AEF: Adaptive En-Route Filtering to Extend Network Lifetime in Wireless Sensor Networks

Static sink-based wireless sensor networks (WSNs) suffer from an energy-hole problem. This incurs as the rate of energy consumption on sensor nodes around sinks and on critical paths is considerably faster. State-of-the-art en-routing filtering schemes save energy by countering false report injection attacks. In addition to their unique limitations, these schemes generally do not examine energy awareness in underlying routing. Mostly, these security methods are based on a fixed filtering capacity, unable to respond to changes in attack intensity. Therefore, these limitations cause network partition(s), exhibiting adverse effects on network lifetime. Extending network lifetime while preserving energy and security thus becomes an interesting challenge. In this article, we address the aforesaid shortcomings with the proposed adaptive en-route filtering (AEF) scheme. In energy-aware routing, the fitness function, which is used to select forwarding nodes, considers residual energy and other factors as opposed to distance only. In pre-deterministic key distribution, keys are distributed based on the consideration of having paths with a different number of verification nodes. This, consequently, permits us to have multiple paths with different security levels that can be exploited to counter different attack intensities. Taken together, the integration of the special fitness function with the new key distribution approach enables the AEF to adapt the underlying dynamic network conditions. The simulation experiments under different settings show significant improvements in network lifetime.


Introduction
Wireless sensor networks (WSNs) have witnessed mushroom growth due to the recent advancement in microelectromechanical systems (MEMS) [1,2]. WSNs are being adapted in numerous applications due to their low cost, small size, tether-lessness, and high density characteristics. Their widespread deployment requires countermeasures against security threats. One such threat is false report injection attacks, hereinafter referred to as attacks, resulting in draining energy of nodes on the path.
An example of such an attack is shown in Figure 1. It is worth mentioning that, although our proposed scheme can also be effective against eavesdropping or modification attacks, this is out of the scope of our paper. A compromised node generates a false report about a nonexistent event and transmits it to the base station (BS), draining energy of the nodes on the path. It could also trigger false alarms about nonexistent events to the end user. En-route filtering schemes in general and dynamic en-route filtering (DEF) [3] and commutative cipher-based en-route filtering (CCEF) [4] in particular offer better security at the expense of network lifetimes. DEF uses the hill-climbing approach for key dissemination for early detection of false report attacks. A legitimate report is approved by several nodes using their keys and secret key from a global key poll. Verification nodes on path can drop reports which are not validated. Since, DEF uses many keys in a key chain method, it becomes complicated for large-size WSNs. On the other hand, CCEF is based on expansive public key infrastructure.  In most en-route filtering schemes [3][4][5][6][7][8], similar limitations are observed: (1) an underlying fixed path routing that does not consider network lifetime in the design and (2) fixed responses (i.e., detection capacity) to different number of attacks, among other limitations. An example of shortest path or greedy routing, which results in fixed path routing, is greedy perimeter-based stateless routing (GPSR) [9]. In this paper, the first limitation is countered by the proposed energy-aware dynamic routing and the other is catered by pre-deterministic key distribution. These methods equip our proposed scheme to dynamically respond to network conditions and attack intensity.
Dynamic path routing not only serves our purpose of avoiding the energy-hole problem but also can grant multiple paths and load balancing. Sensor networks suffers from the energy-hole problem as the rate of energy consumption on critical paths and around the base station is significantly higher compared to the distant nodes. It results in network partition-communication between different parts of the network is broken. This is such a state at which disconnected parts of network cannot be reached. Therefore, the energy-hole problem resulting in network partitioning can be avoided using dynamic path routing.
In this paper, we prefer dynamic path routing over other strategies which may alleviate energy-hole problems such as dynamic clustering and sink mobility. Compared to the aforementioned techniques, the dynamic routing strategy grants additional multiple paths with different number of keys in each path along with a distinct level of security. As a result, our scheme can respond dynamically with changes in attack intensity and load balancing while avoiding the energy-hole problem.
In addition to countering attacks, the proposed scheme can also be effective against eavesdropping or modification attacks [10]. Since, event reports are not transmitted through a single path, an adversary cannot interpret the entire message. As events report are routed through multiple paths, AEF can be more robust and reliable against these attacks.
Various assumptions about radio characteristics might be beneficial to different protocols such as energy dissipated in transmitters and receivers. Here, we assume a simple and most commonly used radio model [11] to achieve an acceptable E b /N 0 [12]. En-route filtering schemes, notably, DEF and CCEF, result in a better security at the expense of network lifetime. Reference [13] has proposed to increase network lifetime by improving routing. There is a need to extend network lifetime in filtering schemes which often ignores underlying routing. Additionally, we proposed pre-deterministic key distribution, dynamic path routing, and dynamic response to attack frequency changes instead of a fixed probabilistic approach.
In this paper, we aim to improve network lifetime without compromising detection capacity and energy efficiency in en-route filtering schemes. The proposed scheme is adaptive since it is based on energy-aware dynamic path routing and has the ability to counter variation in attacks on WSNs.
Simulation experiments validate the efficacy of our scheme. AEF shows an average of 2.64 times (50% false traffic ratio (FTR)) and 2.63 folds (70% FTR and 2.61 (90%). In comparison with CCEF, we observe averages of 1.14 (50%), 1.10 (70%), and 1.05 (90%) times gain. The detection capacity and energy-efficiency performance are similar to the existing schemes. Our main contribution in this work are as follows: • Introducing dynamic security response to counter attack-intensity variations, i.e., higher security for larger attacks and vice versa. This is achieved by pre-deterministic key-distribution which allows different paths with a variable number of verification nodes and hence security.

