A Provenance Based Mechanism to Identify Malicious Packet Dropping Adversaries in Sensor Networks

Malicious packet dropping attack is a major security threat to the data traffic in the sensor network, since it reduces the legal network throughput and may hinder the propagation of sensitive data. Dealing with this attack is challenging since the unreliable wireless communication feature and resource constraints of the sensor network may cause communication failure and mislead to the incorrect decision about the presence of such attack. In this paper, we propose a data provenance based mechanism to detect the attack and identify the source of attack i.e. the malicious node. For this purpose, we utilize the characteristics of the watermarking based secure provenance transmission mechanism that we proposed earlier and rely on the inter-packet timing characteristics after the provenance embedding. The scheme consists of three phases (i) Packet Loss Detection (ii) Identification of Attack Presence (iii) Localizing the Malicious Node/Link. The packet loss is detected based on the distribution of the inter-packet delays. The presence of the attack is determined by comparing the empricial average packet loss rate with the natural packet loss rate of the data flow path. To isolate the malicious link, we transmit more provenance information along with the sensor data. We present the experimental results to show the high detection accuracy and energy efficiency of the proposed scheme.