Ingeniería e Investigación vol. 38 n.

° 1, april - 2018 (130-138)

DOI: http://dx.doi.org/10.15446/ing.investig.v38n1.65453

Overview of DOS attacks on wireless sensor networks and

experimental results for simulation of interference attacks
Visión general de los ataques de DOS en redes de sensores
inalámbricos y resultados experimentales para la simulación
de ataques de interferencia
Željko Gavrić1, and Dejan Simić2

ABSTRACT
Wireless sensor networks are now used in various fields. The information transmitted in the wireless sensor networks is very sensitive,
so the security issue is very important. DOS (denial of service) attacks are a fundamental threat to the functioning of wireless sensor
networks. This paper describes some of the most common DOS attacks and potential methods of protection against them. The case
study shows one of the most frequent attacks on wireless sensor networks – the interference attack. In the introduction of this paper
authors assume that the attack interference can cause significant obstruction of wireless sensor networks. This assumption has been
proved in the case study through simulation scenario and simulation results.
Keywords: Wireless Sensor Networks, Intrusion detection, Wireless communication, Communication system security,
Radiofrequency interference.

RESUMEN
Las redes de sensores inalámbricos se utilizan ahora en varios campos. La información transmitida en las redes de sensores
inalámbricos es muy delicada, por lo que el tema de la seguridad es muy importante. Los ataques de DOS (Denegación de servicio)
son una amenaza fundamental para el funcionamiento de las redes de sensores inalámbricos. Este documento describe algunos de
los ataques DOS más comunes y los posibles métodos de protección contra ellos. El estudio de caso muestra uno de los ataques más
frecuentes a las redes de sensores inalámbricos: el ataque de interferencia. En la introducción de este artículo, los autores suponen
que la interferencia de ataque puede causar una obstrucción significativa de las redes de sensores inalámbricos. Esta suposición se
ha demostrado en el estudio de caso a través de escenarios de simulación y los resultados de estas simulaciones.
Palabras clave: Redes de sensores inalámbricos, detección de intrusión, comunicación inalámbrica, seguridad del sistema de
comunicación, interferencia de radiofrecuencia.
Received: June 6th 2017
Accepted: November 20th 2017

Introduction communicate with the sink. Typical sensor node consists of

(Dargie et al., 2010):
Wireless sensor networks – WSN are created with the
purpose of collecting and analyzing data in real time. • Sensor, which is in charge of converting the observable
They are mainly intended to work with small amounts of physical size to electronic
data. WSN are most commonly used for environmental
• Processor, which is in charge of receiving, sending and
observations, tracking natural catastrophes, control of
processing sensor data
business processes, smart environments (smart houses,
smart buildings, smart parking), traffic tracking, medical
applications, etc. 1
Engineer of Informatics, M.Sc., Faculty of Information Technology, Slobomir
P University, Bosnia and Herzegovina. Affiliation: Teaching assistant, Faculty
WSNs consist of individual sensor nodes (SNod). These of Information Technology, Slobomir P University, Bosnia and Herzegovina.
E-mail: [email protected]
sensor nodes gather environmental data, collaborate 2
Electrical Engeener, Ph.D., Faculty of Electrical Engineering, University of Bel-
with each other and send the measured data via wireless grade, Serbia. Affiliation: Full professor, Faculty of Organisational Sciences,
communications to the sink (Fan, 2016). The sink takes University of Belgrade, Serbia. E-mail: [email protected]
data from sensor nodes, analyses and synthesizes them How to cite: Gavrić, Ž., Simić, D. (2018). Overview of DOS attacks on wire-
and serves the purpose of interface for the outside world. less sensor networks and experimental results for simulation of interference
The sink is usually connected to the end user through the attacks. Ingeniería e Investigación, 38(1), 130-138.
DOI: 10.15446/ ing.investig.v38n1.65453
use of existing network infrastructures such as internet
or GSM networks. Within one sensor network there are
usually hundreds, even thousands of sensor nodes, which Attribution 4.0 International (CC BY 4.0) Share - Adapt

130
 GAVRIĆ, AND SIMIĆ

• Communication subsystem, which is in charge of WSN performance under some attacks is described in
sending and receiving data Rupayan et al. (2016). This paper shows how does the
interference reduces throuput of WSN.
• Power supply subsystem, which is in charge of securing
autonomy of sensor node.
Apart from the components listed above, sensor nodes can Communication in wireless sensor networks
have additional components such as a GPS module which
is used for determining the location of the sensor node. Sensor nodes are scattered on the sensor array. All sensor
Sensor nodes can also have actuators with which they nodes send data to sink. In order for sensor nodes to send
influence the observed process. In case additional modules the data properly to the sink and vice versa, it is necessary
which require a vast amount of energy are used, it is very to obey the rules of communication – protocols. Figure 1
difficult to sustain the energetic stability of a sensor node. shows protocol stack which is used with WSN.
Sensor nodes have limited resources, such as the battery
power supply, weak processing ability and similarly. It is
possible to prolong battery lifetime in scarce environ­ments
of energy by using several different energy efficiency
techniques. There are approaches based on power saving
techniques such as data compression (Distribution Com­
pressive), improvements to routing algorithms and the
me­thod of hibernating of the sensor node (Oliveira, 2015).