•
Proposing energy-aware dynamic routing that helps load balancing over a larger group of participating nodes. • Mitigating the energy hole and significantly extending network lifetime by using the aforementioned methods.

•
In summary, despite a reasonable volume of related research to improve network lifetime in the routing layer, this work focuses on prolonging network lifetime in security schemes.

Related Work
Dynamic en-route filtering (DEF) [3], uses the hill-climbing approach to distribute keys and effectively counters attacks to save scarce energy. Each node transmits its key to the forwarding node. Sending nodes reveal their keys after sending reports, enabling the forwarding node (s) to validate their reports. It utilizes the broadcasting nature of wireless networks to defend against denial of service (DoS) attacks and multipath routing to counter topology changes. DEF can counter attacks requiring lower memory as compared to other schemes.
Statistical en-route filtering (SEF) [5] was the first work to detect fabricated reports. A global key pool is split into nonoverlapping segments. A small number of keys is preloaded on each node before deployment. Each event detecting node generates a message authentication code (MAC) using one of its stored keys. Event detection nodes elect a center of stimulus (CoS) node to collect and summarize all the received detection results to produce a report including the respective MACs. A report with an inadequate number of MACs will not be forwarded. False reports reached at the base station (BS) will be finally detected since BS has all the keys. SEF has only a limited filtering capacity and fails to counter impersonating attacks.
Commutative Cipher-based En-route Filtering (CCEF) [4] saves energy by early detection. It has the following limitations: fix path routing, not considering residual energy, and fix detection capacity. It does not respond according to the change of attack frequency. Underlying fixed path routing is not energy aware so it exhibits adverse effects on network lifetime. Secure ticket-based en-route filtering (STEF) [6] uses tickets issued by a sink for report verification. It is similar to SEF and DEF.
The interleave hop-by-hop authentication (IHA) [7] scheme, which is also based on fixed path routing, suffers similar limitations as in CCEF. It needs interleaved upper and lower associations between the sensor nodes to share sensor secrets. Due to the constantly changing and unreliable nature of WSNs, it is implausible to have determined routes. Moreover, these associations demand global knowledge which is complex and costly task for energy-scarce WSNs.
Each node in the bandwidth-efficient cooperative authentication (BECAN) [8] scheme requires a fixed number of neighbors for authentication. It disseminate the authentication keys of en-routing to all sensor nodes in the path. Bit compression is used to save bandwidth. BECAN cannot counter false routing information and selective dropping attacks. Moreover, this novel scheme cannot counter selective dropping and false routing information along with some limitations exhibited by the above schemes.
Greedy perimeter-based stateless routing (GPSR) [9] was generally used in en-route filtering schemes which relied on its simple and robust approach. However, this routing scheme was designed for ad hoc networks and did not performed well for WSNs. It selected a forwarding node among its candidate nodes which is closest to the BS. In case it could not find a path around the perimeter, a right hand rule is employed. The authors of Reference [43] present multipath routing to mitigate improvements in network security including eavesdropping or modification attacks. This work proposed that multipath routing is effective against this type of attack. Furthermore, loading balancing work has been proposed using opportunistic routing [44].
In order to measure energy consumption, the first-order radio model was used [11]. Moreover, the parameters used in the performance measurement of the first-order radio model are adapted from it. An acceptable energy-to-noise ratio is presented in Reference [12]. A lot of works, for instance, Reference [13], has been done to increase network lifetime by improving underlying routing schemes. There is a need to improve network lifetime in security schemes which often ignore routing to prolong network lifetime.
The authors of References [14,15] illustrated the current state of research review on WSNs in general. In a survey [16] on detection and countermeasures against Distributed Denial of Service (DDoS). attacks in WSNs was presented in detail. These attacks waste scarce energy but also cause packets to drop within the network. This proposed scheme can detect fabricated messages and defend against these attacks.
Attacks and countermeasures in sensor networks are discussed in detail in Reference [17]. Reference [18] described recent en-route filtering techniques in WSNs. In the past, it had been observed that unbalanced communication loads in static sink-based networks resulted in the energy-hole problem [21]. This issue exhibited degrading effects on network lifetime.
Simulation experiments are supposed to have Mica2 [22] as experimental platforms in this work. Sensor clocks are synchronised using the synchronization component presented in the energy-efficient time synchronization protocol (ETSP) [23]. Sensor nodes could determine their location using some localization component. For example, in Reference [45], the authors presented a cooperation-based network localization approach.

