Capacity trust assessment for multi-hop routing in wireless sensor networks

: This paper proposed a newIntrusion Detection mechanism based on Multiple Trust Attributes in Wireless Sensor Networks (WSNs). Mainly this work concentrated to assess the trust in ems of capacities of the sensor nodes. The capacity of a node is formulated based on two trusts namely Fault Tolerance Trust and Stability Trust. Every SN checks the trustworthiness of its neighbour SNs based on the Capacity Trust and confirms their trustworthiness. If any node is discovered as malicious, such type of node is called as intrusion or outlier and isolated from network.Extensive Simulations are conducted over the proposed intrusion detection mechanism and the performance is evaluated through Malicious Detection Rate, and False Positive Rate.


Introduction
WSNs are increasingly witnessing novel applications in diverse fields [1], [2]. Many of these are futurist in nature, although a large proportion of these are currently in use. Even though there is a huge prospect for WSNs in real time applications, many challenges like inter-operability, resource constraints, scalability, mobility, privacy and security are raised during the connection of sensor nodes. Many different type of architectures are developed for WSNs [3] to provide the solutions for these challenges. Major challenges are solved by changing the architectures except security and privacy. So, this security posing great hurdle to WSN architectures. As a result, there are numerous possible security and privacy issues, from the internet to the real world, and there is a chance that people could be harmed. For example, a compromised sensor node may lead to attack on the other nodes or on the entire network.A compromised node may potentially enable the leaking and misuse of personal information, depending on the attack method.
A communication breakdown may have an impact on the outside world and put people's physical safety at danger. Since the WSN is a more prone to several security threats, there is a necessity of an efficient routing design such that the Sensor Nodes in WSN will get protected. Once any of the node is compromised in network, it consequences to several problems such as information loss, control over the connected devices, hacking etc. A serious communication between two sensor nodes can be hacked easily if it is going on through free communication channel because of so many adversaries. A more serious concern in the WSN is that the attacked nodes starts misbehaving and can drop the packets or can manipulate the packets. Due to the nature of openness of transmission and deployment, the WSN suffer from several serious attacks like sink-hole, black-hole, wormhole, replay, Distributed Denial of Service (DDOS), Sybil selective forwarding, DoS, data tampering, hijack attacks. Thus there is a necessary to design an effective security framework to make the IoT more secure and resilient to all these attacks.Since the WSN is an infrastructure less network, for data transmission to base station, the sensor nodes look for the service of remaining nodes for an information transfer and effective communication [4]. Due to this co-operative nature, the WSN has become vulnerable to several types of security threats.

Problem Identified:
In the WSN, the interconnected sensor nodes are heterogeneous in nature and every node has its own aspects by which they can be compromised more easily. Design of a trust based security framework just by considering few aspects makes the WSN network less resilient to different attacks. For example, if the trust design is addressed towards the tampering attacks, then the network can be compromised through remaining attacks like DoS attack, sinkhole attacks etc.
To achieve more resilience towards different types of attacks in WSNs, this work proposes a new intrusion detection mechanism based multiple attributes. Under this objective, multiple trust metrics are combined together to help the node in the selection of a more trustworthy next hop node. Trust evaluation based on capacity of node, called as Capacity Trust (CT). Under the capacity trust, we have considered two more trust metrics; they are fault tolerance trust and stability trust.
Rest of the paper is organized as follows; section II explores the details of literature survey. Section III explores the details of proposed methodology. Section IV explores the results and section V concludes the paper.

Related work
S.M. Sajjad et al., [6] focused only on the detection of Selective forwarding attack, Jamming attack and Hello Flood attack. Towards such detection, the authors considered two metrics; they are Received Signal Strength (RSS) and Packet Forwarding Rate (PFR) and every node measures the trustworthiness based on these two factors. Based on the obtained trust, the nodes are declared as trustworthy, malicious or risky. The PFR metric is much effective but not RSS, because for maximum number of attacks, the data rate will vary but not RSS. However, without the consideration of interactions, the trust evaluation is inefficient.
A "Trust Based Adaptive Acknowledgment (TRAACK)" is proposed by G. Rajeshkumar and K. R. Valluvan [7] in which the trust of a node is evaluated based on Kalman filter and Successful packet deliveries. Based on the entire trust of a route, an acknowledgment is initiated for the selection of packets such that the control overhead will get reduced. However, the only successful packet deliveries are not sufficient for intrusion detection. Non-successful packet deliveries have more significance in the detection of several attacks, because for DoS attack there exists more number of successful packet deliveries.
F. Shang et al. [5] proposed Cumulative Summation based Hybrid Intrusion Detection model for the detection of sink hole attack and Dos Attacks in WSN. This approach considered two metrics for trust evaluation; they are link quality and majority rule. However, this approach not focused on the basic properties of nodes through which the trust is simply measured and malicious nature is identified.
Some authors focused on the layer level security provision and towards such methodology, Umashankar G et al., [8] proposed a "physical layer based intrusion detection system (PL-IDS)". In PL-IDS, the trust value of a node is calculated based on the deviation of important factors at physical layer. The abnormal nodes mainly attack the physical layer through DoS attack and use jamming attacks [11] to consume the resources of trustworthy nodes. Further PL-IDS is enhanced by adding two more layers (Network layer and Medium Access Layer) for intrusion, called as "Protocol Layer Trust Based Intrusion Detection System (LB-IDS)" [9]. At physical layer, two metrics namely Energy and Number of messages received are considered for trust calculation. Next, MAC layer, numbers of successful transmissions and Back off time are considered and finally at network layer, only number of hops is considered for trust evaluation. Finally, the overall trust value of senor node is estimated by combining these individual trust metrics. LB-IDS mainly focused on the detection of jamming attack, sink-hole attack and back-off manipulation attack. Even though this method is able to detect more number of attacks but the computational burden is too high because every time, the node has to check the trustworthiness at three layers. This excessive time introduces a time delay for packet at base station.
Guleria and Verma [10] projected a novel ant colony meta-heuristic based unequal clustering for the selection of CH. The fusion of data from CH node to that of the intermediate node termed Rendezvous node in turn decreases the transmission of energy and thus the consumed energy by the nodes were minimal. The phase of neighbor node recognition and the maintenance of link by meta-Heuristic Ant colony optimization technique in turn choose the optimal path among the nodes that enhances the delivered packet to the destination nodes. The initialization of population needs excess time at this stage. Therefore, the Haversine distance was estimated between the nodes that too decreases the message transmission dimensionality over the nodes. The optimal path prediction and the selection of CH with the use of ant colony optimization Meta-Heuristics [12] and the unequal clustering process thus reduce the consumption of energy effectively.