Most wireless sensor nodes are placed on uncontrolled

terrain, where there are various safety hazards. It is
important to determine those hazards and take necessary
precautions to secure proper network functioning. Figure 1. Protocol stack for WSN.
Source: Pomalaza (2004)
This paper consists of a theoretical and an experimental
part. Theoretical part has two sections. Section 2 describes The picture shows that all used protocols are distributed in
the basic principles of communication in WSN. It shows 5 layers: application, transport, network, data connection
the protocol stack and explains the layers of the protocol layer and physical layer that is consistent to TCP/IP layered
stack. Section 3 describes DOS attacks and potential model.
solutions for detect and prevent of some attacks. The attacks
are sorted by protocol stack layers. Distributed DOS attacks Application layer’s function is to separate hardware and
are described like special category of DOS attacks. The software from end user. Because of that it is possible to
experimental part shows a realization of an attack, where create and use a vast amount of different applications.
the attacker interferes with proper functioning of wireless Different protocols are used depending on the task the
network. This attack is one of the most commonly used sensors are supposed to do.
attacks and can cause a complete shutdown of a WSN.
Transport layer must secure the data transfer from sensor
This paper begins with assumption that interference can nodes to the sink. End to end reliability is not implemented
cause serious obstruction of a WSN, which means it can between individual sensors and the sink, but between the
lead to loss of packets being transferred within the WSN. event and the sink. Event consists of group of sensor nodes
Besides that, there is an assumption that interference which can detect observed occurrence. Simultaneously, the
depends on the distance between the attacker and the sink usually sends data to a specific sensor node.
network node, therefore, in the experimental part the
authors consider how the distance between the sink and Network layer is responsible for data routing in WSN. Except
the attacker affects the outcome of the attack. routing, transport layer must provide energy efficiency and
the data aggregation. Routing is performed using any of the
techniques of routing, such as flooding or gossiping (Fan,
Related works 2016).

Many papers describe the taxonomies of DOS attacks. Most Data link layer is responsible for multiplexing data stream,
of those papers show attacks clasified by protocol stack detecting data frames, medium access and error detection
layers (Raymond et al., 2008; Wood 2002). Some of papers (Dargie, 2010).
show attacks classified on pasive and active (Shahzad et
al., 2017). Physical layer is responsible for choosing frequency,
generating frequency carrier, signal detection, modulation
Radio interference attack is described in Hamieh et al. of data. Most commonly frequencies from ISM (industrial,
(2009), Nancy et al. (2014) and Hamza et al. (2016). scientific, and medical) range are used. Generating

Ingeniería e Investigación vol. 38 n.° 1, april - 2018 (130-138) 131

Overview of dos attacks on wireless sensor net-works and experimental results for simulation of interference attacks

frequency carrier and signal detection depend on hardware • Decrease in network performance;
limitations, and the goal is to be simple, save energy,
• Parts of the network are not responding;
and achieve the lowest price of the final product. Most
commonly binary and M-ary modulation schemes are used. • Increase of spam messages;
Binary modulation schemes are cheap because of their
• Delay or loss of packets and their confirmations.
simple implementation, and thus they are characterized by
better power efficiency (Pomalaza, 2004). In Table I the most common DOS attacks are shown,
classified according to protocol stack layers.
Apart from layers which are consistent with TCP/IP model,
there are also planes, like the plane for power control, the Table 1. Dos attacks
plane for movement control and the plane for task control.
Layer Attacks
Planes overlook power consumption, movement and
distribution of tasks between sensors. They enable reduction Jamming
Physical layer Interference
of total power consumption and help with coordination in Node tampering and destruction
the data collection process.
Collision
Link layer Exhaustion
Data connection layer and physical layer are defined with Unfairness

802.15.4 standard. This standard defines personal wireless Sybil

small speed networks. It represents the basis for technologies Network layer
Selective forwarding
Sinkhole
such as ZigBee, ISA100.11a, WirelessHART, MiWi, SNAP Hello flooding
Wormhole
and Thread (Callaway et al., 2002).
Flooding
Transport layer
Desynchronization

DOS attacks Application layer

Overwhelming sensors (sensor overload)
Path based attack

Source: Authors
Considering that radio media is used to transfer data
within WSN, the very process of sending is subject to
various safety risks and threats. Sensor nodes have limited DOS attacks depending on their level of destructiveness
resources. Therefore, it is often not possible to protect them can be classified in following groups (Buch et al., 2010):
with sophisticated safety protocols and techniques. Safety
protocols and mechanisms within WSNs are developed in • Attacks which waste resources, such as memory,
such a way that they secure the network on a satisfactory processing time, bandwidth and similar
level using as little resources as possible. In contrast to • Attacks which delete or change rooting information
sensor nodes, attacker can use equipment which has
much larger resources and capabilities, such as stronger • Attacks which interrupt information about network
antennas for signal emission, constant power supply, strong status, such as interrupting TCP session
processor and memory capacity. This is part of the reason • Attacks which interfere the communication between
why number of attacks on WSNs is increasing. legitimate nodes

Attacks on WSNs are aimed to jeopardize network

functioning, in order to abuse data which is being
DOS attacks classification by protocol stack layers
transferred within the network, to spy on or interfere with
network. Attacks can be classified according to the layer of This chapter explains different types of DOS attacks
protocol stack that they are attacking. classified by protocol stack layers.

