Detection and isolation of wormhole nodes in wireless ad hoc networks based on post-wormhole actions

David Samuel Bhatti; Shahzad Saleem; Azhar Imran; Hyeon Jeong Kim; Ki-Il Kim; Kyu-Chul Lee

doi:10.1038/s41598-024-53938-9

Detection and isolation of wormhole nodes in wireless ad hoc networks based on post-wormhole actions

Sci Rep. 2024 Feb 10;14(1):3428. doi: 10.1038/s41598-024-53938-9.

Authors

David Samuel Bhatti¹, Shahzad Saleem^{2

3}, Azhar Imran⁴, Hyeon Jeong Kim⁵, Ki-Il Kim⁶, Kyu-Chul Lee⁷

Affiliations

¹ Faculty of Information Technology, University of Central Punjab, Lahore, Pakistan.
² Department of Cybersecurity, College of Computer Science and Engineering, Jeddah University, Jeddah, Saudi Arabia.
³ School of Electrical Engineering and Computer Science, National University of Sciences and Technology, Islamabad, Pakistan.
⁴ Department of Creative Technologies, Faculty of Computing & A.I., Air University, Islamabad, 42000, Pakistan.
⁵ Department of Computer Science and Engineering, Chungnam National University, Daejeon, 34134, Korea.
⁶ Department of Computer Science and Engineering, Chungnam National University, Daejeon, 34134, Korea. kikim@cnu.ac.kr.
⁷ Department of Computer Science and Engineering, Chungnam National University, Daejeon, 34134, Korea. kclee@cnu.ac.kr.

Abstract

The wormhole attack is one of the most treacherous attacks projected at the routing layer that can bypass cryptographic measures and derail the entire communication network. It is too difficult to prevent a priori; all the possible countermeasures are either too expensive or ineffective. Indeed, literature solutions either require expensive hardware (typically UWB or secure GPS transceivers) or pose specific constraints to the adversarial behavior (doing or not doing a suspicious action). The proposed solution belongs to the second category because the adversary is assumed to have done one or more known suspicious actions. In this solution, we adopt a heuristic approach to detect wormholes in ad hoc networks based on the detection of their illicit behaviors. Wormhole and post wormhole attacks are often confused in literature; that's why we clearly state that our methodology does not provide a defence against wormholes, but rather against the actions that an adversary does after the wormhole, such as packet dropping, tampering with TTL, replaying and looping, etc. In terms of contributions, the proposed solution addresses the knock-out capability of attackers that is less targeted by the researcher's community. In addition, it neither requires any additional hardware nor a change in it; instead, it is compatible with the existing network stack. The idea is simulated in ns2.30, and the average detection rate of the proposed solution is found to be 98-99%. The theoretical time to detect a wormhole node lies between 0.07-0.71 seconds. But, from the simulation, the average detection and isolation time is 0.67 seconds. In term of packet loss, the proposed solution has a relatively overhead of [Formula: see text] 22%. It works well in static and mobile scenarios, but the frame losses are higher in mobile scenarios as compared to static ones. The computational complexity of the solution is O(n). Simulation results advocate that the solution is effective in terms of memory, processing, bandwidth, and energy cost. The solution is validated using statistical parameters such as Accuracy, Precision, F1-Score and Matthews correlation coefficient ([Formula: see text]).

Keywords: Detection rate; MANET attacks; Matthews correlation coefficient; Memory and processing costs; Messaging overhead; Packet loss and delivery ratio; Wormhole detection and isolation.