Node compromise attacks pose a serious threat toWSNs. To launch an attack, an adversary physically capturesa node and access data or software stored on the node. Evenworse, the adversary may redeploy the captured node back intothe network and use it to launch further attacks. To reducethe impact of a node compromise attack on network operations,the network should detect a node compromise as early aspossible, ideally soon after a node is being captured, and thenisolate the node from future network communications. Solutionsfor early node compromise detection are based on distributedmonitoring of neighbouring nodes’ aliveness. Nodes regularlysend notification (Heartbeat) messages to their one-hop neighborsto indicate their aliveness. If no message is received from anode (i.e., if a node is not heard) for a certain period of time,then the unheard node is said to have been compromised. Thisapproach may have a large number of false positive errors whenthe message loss ratio in the network is high, as missing messagescould be caused by message loss during transmission, in additionto node compromises. This paper proposes a novel scheme, calledan Adaptive Early Node Compromise Detection (AdaptENCD)scheme, to facilitate node compromise attack detection in acluster-based WSN. The scheme is designed to achieve a lowfalse positive ratio in the presence of various levels of messageloss ratios. To achieve this feature, two ideas are used in thedesign. The first is to use cluster-based collective decision makingto detect node compromises. The second is to dynamically adjustthe rate of notification message transmissions in response to themessage loss ratio in the sender’s neighborhood. The performanceof the scheme, in terms of false positive ratio, false negativeratio and transmission overheads, is evaluated using simulation.The results are compared against those from the most relevantscheme in the literature. The comparison results show that ourscheme can detect all the node compromises in the network moreeffectively and efficiently, regardless of the message loss ratio inthe underlying environment.
展开▼