One of the most common attacks on WSNs, and that goes DOS attacks at physical layer
through all layers of protocol stack, is DOS attack. The
main aim of this attack is to disable proper functioning of Jamming is one of the most common DOS attacks on WSNs.
the network. Attacker or attackers, using various types of Attacks are defined as constant interference, random,
attacks, prevent the legitimate network nodes from using deceptive and reactive functions. In case of constant
the network resources. If the network is being attacked jamming, data is emitted by the attacker in regular time
by multiple attackers, that situation is called a distributed intervals. Flooding attack happens when the attacker acts
attack. This kind of attack can cause significantly more like a legitimate node within the network and continuously
problems in network functioning than attacks on a single sends data. Also when the attacker notices data transfer
node. Attacker can be an outside node, which is not a part within the network he then emits jam signal. Instead of
of WSN, or it can be one of the legitimate nodes that’s been continuously sending out a radio signal, a random jammer
compromised by the attacker. Some of the indicators of alternates between sleeping and jamming. Specifically,
DOS attack are (Buch et al., 2010): after jamming for a while, it turns off its radio and enters

132 Ingeniería e Investigación vol. 38 n.° 1, april - 2018 (130-138)

 GAVRIĆ, AND SIMIĆ

a “sleeping” mode. It will resume jamming after sleeping time as legitimate nodes in order to intercept the arrival of
for some time (Xu et al., 2006). Another kind of jammer is the packet from the legitimate node to the receiver.
a deceptive jammer. It sends a constant stream of bytes into
the network to make it look like legitimate traffic (Raymond Counter measures: To overcome this problem ECC (error
et al., 2008). An alternative approach to jamming wireless correction code) must be used. Most codes correct lesser
communication is to employ a reactive strategy. A reactive collisions, but they require additional processor capacity
jammer stays quiet when the channel is idle, but starts and communication resources. The main problem is that
transmitting a radio signal as soon as it senses activity on the attacker is capable of generating more errors than can
the channel (Xu at al., 2006). be corrected (Raymond et al., 2008). In the paper (Dbibih
et al., 2016) a new algorithm for limiting access to medium
Counter measures: Spread spectrum technique helps in CAMAC, is shown. The function of this algorithm is to
avoiding these kinds of attacks (Raymond et al., 2008). Aside prioritize every message in order to minimize the number
from spread spectrum technique, nodes must have their of collisions.
own strategy to confront jamming attacks. Such as putting
node into sleep mode during the duration of jam signal, Exhaustion occurs in the case of constant collisions, which
in order to preserve power efficiency, also periodically leads to a complete congestion of the channel. Usually the
waking up nodes in order to check if the jamming signal is attacker sends large number of RTS (requests to send).
still active (Ghildiyal et al., 2014). In the paper (Nancy et
al., 2014), the new approach for detection and protection Counter measures: One of the solutions to this is for MAC
from jamming attacks, is described. This approach uses two (Medium Access Control) to reject enormous number of
modules which determine the level of interference in WSN. requests from a specific node (Amara et al., 2013). Other
First module protects the network from internal nodes solution for this kind of attack is to use time multiplexing, i.
that are marked as nodes which previously emitted large e. to set a time limit for the access medium and in that way
amounts of jamming signal. Second module detects new to reject attacker’s excessive number of requests (Ghildiyal
potential attacker nodes. Results shown in the paper reveal et al., 2014).
that this approach offers high level of attacker detection.
Unfairness occurs with illegal use of connection layer
Interference occurs when the attacker generates large mechanism that obstructs regular activities. Unfairness
amounts of network traffic in the form of radio waves, occurs with collision or constant access to the channel.
periodically or constantly in order to interfere with network
functioning. Counter measures: In order to minimize unfairness it is
necessary to use small rams by all sensor nodes. When
Counter measures: Symmetrical key algorithm with delayed small rams are used all nodes deny access to the channel
revelation of keys during the pause is used in order to solve for short periods of time (Saxena, 2007).
this problem (Raymond et al., 2008). In the work presented
by Danyang et al. (2013), the use the mechanism with DOS attacks at network layer
adaptive filtering on bases of predetermined threshold of
interference in order to gain more efficient frequency range Sybil attack occurs when the malicious node presents
is suggested. This mechanism contributes to a decrease of multiple identities to other nodes in the network. A node
interference and to more efficient use of resources within can appear in multiple locations or multiple times in a
WSN. single network. It can be very complicated for the attacker to
convey this type of attack in the network in which every pair
Node destruction occurs when attacker gains physical of neighboring nodes uses a unique key for initialization or
access to the node and disables its functioning or gains frequency hopping in expanded range. With Sybil attacks
access to its memory with the aim to change the information when routing protocols are attacked, the malicious node
which secures proper functioning. Defective node causes takes identity of multiple nodes which leads to conveying
interference in communication. multiple routs through it.

