for ad-hoc wireless sensor networks: The AWISSENET Distributed Intrusion Detection System
Besson, et al (2009) proposed AWISSENET (Ad-hoc personal area network & WIreless Sensor SEcure NETwork). This is a project funded by the European Union Information and Communication Technologies Program that is focused on security and resilience across ad-hoc personal area networks and wireless sensor networks. It also provides a security toolbox for trusted route selection, secure service discovery and intrusion detection.
2.4.5 Detecting and Avoiding Wormhole Attacks in Wireless Ad Hoc Network
NaÃ¯t-Abdesselam, et al. (2008) devises an efficient method to detect and avoid wormhole attacks in the Optimize Link State Routing (OLSR) protocol. In OSLR, each node periodically broadcasts a HELLO message to discover its own one-hop neighbors. This method attempted stop in point links that may, potentially, be part of a wormhole tunnel. Then, a proper wormhole detection mechanism is applied to suspicious links by means of an exchange of encrypted probing packets between the two supposed neighbors (endpoints of the wormhole). The proposed solution exhibits several advantages, among which its non-reliance on any times synchronization or location information, and its high detection rate.
2.4.6 Detecting and Locating Wormhole Attacks in WSN Using Beacon Nodes
Ronghui, et al. (2009) stated its method is much easier than other wormhole detecting schemes which also use beacon nodes, and to those have special requirements on each nodes (e.g., GPS receivers or tightly synchronized clocks or directional antennas). Beacon nodes are assumed to know their coordinates; the straight line distance between each pair of them can be calculated and then compared with the corresponding hop distance (hop counts X nodes transmission range)
2.4.7 DAWWSEN (Defense mechanism Against Wormhole attacks in Wireless SEnsor Networks)
Kaissi et al (2007) proposed a proactive routing protocol based on the construction of a hierarchical tree where the base station is the root node, and the sensor nodes are the internal or the leaf nodes of the tree. The tree construction is initiated by the base station which broadcasts a request packet in order to discover its
children nodes. The insertion of a new entry is done in a sorted way; the one with the lowest hop count will be placed at the head of the list
2.4.8 Distributed Wormhole Attack Detection in Wireless Sensor Networks
Distributed wormhole detection algorithm by Xu, et al (2007) called Wormhole Geographic Distributed Detection (WGDD) that is based on detecting network disorder caused by the existence of a wormhole. Wormhole attacks are passive and this reseach paper proposed an algorithm that uses hop counting technique as a probe procedure to detect wormhole attacks, and then reconstructs local maps in each node. After that, it uses a feature called 'diameter' to detect abnormalities caused by wormholes.
2.4.9 A New Collaborative Knowledge-Based Approach for Wireless Sensor Networks
In a collaborative knowledge-based network by Canada-Bago et al. (2010), each sensor executes an adapted Fuzzy Rule-Based System, which presents significant advantages such as: experts can define interpretable knowledge with uncertainty and imprecision. Knowledge-based sensors are suitable for a wide range of applications. The behavior of a knowledge-based sensor may be modified by inferences and knowledge of neighbor sensors in order to obtain a more accurate and reliable output. Collaborative knowledge can be separated from control or modeling knowledge and the collaborative approach may support neighbor sensor failures and communication errors.
2.5 LITERATURE REVIEW SUMMARY TABLE
Below is a summary of the literature review that been discuss in table format for easier understanding and a comments regarding each approach that have been studied.
Table 2.5 Literature Review Summary
Leckie, C., and Ramamohanarao, K.
Information Sharing for Distributed Intrusion Detection System
Using Cumulative Sum Algorithms (CUSUM) to detect changes in networks and send the information to detection system. It calculate the standard deviation between normal operation and when there is changes
It need several learning cycles before archive optimum performance and it expensive to apply in real life.
Krontiris, I., Giannetsos, T., and Dimitriou, T.
LIDeA: A Distributed Lightweight Intrusion Detection Architecture for Sensor Networks
Agent-based system where the nodes capable of sharing their view in the neighboring network. It limited to 2-hop neighbor and use cryptography. The agents are identical in each node and can broadcast to other nodes.
