See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/319871042

A Wormhole Attack Detection and Prevention Technique in Wireless Sensor

Networks

Article  in  International Journal of Computer Applications · September 2017

DOI: 10.5120/ijca2017915376

CITATIONS READS

12 1,670

3 authors, including:

Arish Siddiqui Amin Karami

University of East London University of East London
3 PUBLICATIONS   13 CITATIONS    18 PUBLICATIONS   392 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

The Use of Computational Intelligence for Security in Named Data Networking View project

IEEE Educon 2019 View project

All content following this page was uploaded by Amin Karami on 18 November 2017.

The user has requested enhancement of the downloaded file.

 International Journal of Computer Applications (0975 - 8887)
Volume 174 - No.4, September 2017

A Wormhole Attack Detection and Prevention

Technique in Wireless Sensor Networks

Marcus Okunlola Johnson Arish Siddiqui Amin Karami

Computer Science & Informatics Computer Science & Informatics Computer Science & Informatics
University of East London (UEL) University of East London (UEL) University of East London (UEL)
London, UK London, UK London, UK

ABSTRACT which a node determines its neighbour is called a neighbour dis-

covery. Once communication is established between nodes, a link
Security is one of the major and important issues surrounding net- is then formed to transmit the packet in a single hop distance. This
work sensors because of its inherent liabilities, i.e. physical size. process is repeated until packets arrived at its destination. It is dur-
Since network sensors have no routers, all nodes involved in the ing this routing process that an adversary can attack the network
network must share the same routing protocol to assist each other with malicious nodes acting like a real neighbour to the source and
for the transmission of packets. Also, its unguided nature in dy- destination nodes. Ones malicious node is able to attached itself
namic topology makes it vulnerable to all kinds of security at- to a genuine node, it creates a low latency link between the ma-
tack, thereby posing a degree of security challenges. Wormhole is licious nodes, for a falsely packets transmission. One of many of
a prominent example of attacks that poses the greatest threat be- such attacks that causes huge impact on the network sensor is called
cause of its difficulty in detecting and preventing. In this paper, wormhole attack. One of the reason for this attack is to disrupt the
we proposed a wormhole attach detection and prevention mech- neighbour discovery mechanism [18]. Hence, the security assess-
anism incorporated AODV routing protocol, using neighbour dis- ment in this process, is paramount to the overall security enhance-
covery and path verification mechanism. As compared to some pre- ments of neighbour discovery protocol.
existing methods, the proposed approach is effective and promising Designing an accurate attack detection mechanism alongside with
based on applied performance metrics. a prevention technique in network and communication infrastruc-
tures are highly challenging and ongoing research work, attracting
Keywords a wide range of researchers’ attention [15, 16, 17]. In this research
work, evaluation is concentrated on wormhole attack; an attack that
Wireless Sensor Networks, Wormhole Attack, AODV routing
causes disruption in a network setup by confusing routing mecha-
nism, giving an illusion that genuine sensor nodes are neighbours
1. INTRODUCTION to a malicious node. This research aims to detect and prevent this
A Wireless sensor network is a collection, and grouped specialized attack in the routing protocol AODV using NS2 network simulator.
of transducer embedded with a communication infrastructure capa- Since data analytics are some of the most effective defences against
bilities, for the monitoring and keeping records of conditions at dif- network attacks [13, 14], we will analyse this attack node from an
ferent locations [3]. Such as temperature, pressure, speed of wind attacker’s perspective using an existing algorithm and suggest new
direction and more importantly, vital human body functions. A sen- improvement on the existing detection for the continued functional-
sor network should contain an autonomous node where every node ity. The rest of the paper is organized as follows. Section 2 presents
is interconnected to sensors, with communication range, an amount the wormhole implementation modes. Section 3 provides literature
of power and bandwidth. There are four basic parts that makes up a review. Section 4 details the proposed method. The experimental
network sensor; sensing units, a processor, a transceiver, and a bat- setup and results are desribed in Section 5. Finally, Section 6 draws
tery [10]. Electrical signal in the transducer is generated based on conclusion.
the physical quantity. While a microcomputer processes and store
this sensor output. Furthermore, to the processing, the transceiver 2. WORMHOLE IMPLEMENTATION MODES
receives commands from a central computer for onward data trans-
Wormhole attacks occurs at the network layer of OSI model, and it
mission. All this process is powered up by a battery.
is classified into four attacks modes [5] as follows:
Wireless sensor network unlike wired networks, contains spatially
distributed nodes in an unguided and unattended environment, (1) Encapsulation: It is a type of wormhole attack where a ma-
hence the possibilities of an attack by adversary is highly likely licious node at one part of the network overhears the RREQ
[2]. Therefore, the need to keep this sensor nodes save from attack packet. It is then tunnel through a low latency link with the
is enormous. For a sensor network nodes, to be able to send pack- help of normal node, to the second colluding malicious node
ets and communicate between them, partnership between nodes has at a distance near to the destination node. Once this packet is
to be established, because a single node transmission range is lim- received by the second malicious code, the legitimate neigh-
ited and cannot transmit packets to a long distance. This process by bour of the node drops any further legitimate requests from a