Counter measures: The way of protection from physical Counter measures: Defense against Sybil attacks is achieved
access to the node is setting up a physical package to through identity check and through use of ID based key
protect it or placing the node on hardly accessible location and location based key (Shahzad et al., 2017). In the paper
(Raymond et al., 2008). (Yong et al., 2006), the way to detect Sybil attack using
inquiries is described. This is achieved through sending
DOS attacks at data link layer inquiries to the nodes in the cluster by the master node in
the cluster.
Collision occurs when two nodes try to send packets at
the same time on the same frequency. Loss of packet or Selective forwarding is an attack which occurs when the
sum control error appears in the transmitter that sends malicious node rejects some of the received packets, and
messages. The malicious node tries to send data at the same forwards others. The attacker can reject packets according

Ingeniería e Investigación vol. 38 n.° 1, april - 2018 (130-138) 133

Overview of dos attacks on wireless sensor net-works and experimental results for simulation of interference attacks

to certain criteria. Therefore it can forward all the packets bidirectional verification scheme. The attacker can be
received from a certain node and reject all the packets identified by checking the average signal strength of the
from another node. Specific case of this type of attack is nodes within network, therefore the node with greater
rejection of all packets, but in this case the neighboring signal strength then the surrounding nodes is the potential
nodes easily detect the malicious node, and start using attacker (Maleh et al., 2016).
alternative routes.
Wormhole attack occurs when the attacker tunnels data
Counter measures: Solution to this kind of attack is using traffic between one part of the network and the other,
multiple routes (Hossain et al., 2015). In the paper (Mathur using direct slow speed connection. For this attack usually
et al., 2015), modified protocol for safe routing is described. two malicious nodes are used, one of which is near the
This protocol has the ability to detect attacks on routing, sink. One node is presented to other surrounding nodes as
such as selective forwarding. the best node for forwarding data to sink. The forwarding
usually seems executable in one jump, using a tunnel
Sinkhole is an attack which occurs when the malicious node between the two malicious nodes.
is positioned in such way that all data traffic of a certain
area is routed through it, and its role is to reject all received Counter measures: Possible minimization of this kind
packets. The malicious node is identified by surrounding of attack can be achieved through geographic routing
nodes as the most efficient node to send data through. The protocol; same as for Sinkhole attack (Hossain et al., 2015).
node achieves this by reducing the number of jumps to the In the paper (Goyal et al., 2015) defenses against wormhole
sink using a strong transmitter. The longer malicious node attacks are sorted into following categories: location and
operates within the network, the more rapidly the number temporal based defense approach (it is based on time
of nodes that send data through it increases. A sinkhole synchronization and distribution of secret keys), defense
attack can be achieved using an artifical beneficial route. approach based on connection and surrounding nodes (it is
In this type of attack the intruder has greater computational based on jump count and listing of neighboring nodes), and
and communication power than other nodes and manages approach based on topology (it is based on adding extra
to create a high quality single hop connection with the base elements that deal with network monitoring).
station. It then emits its high quality routing message to its
neighbors. After this, all the neighbors divert their traffic DOS attacks at transport layer
to the base station to pass through the intruder and the
sinkhole attack is launched (Chaudhry et al., 2013). Flooding occurs when the attacker sends large number of
requests for establishing connection, therefore depleting
Counter measures: One of the solutions for this type of resources of legitimate nodes. Namely, transport layer
attacks is the use of geographic routing protocol (Yong et protocols are sustaining end to end connection, so sending
al., 2006). In the paper (Wazid et al., 2013), algorithm a request for establishing the connection is required every
which detects and prevents this type of attack is described. time we want to establish the connection.

