Real-Time Detection and Response to Wormhole and Sinkhole Attacks in Wireless Sensor Networks
Abstract
1. Introduction
- -
- To analyze the role of WSNs in cyber–physical systems and examine Wormhole and Sinkhole attacks.
- -
- To develop a real-time detection method for these attacks.
- -
- To experimentally validate the proposed approach.
- –
- A real-time detection algorithm for early identification of Wormhole and Sinkhole attacks in WSNs is developed.
- –
- Realistic Wormhole and Sinkhole attack scenarios are simulated using ZigBee and GSM/GPRS protocols.
- –
- An anomaly-based detection method is implemented by comparing routing behavior under normal and attack conditions.
- –
- Network performance metrics, including hop counts, latency, false data ratios, and route integrity, are evaluated.
2. Related Work
3. Methodology for Detection and Analysis of Security Incidents in WSNs
- (1)
- Maximizing the proportion of successfully detected incidents among all incidents that occur within a specific time interval, ∆t.
- (2)
- Minimizing the number of false-positive security incidents detected within the ∆t time interval:
- (3)
- Minimizing the communication and computational resource consumption of WSN nodes allocated for security incident detection and analysis, along with the overall costs required to achieve the objectives of the methodology.
- –
- In the first stage, the solution space is narrowed using the Pareto optimization method, where the Pareto front is determined for the specific WSN configuration, i.e., the set of Pareto-optimal solutions that cannot be improved in one criterion without worsening another.
- –
- A combined objective function is constructed by assigning weight coefficients based on the importance of various criteria in the second stage. The minimization of communication and computational resource usage by WSN nodes at discrete time points within the interval ∆t is calculated as follows:
- -
- is the resource consumption in normal operating mode (e.g., communication, computation, and energy);
- -
- represents the resources used during incident processing;
- -
- is the set of discrete time intervals;
- -
- is the set of methodologies.
- -
- is the next iteration of the resource consumption vector;
- -
- is the normalized value of the communication resource;
- -
- is the normalized value of the computational resource;
- -
- is the normalized value of the energy resource.
- -
- Hardware and software characteristics receive identification through the Common Platform Enumeration (CPE);
- -
- The Common Vulnerabilities and Exposures (CVEs) function to explain vulnerabilities;
- -
- The Common Attack Pattern Enumeration and Classification (CAPEC) maintains a database that explains various attack patterns [53].
Algorithm 1. WSN Security Incident Detection Algorithm |
Input: —WSN graph, where is the set of nodes and is the set of network connections; —static data, including, —protocols and security policies; —dynamic data that change over time (e.g., sensor readings, logs, and traffic). Output:
|
- –
- Add a backup route for ;
- –
- Update policy from ;
- –
- Analyze logs: .
4. Results
4.1. Alghorithm
4.1.1. Modeling
4.1.2. Analysis
4.2. Anomaly-Based Detection of Routing and Data Integrity Attacks in WSN Systems
4.3. Anomaly-Based Attack Detection Algorithm
4.4. Sinkhole Attack Modeling in a WSN System
4.5. Hardware–Software Implementation
4.5.1. Justification of Architectural Decisions and Comparison of Alternative WSN Attack Modeling Methods
- -
- The use of the ZigBee protocol, based on the IEEE 802.15.4 standard, ensures realistic data transmission and support for self-organizing networks and reflects typical features of industrial WSNs [56].
- -
- The combined use of Raspberry Pi single-board computers and Arduino Uno microcontrollers allows for the creation of not only simple sensor nodes but also intelligent attacker nodes with computational capabilities.
- -
- Dividing the system into sensor, network, and analytic layers facilitates traceability, simplifies error analysis, and enables easy system expansion when adding new components or attack types.
- -
- A realistic Wormhole attack scenario is implemented by establishing a covert channel over GSM/GPRS between distant nodes within a standard ZigBee network. This approach allows for realistic attacker behavior modeling and creates a type of attack that is not easily detectable using standard methods.
4.5.2. Hardware–Software Architecture
- -
- Router—Intermediate nodes which relay packets between pieces of end equipment and coordinators. They can also collect data from sensors. In an experimental setup, nodes serve as routers. They are important for routing and traffic analysis, especially during Wormhole attack modeling, where the attackers try to replace the data delivery path.