Proposed Methodology
Capacity trust is one of the most significant aspects of evidence that manifests the trustworthiness of sensor nodes. Capacity trust is derived based on the node's capability that includes the performance of a node in the earlier communication interactions. Under this trust, we have considered two sub-trusts; they are fault tolerance trust and stability trust. Fault tolerance ensures the robustness against node failures from several technical reasons. Next the stability trust ensures the capacity of a sensor node with respect to its stability. Further details are explored in the following subsections;

Fault tolerance trust
In WSNs, the sensor nodes are tiny devices which are very sensitive to operating environments like breakages, electrical surges, and damages etc. If any node was break down, then it can't work properly, i.e., it can't perform even its basic operations like sensing, processing and transmitting. Even though if these nodes are recovered quickly, they can't properly as they work before break down. The recovery time of these tiny devices is very small because the sensor nodes won't have much complex circuitry. Moreover, there is an availability of alternate circuits or processors through which the damaged circuits can be replaced. However, it is probable that some nodes may not recommence the normal operation. A sensor node which has frequent breakages is considered to be not reliable. Hence we considered to evaluate the trustworthiness of a node through its fault tolerance.
For this purpose, we have considered three factors through which the fault tolerance can be modeled; they are (1) Pass Rate, (2) Failure Rate and (3) Recovery Rate. The pass rate is defined as the total successfully completed instances by the target node to the total instances given by source node. For a given task, if the target node exists until the completion of task, then it is considered as pass and the pass rate counts such types of instances. As the pass rate is high, the fault tolerance is high. Next, the failure rate is defined as the total number of failure instances to the total number of instances. Further, the recovery rate is measured based on the node's regaining from the breakage. Some instances are possible at which the node can't recover. Based on this fact, the recovery rate is defined as the ratio of total number recovered instances to the total number instances. For any node, a less failure rate, more pass rate and recovery rate denotes good fault tolerance and such type of nodes are only preferred for communication process. All these rates are obtained based on past working experience in the trust list without heavy data communication.
Consider two sensor nodes and , let the pass rate of node is ( ), failure rate is ( ) and the recovery rate is ( ). Based on these three rates, the fault tolerate trust is evaluated as Where ( , ) is the fault tolerance trust between sensor nodes and , lies in the range of 0 and 1, where 0 denotes the node have less fault tolerance trust and 1 denotes the higher fault tolerance trust. Among the available senor nodes, one final node is selected as final which has higher fault tolerance.

Stability Trust
In WSNs, the topology of the network changes dynamically. Consequently, the nodes join and leave the network dynamically. There are so many reasons behind this dynamic topology variation, for example minor movements (done by external things), energy depletion, additional node deployment, resource constraints etc. Since the nodes in WSN have frequent departures and arrivals, we have considered these facts to analyze the node's stability. Hence a more stable node can gain more trust because it can provide more benefit to the network. To model the stability trust, we have considered its lifecycle because the lifecycle gives information about the node's departures and arrival times. Under the lifecycle concept, we have defined the entire lifecycle of a node through two time periods; they are working time and existing time. Here the existing time is defined as the time period up to which the node has present in the same position (no departure or no arrival) or simply the entire lifecycle. Next, the working time is defined as time period up to which the node is present in the working mode (sensing, processing and transmitting). Generally, a greater value of working time denotes the higher stability. Hence we define the stability trust as the ratio of working time to existing time. Consider two sensor nodes and , and let and be the working time and existing time respectively, where | | denotes the length of working time and | | denotes the length of existing time of node . Further assume that the node has interacted with node P times, the stability trust is expressed as; Where ( , ) is the stability trust of node over node , is a penalizing parameter which has been modeled with respect to the total number of interactions happened between two sensor nodes. is mathematically derived as; Where is an arbitrary constant, lies in the range of 0 and 1, and P is the total number of interactions incurred between two sensor nodes.
For a node which has frequent departures from the network, the penalizing parameter is high, means that particular will get penalized heavily. As we discussed that that a node which has frequent departures is not reliable, hence the stability trust of such node is very less and it can't be considered for communication process. Since the length of working time as well as existing time is recorded by nodes, the computational cost of stability trust is not considerable. Based on these two sub-capacity trusts, the final capacity trust is modeled as; Where 1 and 2 are two weight factors, signifies the weight of Fault tolerance trust and stability trust respectively. From Eq.(8), we can understand that the stability trust is an average of Fault tolerance trust and stability trust. With respect to the capacity trust, among the available neighbor nodes, the source node chooses one node which has higher capacity trust.