Hello flooding occurs when attacker sends a broadcast Counter measures: This kind of attack is solved by limiting
hello message using equipment which has strong emission the number of connections that a single node can establish,
power. The message is received by a large number of but in this case it is possible for a legitimate node to fail to
nodes that detect surrounding nodes as the attacker, even connect (Saxena, 2007). Solution offered in Amara et al.
though the real attacker is usually distanced from the node (2013) requires that the node which needs to establish the
and actually is out of their range. Legitimate nodes send connection with another node must first solve a puzzle. For
messages towards the attacker, and in case the attacker the attacker this requires additional resources, and prevents
receives these messages he rejects or abuses them in other the establishment of a large number of connections in short
ways. In case messages are not delivered to the attacker period of time.
node, their content is lost. Namely, large number of
protocols requires broadcast sending of ‘hello’ message by Desynchronization refers to disconnection of established
every single node (Singh et al., 2010). Every node presents connection. The malicious node requires constant sending
the message to his neighbors, so they can communicate of requests for establishing connection from one or both
with it. For this type of attack, the attacker usually uses a nodes between which the connection is established. This
laptop of a much stronger configuration then the sensor way the established connection desynchronizes, and
nodes. besides that, additional power is wasted on responding to
the malicious node.
Counter measures: Solution to this kind of attack is the use
of authentication by the third node (Yong et al., 2006) or Counter measures: Solution for this kind of attack is to
geographic routing protocol (Raymond et al., 2008). In the authenticate all packets being exchanged between sensor
paper (Maheswari et al., 2016) new safety routing scheme nodes, including all fields of packet header (Benbrahim,
RAAED is presented. This scheme is based on enhanced 2011).

134 Ingeniería e Investigación vol. 38 n.° 1, april - 2018 (130-138)

 GAVRIĆ, AND SIMIĆ

DOS attacks at application layer In the paper (Mopari et al., 2008) DDOS attacks are
classified into volume based attacks, protocol based attacks
Sensor overload occurs when the attacker tries to overload and application layer based attacks. In the following table
the node by stimulating sensors, which causes forwarding detailed classification of DDOS attacks is shown.
of large amount of data traffic towards the sink. This attack
overloads the bandwidth and wastes node’s power. Table 2. DDOS attacks

Category of DDOS attack Attacks

Counter measures: This kind of attack is preventable
by setting sensors’ sensitivity, as well by limiting the ICMP flooding
UDP flooding
Volume based attacks
speed of data sending from the nodes (Raymond et al., Spoofed-packet
flooding
2008). Limiting bandwidth and efficient aggregation can
SYN flooding
successfully reduce effectiveness of this attack. Fragmented packets
Protocol based attacks
Ping of death
Smurf
Path based attack occurs when the attacker injects replayed
packets to flood the end to end communication between Application layer based attacks
Zero-day
Slowloris
two nodes. Every node in the path towards the base station
forwards the packet, and if large number of fake packets Source: Authors
are sent all of these become busy. So, this attack consumes
network bandwidth and energy of the nodes (Deng et al., There are many ways to prevent and detect DDOS attacks.
2005). Some of them are shown in following text.

Counter measures: The solution is to choose a good In Mopari et al. (2008) a mechanism which is focused on
authentication method or anti replay protection (Isha et al., detection and rejection of false packets is shown. Packet
2013). authenticity is checked by the estimated number of jumps
required for packet to reach its destination. Table of jump
Distributed DOS attacks numbers is created with purpose of finding and memorizing
the number of packet hops. This table is used for discovering
Distributed DOS attacks – DDOS (distributed denial of false packets which are discarded in filtering phase.
service) represents special group of attacks during which
multiple nodes in cooperation attack the WSN. In this DAT (Liu et al., 2011) is model of defense which analyzes
situation the attacked node is being flooded by hundreds the behavior of nodes in order to determent whether the
or even thousands of different nodes (Wesam et al., 2014). node is real or false.

DDOS attack consists of four elements (Sonar et al., 2014): Depending on the activities conducted by the user, system
evaluates whether the node is valid, and it eventually takes
• Real attacker steps towards disconnecting it from network.
• Compromised nodes which are running a special
In Choi et al. 2010) integrated infrastructure for defense
program (handler), and have the ability to control
from DDOS attacks is presented. Firstly, attack is divided
multiple agents
into three phases, than requirements for defense are shown
• Agent nodes, which execute special program that is for each phase. When all requirements are met, integrated
responsible for generating streams of data towards infrastructure is created IDDI.
victim (the attacked node). These nodes are usually
outside of victim’s network Sahu et al. (2014) present the system for network data
filtering whose aim is to prevent DDOS. Network filter
• Victim
tracks data traffic from nodes, and if it detects that a node
The flow of DDOS attack is shown in Figure 2: emits large quantity of data in short time intervals, it
determines that the node is the attacker and discards its
packets that are being sent to sink.

Modern systems for attack detection IDS (Intrusion

Detection System) collect information from network, save
the information and based on detailed data analysis detect
the attacker in the network (Shanthi et al., 2016). These
systems contain procedures and mechanisms for detection,
prevention and reaction in case of attack.
Figure 2. The flow of DDOS attack
Source: Malik et al. (2015)

Ingeniería e Investigación vol. 38 n.° 1, april - 2018 (130-138) 135

Overview of dos attacks on wireless sensor net-works and experimental results for simulation of interference attacks

Case study towards sink, and in this process the number of received
packets by the sink is tracked.
In the practical part of this paper, the authors describe
one way of provoking a DOS attack. As it was mentioned After testing different sub scenarios different results were
previously, DOS attacks aim to disable proper network acquired depending on the distance of the attacker node.
functioning. This is one of very common attacks on WSN. In the following table summary results of testing are shown.