Proposed Work
In this section, we present the scheme motivation, problem statement, and implementation details of the proposed AEF scheme.

Motivation
En-route filtering schemes such as DEF, SEF, CCEF, STEF, IHA, and BECAN save energy by countering false report attacks. These schemes often ignore underlying routing, which is based on shortest path routing, resulting in fixed paths. Energy-aware dynamic routing will help extending network lifetimes by distributing communication loads to larger groups of sensor nodes while mitigating the energy-hole problem.
These schemes often exhibit fixed detection capacity, which does not correspond to variations in attacks. By selecting verification nodes (i.e., nodes selected to report validation and to contain a different number of keys) corresponding to current attacks or the false traffic ratio (FTR), our scheme can offer matching dynamic attack responses.

Problem Statement
Network lifetime, security, and energy efficiency are the top three research topics in WSNs. However, WSN schemes often deal with one of these aspects while ignoring the others. Therefore, improving network lifetime while maintaining detection capacity and energy efficiency is an interesting problem. Moreover, a lot of work exists, which rely on routing protocols to extend network lifetime. In en-route filtering schemes, underlying routing is ignored while focusing on the security paradigm. There is a greater need to extend network lifetime in en-route filtering schemes by improving routing and by responding to attacks according to attack intensities with constraints of security and energy.

Network Initialization
At the network setup phase, each node is assigned a unique ID and node key. Sensor nodes are initialized with a fixed amount of energy and sensor range, with some perturbation to represent physical characteristics.

Key Distribution
In the proposed method, the BS can send a query message to an area of interest (i.e., a cluster where we need to enquire an event). This message contains a cluster head (CH) ID, representing that area of interest where a user wants to enquire about an event such as enemy tank movement. To establish communication between the CH and the BS, a key pre-deterministically disseminates en-route nodes on a path established by underlying routing. Since a different number of keys is pre-deterministically distributed on sensor nodes, multiple paths with a different number of keys are possible. Therefore, based on current FTR, we can use paths corresponding to current attacks. For more attacks, a node with more keys can be selected. This capability grants our proposed method the ability to dynamically select paths based on current FTR.

Verification Node Selection
The fitness evaluation function V n for verification node selection is heuristically calculated based on the simple sum of number of node MACs, residual energy, and current false traffic ratio (FTR).
The nodes with the highest fitness values among candidate nodes (i.e., nodes on a path) can participate in false report detection using Equation (1).
where α and β are system design parameters. MAC n is the node MAC, and Energy r is the residual energy.

Route Setup
Fixed path and energy-aware and dynamic routing in the proposed scheme are shown in Figure 2. The fixed path greedy routing considers only distance, while the proposed routing also caters for residual energy levels and the number of keys on candidate nodes. Following, the fitness evaluation function N f is used to select the next forwarding node (i.e., next mode in the path) with the highest fitness value given in Equation (2).
where Dist s is the distance of a node from the BS and Keys n is the node key. The path creation is initiated at the BS when it needs to determine an event in an area of interest. This process is repeated to create a path from the BS to the source CH.