1
 International Journal of Computer Applications (0975 - 8887)
Volume 174 - No.4, September 2017

legitimate neighbour node. This result to the routes between

the source and the destination go through the wormhole link,
because it has broadcast itself has the fastest route. It prevents
legitimate nodes from discovering legitimate paths more than
two hops away.
For example, in Figure 1 where A and B finds the shortest path
between them for packet transmission, where two malicious
nodes X and Y is present. Node A will broadcast a RREQ
but because a wormhole node is present X gets this route re-
quest and encapsulates it into the packets destined for Y, and
it transmit this packet through a wormhole link tunnel. When
this packet is received by Y, it unmarshals the packet and re-
broadcast. B being the nearest neighbour to Y will receive this
Fig. 2: Out-of-Band Wormhole
packet thinking it has come from a legitimate path. Due to
the encapsulation, the hop count will not increase during the
traversal through U-V-W-Z. Now Node B has two routes to 3. LITERATURE REVIEW
choose from, either A-C-D-E or A-X-Y. obeying the rules of
routing protocols that uses metric of shortest path to choose a Wireless sensor nodes are prone to different types of attacks, be-
route path. B will choose the shortest route path which happens cause of its spontaneous nature in an unprotected environment
to be a wormhole link. which is about 4 hops. And apparently, where several security threats exist. Some of these attacks can in-
the wormhole link is 3 hops away while in reality is about 7 clude wormhole attack which can cause denial of service. Up till
hops away. date various techniques has been proposed for the detection and
prevention of wormhole wireless sensor node attack. The applica-
tion of most of the proposed solutions is promising, but the possi-
bility of malicious nodes affecting the good ones, coupled with the
difficulty in distinguishing the relationship between a poor network
and affected nodes behaviour must be addressed.

3.1 Reactive Protocols

A brief explanation to the most important reactive protocols
(AODV and DSR), is simulated in NS-2 [10] and Qualnet simulator
[1]. Both simulators conclude wormhole disrupts the three perfor-
mance of routing protocol namely, throughput, end to end delay and
packet delivery ratio under wormhole attack. Gaurav Garg [9] dis-
cussed AODV is more vulnerable to wormhole attack in mobility
Fig. 1: Encapsulation Wormhole
state while DSR is least vulnerable in non mobility state.