Simulation Results
During the simulation, we have varied the number of interactions and the portion of malicious members. The interactions are varied from 100 to 1000 and the portion of malicious members is varied as 15%, 30% and 45% of total number of nodes present in the network. For example, consider an instance of 200 interactions. At this instance, we have varied the portion of malicious members as 10%, 20%, 30%, 40% and 50%, and a every phase the performance is measured through MDR, and FPR.
Here, we have demonstrated the effectiveness of proposed approach by comparing its performance with some existing approaches. We have compared with Nearest Neighbor Trust based Intrusion Detection System (NNTB-IDS) [6] and Energy Aware Trust Based Intrusion Detection System (EATB-IDS) [20]. NNTB-IDS considered two metrics for the trust evaluation of nodes; they are Received Signal Strength (RSS) and Packet Forwarding Rate (PFR). Based on the obtained trust, the nodes are declared as trustworthy, malicious or risky. However, the RSS is a perfect metric for the evaluation of distance between while it has less contribution in the detection of malicious nodes. Next, under the Packet Forwarding Rate, they have considered packet generation rate and packer receiving rate only. These factors perform well in the detection of only one attack, i.e., flooding attack. This approach didn't consider the basic criterion, i.e., communication interactions which are a generalized theme for the detection of several attacks. Hence NNTB-IDS is not robust. Meanwhile they didn't consider the fault tolerance trust as well as stability trust.
Next, in EATB-IDS [7], the trust of a node is evaluated based on Kalman filter and Successful packet deliveries. Based on the entire trust of a route, an acknowledgment is initiated for the selection of packets such that the control overhead will get reduced. In this approach the Kalman filter is employed for the trust evaluation. The Kalman filter is a generalized filter which works based on the concept of Minimum Mean Square error (MMSE). MMSE is evaluated between current and previous states (i.e., Packets send and acknowledgments received) of a node. If it observes a greater MMSE, then that node is declared as malicious otherwise normal. The Successful packet deliveries are evaluated based on TWOACK scheme. However, they didn't consider the communication interactions and recommendations for the trust evaluation. Moreover, they didn't discuss about the trust evaluation when there is no direct link between nodes. Meanwhile the fault tolerance trust and stability trust are also not considered.  Further at 30% portion of malicious members, the MDR of proposed approach is observed as 0.9489, while for NNTB-IDS and EATB-IDS it is observed as 0.9003 and 0.9213 respectively. From these values we can observe that the MDR at higher portion of malicious members (30%) is much deviated with MDR at lower portion of malicious members (20%). But this deviation is less in the case of proposed approach. The main reason is that the proposed approach considered multiple strategies to measure the trustworthiness of a node while the conventional approaches are considered only few strategies that too they are oriented in only one orientation. The NNTB considered RSS and the EATB considered Kalman filter and these don't have much significance in the trust estimation in WSNs. Fig.2 shows the FPR comparison between proposed and existing approaches. As shown in this figure, the FPR is increasing with an increase in the portion of malicious members. However, for a particular instant of portion of malicious members, the FPR of proposed approach is less compared to the both existing approaches. For example, at portion of malicious members 20%, the FPR of proposed approach is observed as 0.0402 while for NNTB-IDS and EATB-IDS it is observed as.0654 and 0.0586 respectively. Further at 30% portion of malicious members, the FPR of proposed approach is observed as 0.0555, while for NNTB-IDS and EATB-IDS it is observed as 01547 and 0.775 respectively. This deviation is increasing for further increment in the portion of malicious members. At 50% portion of malicious members, the FPR of proposed approach is noticed as 0.11 while for NNTB-IDS and EATB-IDS, it is observed as 0.1998 and 0.3489 respectively. Means the FPR is observed as very high for higher portion of malicious members. The main reason is that the conventional approaches didn't focus on the communication interactions as well as recommendations during the trust evaluation of nodes.

Conclusion
In this paper, we have developed a new Multi-strategic intrusion detection mechanism to identify and isolate the malicious node sin the WSN. Under the multistrategic principle, we have modeled the total trust of anode through capacity trust. Under capacity trust, we have further considered two sub-trusts; they are fault tolerance trust and