Example of Energy-Aware Routing
A shortest path or greedy routing used in GPSR [9] is shown in Figure 2a. A forwarding node N f = v is selected among the neighbors of u which is the closest to the BS. In the proposed energy-aware dynamic en-route selection routing shown in Figure 2b, we use the fitness function presented in Equation (2). It considers residual energy, closest distance neighbor from the sink, and the number of keys on candidates nodes. A node with the leading value among candidate nodes is selected as the forwarding node, e.g., N f = w. The selection of node w in energy-aware routing is better than v in shortest path routing since the former considers the energy levels of a node and keys.

Energy Consumption Model
For energy consumption analysis, the first-order radio model is used, having a free (d 2 power loss) channel model. We only cater for energy dissipation related to radio components and circuits of sensor motes as illustrated in Figure 3. For the transmission of a k bits message carried to a d distance between the transmitter and receiver radios, the transmission energy necessary E T x (k, d) , is given in Equation (3).

Receiver Transmitter
Amplifier Electronics × × × λ × Electronics Figure 3. First-order radio model for energy consumption analysis.
In Equation (4), E elec is the energy consumed by the circuit electronics and E elec ×n is the energy required by the transmitter electronics to transfer k bits. Additionally, the energy required by the amplifier is E amp and the path loss constant is represented by λ. Similarly, E R x (n) indicates the required energy in k bits as follows: E amp = 100pJ/bit/n 2 is the transmitter amplifier energy for transmission. Moreover, 50 nJ/bit is the energy consumption by transmitter and receiver circuits. Assumptions related to radios such as energy of transmission and receptions for single bit will change the advantages of different protocols. Therefore, the above-selected acceptable energy-to-noise ratio could avoid otherwise biased values.
The optimal values of E elec and E amp are chosen from Reference [12] to attain an acceptable E b /N 0 . There is no hardware changes required to deploy this model on sensor nodes. An energy and network lifetime analysis of the first-order radio model is presented [11].

Energy-Hole Model and Discussions
In static sink-based WSNs, events or messages are replayed to the BS using a multihop many-to-one communication model. This results in uneven energy consumption loads. The energy-hole problem mathematical description is discussed in this section. Based on the energy-hole problem presented in Reference [46], we present a modified mathematical model for semi-rings where the BS is located at the middle bottom of the sensor field.
A square sensor field of uniformly and randomly deployed sensors in an area of F w × F h = (F × F) m 2 is shown in Figure 4, where F = M × r meters. In a uniformly and randomly deployed sensor network, the node density is uniform in the entire network: where N is the total number of sensor nodes and A sn is the coverage area of the sensor network. BS is located at the bottom center of the sensor field; the whole area can be divided into M 2 bands with step sizes of r meters. The ring 0 is a small semi-ring of radius r meters, and ring 1 has a radius of 2r meters and so on. We assume that messages can move from one ring to the next using one hop for simplicity, although in practice, in order to cross a single ring, multiple hops may be traversed. It can be observed that most communication load frequencies are on nodes around the BS and on critical paths as compared to nodes farther from the BS. Inner rings (in particular, ring 0, as it needs to relay all outer rings data to the BS in addition to replying ring data) also need to transmit their own messages. Therefore, intuitively, the rate of energy consumption load on rings closer to the BS is faster as compared to outer rings. Thus, as the ring 0 node's energy level reaches zero, the BS cuts off from the entire network, known as the energy-hole or hot-spot problem. Thus per node communication load (ł) in semi-ring zero (s ring0 ) that is half of the load in full ring is illustrated by Equation (6). Similarly, for s ring1 , per node communication load is given by Equation (7) ł s ring1 = 1 2 ( total load f rom outside s ring 0 and more generally, the i th semi-ring load can be represented by Equation (8) ł where i = 0, 1, . . . , ( M 2 − 1). There is considerable difference in energy consumption in different semi-rings as can be observed from the above mathematical model. With proceeding inner rings, the rate of energy consumption increases around the BS.