3.2 Neighbour Discovery Approach

(2) Packet Relay: This is another type of wormhole attack where
malicious relays packet between source and destination nodes. Wormhole attacks is one of the most powerful WSN attack that
Unlike encapsulation, this type of wormhole attack can be does not require any cryptographic breaks, as this attack does not
launched using only one malicious node. Considering node, create a separate packet. Its impact in the network and types is well
A and B are two non-neighbours. With a malicious node X, it described in-depth, alongside detail analysis on the detection and
can replay packets between A and B giving the illusion that prevention techniques. Result obtained indicates when a packet is
they are neighbours. received, sent or dropped at the nodes due to attacks, an explanation
of how the network is affected in terms of throughput variations is
(3) Out-of-band Channel: As the name suggest is a type of worm- well analysed [25]. In the same sense, a detail review is discussed
hole attack that uses a long range directional wireless link or and simulated using NS-2 on the prevention of wormhole attack in
a wired link. It is a very difficult attack to launch because its mobile Ad Hoc network using neighbour node analysis. Details re-
needs a specialized hardware. For example, in Figure 2 mali- lating to the neighbouring nodes is analysed to check the authentic-
cious node X tunnels the route request to a legitimate node Y, a ity of the nodes. In this approach, a node can request information
neighbour of B. Node Y broadcast the packet to its neighbour, stored by its neighbouring nodes in order to carry out a route re-
which always happens to be the destination node. Node B gets quest (RREQ) and a route response (RREP) mechanism.
two RREQ as A-X-Y-B and A-C-D-E-F-B. obeying the rule Sun Choi [7] proposed a simple scheme named WAP (Wormhole
of most routing protocol, node B will choose the fastest and Attack Prevention) algorithm to prevent wormhole attack. WAP
shorter route which happens to be the wormhole link. which operates on DSR protocol where generally, each node does
(4) High Power Transmission: In this mode of attack, a single ma- not check a RREQ packet overheard from its neighbour nodes. In
licious node can create a wormhole without colluding node. this scheme, all nodes monitor their neighbour?s behaviour when
when this single malicious node received a RREQ, it rebroad- a route is requested by using neighbours list. This mechanism also
casts the request at a very high power level capability com- uses wormhole prevention timer, because it is difficult to use only
pared to normal node, thereby attracting normal nodes to over- neighbour monitoring to detect wormhole attack as malicious node
hear this RREQ and further on broadcast the packet towards acts like a legitimate neighbour. For this reason, WPT calculates
destination. time delay per hop in the route and it records the neighbour?s nodes