- -
- Final Equipment—Inactive participants in the network who connect to the router and do not relay traffic. These devices are not used in this test, because each node should support retrosion to facilitate safety analysis and complex routing. To apply the Wormhole attack, a TCP/IP protocol is used as an additional communication channel between nodes and , operated on GSM/GPRS.
4.5.3. Experimental Results
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Karthikeyan, M.; Revathi, S.T. Approaches to Detecting Threats in Wireless Sensor Networks for Data Transmission Security. In Proceedings of the 2024 International Conference on Advances in Computing, Communication and Applied Informatics (ACCAI), Chennai, India, 9–10 May 2024; pp. 1–7. [Google Scholar] [CrossRef]
- Imathiu, G.; Chege, A.; Omamo, A. Security Intrusion Monitoring Model for Internet of Things (IoT) Using Sniffing Tools on Wireless Sensor Networks. AJSTSS 2024, 2, 51–58. [Google Scholar] [CrossRef]
- Zhang, K. A Wormhole Attack Detection Method for Tactical Wireless Sensor Networks. PeerJ Comput. Sci. 2023, 9, e1449. [Google Scholar] [CrossRef]
- Alshomrani, M.; Albeshri, A.; Alturki, B.; Alallah, F.S.; Alsulami, A.A. Survey of Transformer-Based Malicious Software Detection Systems. Electronics 2024, 13, 4677. [Google Scholar] [CrossRef]
- Hanif, M.; Ashraf, H.; Jalil, Z.; Jhanjhi, N.Z.; Humayun, M.; Saeed, S.; Almuhaideb, A.M. AI-Based Wormhole Attack Detection Techniques in Wireless Sensor Networks. Electronics 2022, 11, 2324. [Google Scholar] [CrossRef]
- Ataa, M.S.; Sanad, E.E.; El-Khoribi, R.A. Intrusion Detection in Software Defined Network Using Deep Learning Approaches. Sci. Rep. 2024, 14, 29159. [Google Scholar] [CrossRef]
- Li, H.; Ji, L.; Wang, K.; Liu, S.; Liu, S. Applying the Stackelberg Game to Assess Critical Infrastructure Vulnerability: Based on a General Multi-Layer Network Model. Chaos 2024, 34, 123127. [Google Scholar] [CrossRef] [PubMed]
- Dhama, P.; Prashanth, K. Genetic Algorithm-Based Wormhole Attack Detection in WSN. Int. J. Sci. Res. Arch. 2023, 9, 795–802. [Google Scholar] [CrossRef]
- Al-Ahmadi, S.; Aliady, W.; AlRashedy, A. An Efficient Wormhole Attack Detection Method in Wireless Sensor Networks. In Proceedings of the 2022 26th International Conference on Circuits, Systems, Communications and Computers (CSCC), Crete, Greece, 19–22 July 2022; pp. 240–249. [Google Scholar] [CrossRef]
- Naik, R.L.; Jain, S.; Bairam, M. Development of Hybrid Weighted Networks of RNN and DBN for Facilitating the Secure Information System in Cybersecurity Using Meta-Heuristic Improvement. Wirel. Netw. 2025, 31, 3625–3660. [Google Scholar] [CrossRef]
- Zhukabayeva, T.; Pervez, A.; Mardenov, Y.; Othman, M.; Karabayev, N.; Ahmad, Z. A Traffic Analysis and Node Categorization-Aware Machine Learning-Integrated Framework for Cybersecurity Intrusion Detection and Prevention of WSNs in Smart Grids. IEEE Access 2024, 12, 91715–91733. [Google Scholar] [CrossRef]
- Zilberman, A.; Dvir, A.; Stulman, A. IPv6 Routing Protocol for Low-Power and Lossy Networks Security Vulnerabilities and Mitigation Techniques: A Survey. ACM Comput. Surv. 2025, 57, 1–77. [Google Scholar] [CrossRef]
- Sharma, S.; Kumar, P.; Bharti, V. Isolating Sink Hole Attacks in Wireless Sensor Networks Through Trust-Based Mechanism. In Proceedings of the 2024 4th International Conference on Technological Advancements in Computational Sciences (ICTACS), Tashkent, Uzbekistan, 13–15 November 2024; pp. 346–351. [Google Scholar] [CrossRef]