False Report Attacks Information
In this section, we explain our method that can calculate the current attacks ratio or false traffic ratio (FTR) without causing extra messages or energy costs at the sensor nodes.
The communication is based on a query-driven model. The BS can send a query to determine an event in a a target area. The corresponding CH in the area along with event sensing nodes collaborate to respond. For one such communication, the BS has information for the number reports from CH in the area of interest.
A validated event report arriving at the BS will cause increments in the legitimate report counter by one. Here, additional messages or energy consumption is not needed. A false report can be dropped either at the BS or en-route. When a false report is dropped at the BS, the false report counter is incremented by one. In case it is dropped at one of the nodes on the path, the BS will know it, as it will not be received within the time window. Therefore, using these two counter information available on the BS, FTR for m number of events in the WSN can thus be calculated as follows: where F i ∈ [0, 1] and L i = F i indicate the fabricated and legitimate reports, respectively, defined as follows: In Equation (9), i represents the current number of events from 1 to m (i.e., total number of events in WSN). Fabricated reports are false reports injected from a compromised node in control of an adversary. Legitimate reports are valid reports generated by non-compromised nodes in WSN. The counters are at the BS, which has sufficient power. Therefore, we can model current attack information without costing extra messages or energy.

Assumptions
The BS cannot be compromised while sensor nodes are considered secure in the network initialization phase. The sensor field, sensor nodes, and the BS are assumed to be stationary. The BS knows the IDs and node keys of all the sensors. In the first-order radio model, we only considered the energy emancipation related to radios. We also assumed that the underlying sensor platform for our simulation experiments is a MICA2 sensor mote [22]. Each sensor node's system clocks are synchronized using a time synchronization mechanism [23]. Sensor nodes can determine their location using some localization components [45].

Simulation Environment
Simulation experiments were performed in a custom built C++ simulator. Each node is assigned a unique ID and node key before random deployment. Simulation parameters are shown in Table 1. In order to represent variation in the range of sensors in a physical environment, a ±10% perturbation is introduced. Moreover, energy in batteries is not fixed; therefore, ±5% perturbation is randomly exhibited here as well. The sensor field setup is illustrated in Figure 5. The location of the sensor nodes is represented by x and y coordinates. The art of the square field is (F w × F h ) m 2 consisting of square clusters with area (C w × C h ) m 2 each. The BS is located at the lower middle of the sensor field. The sensor field is composed of randomly deployed n number of sensors, where n = 400, 700, and 1000. Each cluster consists of the same number of sensor nodes.

Performance Measurement
A square sensor field of (500 × 500) m 2 consists of three scenario with 400, 700, and 1000 nodes. Furthermore, with regard to false report attacks, two cases of FTRs of 50%, 70%, and 90% are considered for each of the above scenarios. The BS is located at bottom center of the sensor field. The sensor range, cluster height, and width are 50 m. Initial node energy of each sensor node is 1 joule with 5% perturbation and 10% fluctuation in the sensor range to reflect physical conditions. One round of communication consists of 128 bytes of data received at the BS. For each simulation experiment, 100 iterations have been carried out.
Network lifetime is measured using first cut-off (FCO), which is the number of rounds required to consume all energy of a sensor node, i.e., first sensor node is depleted. Moreover, 10 percent of nodes depleted (10PCO) and last cut-off (LCO) are also used to measure the network lifetime. 10PCO is 10% of the total number of nodes depleted. The LCO performance metric is defined as the total number of nodes depleted when there is no more communication possible between the BS and sensor nodes. Energy efficiency is measured for the average energy consumed per round. Detection capacity is defined as the number of attacks actually detected (AD) divided by total attacks (TA), as shown in Equation (11).
In the proposed method, the forwarding node from candidates nodes is selected based on the number of keys corresponding to the current FTR. A total of nine cases are considered for network lifetime using three FTR and over three performance metrics. Three cases for each energy-efficiency and detection capacity are illustrated.

Network Lifetime Analysis
In dynamic path routing, as against fixed path routing, multiple paths are created. In fixed path routing, a communication is carried out through a single path as long as that path exists. That path is as good as the first node on that path is depleted due to the energy level reaching zero a after certain number of communications through that path, let us say n. Since, in dynamic path routing, k number of paths can be chosen in the case of dynamic path routing with kn networks lifetime, this means k times network lifetime can be extended. For example, if each have 1 joule of energy and one communication costs 0.1 joules of energy consumption on each node, then network lifetime of that path is n = 10 events. In case there are k = 3 paths available, which can be chosen alternatively, then the upper limit of network lifetime extension is 3 times as compared to fixed path routing, which is significant.

