We investigate the problem of defending wireless sensor networks against attacks that disrupt dynamic routing protocols. We propose a novel intrusion detection system that detects the presence of a sinkhole attack, or any at-tack that misleads traffic by understating the cost of an attack route. Our study shows that protocols designed to select the shortest path between two nodes will, through time, select a series of paths whose length exhibits a log-normal distribution. By deriving tolerance limits from the lognormal distribution of path lengths under normal conditions, we develop an anomaly detection scheme that detects sinkhole attacks in a computationally efficient manner. We show that our scheme can detect attacks with 96% accuracy and no false alarms using a single detection system in a simulated network.
展开▼