- Talukder, M.A.; Sharmin, S.; Uddin, M.A.; Islam, M.M.; Aryal, S. MLSTL-WSN: Machine Learning-Based Intrusion Detection Using SMOTETomek in WSNs. Int. J. Inf. Secur. 2024, 23, 2139–2158. [Google Scholar] [CrossRef]
- Ramkumar, K.; Alzubaidi, L.H.; Malathy, V.; Venkatesh, T.; Kruthika, C.G. Intrusion Detection System in Wireless Sensor Networks Using Modified Recurrent Neural Network with Long Short-Term Memory. In Proceedings of the 2024 International Conference on Integrated Circuits and Communication Systems (ICICACS), Raichur, India, 23–24 February 2024; pp. 1–5. [Google Scholar] [CrossRef]
- Kim, T.; Vecchietti, L.F.; Choi, K.; Lee, S.; Har, D. Machine Learning for Advanced Wireless Sensor Networks: A Review. IEEE Sens. J. 2021, 21, 12379–12397. [Google Scholar] [CrossRef]
- Mao, Z.M.; Sekar, V.; Spatscheck, O.; van der Merwe, J.; Vasudevan, R. Analyzing large DDoS attacks using multiple data sources. In Proceedings of the 2006 SIGCOMM Workshop on Large-Scale Attack Defense, Pisa, Italy, 11–15 September 2006; pp. 161–168. [Google Scholar] [CrossRef][Green Version]
- Rehman, A.; Rehman, S.U.; Raheem, H. Sinkhole Attacks in Wireless Sensor Networks: A Survey. Wirel. Pers. Commun. 2018, 106, 2291–2313. [Google Scholar] [CrossRef]
- Birahim, S.A.; Paul, A.; Rahman, F.; Islam, Y.; Roy, T.; Hasan, M.A.; Haque, F.; Chowdhury, M.E.H. Intrusion Detection for Wireless Sensor Network Using Particle Swarm Optimization Based Explainable Ensemble Machine Learning Approach. IEEE Access 2025, 13, 13711–13730. [Google Scholar] [CrossRef]
- Latha, D.J.; Rameswaran, N.; Bharathraj, M.; Vinoth Raj, R. Prevention of Wormhole Attack Using Mobile Secure Neighbour Discovery Protocol in Wireless Sensor Networks. In IoT Based Control Networks and Intelligent Systems; Springer: Singapore, 2023; pp. 215–229. [Google Scholar] [CrossRef]
- AlShuhail, A.S.; Bhatia, S.; Kumar, A.; Bhushan, B. Zigbee-Based Low Power Consumption Wearables Device for Voice Data Transmission. Sustainability 2022, 14, 10847. [Google Scholar] [CrossRef]
- Das, R.; Bera, J.N. Self-Reconfigurable Partial Mesh Using ZigBee Control Board towards Fail-Proof and Reliable Home Area Networking. Ad Hoc Netw. 2024, 152, 103327. [Google Scholar] [CrossRef]
- Hasan, M.Z.; Rahman, M.A.; Begum, S.; Hossain, M.S.; Ahmed, F.; Gumaei, A. An Efficient Detection of Sinkhole Attacks Using Machine Learning: Impact on Energy and Security. PLoS ONE 2025, 20, e0309532. [Google Scholar] [CrossRef]
- Konatam, S.; Nalluri, S.; Malyala, M.M.; Daiya, H.; Kumar, V.N.; Raju, K.S. A Random Forest-Based Method for Effective and Robust Detection of Wormhole Attacks in Wireless Sensor Networks. In Intelligent Computing and Communication; Springer: Singapore, 2025; pp. 461–476. [Google Scholar] [CrossRef]
- Teng, Z.; Li, M.; Yu, L.; Gu, J.; Li, M. Sinkhole Attack Defense Strategy Integrating SPA and Jaya Algorithms in Wireless Sensor Networks. Sensors 2023, 23, 9709. [Google Scholar] [CrossRef] [PubMed]
- Al Sukkar, G.; Al-Sharaeh, S. Enhancing Security in Wireless Sensor Networks: A Machine Learning-Based DoS Attack Detection. Eng. Technol. Appl. Sci. Res. 2025, 15, 19712–19719. [Google Scholar] [CrossRef]
- Hassan, S.M.; Mohamad, M.M.; Muchtar, F.B. Advanced Intrusion Detection in MANETs: A Survey of Machine Learning and Optimization Techniques for Mitigating Black/Gray Hole Attacks. IEEE Access 2024, 12, 150046–150090. [Google Scholar] [CrossRef]