2
 International Journal of Computer Applications (0975 - 8887)
Volume 174 - No.4, September 2017

address and time of receiving the packet. When a node overhears posed algorithm uses local monitoring of all neighbouring nodes
a route request after wormhole prevention timer, then a wormhole and relies on a secure central authority for positiontracking of the
attack is taking place. If a wormhole link is found, the information mobile nodes. The use of central authurity is contacted only in the
is stored at the source node to isolate them from taking part in the event of motion. Central authority node will still operate through
routing again. This is effective because it does not stop the flow periods in the event that its unreachable. The first proposed algo-
of packets between legitimate nodes. However, it suffers from false rithm is selfish move protocol (SMP). In this protocol, the mobile
positive. WADP is an improved WAP by Juni Biswas [4] for worm- node can only generate, send and receive its own traffic. This design
hole attack detection. It combines node authentication to remove arises from the knowledge that a node can only be able to launch
false positives and helps in exact location mapping of wormhole in an attack by forwarding packets. However, this protocol may cause
a modified AODV routing protocol. a disconnection in the network if a large part of the nodes moves
at the same time. To address this issue, the researcher developed a
3.3 Digital Signature Approach second algorithm called connectivity aided protocol with constant
velocity (CAPCV). This protocol eliminates lack of connectivity
In defending against malicious nodes using digital signature, this
thereby allowing the mobile node to forward packets.
reasearch proposed a mechanism whereby verification of neigh-
bours node signature is significant. In every legitimate nodes in the
network there contains the digital signature of all the remaining le- 3.5 Special Hardware-based Approach
gitimate nodes of the same network. For example for a route request
Generally, the most common method to detect and prevent worm-
to take place, sender first create a secure route between source and
hole is the use of neighbour discovery mechanism. Sometimes they
destination. This in turn distinguish between legitimate and mali-
are achieved through the use of special hardware such as direc-
cious nodes, because malicious nodes does not possess the original
tional antennal [11]. Similarly, Srdjan Capkun [6] proposed SEC-
digital signature [22].
TOR based on a special hardware. Others approaches towards this
In the same sense Amarijit et al. [20] developed a novel technique
attack includes time synchronization for detection of whether pack-
combining both princicles of clustering and digital signature during
ets sent from an authorized neighbour are received on time by the
route discovery using the same AODV routing protocol. Informa-
legitimate node [8]. Hu et al. (2003) [12] Introduced packet leashes
tion of all nodes is grouped in different clusters, and each cluster
in defending against wormhole attack. Two solutions were intro-
has a cluster head and a gateway nodes which forms a communica-
duced, temporal and geographical. With geographical leashes, lo-
tion link to different cluster head in the same network. To establish
cation information from GPS devices which is included in the pack-
a route betweeen nodes, it must first send route request to its cluster
ets, is used to detect the presence of wormhole nodes. And with
head. This cluster head will further forward the request to the other
temporal leashes, nodes are tightly time synchronised, thus packet
clusters after it has been digitally signed using a private key con-
transmitted between source and destination contains time at which
tained in the cluster head; through the gateway link until the request
it was sent. Furthermore protocols can be adjusted to estimate the
reaches the cluster head of the cluster which belongs to the destina-
distance betweeen the sender and the receiver. Using the network
tion node. Simulation result for this research prooved it archieved
signal, it can be verified whether or not the data comes from the
high level of detecting and preventing wormhole attack.
node within the range of communication.
Transmitting data in a network efficiently is the key most important
aspect of routing. Marti et al. [21] proposed two techniques watch-
dog and pathrater in detecting malicious node with minimal effect 3.6 Statistical Analysis Approach
on throughput in the presence of misbehaving nodes. One of this
Some other approach in this regards applies a centralised mech-
technique is called watchdog. It is used for every nodes in the same
anism that makes use of statistical analysis for the detection of
network to detect any misbehaving node. When a packet is sent to
malicious node [23]. This mechanism can detect the presence of
the next hop, it tries overhear the packet forwarded by the next hop.
a malicious node due to specific changes in the statistical pat-
For example a path from S to D through nodes A,B and C. node
tern. Analysing the issue of encrypting and decrypting packets sent
A cannot transmit to C without an intermediate node B. therefore
across each node. Pravin Khandare et al. [19] used the RSA tech-
when A transmits to B for onward forward to C, A will often tell if
nique for encryption and decryption of the nodes. It uses the 2Ack
B transmit the same packet successfully to the correct node C oth-
mechanism to check that only the authenticated node receives the
erwise it considers the next hop as malicious node. The pathrater
data. Acknowledgement is taken from one hop and two hop nodes.
uses the information about misbehaving nodes gained from the first
In cases where an attacker tries to forward the received message
technique (watchdog) to pick the route which is most likely legit-
into another location, this mechanism will prevent this by taking
imate. Every node maintains a trust rating for each of the nodes
the acknowledgements from the next two nodes.
in the network. When watchdog detects a malicious node, the trust
rating of the node is updated negatively. Techinically the pararater
calculates a path metric by averaging the nodes ratings in the path 3.7 Routing Protocol
to pick a safe route to send packets. This solution however, is better
To discover multiple paths between the source and the destina-
suited for traditional networks based on emphasis on the reliability
tion, we applied a reactive routing protocol called Ad hoc On-
of point to point communication than to sensor networks.
Demand Distance Vector (AODV) which was developed on July
3.4 Local Monitoring Approach 2003. AODV offers quick adaptation to dynamic link conditions
and uses low processing and memory overhead between participat-
Issa Khalil et al. (2005) [18] proposed two algorithms called MO- ing mobile nodes in an established network. AODV routing table
BIWORP in the elimination of any wormhole attack when ad-hoc is fields consist of destination IP address, sequence number of des-
in a mobility state. In this research paper a node is assigned to be the tination node, hop count to destination and next hop to follow. It
central authority which monitors the nodes neighbours locally. If also defines three types of control messages for up to date route
any malicious nodes is found, it isolates the node globally. The pro- maintenance [24]:

3
 International Journal of Computer Applications (0975 - 8887)
Volume 174 - No.4, September 2017

—RREQ: every route request carries a time to live (TTL) value that range of Node(A) is increased to 2r. After this increase, node(A)
indicates the number of hops the packet should be forwarded. It broadcast beacon message containing node(B) information to its
is set to a predefine value at discovery stage and increased at neighbour of node(C). during this message, both nodes B and C
retransmission if no reply is received by the receiving node. will not change their transmission range. After node(C) hears this
—RREP: Route reply message is rebroadcast back to the source of broadcast, it then verifies the authenticity of node(A) from node(B)
a RREQ to confirm if the receiver is the real request address user because both node A and B had earlier exchange their information
or a valid route to the requested address. in the first broadcast. The beacon frame will be transmitted at reg-
—RERR: All node monitors the activities and link status of their ular intervals until packet gets to its destination successfully. After
neighbour in active route path. When there is a breakage in the each change in radius of transmitting nodes, a test nodes updates
link, a RERR message is broadcasted to notify other nodes of the its neighbour node in the next beacon time.
lost link. For this to be activated, each node has to keep informa- —If N(C) contains N(B) but not contained in N(A) then wormhole
tion such as IP address for each of its neighbours.
detected
In On-demand distance vector routing protocol, each node main- —If N(C) contains N(B) and meets N(A) then no wormhole is de-
tains a routing table and gets updated every time a routing message tected
is received. For a source node to send a packet, it broadcast Route
request message to the whole of the network. On acknowledging The schematic of the proposed algorithm for wormhole attack de-
the request by the other nodes, it checks if the corresponding route tection and elimination is given in Figure 3.
exist and check to make sure is not a repeated request. If it is a re-
peated one, the node simply discard the packet. If not the request 4.1.2 TRM AODV: Wormhole Attack Detection. Input: Worm-
will be accepted. This process is repeated till packets gets to its des- hole path for data transmission, neighbours information.
tination. The intermediate node to the destination node will send a Output: Wormhole detection, periodically update the neighbour
route reply RREP to the source of the packet using a reverse route. list using beacon.
The node A and B is used as two tested nodes to describe the main
wormhole detection procedure of TRM algorithm. In proposed al-
4. THE PROPOSED METHOD gorithm, all nodes in the network has a current information of
There are two important parts contained in the detection and pre- its neighbours. Moreover, the neighbour list is updated frequently.
vention of wormhole attack, neighbour and path verification. Two Each node will request its neighbours to retrieve their neighbour
fake node neighbours with a wormhole tunnel will generally not lists by sending a beacon message to its neighbours. At the discov-
share a common one hop neighbour node. while two genuine node ery stage, all nodes will send its own neighbour information to its
neighbours will generally share other true neighbours between neighbours by sending beacon frames. Using this steps, each node
them. The proposed technique is to improve the existing algorithm can get its neighbour details within two hops. At the end, network
in [26]. This technique will detect wormhole and isolate them from topology will be founded. The beacon information will be sent at
the route path. During the neighbour route discovery, the packet regularly at intervals. After changing the radius transmission range,
will be encrypted at each level by sharing hello messaging with a test node will update its neighbour node details in the next beacon
neighbouring node. The packet will be decrypted by the receiving time. By comparing its current neighbour details with the previous
node and message must matched with the one distributed. details, a test node can now establish the existence of false topology
if any, that should not exist in a normal network.
4.1 Algorithm Description
4.1.3 APS AODV: Wormhole Free Alternate Path Selection (The
This work is based on the prevention of wormhole attack in a par- proposed method). Input: Wormhole attack detection.
ticular network. In this research, a detection and prevention mech- Output: Secure data transmission via attack elimination.
anism is proposed in securing the communications between source After wormhole detection, if wormhole link exists in that current
and destination node. When sensor node wants to start communica- route, then block that route and update it in the routing table. An-
tion, the first thing it does is a neighbour discovery from the neigh- other route is fetched from the routing table for secure data trans-
bour list. It generates an encrypted beacon message with a secret mission. Hop count of alternate path is compared with the current
key. As soon as the neighbouring node receives this beacon frame, path. Hop count will be higher in alternate path than wormhole
it will be decrypted and the acknowledgement (RREP) is sent back path. In such case, alternate path is confirmed with the availabil-
to the sender. ity of alternate path without the involvement of wormhole nodes.
Algorithm 1 provides the pseudocode of the proposed APS AODV
4.1.1 Neighbour verification. The following steps will verify a (Alternative Path Selection by AODV) algorithm for wormhwhole
neighbouring node in the network. attack detection and elimination.
Building one-hop transmission neighbourhood list: Two neigh-
bour nodes such as S and P which has their neighbour has N(S) and
N(P) individually. Their neighbour list information exchange will 5. EXPERIMENTAL RESULTS
be shared through a beacon messages. E.g. node S notifies its near- The performance of the base paper TRM AODV is evaluated for
est neighbour N(S) with a periodic beacon message. the simulation settings as per the following model and compared
Building two-hop transmission neighbourhood list: Each node with the proposed proposal (APS AODV) and also with normal
will request its neighbours to collect information about their neigh- scenario in which there is no wormhole present. In addition, to as-
bours list by way of transmitting beacon messages to its neigh- sess the robustness and effectiveness of the proposed method, we
bours. This will enable each node to hold two hop information compare the results with a pre-existing algorithm developed in [2]
about their neighbours. For example, information exchanged be- called AOMDV. We conducted experiments on Network Simula-
tween nodes A, B and C. Node(A) sends a beacon message to its tor 2.35 (NS-2) which is an open-source discrete event simulator in
neighbour Node(B), after this message is sent, the transmission the research of computer communication networks. NS2 consists of