The authors describe and implement a scenario of this type Table 3. Testing results
of attack in the following text by adding an attacker node
to WSN. The attacker emits large quantity of data traffic With attacker
Without
with the aim to disable other nodes in the network from attacker Distance Distance Distance
from sink from sink from sink
successfully sending their data to sink. Simulator Omnet++ 10 m 20 m 30 m
(https://omnetpp.org) and Castalia module (https://forge. Number of
187 25 73 124
received packets
nicta.com.au) for simulation of WSNs are used to simulate
Number of non
this scenario. received packets
0 162 114 63

WSN which is used for the simulation consists of 5 legitimate Source: Authors
sensor nodes, of which one represents sink. The sink is
represented by node 0, while remaining 4 nodes try to send As it is seen in the test results, interference increases when
data to the sink. If there is no attacker, the sink receives attacker node gets closer to the sink. Number of packets that
data from 4 legitimate nodes. If there is an atacker in the are being received significantly drops when attacker node
WSN area, the sink doesn’t receive all the packets sent from approaches the sink. When attacker is at 10 m, 20 m and
legitimate nodes. The authors want to find out how many 30 m distance from the sink, it receives 13,36 % packets,
packets the sink would receive in case the attacker moves 39,04 % packets and 661,31 % packets respectively. In Figure
to a different distance from the sink. For this purpose the 4 diagram of simulated scenario is shown. Number of sent
authors used throughput test aplication, where all legitimate packets and received packets by the sink depending on the
nodes send packets to the sink. This application shows all distance of attacker node from the sink is shown on diagram.
received packets from nodes. The throughput test application
is described in detail in Boulis (2011).

In Figure 3 simulation scenario is shown.

Figure 4. Diagram of testing results.

Source: Authors
Figure 3. The flow of DDOS attack.
Source: Authors With detailed analysis of received packets it is clear that the
sink received the least packets from nodes 1 and 5 which
Legitimate nodes in the network are static and they are were the closest to the route on which the attacker node
located on proper distance from one another in order to is moving. That means that the attacker jamming route
avoid interference. Attacker node is mobile node, which beetwen legitimate nodes and the sink and the distance of
means it moves in preset manner. In specified periods the attacker are significant factors for the achievement of a
of time attacker node will cause interference which will physical DOS attack.
disable sink from receiving data from legitimate nodes.
From listed examples it can be concluded that interference
In simulation scenario attacker nodes is moving forward in attack is a very serious attack that can disturb proper
a straight line on predefined distance from sink. Few sub functioning of WSN. This kind of attack is fairly easy to
scenarios are implemented which have different minimum implement, which brings up the importance of using
distance from the line in which attacker node moves adequate defense against it.