- Al-chikh Omar, A.A.R.; Soudan, B.; Altaweel, A. A comprehensive survey on detection of sinkhole attack in routing over low power and Lossy network for internet of things. Internet Things 2023, 22, 100750. [Google Scholar] [CrossRef]
- Radhika, S.; Srikanth, M.; Anand, K.; Saravanan, K.; Southry, S.S. Improving Data Integrity for Gray Hole Attack Detection by Using a Hash Signature Algorithm in WSN. In Proceedings of the 2023 5th International Conference on Smart Systems and Inventive Technology (ICSSIT), Tirunelveli, India, 23–25 January 2023; pp. 619–623. [Google Scholar] [CrossRef]
- Bhatti, D.S.; Saleem, S.; Imran, A.; Kim, H.J.; Kim, K.I.; Lee, K.C. Detection and Isolation of Wormhole Nodes in Wireless Ad Hoc Networks Based on Post-Wormhole Actions. Sci. Rep. 2024, 14, 3428. [Google Scholar] [CrossRef]
- Faris, M.; Mahmud, M.N.; Salleh, M.F.M.; Alnoor, A. Wireless Sensor Network Security: A Recent Review Based on State-of-the-Art Works. Int. J. Eng. Bus. Manag. 2023, 15, 18479790231157220. [Google Scholar] [CrossRef]
- Hammi, B.; Idir, Y.M.; Zeadally, S.; Khatoun, R.; Nebhen, J. Is It Really Easy to Detect Sybil Attacks in C-ITS Environments: A Position Paper. IEEE Trans. Intell. Transp. Syst. 2022, 23, 18273–18287. [Google Scholar] [CrossRef]
- De Neira, A.B.; Kantarci, B.; Nogueira, M. Distributed Denial of Service Attack Prediction: Challenges, Open Issues and Opportunities. Comput. Netw. 2023, 222, 109553. [Google Scholar] [CrossRef]
- Khalaf, B.A.; Mostafa, S.A.; Mustapha, A.; Mohammed, M.A.; Mahmoud, M.A.; Al-Rimy, B.A.S.; Marks, A. An Adaptive Protection of Flooding Attacks Model for Complex Network Environments. Secur. Commun. Netw. 2021, 2021, 5542919. [Google Scholar] [CrossRef]
- Wang, H.; Huang, X.; Wu, Y. GD3N: Adaptive Clustering-Based Detection of Selective Forwarding Attacks in WSNs under Variable Harsh Environments. Inf. Sci. 2024, 665, 120375. [Google Scholar] [CrossRef]
- Pirayesh, H.; Zeng, H. Jamming Attacks and Anti-Jamming Strategies in Wireless Networks: A Comprehensive Survey. IEEE Commun. Surv. Tutor. 2022, 24, 767–809. [Google Scholar] [CrossRef]
- Elgindy, M.M.; Elghamrawy, S.M.; El-Desouky, A.I. Proposed Mitigation Framework for the Internet of Insecure Things. Mansoura Eng. J. 2023, 48, 3–10. [Google Scholar] [CrossRef]
- Zahra, F.; Jhanjhi, N.Z.; Khan, N.A.; Brohi, S.N.; Masud, M.; Aljahdali, S. Protocol-Specific and Sensor Network-Inherited Attack Detection in IoT Using Machine Learning. Appl. Sci. 2022, 12, 11598. [Google Scholar] [CrossRef]
- Swami, S.; Singh, P.; Chauhan, S.S. An Integrated Rule-Based and Machine Learning Technique for Efficient DoS Attack Detection in WSN. In Proceedings of the 2024 2nd International Conference on Disruptive Technologies (ICDT), Greater Noida, India, 15–16 March 2024; pp. 847–851. [Google Scholar] [CrossRef]
- Khan, S.; Khan, M.A.; Alnazzawi, N. Artificial Neural Network-Based Mechanism to Detect Security Threats in Wireless Sensor Networks. Sensors 2024, 24, 1641. [Google Scholar] [CrossRef] [PubMed]
- Alshehri, A.H. Wormhole Attack Detection and Mitigation Model for Internet of Things and WSN Using Machine Learning. PeerJ Comput. Sci. 2024, 10, e2257. [Google Scholar] [CrossRef] [PubMed]
- Shahid, H.; Ashraf, H.; Jhanjhi, N.Z.; Zam Zam, Q.A. Reshaping Cybersecurity of Wireless Sensor Networks Using Energy-Optimized Approach Against Wormhole Attack. In Advances in Information Security, Privacy, and Ethics Book Series; IGI Global: Hershey, PA, USA, 2024; pp. 125–172. [Google Scholar] [CrossRef]
