A systematic review of routing attacks detection in wireless sensor networks

A systematic review of routing attacks detection in wireless sensor networks Zainab Alansari1,2, Nor Badrul Anuar1, Amirrudin Kamsin1 and Mohammad Riyaz Belgaum3,4 1 Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur, Malaysia 2 College of Computing and Information Sciences, University of Technology and Applied Sciences, Muscat, Sultanate of Oman 3 Malaysian Institute of Information Technology (MIIT), Universiti Kuala Lumpur, Kuala Lumpur, Malaysia 4 Computer Science and Engineering, G. Pullaiah College of Engineering and Technology, Kurnool, India ABSTRACT Submitted 5 August 2022 Accepted 28 September 2022 Published 21 October 2022 Corresponding author Nor Badrul Anuar, Academic editor Rajanikanth Aluvalu Additional Information and Declarations can be found on page 36 DOI 10.7717/peerj-cs.1135 Copyright 2022 Alansari et al. Distributed under Creative Commons CC-BY 4.0 Wireless sensor networks (WSNs) consist of hundreds, or thousands of sensor nodes distributed over a wide area and used as the Internet of Things (IoT) devices to benefit many home users and autonomous systems industries. With many users adopting WSN-based IoT technology, ensuring that the sensor’s information is protected from attacks is essential. Many attacks interrupt WSNs, such as Quality of Service (QoS) attacks, malicious nodes, and routing attacks. To combat these attacks, especially on the routing attacks, we need to detect the attacker nodes and prevent them from any access to WSN. Although some survey studies on routing attacks have been published, a lack of systematic studies on detecting WSN routing attacks can be seen in the literature. This study enhances the topic with a taxonomy of current and emerging detection techniques for routing attacks in wireless sensor networks to improve QoS. This article uses a PRISMA flow diagram for a systematic review of 87 articles from 2016 to 2022 based on eight routing attacks: wormhole, sybil, Grayhole/ selective forwarding, blackhole, sinkhole, replay, spoofing, and hello flood attacks. The review also includes an evaluation of the metrics and criteria used to evaluate performance. Researchers can use this article to fill in any information gaps within the WSN routing attack detection domain. Subjects Computer Networks and Communications, Emerging Technologies, Security and Privacy, Internet of Things Keywords Wireless sensor networks, Routing attacks detection, Internet of things, Wormhole attack, Blackhole attack, Grayhole attack, Sinkhole attack, Sybil attack, Hello flood attack, Spoofing attack INTRODUCTION Wireless sensor networks (WSNs) use various emerging IoT technologies, have limited infrastructure, and must maintain security while being connected to an unreliable internet (Alansari et al., 2018). WSNs are susceptible to a variety of routing attacks, which are classified according to their characteristics and behaviors. Internal vs external attacks compensate the first category. An outsider node disrupts the network during an external attack, whereas an insider node with a valid identity does the same during an internal attack (Fang et al., 2020). The second category is physical attack vs remote attack. In a How to cite this article Alansari Z, Anuar NB, Kamsin A, Belgaum MR. 2022. A systematic review of routing attacks detection in wireless sensor networks. PeerJ Comput. Sci. 8:e1135 DOI 10.7717/peerj-cs.1135 physical attack, the sensor node is physically present, and its hardware could sustain various damages. In a remote attack, however, the attacker must transmit a powerful signal from considerable distances to reach the node. The third category is the active attack vs the passive attack. In passive attacks, the attacker node listens and monitors the data at the network level. In contrast, in an active attack, the attacker node targets the network in several ways, such as by generating or removing data. Using a method to identify abnormal behaviors is one of the best ways to establish security and reliability in WSNs (Alansari et al., 2017). In this respect, anomaly-based intrusion detection systems are considered as one of the main approaches to achieve this goal. A comprehensive survey was presented by Bhushan & Sahoo (2018) on security issues as well as protection techniques designed to defend against malicious attacks in WSNs. They discussed methods of identification and detection alongside countermeasures of many powerful attacks on WSNs, such as sybil attack, DoS attack, wormhole attack and sinkhole attack. Their article examines potential security threats in different protocol layers and does not focus on network layer and routing attacks, some recent detection mechanisms such as rank-based, rule-based, beacon-based, and fuzzy logic methods are lacking. Mohsin (2017) presented a study of routing attacks on the design of WSNs to find out the aim of attackers. The article classifies and compares the routing attacks systematically based on the various characteristics including objectives, the nature of attacks, attack mechanism, WSN target site and route interruption or resource utilization. However, the article only discusses about attacks and lacks detection methods. Similarly, Ioannou & Vassiliou (2016) introduced packet drop attacks on a routing layer and studied the effect of the attacks as “seen” from the sink node and target node. They show that all network layers of the target node are infected by attacks and the degree of effect depends on several factors, including WSN topology. Thus, the article did not discuss about detection methods of routing attacks which is its limitation. This systematic literature review aims to conduct a comprehensive analysis of the status of routing attack detections in WSNs and provide a new WSN’s taxonomy, characteristics, and functionality along with some discussions on diverse types of attacks. In this context, the primary objective of this article is to preserve understanding of different WSN routing attacks with their detection method. Furthermore, the current classification of various approaches to detect routing attack is presented in line with the review of literature. This article significantly expands the dimensions of discussions, widening the scope of the literature review. Therefore, our significant contribution on this review article is:  Present a systematic review of the literature on routing attack detection techniques in WSNs.  Discuss the taxonomy of current trends in WSN detection techniques, emphasizing their advantages and disadvantages.  Characterize the metrics used to measure the efficacy of recent methods.  Propose future research topics and provide some recommendations for current and future research. Alansari et al. (2022), PeerJ Comput. Sci., DOI 10.7717/peerj-cs.1135 2/44 In some applications, WSN security issues cause financial and privacy problems. Consequently, the security of WSNs has recently become a topic of high-level (...truncated)