Cost Analysis
The main contributing factors towards total cost of proposed scheme include (1) pre-deterministic key distribution, (2) dynamic path routing, and (3) current attack information methods. As illustrated in Section 3.8, item (3) does not need any extra messages on the sensor nodes, so it does not contribute towards the cost of solution. Key distribution is performed at the initialization phase and does not incur cost towards performance evaluation. Dynamic routing method (2) is different from the fixed path routing as the former considers multiple parameters to select the next node as explained in route setup in Section 3.6. The relevant cost of these methods is trivial and have been included in performance measurements.

Performance Results
In this section, details of the performance measurement metrics and simulation experiment results are illustrated.

Network Lifetime
The network lifetime performance of AEF is shown in Figure 6. The x-axis represents the network size in terms of the number of sensor nodes and the y-axis illustrates the number of rounds. The summary of network lifetime improvement over CCEF and DEF is illustrated in Table 2. It can be observed that relative improvements decreases as the number of rounds or attacks increases.  It can be observed that, with an increase in the number of the FTRs or the rounds, the relative improvement in network lifetime decreases. However, there is no set trend; however, the larger the number of rounds for a small network size, the more the margin of improvement decreases. This trend by part is because of random deployment, different network sizes, and dynamic path selection. It can be observed from Table 2 that there is significant improvement against CCEF. There is also network lifetime gain against DEF; however, the margin of improvement is less. The reason is because DEF considers energy-aware routing.

Energy-Efficiency
The x-axis in Figure 7 represents the network size in term of the number of nodes, and the y-axis shows energy consumption per round in joules. We observe that, for the average energy consumed per round, performance metrics among CCEF, DEF, and AEF show similar energy consumption. The trivial increase in energy cost of the proposed scheme is due to energy-aware routing instead of using greedy or shortest path routing. Our method also considers current attack information to respond accordingly. However, our scheme performs better as compared to CCEF in energy efficiency. At large, energy efficiency demonstrates similar performances. Moreover, the energy consumption per round decreases for all schemes as the network size increases. On average, energy consumptions for CCEF, DEF, and AEF are 4.55 −4 , 4.32 −4 , and 4.60 −4 . A summary of detection capacity comparison is shown in Table 3. Considering negative exponents and significant increases in network lifetime, we can state that the energy efficiencies have similar performances.

Detection Capacity
In Figure 8, the y-axis represents the detection capacity ratio while the x axis illustrates the three different network setups of sizes with 400, 700, and 1000 nodes. We can observe that the detection capacity of AEF on average is similar to that CCEF and DEF for 50% FTR. For any FTR, the marginal performance of each scheme exhibits similar trends. The detection capacities for CCEF, DEF, and AEF are 99.00%, 98.47%, and 98.31, respectively. Therefore, with trivial difference, we can claim that detection capacity is maintained. A summary of energy-efficiency is presented in Table 4.

Conclusions
The proposed AEF scheme demonstrates significant improvements over network lifetimes while maintaining detection capacity and energy efficiency. As false report attacks increase, the relative margin of gain in network lifetime lowers. Moreover, lifetime over a large number of rounds (i.e., FCO, 10PCO, and LCO) decreases the relative margin of improvement. Generally with an increase in FTR, a smaller network size, and an increase in number of rounds, we observe less improvements in network lifetime; however, this is not a fixed trend.
In AEF, we used different methods to increase network lifetime which resulted in even distribution of energy consumption loads over the larger group of participating sensor nodes. It can dynamically give matching responses according to the current attack ratio. We calculated current FTR without causing extra messages on sensor nodes. Further, it can be stated that, by carefully designing en-route filtering schemes, not only effective filtering but also network lifetime gain can be achieved.

Future Work
In the future, we plan to use fuzzy logic systems for selecting filtering nodes. As static sink-based networks suffer from the energy-hole problem, another approach to counter this problem is mobile sink. It will not only further minimize the energy-hole problem but also improve network lifetime. As the density of sensor nodes decreases in a cluster, it increases the probability of network partitioning. In order to counter this problem, a network density-based re-clustering approach can be instrumental in this regard.