- Seidu, R.; Salifu, A.M.S.; Ansuura, J.A. A Genetic Algorithm with a Trust Model Function for Detecting Sinkhole and Wormhole Nodes in Wireless Sensor Networks. Trans. Eng. Comput. Sci. 2024, 12, 30–44. [Google Scholar] [CrossRef]
- Sun, Y.; Chen, Y. Detection of Wormhole Attacks in Wireless Sensor Networks Based on Anomaly Detection Algorithms. In Proceedings of the 2022 2nd International Conference on Consumer Electronics and Computer Engineering (ICCECE), Guangzhou, China, 14–16 January 2022; pp. 777–782. [Google Scholar] [CrossRef]
- Yuan, J.; Yan, B. A Detection Method of Wormhole Attack in Power Communication Sensor Networks Based on Hops. Web Intell. 2022, 21, 115–125. [Google Scholar] [CrossRef]
- Al-Ahmadi, S. A Novel Energy-Efficient Wormhole Attack Prevention Protocol for WSN Based on Trust and Reputation Factors. In Proceedings of the 11th International Conference on Sensor Networks (SENSORNETS), Online, 7–8 February 2022; pp. 191–201. [Google Scholar] [CrossRef]
- Sridevi, S.; Anandan, R. RUDRA—A Novel Re-Concurrent Unified Classifier for the Detection of Different Attacks in Wireless Sensor Networks. In Intelligent Computing in Engineering; Springer: Singapore, 2020; pp. 251–259. [Google Scholar] [CrossRef]
- Lakshmi Narayanan, K.; Santhana Krishnan, R.; Golden Julie, E.; Harold Robinson, Y.; Shanmuganathan, V. Machine Learning Based Detection and a Novel EC-BRTT Algorithm Based Prevention of DoS Attacks in Wireless Sensor Networks. Wirel. Pers. Commun. 2021, 127, 479–503. [Google Scholar] [CrossRef]
- Mondal, K.; Yadav, S.; Pal, V.K.; Singh, A.P.; Singh, M. Detecting Sinkhole Attacks in IoT-Based Wireless Sensor Networks Using Distance from Base Station. Int. J. Inf. Syst. Model. Des. 2022, 13, 1–18. [Google Scholar] [CrossRef]
- Ali, T.S. MANDS: Malicious Node Detection System for Sinkhole Attack in WSN Using DRI and Cross Check Method. In Proceedings of the International Conference on Computational Intelligence in Pattern Recognition, Howrah, India, 23–24 April 2022; Springer: Singapore, 2022; pp. 511–519. [Google Scholar] [CrossRef]
- Ambika, N. Improved Cross-Layer Detection and Prevention of Sinkhole Attack in WSN. In Handbook of Research on Innovations and Applications of AI, IoT, and Cognitive Technologies; IGI Global: Hershey, PA, USA, 2021; pp. 514–527. [Google Scholar] [CrossRef]
- Ahmad, R.; Wazirali, R.; Abu-Ain, T. Machine Learning for Wireless Sensor Networks Security: An Overview of Challenges and Issues. Sensors 2022, 22, 4730. [Google Scholar] [CrossRef]
- Zhukabayeva, T.K.; Desnitsky, V.A.; Mardenov, E.M. A Technique for Collection, Preprocessing and Analysis of Data in Wireless Sensor Networks. News Natl. Acad. Sci. Repub. Kazakhstan Phys.-Math. Ser. 2024, 2, 163–176. [Google Scholar] [CrossRef]
- Shehzadi, K.; Abbas, T.; Zainab, A.; Li, H. A survey of intruder detection in smart grid systems: Comparative analysis of rule-based, machine learning and deep learning. Int. J. Secur. Netw. 2025, 20, 67–92. [Google Scholar] [CrossRef]
- Umar, M.M.; Khan, S.; Ahmad, R.; Singh, D. Game Theoretic Reward Based Adaptive Data Communication in Wireless Sensor Networks. IEEE Access 2018, 6, 28073–28084. [Google Scholar] [CrossRef]
- Alrajeh, N.A.; Khan, S.; Lloret, J.; Loo, J. Artificial neural network based detection of energy exhaustion attacks in wireless sensor networks capable of energy harvesting. Ad-Hoc Sens. Wirel. Netw. 2014, 22, 109–133. [Google Scholar]
