FILTERING FALSE DATA INJECTION IN WIRELESS
SENSOR NETWORKS
DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING
AUDISANKARA COLLEGE OF ENGINEERING AND TECHNOLOGY
BY
B.MAHESH KUMAR & B.HARI KRISHNA
(maheshkumar4india@gmail.com)
(harikrishnab422@gmail.com)
Abstract
In sensor networks, nodes can be easily
compromised by an adversary because of
hostile environments. An adversary may use
compromised nodes to inject false reports
into the network. The dynamic en-route
scheme for filtering false data injection can
detect and drop such false reports during the
forwarding phase. In this scheme, choosing
a threshold value is important, as it trades
off between security power and energy
consumption. Thus, we should choose the
threshold value such that it provides
sufficient resilience, yet be small enough to
conserve energy. We present a fuzzy-based
threshold determining method for the
dynamic en-route scheme for filtering false
data injection in wireless sensor networks.
The base station periodically determines a
threshold value with a fuzzy rule-based
system. The number of cluster nodes, the
value of the key dissemination limit, and the
distance from the base station to each cluster
are used to determine the threshold value.
The resilience and energy efficiency of the
proposed method against false data injection
attacks will be presented.
1. Introduction
A sensor network is composed of a large
number of sensor nodes that are densely
deployed. These nodes have the ability to
communicate either among each neighbors
or directly to the base station. Sensor nodes
often have limited computation and
communication resources and battery power.
Sensor nodes are affected by physical
attacks, potentially compromising the
sensor’s cryptographic keys, since they are
deployed in hostile environments. An
adversary may use compromised nodes to
inject false reports into the network (Fig. 1).
False reports may not only cause false
alarms, but also the depletion of the serious
amount of energy in each forwarding node.
To minimize critical damage, false reports
should be dropped en-route as early as
possible and the few elusive ones should be
rejected at the base station. The early
dropping of false reports leads to significant
energy saving.
Various security solutions have been
proposed to detect and drop false reports.
Dynamic En-Route scheme for Filtering
false data injection (DEF) is one of these
solutions. In DEF the choice of a threshold
value is important, since it trades off
security against overhead. A large threshold
value allows false reports to be more easily
detected, but it consumes more energy in the
forwarding. In contrast, a small threshold
may consume less energy, but will cause
inefficient filtering or may even be useless,
if a large number of nodes have been
compromised. We should choose the
threshold value such that it provides
sufficient resilience, while still conserving
energy.
In this paper, we propose a threshold
determining method based on fuzzy logic. A
fuzzy rule-based system is exploited to
determine the threshold value that represents
the number of the message authentication
code (MAC). It considers the number of
nodes in the cluster, the key dissemination
limiting value, and the distance from the
base station (BS) to each cluster. Our
proposed method determines the effective
threshold value through the fuzzy rule-based
system.
Figure1. False data injection attacks.
2. DEF Overview
Compared to existing filtering schemes,
DEF is better in dealing with the dynamic
topology of sensor networks. It outperforms
them in terms of energy efficiency,
especially for large sensor networks (i.e., a
network consists of a large number of
clusters). In DEF, a legitimate report can be
verified by MACs generated by a sensing
node. DEF consists of three phases: pre-
deployment phase, post-deployment phase,
and filtering phase. In the pre-deployment
phase, each node is preloaded with a seed
authentication key and secret keys (l + 1)
randomly picked from a global key pool. In
the post-deployment phase, every node in
the cluster forwards encrypted
authentication keys by using its l+1 secret
keys to its cluster head (Fig. 2(a)), and then
each cluster head disseminates the encrypted
authentication keys of all nodes in that
cluster to the neighbor node. These keys can
only be forwarded at most key dissemination
limiting hops (Fig. 2(b)). Each receiving
node decrypts and stores the authentication
key if it has the corresponding key.
Figure2. Key dissemination and en-route filtering in
DEF.
In the filtering phase, DEF can detect a false
report and drop it (Fig. 2(c)). After
disseminating the authentication keys, a
cluster head aggregates reports encrypted by
MACs generated by its cluster nodes, and
sends them to a neighbor node. Each report
should contain t distinct MACs of those
cluster nodes, where t is a security threshold.
Suppose that an adversary has compromised
a cluster head as shown in Fig. 2(c). She can
inject false reports through the cluster head.
The false reports may be forwarded by v1
and v2 since she has compromised k5 and v2
does not have an authentication key shared
with a cluster node. However, the false
reports may be detected and dropped by
node v3 since she may not have k1.
3. Threshold Determining Method Based
on Fuzzy Logic
3.1 Assumptions
We assume that sensor nodes form a number
of clusters after deployment. In a cluster,
one node is elected as the cluster head. To
balance energy consumption, all nodes of
the same cluster may take turns playing the
role of cluster head. Since nodes are not
equipped with tamper-resistant hardware,
they can be compromised by adversaries and
be used to inject false reports. But they
cannot compromise the BS. We also assume
that the BS can know the average number of
cluster nodes, the estimated distance from
the BS to each cluster, and energy
consumption. Also, we assume that the BS
has all the authentication keys and thus can
reject a few elusive reports. We further
assume that the BS has a mechanism to
authenticate broadcast messages and every
node can verify the broadcast messages.
Figure3. Overview of proposed method.
3.2 Overview
In the proposed method, the BS periodically
determines the threshold value (SP) using a
fuzzy rule-based system (Fig. 3(a)). The
number of cluster nodes (CN), the value of
the key dissemination limit (KDL), and
estimated distance from the BS to each
cluster (DBS) are used to determine SP. If
the determined SP differs from the current
value, the BS broadcasts the determined
value to all the corresponding nodes in the
network (Fig. 3(b)).
3.3 Input Parameters
In DEF, SP should be smaller than the
number of cluster nodes. The MACs are
generated by cluster nodes using their
authentication keys. If each cluster consists
of five nodes, a report attached by them can
contain up to five MACs. Therefore, we
have to consider the number of cluster nodes
to determine SP. Note that the number of
cluster nodes can be changed according to
the node’s state (dying or replaced).
A large KDL value diffuses a large number
of authentication keys through the network.
It results in many nodes that have the
authentication key, and raises the probability
of filtering out false reports. Thus, even a
small SP can provide sufficient detection
power. On the other hand, we should choose
a large SP if authentication keys are
disseminated to only a few nodes (i.e., KDL
is very small). Thus, we also have to
consider the KDL value to determine SP.
Sensor nodes near the BS consume less
energy than other nodes in forwarding
reports to the BS. In the case of undetected
false reports with a small SP, the eluded
reports generated near the BS (Fig. 4(a))
have smaller travel hops than those
generated by a compromised node in a
cluster further away from the BS (Fig. 4(b)).
Thus, we have to adjust SP according to
DBS to conserve energy and reduce the
overhead of diffusion messages.
Figure4. Energy drain according to distance.
3.4 Fuzzy Logic Design
Fig. 4 illustrates the membership functions
of these fuzzy logic input parameters. The
labels of the fuzzy variables are represented
as follows:
• CN = {VS (Very Small), S (Small),
M (Medium), L(Large), VL (Very
Large)}
• KDL = {N (Narrow), M (Medium),
W (Wide)}
• DBS = {N (Near), AR (Around),
M (Medium), D(Distant), VD (Vary
Distant)}
The output parameter of the fuzzy logic is
SP = {VS, S, M, L, VL}, represented by the
membership functions as shown in Fig. 5.
Figure5. Fuzzy membership functions.
Table1. Fuzzy if-then rules
In our method, if CN is VL, KDL is N, and
DBS is N, then we may decrease SP to
conserve energy (Rule 1). Forwarding nodes
do not need to verify such reports. They may
be detected by the BS immediately. In
contrast, if DBS is VD, we should set a
higher SP to raise the security (Rule 5). The
fuzzy rule-based system determines SP
according to DBS to conserve energy and
improve security.