4
 International Journal of Computer Applications (0975 - 8887)
Volume 174 - No.4, September 2017

Fig. 3: The flowchart of proposed algorithm

Data: Given: Network N with node radius r, nodes n and m are 5.1 Performance Metrics
nearest neighbours, wormhole number c = 0 The results obtained from four techniques are compared through
Result: wormhole detection and elimination three parameters including throughput (Eq. 1), end-to-end delay
Starts RREQ; (Eq. 2), and packet delivery ratio (Eq. 3).
Generate HELLO beacon message while all sensors maintains the
same communication range; (1) Throughput: The amount of data successfully reached at the
while check every node in N do destination per unit of time.
expand radius of m to R = 2r;
for each node n in N(m) do do Total number o f received pckts at dst
T hroughput (bits/s) =
if there exists once d ∈ Nn and d ∈
/ Nm then Simulation time
c = c + 1; (1)
else (2) End-to-End delay: The time taken for a packet to reach the
when wormhole link exists, fetch another route destination from the source node.
(verified by hop count comparison);
end
end End − to − End delay (s) = ∑ Delay f or each data packet
end (2)
Algorithm 1: The pseudocode of the proposed method (3) Total number of delivered data packets: A ratio of the total
received packets at the destination to the total packets gener-
ated by source node in the presence of both wormhole attack
traffic and normal traffic.
Packets received
two languages, C++ for internal mechanism (backend) of the simu- Packet Delivery Rate = ∗ 100 (3)
Packets generated
lation objects and OTcl for assembling and configuring the objects
by schedluing the events. The simulation parameters are shown in Table 1.

5
 International Journal of Computer Applications (0975 - 8887)
Volume 174 - No.4, September 2017

Table 1. : Simulation Parameters

Simulator NS-2
Number of nodes 1 40, 70, 100
Wormhole pairs 1 (Wormhole nodes 2)
Speed variation 10 ms
Area 1000 m x 1000 m
Communication range 250 m
Interface type Phy/WirelessPhy
MAC type IEEE 802.11
Queue type Droptail/Priority Queue
Queue length 50 packets
Antenna type Omni antenna
Propagation type TwoRayGround
Routing protocol AODV, TRM AODV and APS AODV
Transport agent UDP
Application agent CBR (a) Before luanching attack
Packet size 1024 bytes
Simulation time 100 s
Mobility model RWP