- Gandhi, K.I.; Kannan, G. Development of an Energy-Efficient Patient Monitoring System Using RSSI-Based Wireless Sensor Network with AODV and ZigBee Technology. J. Nano-Electron. Phys. 2024, 16, 06005-1–06005-5. [Google Scholar] [CrossRef] [PubMed]
- ASoussi, A.; Zero, E.; Sacile, R.; Trinchero, D.; Fossa, M. Smart Sensors and Smart Data for Precision Agriculture: A Review. Sensors 2024, 24, 2647. [Google Scholar] [CrossRef]
- Majhi, A.A.K.; Mohanty, S. A Comprehensive Review on Internet of Things Applications in Power Systems. IEEE Internet Things J. 2024, 11, 34896–34923. [Google Scholar] [CrossRef]
- Stanco, G.; Navarro, A.; Frattini, F.; Ventre, G.; Botta, A. A comprehensive survey on the security of low power wide area networks for the Internet of Things. ICT Express 2024, 10, 519–552. [Google Scholar] [CrossRef]
- Howitt, I.; Gutierrez, J.A. IEEE 802.15.4 low rate—Wireless personal area network coexistence issues. In Proceedings of the 2003 IEEE Wireless Communications and Networking, WCNC 2003, New Orleans, LA, USA, 16–20 March 2003; Volume 3, pp. 1481–1486. [Google Scholar] [CrossRef]
Method | Approach | Description | Accuracy | Authors |
---|---|---|---|---|
Genetic Algorithms | Optimization- based | Used to optimize Wormhole detection parameters and improve effectiveness | - | Seidu R. et al. [43] |
MSAMAD | Statistical/anomaly-based | Detects anomalous transmission patterns and one-hop delays between nodes using Mean Shift and Median Absolute Deviation | - | Sun and Chen [44] |
Hop-Based Detection | Statistical | Estimates the number of hops between nodes and identifies attacks if the number deviates significantly | 98% | Yuan and Yan [45] |
EWATR Protocol | Trust-based | Energy-efficient protocol using trust and reputation metrics to detect Wormhole attacks | - | Alahmadi [46] |
Hybrid LSTM + ELM | Hybrid/ ensemble | Combines LSTM and Extreme Learning Machine to improve detection reliability | 98.4% | Sridevi and Anandan [47] |
EC-BRTT | Real-time/ time-based | Measures round-trip time to detect Wormhole tunnels in real time | - | Lakshmi Narayanan et al. [48] |
Method | Energy Consumption | Advantages | Disadvantages |
---|---|---|---|
MSAMAD | Middle | Effective anomaly detection | Sensitive to latency |
Hop-Based Detection | Low | Simple and accurate | Possibility of false positives |
EWATR Protocol | Middle | Energy-efficient | May produce false positives |
Hybrid LSTM+ ELM | Low | High accuracy | High accuracy |
Genetic Algorithm- Based | Low | Efficiency through optimization | Computational difficulty |
Method | Real-Time-Capable | Energy Efficiency | Computational Load | Remarks |
---|---|---|---|---|
Hop-Based Detection | Yes | High | Low | Limited to hop-based anomalies |
Hybrid LSTM + ELM | Partial | Medium | High | Requires offline training |
EWATR Protocol | Partial | Medium | Medium | Trust-based method; prone to false positives |
Rule-Based IDS [54] | Yes | High | Low | Fast and lightweight; not adaptive to evolving attack patterns |
Proposed | Yes | High | Low | Hardware-in-the-loop; no training needed; optimized for real-world WSNs |
Source | From | To | Data | Action | ||||
---|---|---|---|---|---|---|---|---|
Pre-Attack | Post-Attack | Pre-Attack | Post-Attack | Pre-Attack | Post-Attack | |||
0 | R1 | R1 | R2 | R3 | 24.7 | 25.2 | Forwarded | Forwarded |
1 | R1 | R2 | R3 | C | 24.7 | NaN | Forwarded | Dropped |
2 | R1 | R3 | C | R3 | 24.8 | 27.3 | Forwarded | Forwarded |
3 | R2 | R2 | R3 | C | 26.4 | 80.0 | Forwarded | Modified |