It uses a coordinated surveillance in the agent to detect suspicious nodes. The IDS proved to consume small portion of nodes RAM and considered lightweight as stated by the author.
Besson, L. and Leleu, P.
The AWISSENET Distributed Intrusion Detection System
AWISSENET use plug-in based architecture for easy and flexible management of the algorithm. The network partition into several cluster IDS exchanged inside the cluster.
The plug-in serve the purpose for flexible algorithm used and cluster to reduce flood in the network. It uses secret key and timestamps to raise alert flag of malicious activity.
Table 2.5 Continued
NaÃ¯t-Abdesselam, F., Bensaou, B. and Taleb, T
Detecting and Avoiding Wormhole Attacks in Wireless Ad Hoc Network
Optimize Link State Routing (OLSR) periodically exchange control packets for neighbor discovery and topology construction. It compared the latency of the packet send and receives between nodes.
Used four-way handshaking messages exchange between nodes to prevent wormhole tunnel. The detection probabilities depend on wormhole tunnel length.
Ronghui, H., Guoqing, M., Chunlei, W. and Lan, F.
Detecting and Locating Wormhole Attacks in WSN Using Beacon Nodes
An algorithm implement in beacon nodes that are assume know their location. The beacon nodes use cryptographic key and authentication to identify itself so the normal nodes can detect the original sender.
It manages to detect a wormhole but the location of beacon node need to be enter manually or using a GPS. Not suitable if the beacon nodes distributed randomly.
Kaissi, R.E., Kayssi, A., Chehab, A. and Dawy, Z.
DAWWSEN (Defense mechanism Against Wormhole attacks in Wireless SEnsor Networks)
Build a hierarchical tree where the base station is the root node, and the sensor nodes are the internal or the leaf nodes of the tree. Each node discovers by hop count, delay and number of reply. The lowest value is considered near to the base station.
The 3 criteria for node discovery determine the wormhole is within the network. If one of the criteria doesn't match, the packets dropped and then the attacker put in blacklist.
Table 2.5 Continued
Xu, Y., Chen, G., Ford, J. and Makedon, F.
Distributed Wormhole Attack Detection in Wireless Sensor Networks
Wormhole Geographic Distributed Detection (WGDD) use hop counting and will run Dijkstra's algorithm to get shortest path for each pair of nodes. It will create a local map for its neighbors based on diameter to detect wormhole.
The main idea for this approach is to find a wormhole based on the diameter of the network. Since there is two wormhole nodes, each diameter add up and create large diameter than normal.
Canada-Bago, J., Fernandez-Prieto, J.A., Gadeo-Martos, M. A. and Velasco, J.R
A New Collaborative Knowledge-Based Approach for Wireless Sensor Networks
Fuzzy Rule Based System that have a set of database to apply rules in each sensor nodes. This experiment done in real world application to find a probability of attacks if two or more condition meets.
It different from anomaly detection that find the changes between normal nodes behavior and malicious but use many other variable to predict future attacks.
In this chapter, a review in different approach helps to understand about the project topic and give a general idea and gains more understanding towards the approach that will be used.
Methodology can be defined as a strategy and approach to achieve some goal presented as a framework in which related processes made up of activities or steps are grouped. This chapter will discuss in details the methodology to archive the objective given in the Chapter 1.3 and within the scope limitation.
3.1 SYSTEM REQUIREMENTS
First preparation is to meet the minimum requirements in Collaborative Approach which divide by two categories; a hardware and software.
3.1.1 Hardware requirements
Processor: Pentium 4 or Athlon 1.5 Ghz or latest for adequate computational power needed to run the simulation smoothly and to avoid system from hang or freeze.
Hard disk: Space available at least 2 Gigabytes needed to store all the software that been used and the saved data.
Memory: 256MB RAM or higher since memory almost the same like processor, high memory made the simulation runs without problem.
3.1.2 Software Requirements
Sinalgo 0.75.3 regular release is the main simulation software that been used to simulate the wireless sensor networks and written in java.
Java JDK Version 1.6.0_21 or latest versions to support the simulator and Eclipse.
Windows XP/ Vista/ 7/ Linux based operating system that can support sinalgo and java.