5.2 Network Environment

Figure 4 shows one sample of scenarios with 70 nodes ran in NS-2
environment. Figure 5a shows the throughput of the methods for
three different number of nodes. The average performance of the
proposed method with increasing the number of nodes is promising
as compared to other methods. This confirms that the throughput of
the given algorithm increases for dense networks. The average of
delay is shown in Figure 5b.
According to the results, the average delay by increasing the num-
ber of nodes gets high for TRM AODV, while the proposed method
and the AOMDV method gets improved with less delay. However,
there is still a performance gap between the wormhole detection
and prevention algorithms and the attack-free channel in terms of (b) During launched attack
delay. Finally, the average results for packet delivery ratio is de-
picted in Figure. 5c. The proposed algorithm attempts to keep a Fig. 4: Network simulation in the presence of wormhole attack
reasonable packet delivery ratio in presence of attack even by scal-
ing the network size. The results confirms that the proposed algo- should be based on the decreasing the false positive rate, where
rithm outperformed other methods and still needs to be improved hidden wormhole attacks are launched.
to be able to reach to the better packet delivery ratio as compared to
attack-free channels. A future work is needed for active researchers.
7. REFERENCES
[1] Ravinder Ahuja, Alisha Banga Ahuja, and Pawan Ahuja. Per-
6. CONCLUSION formance evaluation and comparison of aodv and dsr routing
Over the years, wireless sensor networks have gained much popu- protocols in manets under wormhole attack. In Image Infor-
larity, because of its operating nature in day to day use in wireless mation Processing (ICIIP), pages 699 – 702, 2013.
channels. Wormhole attack can significantly degrade network per- [2] Parmar Amish and V.B. Vaghela. Detection and prevention
formance. The most previous research works have been focused of wormhole attack in wireless sensor network using aomdv
on detecting this attack without preventing. In this paper, we pro- protocol. Procedia Computer Science, 79:700 – 707, 2016.
posed an improved algorithm to detect and eliminate further attack [3] Swati Bhagat and Trishna Panse. A detection and prevention
without any specialized hardware, implemented based on the mod- of wormhole attack in homogeneous wireless sensor network.
ified AODV protocol in NS-2. This approach works by checking In International Conference on ICT in Business Industry Gov-
the validity of two hop neighbours that has forwarded the packet, ernment (ICTBIG), pages 1 – 6, 2016.
an attack is detected when the identity of the two hop neighbours is
found illegal. The authentication checks is carried out using a pre- [4] J. Biswas, A. Gupta, and D. Singh. Wadp: A wormhole attack
stored nodes neighbour monitoring information. While the elimina- detection and prevention technique in manet using modified
tion of the malicious nodes is carried out using a hop count of pre- aodv routing protocol. In 9th International Conference on In-
viously route reply information. The accuracy of defence schemes dustrial and Information Systems (ICIIS), pages 1 – 6, 2014.
are measured regarding throughput, delay, and packet delivery ra- [5] Avinash S. Bundela. Literature survey on wormhole attack.
tio. From the simulation results, it is observed that the proposed International Journal of Engineering Sciences & Research
method provided promising results. In the future work, the plan Technology, 4(6):41 – 48, 2015.

6
 International Journal of Computer Applications (0975 - 8887)
Volume 174 - No.4, September 2017

[6] Srdjan Capkun, Levente Buttyan, and Jean-Pierre Hubaux.