4 | R2 | R3 | C | R3 | 24.7 | 27.7 | Forwarded | Forwarded |
5 | R4 | R4 | R5 | C | 22.0 | NaN | Forwarded | Dropped |
6 | R4 | R5 | C | R3 | 25.7 | 23.1 | Forwarded | Forwarded |
7 | R5 | R5 | C | C | 24.5 | NaN | Forwarded | Dropped |
8 | R6 | R6 | C | R3 | 24.6 | 22.1 | Forwarded | Forwarded |
Method | Description | Advantages | Disadvantages |
---|---|---|---|
Simulators NS-3, OMNET++, Cooja | Software-based modeling of nodes and attacks | Rapid model development without the need for physical hardware | Limited realism of protocol modeling; electromagnetic and hardware-level factors cannot be evaluated |
Arduino/ESP32 Hardware-Based Testbed | Implementation of a physical network with limited resources | Low-cost and simple | Difficult to implement complex attacks (e.g., Wormhole and Sybil attacks) without additional computational modules |
Arduino + Raspberry Pi | A hybrid system that supports both simple and logic-intensive attacker nodes | Balance between cost, computational power, and realism | Difficulty in component integration and configuration |
Nodes | Placement | Placement Diagram | Power Supply and Stability |
---|---|---|---|
1 Coordinator | The coordinator (C) is installed in the server room and connected to a laptop | 3-layer: [R5]–[C]–[R0]–[R1] 4-layer: [R2]–[R3]–[R4] R0 and R1—in administrative offices with open doors | Each node was powered autonomously:
|
6 Routers (R0–R5) | Among which R4 and R5 are Raspberry Pi attacker nodes | ||
The length of the “chain” | Approximately 100–150 m | ||
The distance between nodes | From 10 to 25 m |
Component | Description |
---|---|
XCTU and XBee Configuration | XBee modules are configured via XCTU by setting PAN IDs, channels, addresses, API modes, and baud rates. The tool allows network connection, topology visualization, and real-time monitoring. |
Raspberry Pi and Wormhole Tunnel | Raspberry Pi with GSM modules on R4 and R5 simulate attacks. A TCP/IP tunnel using socat or Python scripts forwards ZigBee packets between nodes, appearing as a direct link in the network. |
Route Changes During Attack | After the Wormhole tunnel is activated, data are routed in 3 hops instead of 4: Old route: R3 → R2 → R1 → R0 → C; New route: R3 → R4 → R5 → C. This alters routing, bypasses some nodes, and allows the attacker to intercept and manipulate data. |
Comparative Traffic Analysis |
|
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhukabayeva, T.; Zholshiyeva, L.; Mardenov, Y.; Buja, A.; Khan, S.; Alnazzawi, N. Real-Time Detection and Response to Wormhole and Sinkhole Attacks in Wireless Sensor Networks. Technologies 2025, 13, 348. https://doi.org/10.3390/technologies13080348
Zhukabayeva T, Zholshiyeva L, Mardenov Y, Buja A, Khan S, Alnazzawi N. Real-Time Detection and Response to Wormhole and Sinkhole Attacks in Wireless Sensor Networks. Technologies. 2025; 13(8):348. https://doi.org/10.3390/technologies13080348
Chicago/Turabian StyleZhukabayeva, Tamara, Lazzat Zholshiyeva, Yerik Mardenov, Atdhe Buja, Shafiullah Khan, and Noha Alnazzawi. 2025. "Real-Time Detection and Response to Wormhole and Sinkhole Attacks in Wireless Sensor Networks" Technologies 13, no. 8: 348. https://doi.org/10.3390/technologies13080348
APA StyleZhukabayeva, T., Zholshiyeva, L., Mardenov, Y., Buja, A., Khan, S., & Alnazzawi, N. (2025). Real-Time Detection and Response to Wormhole and Sinkhole Attacks in Wireless Sensor Networks. Technologies, 13(8), 348. https://doi.org/10.3390/technologies13080348