Eclipse Helios worked as development platform to support Sinalgo simulator.
Simulation done by Sinalgo it views the network devices close to real hardware. It focuses on the verification of network algorithms, and abstracts from the underlying layers: It offers a message passing view of the network, which captures well the view of actual network devices. Some of the key features of Sinalgo:
Quick prototyping of your network algorithms in JAVA
Straight forward extensibility to cover nearly any simulation scenario
Many built-in, but still adjustable plug-ins
High performance - run simulations with 100000s of nodes in acceptable time
Support for 2D and 3D
Asynchronous and synchronous simulation
Customizable visualization of the network graph
Platform independent - the project is written in Java
Eclipse is a multi-language software development environment comprising an integrated development environment (IDE) and an extensible plug-in system. It includes the Eclipse Java Development Tools (JDT), offering an IDE with a built-in incremental Java compiler and a full model of the Java source files. This allows for advanced refactoring techniques and code analysis. The IDE also makes use of a workspace, in this case a set of metadata over a flat filespace allowing external file modifications as long as the corresponding workspace "resource" is refreshed afterwards and Sinalgo stored in this workspace.
3.2 WIRELESS SENSOR NETWORKS SETUP
Collaborative Approach model a network with flat and fixed network which nodes were distributed in random way. Each node has a unique identifier and fixed radio range and have different type of nodes. A normal node is for capturing information from environment and forward to Base Station. Monitor nodes responsible for monitoring its neighbors and stores relevant information to test rules
on them. Wormhole nodes will carry out an attack inside the network on data message and Base Station works as a destination for all messages.
These monitor nodes is given a task to watch the entire network. Each monitor will be in charge to place in the networks to watch the traffic flow. Monitor nodes have specific rules applied in it memory to differentiate normal nodes behavior and when there is intrusion, it detect based on 3 phases by Silva, et al. (2005):
Phase 1 - Data Acquisition: messages send and received in the network is collected
Phase 2 - Rule Application: rules are applied to the message and if it failed, message failure will raise.
Phase 3 - Intrusion Detection: message failure is compared to expected values of failure in the networks, if it's higher, an intrusion is detected.
Rules on monitor nodes provided as follows based on Lemos, et al. (2009):
Interval Rule: failure is raised if the time past between the reception of two consecutive message is larger or smaller than the allowed limits.
Retransmission Rule: failure is detected if node not fowarded message when it should.
Integrity Rule: the data should remain unchanged in relay.
Delay Rule: the retransmission of a message by a monitor neighbor must occur before a defined timeout.
Repetition Rule: the same message can be retransmitted by the same neighbor only a limited number of times.
Radio Transmission Range: a failure is detected if the monitor receives a message from a node that does not have enough power radio.
Valid Destination Rule: verify if the destination are valid ones.
Valid Origin Rule: verify if the origins are valid ones.
Jamming Rule: the number of collisions associated with a message sent by the monitor must be lower than the expected number in the network.
3.2.1 The Monitor Collaboration Process
When sensor a network been deployed, all the sensor nodes connect together within range to establish a connection to the base station. Base station will start send message to all nodes and each node will reply the message back the base station. With this information, monitor quantity within the network and their identification (ID) number can be store in the base station. Based on the figure 3.2.1a below; the base station print an output off total 4 monitor in the network and their node ID 11, 12, 13 and 14.
Figure 3.2.1a Collaboration Process
Figure 3.2.1b Monitor Collaboration
Monitors collaborate between monitor by subscribing with each other monitor in the network to detect an anomaly activity. First process of subscribing is a monitor start to find the next monitor by incremental value of nodes ID. The first monitor nodes that it finds will be stored in the memory and next monitor will do the same until all monitor nodes found. The second process of subscribing is to search a successor monitor nodes if the monitor break down. A successor monitor is the previous monitor nodes that connected to as shown in Figure 3.2.1b.
3.3 WSN SIMULATION
Implementations of sensor nodes based on following situation:
Two wormhole nodes in a network consist of ten normal nodes, four monitor nodes and one Base Station. One round at a time will be conduct first to view communication between normal, monitor nodes and base station. After that, two wormhole nodes will enter the network and the simulations continue to view the effect of this malicious node in the networks. Figure 3.3 show the network view of this simulation.