4. Simulation Results

The original DEF (SP =2, 4, and 6) is

compared with the threshold determining
method through the fuzzy rule-based system.
In the original DEF, the key dissemination
limiting value is fixed during the post-
deployment phase. In the simulation each
cluster consists of 10 nodes. Each node Figure7. Portion of filtered reports ratio.
consumes 16.25, 12.5 µJ to transmit/receive
Fig. 7 shows the filtering out ratio caused by
a byte and each MAC generation consumes
false report. Some of the parts (DBS = 5 and
15 µJ. The size of the original report is 24
9) show our proposed method to be less
bytes, and MAC is 1 byte. There are 1,000
effective than the original DEF with 6
secret keys in the global key pool.
MACs (filled triangles). However, the
difference between the original DEF with 6
MACs and our proposed method is very
small and more effective in other scenarios
(DBS = 13 and 17). Most areas distant from
the BS filter fewer than others close to the
BS (Fig. 7). This wastes energy, since false
reports travel into the sensor network. Thus,
our proposed method determines a large SP
(Rule 4 and 5 in Table 1) when the node is
deployed in a cluster away from the BS in
order to increase security and conserve
Figure6. Average energy consumption per false energy. Therefore, our proposed method can
report. conserve energy by dropping false reports at
the area (DBS = 13 and 17).
Fig.6 shows the average energy
consumption caused by false reports when
CN = 10, KDL = 2, DBS = {5, 9, 13, 17}.
Energy consumption caused by elusive
reports depends on DBS. If elusive reports
occur when DBS is large, more energy is
consumed than DBS with small values. Our
proposed method determines SP according
to DBS (Rule 1, 2 and 4 in Table 1). As
shown in Fig. 6, our proposed method
(empty circles) performs more effectively in
conserving energy than the original DEF.
Figure8. Average traveled hops per false report.
Fig. 8 shows the average traveled hops per  Ye F, Luo H, Lu S. Statistical En-
false reports. As discussed previously, false Route Filtering of Injected False
reports cause energy drain. Our proposed Data in Sensor Networks. IEEE J.
method shows fewer travel hops than the Sel. Area Comm., 2005, 23(4): 839-
original DEF (with MACs 2, 4, and 6), thus 850.
conserving energy.
 Przydatek I, Song D, Perrig A. SIA:
5. Conclusion Secure Information Aggregation in
Sensor Networks. In Proc. SenSys,
In DEF, SP is important since it trades off
2003, pp.255-265.
security and energy consumption. In this
paper, we propose a threshold determining
method based on fuzzy logic. In our
proposed method, SP is determined based on
CN, KDL, and DBS. Of the input
parameters, DBS is especially important in
determining SP, since eluded reports
generated distant from the BS travel more
hops into the network (Fig. 4 (b)) than from
nodes in a cluster near the BS. This leads to
energy waste. As shown by simulation, our
proposed method shows effective
performance, balancing energy conservation
and security.

References

 Yu Z, Guan Y. A Dynamic En-route

Scheme for Filtering False Data
Injection in Wireless Sensor
Networks. In Proc. SenSys, 2005,
pp.294-295.

 Zhu S, Setia S, Jajodia S,

Ning P. An Interleaved Hop-by-Hop
Authentication Scheme for Filtering
of Injected False Data in Sensor
Networks. In Proc. S&P, 2004,
pp.259-271.

 Yang H, Lu S. Commutative Cipher

Based En-Route Filtering in Wireless
Sensor Networks. In Proc. VTC,
2003, pp.1223-1227.