Node compromise attacks pose a serious threat to wireless sensor networks (WSNs). To launch an attack, an adversary physically captures a node and access data or software stored on the node. Even worse, the adversary may redeploy the captured node back into the network and use it to launch further attacks. To reduce the impact of a node compromise attack on network operations, the network should detect a node compromise as early as possible, ideally soon after a node is being captured, and then isolate the node from future network communications. Solutions for early node compromise detection are based on distributed monitoring of neighboring nodes' aliveness. Nodes regularly send notification (Heartbeat) messages to their one-hop neighbors to indicate their aliveness. If no message is received from a node (i.e., if a node is not heard) for a certain period of time, then the unheard node is said to have been compromised. This approach may have a large number of false positive errors when the message loss ratio in the network is high, as missing messages could be caused by message loss during transmission, in addition to node compromises. This paper proposes a novel scheme, called an adaptive early node compromise detection scheme, to facilitate node compromise attack detection in a cluster-based WSN. The scheme is designed to achieve a low false positive ratio in the presence of various levels of message loss ratios. To achieve this feature, two ideas are used in the design. The first is to use cluster-based collective decision making to detect node compromises. The second is to dynamically adjust the rate of notification message transmissions in response to the message loss ratio in the sender's neighborhood. The performance of the scheme, in terms of false positive ratio, false negative ratio, and transmission overheads, is evaluated using simulation. The results are compared against those from the most relevant scheme in the literature. The comparison results show that our scheme can detect all the node compromises in the network more effectively and efficiently, regardless of the message loss ratio in the underlying environment.

• 出版日期2016