136 Ingeniería e Investigación vol. 38 n.° 1, april - 2018 (130-138)

 GAVRIĆ, AND SIMIĆ

Conclusion industrial environments. Ingeniería e In­vestigación, 35(2),

67-73.
Research area of WSNs is very active and new technologies DOI: http://dx.doi.org/10.15446/ing.investig.v35n2.45289
are being developed constantly. Given the prevalence of Wood, A. D., & Stankovic, J. A. (2002). Denial of service in
WSNs various security issues may arise. One of the big sensor networks. computer, 35(10), 54-62.
issues is that nodes of WSN are often placed on various
Das, R., Bal, S., Das, S., Sarkar, M. K., Majumder, D.,
locations, which are usually difficult to secure from
Chakraborty, A., & Majumder, K. (2016, October).
physical access. Safety omissions not only can jeopardize Performance analysis of various attacks under AODV
proper functioning of WSN, but they can also lead to in WSN & MANET using OPNET 14.5. In Ubiquitous
spreading of false information within the network. This may Computing, Electronics & Mobile Communication
cause for user to receive wrong data, and to make wrong Conference (UEMCON), IEEE Annual (pp. 1-9). IEEE.
decision based on them, which could potentially lead to
Xu, W., Ma, K., Trappe, W., & Zhang, Y. (2006). Jamming sensor
catastrophic consequences on the observed environment.
networks: attack and defense strategies. IEEE Network,
20(3), 41-47.
This paper included basic threats which are threatening
WSN on daily basis. The main part of the paper describes Pomalaza, C. (2004). Wireless sensor network. University of
DOS attacks on WSN and solutions suggested by literature Oulu, Finland.
for detecting and solving particular attacks. This type of Callaway, E., Gorday, P., Hester, L., Gutierrez, J. A., Naeve,
attack leads to a complete or partial shutdown of WSN, M., Heile, B., & Bahl, V. (2002). Home networking with
and therefore it is not strange that large amount of research IEEE 802.15. 4: a developing standard for low-rate wireless
is conducted daily in order to protect WSN from different personal area networks. IEEE Communications magazine,
kinds of DOS attacks. DOS attacks can be divided in 40(8), 70-77.
multiple categories. In this paper the authors use a Hossain, M., Muslima, U., & Islam, H. (2015). Security Analysis
categorization of attacks according to protocol stack layers. of Wireless Sensor Network. Journal of Multidisciplinary
The most threatening attacks are DOS attacks on physical Engineering Science and Technology (JMEST), Vol. 2 – Issue
layer, DOS attacks on connection layer, DOS attacks on 1, pp. 393-403, 2015. DOI: 10.1155/2014/303501
network layer, DOS attacks at transport layer and DOS Buch, D., & Jinwala, D. C. (2010). Denial of Service Attacks
attacks at application layer. in Wireless Sensor Networks. International conference on
current trends in technology, Nuicone.
In the case study described in this paper influence of DOS Shahzad, F., Pasha, M., & Ahmad A. (2017). A Survey of
interference attacks is shown, they emit large quantities of Active Attacks on Wireless Sensor Networks and their
data in the form of radio waves that disable information Countermeasures. International Journal of Computer
flow from legitimate nodes to sink. Few situations have been Science and Information Security, Vol. 14, No. 12. arXiv
tested in Omnet++ simulator by using Castalia simulation preprint arXiv:1702.07136
model for simulating WSNs. The results generated by the
Isha ,Arun, M., & GauravR. (2013). DOS Attacks on TCP/IP
simulation were shown. Layers in WSN. International Journal of Computer Networks
and Communications Security VOL. 1, NO. 2, 40–45.
The main assumption of the authors was that interference
Raymond, D.R., & Midkiff, S.F. (2008). Denial of Service in
attacks disrupt WSN functioning. This assumption has been
Wireless Sensor Network: Attacks and Defenses. IEEE
proven in the experimental part of the paper. Based on
Pervasive Computing, Vol. 7, Issue 1, pp.74-81.
generated test results it can be determined that significant DOI: 10.1109/MPRV.2008.6
packet losses occur during the attack, i. e. in the used
scenario information flow from sensor nodes to the sink Ghildiyal, S., Mishra, A. K., Gupta, A., & Garg, N. (2014).
has been mostly disabled. Case study shows that distance Analysis of denial of service (dos) attacks in wireless
of the attacker is a significant factor when an interference sensor networks.  IJRET: International Journal of Research
in Engineering and Technology, Vol. 3, eISSN: 2319-1163,
attack occurs.
pp.140-143.
Nancy, J. T., VijayaKumar, K. P., & Kumar, P. G. (2014).
References Detection of jammer in Wireless Sensor Network.
International Conference on Communications and Signal
Fan, C. S. (2016). HIGH: A Hexagon-based Intelligent Grouping Processing (ICCSP), IEEE, 1435-1439.
Approach inWireless Sensor Networks.Advances in Electrical DOI: 10.1109/ICCSP.2014.6950086
and Computer Engineering, vol.16, no.1. 41-46, 2016. Danyang, Q., Lin, M., Erfu, W., Hongbin, M., & Qun, D.
DOI: 10.4316/AECE.2016.01006 (2013). An interference suppression mechanism for WSN.
Dargie W., & Poellabauer, C. (2010). Fundamentals of wireless International Conference on Sensor Network Security
sensor networks: theory and practice. John Wiley & Sons. Technology and Privacy Communication System (SNS &
PCS), IEEE, 28-33. DOI: 10.1109/SNS-PCS.2013.6553829
Oliveira, F., Semente, R., Fernandes J., Júnior, S., Melo, T., &
Salazar, A. (2015). EEWES: An energy-efficient wireless Dbibih, I., Iala, I., Aboutajdine, D., & Zytoune, O. (2016).
sensor network embedded system to be applied on Collision avoidance and service differentiation at the MAC

Ingeniería e Investigación vol. 38 n.° 1, april - 2018 (130-138) 137

Overview of dos attacks on wireless sensor net-works and experimental results for simulation of interference attacks