ID = 15
ID = 16
ID = 17
ID = 14
ID = 12
ID = 11
Figure 3.3 - WSN simulation
Monitor nodes ID = 14, 15, 16 ,17
Wormhole node ID = 11, 12
RESULT AND DISCUSSION
Result in the simulation obtain when the network converged and node that close to the wormhole node is been test to send a message to base station. In this simulation, based on figure 4.0a, the wormhole node ID = 12 serve a purpose to send message it receive from nearest nodes to wormhole node ID = 11 via wormhole tunnel. The nearest nodes is ID = 2, 3, 10 and this node unable to successfully send it a message to the base station. This attempt result the wormhole node ID = 12 to collect it message and send it to wormhole ID = 11 as shown in figure 4.0b
ID = 15
ID = 12
ID = 11
ID = 10
ID = 2
ID = 3
Figure 4.0a - WSN Simulation
Notification when node near wormhole node ID = 12 try sending message to base station
Figure 4.0b - Message Result
While node ID = 15 is not effected because it directly connect to base station but this clearly shows that this Monitor nodes not capable to detect a wormhole attacks in the network. Monitor nodes number ID = 15 doesn't show any alert message that there an anomaly activity in the networks considering a normal node can't send message to the base station. Also monitor nodes ID = 14, 16 and 17 doesn't detect wormhole node ID = 11 when it received message from node ID = 12.
The result from the simulation using collaborative approach to detect wormhole doesn't turn out as expected. Suppose a monitor nodes will try to find any anomaly activity in the network based on the rules given in Chapter 3.2. Since the wormhole attacks not detected within the network, it would best assume that the rule in the monitor nodes not suitable for this attacks.
The interval, retransmission, integrity, delay, repetition, valid destination, valid origin and jamming rule applies in this collaborative approach doesn't not meet the characteristics of wormhole attacks. While only the radio transmission range rule that almost match the wormhole characteristic which use higher transmission range but still, the monitor nodes unable to detect an attacks.
The current solutions for wormhole are limited to several techniques based on the study in literature review. Most known technique is based on finding all nodes location in the networks and using timing analysis or a hop count between all nodes. The collaborative approach in this paper doesn't use this technique but only apply a set of rules as mention above.
CONCLUSION AND RECOMMENDATION
Collaborative Approach that used detection technique usually will have an advantage in WSN environment. Considering the limitation of sensor nodes, it's very prone to attacks and malicious activities, the detection techniques definitely better in term of preventing future attacks. From research paper by Lemos, et al. (2009), the simulation is able to detect the repetition attacks successfully and the author's left other types of detection for future works. A wormhole attacks is chosen in this research project, and the same simulation is conducted again. At the end of the simulation, the monitor nodes in the proposed approach can't detect wormhole attacks and thus, a wormhole attacks can harmed the networks. This Collaborative Approach needs some improvements to detect a wormhole attacks.
After some investigation in this approach, I can conclude that the problem arise is related to one of the rules in monitor nodes. The rules of Radio Transmission Range stated in Chapter 3.2 do not set to reflect one of a wormhole characteristic which is using a long or higher range of transmission. Because of this, the monitor nodes not able to continue on Phase 3 - Intrusion detection where it should be apply the rules and detect the wormhole nodes.
My recommendation is to add an extra rule to limit the radio power within an acceptable nodes range from the original Radio Transmission Range rules. This rules, apart from to detect a failure if the monitor receives a message from a node that does not have enough radio power, it can detect an attacker with wider radio range than normal nodes.
The reason why limiting range is recommend because, theoretically an attacks like wormhole and hello flood usually done by intruder using more powerful radio frequency and limiting the range will defend the nodes from fall into wormhole links.
Lastly, limiting the nodes range is different from previous work that been studied. It should be suitable in this collaborative approach technique because it can be applied in the Radio Transmission Range rules. This is simpler from others technique like using a special beacon nodes that need extra hardware or manual configuration to know it location by Ronghui, et al. (2009).