State Context and Hierarchical Trust Management … 109 changes in the environment can have an impact on behavior. This sudden change in behavior will be considered as an anomaly and an alert will be generated. Also, since the first phase is dedicated solely to the development of the definition of
“normal behavior”, this one is particularly vulnerable to attack. Indeed, the pres- ence of signals related to an attack in the learning trace will result in skewing the definition of behavior. Thereafter, any similar attack will be treated as a normal behavior. The information used during this first phase in the optimal condition must be totally free from damage. In practice, it is frequently impossible to have such perfect environment.
110 R. B. Kagade and J. Santhosh Its operation is divided into rounds and each round is composed of two phases [17]. In cluster formation phase, LEACH elects some cluster heads according to the probability shown below.
Pi(t)=
k
N−k(rmodN/k),Ci(t)=1
0, Ci(t)=0
where k is the desired number of cluster heads, Ci(t) is the indicator function deter- mine whether or not node i has been a cluster head in most recent (r mod N/k) rounds.
Pi(t) is the probability for node i to become a cluster head. The rest of sensor nodes join the proper cluster according to the signal strength from the cluster heads. In the data transmission phase, the cluster heads aggregate the data from their cluster members. Since cluster head is chosen by probability in each round, the load is balanced to certain extent.
Trust Calculations
Interactive trust refers to the trust value computed by the number of interactions between nodes, and an interaction means a node sending/receiving a packet or a request to/from another node. The trust value is mapped to the integer number in the range of [0, 10], where 0 demonstrates the most distrustful, while 10 implies the most trusted, and 5 is the medium trust [1] shown in Fig.1.
Sensor nodes trust is evaluated by the CH in a cluster, i.e., CH-to-SN trust, which considers multidimensional trust, including interactive trust, honesty trust and content trust, during the procedure of trust calculation.
Interactive trust SITij (t) is calculated by the number of interactions between node j and its CH i int. In the proposed method, interaction refers to all commu- nication behavior including sending and receiving of request and data packets. The greater the number of interactions of two nodes, the higher is the trust value [18].
However, in WSNs, if the number of interactions exceeds a threshold, the trust value will decrease because there may exist malicious interactions such as attacks that send a large amount of packets or requests to exhaust the energy of the node. Therefore, unlike trust evaluation in social networks, the interactive trust evaluation method in
Fig. 1 Wireless sensor network
State Context and Hierarchical Trust Management … 111 WSNs is put forward. Inspired by Normal Distribution in Statistics, the probability density function, which is normalized to [0, 1] to calculate the interactive trust, is adopted when the number of interactions exceeds a threshold.
Interactions between CH and SNs are abstracted as an undirected weighted graph, the weight of which represents the number of interactions between them.
The interactive trust value of SN j evaluated by CH, SITij (t) can be defined as S I T i j(t)=
10×W i j W i j
, j ∈G, W i j≤λμ;
10×ex p ex p
−|W i j−μ|
θ
j∈G, W i ≥λμ;
wherexdenotes the largest integer that is equal to or less than x,μis the mean value of the number of interactions between CH and SNs in the same state,λμis taken as the threshold of the interaction range, in whichλis a parameter used to define the upper limit of normal interactions, andθis a significant factor, which values 1, 10 and 100 when wijis a single digit, tens digit or hundreds digit, correspondingly, and so on.
Example:
The WSN is assumed to contain eight nodes and one cluster head. Cluster head is selected depending on computation power, energy, honesty and distance between CH and base station (Fig.2).
Fig. 2 Trust calculation in WSN
112 R. B. Kagade and J. Santhosh Calculation of Trust value
(i) λis set to be 2.
(ii) The value ofθis 1,10,100 depending on value of wij. If the value of wijis two digitsθis 10. If wijis three digit number thenθis 100.
(iii) μis mean of weights.
μ=((3+5+4+13+5+6+4+16)/8)=7
(iv) Maximum weight max (wij)=13 because weight 16 is greater thanλμ(14).
The maximum weight is discarded and 13 is considered as maximum weight.
(v) μ=((3+5+4+13+5+6+4+16)/8)=7 Trust value is calculated as follows SITij(t)= (a) For node A=10∗(3/13)=10∗0.2307
=2.307
=2 (b) For node D=10∗(13/13)=10∗1
=10∗1
=10
(c) For node H. The weight is 16; it is greater than thresholdλμwhich is 14. As the number of is greater than 14 it is considered as distrustful.θis 10 as the wijis two digit number. The trust value is calculated as follows (Table1)
SITij(t)=10×exp(−|16−7|/10)
=10×exp(−|0.9|)
=10×0.4065696
=4.06
=4
Table 1 Evaluation results of
examples in Fig.1 Nodes Evaluation results of trust values
A 2
B 3
C 3
D 10
E 3
F 4
G 3
H 4
State Context and Hierarchical Trust Management … 113 Honesty Trust of SNs
Honesty trust SHTij (t) is calculated by the number of successful and unsuccessful interactions between CH i and a non hibernating SN j int. The CH i overhear the SN j if j does not deliver a packet int or transmits the packet to another node that is not in its routing table, or if the packets from j do not reach the CH i, the interaction between them is considered an unsuccessful interaction.
The number of successful and unsuccessful interactions between active nodes and CH i int is denoted as s and f, and the trust value is evaluated using formula given below.
S I T i j(t)=
10×(s+1) (s+ f +2)
, when f =0
10×(s+1)
(s+ f +2)× f−21 , when f =0
When there are no interactions between active members, i.e., s=f=0, the trust value is 5. If there are unsuccessful interactions, the honesty trust value will decrease sharply because of the punishment executed by [13]. For non active members, they inherit the trust value of their lasno hibernating state.
Content Trust of SNs
Content trust is the trust evaluation based on observing data, which is data-oriented trust calculated by CH. Content trust is introduced because the WSN is a data- centric network and the observing data are the factor of most concern for applications.
Tampering attacks often occur in WSNs to interfere with the network and applications and can be identified by content trust.
C T i j(t)= 10×ex p(−Di j)
Di j = dm
k=1
(X i k−X j k)2˙ 12
The overall trust of SN j evaluated by CH i is calculated by formula given below, which aggregates the interactive trust, honesty trust and content trust.
S O T i j= αS I T i j+βS H T i j+(1−α−β)SC T i j
Parameters α, β ∈ [0,1] are weights for each sub trust value. The higher the weight, the more important that sub trusts is to overall trust and vice versa.
114 R. B. Kagade and J. Santhosh Intrusion Detection at SN level
Malicious SN detection is executed by the respective CH. The CH c evaluates and maintains the trust value of SN j in the same cluster and selects a trust threshold TSthi according to the trust value of SNs in cluster i, which is calculated as (Table2) :
T St hi=
avgj∈C Land S O Tcj≥5{S O Tcj}
; ∃j,s.t S O Tcj ≥55; ot her
Intrusion Detection at CH level T Ct h =
avgj∈C H SandC O Tbj≥5{C O Tbj}
; ∃j,s.t C O Tbj≥55; ot her