layer of WSN designed for multi-purpose applications. Wesam B., & Mehdi, E. M. (2014). Review Clustering
Cloud Computing Technologies and Applications Mechanisms of Distributed Denial of Service Attacks.
(CloudTech), 2016 2nd International Conference, IEEE, Journal of Computer Science 10, pp. 2037-2046.
277-282. DOI: 10.1109/CloudTech.2016.7847710 DOI: 10.3844/jcssp.2014.2037.2046
Amara, S. O., Beghdad, R., & Oussalah, M. (2013). Securing Sonar, K., & Upadhyay, H. (2014). A Survey: DDOS Attack
Wireless Sensor Networks: A Survey. EDPACS, 47(2), 6-29. on Internet of Things. International Journal of Engineering
DOI: 10.1080/07366981.2013.754207 Research and Development, 10, 58-63.
Saxena, M. (2007). Security In Wireless Sensor Networks - A Malik, M., & Singh, Y. (2015). A Review: DoS and DDoS
Layer Based Classification. CERIAS Tech Report. Attacks. International Journal of Computer Science and
Yong, W., Garhan, A., & Byrav, R. (2006). A Survey Of Security Mobile Computing, Vol. 4 Issue 6, 260-265.
Issues In Wireless Sensor Networks. IEEE Communications Mopari, I. B., Pukale, S. G., & Dhore, M. L. (2008). Detection
Surveys & Tutorials, Volume 8. and defense against DDoS attack with IP spoofing.
DOI: 10.1109/COMST.2006.315852 Computing, Communication and Networking, ICCCn
Mathur, A., & Newe, T. (2015). Medical WSN: Defense for 2008, International Conference, IEEE, 1-5.
selective forwarding attack. Sensing Technology (ICST), DOI: 10.1109/ICCCNET.2008.4787693
2015 9th International Conference, IEEE, 54-58. Liu, H. I., & Chang, K. C. (2011). Defending systems against tilt
DOI: 10.1109/ICSensT.2015.7438364 DDoS attacks. Telecommunication Systems, Services, and
Wazid, M., Katal, A., Sachan, R. S., Goudar, R. H., & Singh, D. P. Applications (TSSA), 2011 6th International Conference,
(2013). Detection and prevention mechanism for blackhole IEEE, 22-27. DOI: 10.1109/TSSA.2011.6095400
attack in wireless sensor network. Communications and Choi, Y. S., Oh, J. T., Jang, J. S., & Ryou, J. C. (2010). Integrated
Signal Processing (ICCSP), 2013 International Conference DDoS attack defense infrastructure for effective attack
IEEE, 576-581. DOI: 10.1109/iccsp.2013.6577120 prevention. Information Technology Convergence and
Chaudhry, J. A., Tariq, U., Amin, M. A., & Rittenhouse, R. G. Services (ITCS), 2010 2nd International Conference, IEEE,
(2013). Dealing with sinkhole attacks in wireless sensor 1-6. DOI: 10.1109/ITCS.2010.5581263
networks. Advanced Science and Technology Letters, Sahu, S. S., Priyadarshini, P., & Bilgaiyan, S. (2014). Curbing
29(2), 7-12. Distributed Denial of Service attack by traffic filtering in
Maheswari, S. U., Usha, N. S., Anita, E. M., & Devi, K. R. (2016). Wireless Sensor Network. Computing, Communication and
A novel robust routing protocol RAEED to avoid DoS attacks Networking Technologies (ICCCNT), 2014 International
in WSN. Information Communication and Embedded Conference, IEEE, 1-6.
Systems (ICICES), 2016 International Conference, IEEE, DOI: 10.1109/ICCCNT.2014.6963043
1-5. DOI: 10.1109/ICICES.2016.7518942 Shanthi, S., & Rajan, E. G. (2016). Comprehensive analysis of
Maleh, Y., & Ezzati, A. (2014). A review of security attacks and security attacks and intrusion detection system in wireless
Intrusion Detection Schemes in Wireless Sensor Networks. sensor networks. Next Generation Computing Technologies
International Journal of Wireless & Mobile Networks (NGCT), 2016 2nd International Conference, IEEE, 426-
(IJWMN) Vol. 5, No. 6. arXiv:1401.1982 [cs.CR] 431. DOI: 10.1109/NGCT.2016.7877454

Goyal, S., Bhatia, T., & Verma, A. K. (2015). Wormhole and Hamieh, A., Ben-Othman, J., & Mokdad, L. (2009).
Sybil attack in WSN: A review. Computing for Sustainable Detection of radio interference attacks in VANET. Global
Global Development (INDIACom), 2015 2nd International Telecommunications Conference, Globecom 2009, IEEE,
Conference, IEEE, 1463-1468. 1-5. DOI: 10.1109/GLOCOM.2009.5425381

Singh, V. P., Jain, S., & Singhai, J. (2010). Hello flood attack Hamza, T., Kaddoum, G., Meddeb, A., & Matar, G. (2016).
and its countermeasures in wireless sensor networks. IJCSI A Survey on Intelligent MAC Layer Jamming Attacks
International Journal of Computer Science Issues,7(11), and Countermeasures in WSNs.  Vehicular Technology
23- 27. Conference (VTC-Fall), IEEE 84th, IEEE, 1-5.
DOI: 10.1109/VTCFall.2016.7880885
Benbrahim, S. E. (2011). Defense against traffic analysis attack
in wireless sensor networks. PhD Thesis, University of Boulis, A. (2011). Castalia - A simulator for Wireless Sensor
Montreal, Canada. Networks and Body Area Networks. NICTA: National ICT
Australia.
Deng, J., Han, R., & Mishra, S. (2005). Defending against
path-based DoS attacks in wireless sensor networks.
In Proceedings of the 3rd ACM workshop on Security of ad
hoc and sensor networks (89-96). ACM.

138 Ingeniería e Investigación vol. 38 n.° 1, april - 2018 (130-138)