Sector: Secure traking of node encouters in multi-hop wire-
less networks. In Proceedings of 1st ACM Workshop on Secu-
rity of Ad hoc and Sensor Networks (ACM SANS), pages 21 –
32, 2003.
[7] S. Choi, D. y. Kim, D. h. Lee, and J. i. Jung. Wap: Worm-
hole attack prevention algorithm in mobile ad hoc networks.
In IEEE International Conference on Sensor Networks, Ubiq-
uitous, and Trustworthy Computing (sutc 2008), pages 343 –
348, 2008.
[8] Saurabh Ganeriwal, Ram Kumar, and Mani B. Srivastava.
Timing-sync protocol for sensor networks. In Proceedings of
the 1st international conference on Embedded networked sen-
sor systems. ACM, pages 138 – 149, 2003.
[9] Gaurav Garg, Sakshi Kaushal, and Akashdeep Sharma. Reac-
tive protocols analysis with wormhole attack in ad-hoc net-
works. In Computing, Communication and Networking Tech-
nologies (ICCCNT), pages 1 – 7, 2014.
(a) Throughput
[10] M. P. Gulwade, K. J. Dhoot, A. I. Bajaj, and M. M. Ghonge.
Effectiveness of wormhole attack on dsr protocol in manet.
World Research Journal of Telecommunications Systems,
1(1):13 – 15, 2012.
[11] Lingxuan Hu and David Evans. Using directional antennas to
prevent wormhole attacks. In NDSS, 2004.
[12] Y. C. Hu, A. Perrig, and D. B. Johnson. Packet leashes:
a defense against wormhole attacks in wireless net-
works. In Twenty-second Annual Joint Conference of the
IEEE Computer and Communications Societies (IEEE Cat.
No.03CH37428), volume 3, pages 1976 – 1986, 2003.
[13] Amin Karami. A framework for uncertainty-aware visual
analytics in big data. In Proceedings of the 3rd Interna-
tional Workshop on Artificial Intelligence and Cognition (AIC
2015), volume 1510, pages 146 – 155. CEUR-WS, 2015.
[14] Amin Karami and Manel Guerrero-Zapata. Mining and vi-
sualizing uncertain data objects and named data network-
ing traffics by fuzzy self-organizing map. In Proceedings of
the 2nd International Workshop on Artificial Intelligence and
(b) Delay Cognition (AIC 2014), volume 1315, pages 156 – 163. CEUR-
WS, 2014.
[15] Amin Karami and Manel Guerrero-Zapata. An anfis-based
cache replacement method for mitigating cache pollution at-
tacks in named data networking. Computer Networks, 80:51
– 65, 2015.
[16] Amin Karami and Manel Guerrero-Zapata. A fuzzy anomaly
detection system based on hybrid pso-kmeans algorithm in
content-centric networks. Neurocomputing, 149(Part C):1253
– 1269, 2015.
[17] Amin Karami and Manel Guerrero-Zapata. A hybrid multi-
objective rbf-pso method for mitigating dos attacks in named
data networking. Neurocomputing, 151(Part 3):1262 – 1282,
2015.
[18] I. Khalil, Saurabh Bagchi, and N. B. Shroff. Liteworp: a
lightweight countermeasure for the wormhole attack in mul-
tihop wireless networks. In International Conference on De-
pendable Systems and Networks (DSN’05), pages 612 – 621,
2005.
[19] Pravin Khandare and N. P. Kulkarni. Public key encryption
(c) Packet Delivery and 2ack based approach to defend wormhole attack. India
International Journal Of Computer Trends And Technology,
Fig. 5: Average results for 40, 70 and 100 nodes 4(3):247 – 252, 2013.

7
 International Journal of Computer Applications (0975 - 8887)
Volume 174 - No.4, September 2017

[20] A. Malhotra, D. Bhardwaj, and A. Garg. Wormhole attack

prevention using clustering and digital signatures in reactive
routing. In Proceedings of 9th IEEE International Conference
on Networking, Sensing and Control, pages 122 – 126, 2012.
[21] Sergio Marti, Thomas J. Giuli, Kevin Lai, and Mary Baker.
Mitigating routing misbehavior in mobile ad hoc networks.
In Proceedings of the 6th annual international conference on
Mobile computing and networking, pages 255 – 265, 2000.
[22] P. Sharma and A. Trivedi. An approach to defend against
wormhole attack in ad hoc network using digital signature. In
IEEE 3rd International Conference on Communication Soft-
ware and Networks, pages 307 – 311, 2011.
[23] Sejun Song, Haijie Wu, and Baek-Young Choi. Statistical
wormhole detection for mobile sensor networks. In Fourth In-
ternational Conference on Ubiquitous and Future Networks
(ICUFN), pages 322 – 327, 2012.
[24] Andreas Tonnesen. Reactive rotocols - AODV, 2004. http:
//www.olsr.org/docs/report_html/node16.html, ac-
cessed at 2017-05-20.
[25] Saurabh Upadhyay and Brijesh Kumar Chaurasia. Impact
of wormhole attacks on manets. In International Journal of
Computer Science & Emerging Technologies, pages 77 – 82,
2011.
[26] Guowei Wu, Xiaojie Chen, Lin Yao, Youngjun Lee, and
Kangbin Yim. An efficient wormhole attack detection method
in wireless sensor networks. Computer Science and Informa-
tion Systems, 11(3):1127 – 1141, 2014.

View publication stats