An analytical Survey of Attack Scenario Parameters on the Techniques of Attack Mitigation in WSN

Wireless sensor networks (WSN) were cataloged as one of the most important emerging technologies of the last century and are considered the basis of the Internet of Things paradigm. However, an undeniable disadvantage of WSN is that the resources available for these types of networks, such as processing capacity, memory, and battery, are usually in short supply. This limitation in resources implements security mechanisms a difficult task. This work reviews 93 recent proposals in which different solutions were formulated for the different attacks in WSN in the network layer; in total, 139 references were considered. According to the literature, these attacks are mainly Sybil, wormhole, sinkhole, and selective forwarding. The main goal of this contribution is to present the evaluation metrics used in the state of the art to mitigate the Sybil, wormhole, sinkhole, and selective forwarding attacks and show the network topologies used in each of these proposals.


Introduction
Wireless sensors networks (WSN) have been very successful in the last decade; this is due to the many different areas in which they can be used and its impact on the Internet of Things paradigm (IoT).A wireless sensor network becomes one of the most important ingredients of IoT applications [83].One of the benefits of WSN is that they are adequate for monitoring environments with difficult access when human intervention is critical or is not possible [69].The wireless sensor network is a set of independent sensors distributed in a region which is capable of sensing [17], that sensor nodes cooperate with each other for the collection, transmission, processing of monitoring data, etc [34,136].There are many areas in which WSN technology can be applied including agriculture, smart homes, care and health at home, transportation, shopping, among many others.
However WSN has a vulnerability that is an inherent part of the system and relates to the low processing capacity of the nodes or sensors [55,90,125], this shortcoming makes it difficult to implement algorithms that could potentially increase network security [55].
Additionally, this enormous growth has made software developers and hardware manufacturers forget a key element that is and will be important to the customers, as is the case with security and privacy.The main objective of this contribution is to show the network topologies used in the contributions focused on mitigating the sybil, wormhole, sinkhole, and selective forwarding attacks, as well as to present the evaluation metrics used in each of these proposals.The proposals analyzed correspond to the last 4 years only.
Based on the node role, WSN is divided into two groups, which are infrastructure and ad-hoc.Infrastructure types always have a leading node or parent, usually called a sink node or cluster head.Most of the time, the sink node has a higher processing capacity than the rest of the nodes in the network.This type of network is centralized.On the other hand, ad-hoc networks are decentralized networks, and the communication between the nodes is peer to peer. Figure 1 shows the different topologies that we can find in WSN depending on the role of each node.
Wireless sensor networks are the base for the IoT paradigm.Kevin Ashton proposed the concept of IoT in 1999, and referred to it as the connection and identification of objects in Fig. 1 WSN Topologies a unique and interoperable way with a radio frequency identification technology (RFID) [6].Thanks to this technology, appliances, vehicles, sensors, etc., would have the ability to connect to the Internet, and as the consequence, it becomes possible to remotely manipulate these objects, through a computer, tablet or cell [51].In many cases, IoT uses RPL (IPv6 Routing Protocol for LLNs) [104,105,131] as a routing protocol.The IoT paradigm is expected to focus more and more on cybercriminals because more and more devices are connected to the Internet, which is a challenge for experts and security companies.The enormous growth of the IoT paradigm, however, has historically forgotten a key element for their customers related to the management of security and privacy of information.Cybercriminals might take advantage of the vulnerabilities of devices connected to obtain a privileged position within corporate networks and hardware to which they are connected.The rest of the paper is organized as follows.In Sect.2, the IoT architecture is specified.Section 3 shows the main areas implementing IoT solutions.Section 4 presents an analysis of the main existing security threats in view of the OSI model.Section 5 explains the main attacks on the network layer.Section 6 presents a literature review about the literary production of the last four years regarding the types of attack presented in Sect. 5. Finally, Sect.7 concludes the document.

WSN Architecture
Most of the architectures designed in WSN follow the OSI Model.According to [3], a sensor network needs five layers: physical, data link, network, transport, and application layer.To these 5 layers, 3 more layers have been added to work transversally, as seen in Fig. 2.These new three layers are used to manage the network and make the sensors work together, increasing the overall of the network [3].These layers are: Fig. 2 The architecture of WSN [3] • Task Management Plane: needed to balance and schedule the sensing tasks given to a specific region.• Mobility Management Plane: needed to detect and register the movement of sensor nodes.A route back to the user is always maintained, and the sensor nodes can keep track of who is their neighbor sensor nodes.• Power Management Plane: needed to manage how a sensor node uses its power.
The difference between OSI and WSN are shown in Table 1, according to [10].
There are different routing protocols proposed in the literature in the network layer [68,72,137].Some of them work the clustering approach with low energy consumption, as presented in [137].Although they solve the routing problem, all these protocols are considered vulnerable since they handle wireless connections, and the transmission medium allows intruder attacks.This article seeks to present an analysis of topologies used in the design of WSN networks to analyze the vulnerabilities presented in this layer in future work.

IoT Architecture
As mentioned above, one of the bases of IoT is the WSN.For this reason, they inherit part of its architecture, making some changes in the organization of the layers in order to provide the required services.The architecture in WSN is based on 5 layers.In IoT, these layers are grouped into only 3, as detailed below.
According to the literature, the proposed architectures based on IoT are divided into 3 layers [47,48,88], Fig. 3 summarizes these layers: • Perception layer: its main task is to gather information and its architecture consists of different sensors, gateways, RFID tags, barcode, etc. • Network layer: it is composed of different types of networks: wired, wireless, private, public, etc.This is because the IoT concept based is based on heterogeneous networks.Its main task is to propagate and process information collected in the perception layer.• Application layer: this layer is composed of various input/output interfaces and users.
The related user interfaces and services are always based on the characteristics of the applications as such, that is an intelligent transport system, environmental monitoring, remote medical system, etc.The perception layer in IoT consists of data capture and its format, grouping the link and physical layers of WSN.The network layer includes all the technologies and mechanisms used to transmit captured data, which groups the network and transport layers in WSN.Finally, the application layer in IoT is the data processing and the applications that make it possible to visualize them, which corresponds to the application layer in WSN.

Applications Based on WSN and IoT
Many areas can benefit from solutions based on the internet of things, in this review we include the areas of health and care at home, shopping, logistics and transportation, cities and smart homes.

Health and Home Care
Health and home care are some of the most important areas for IoT applications since it is directly related to the lives of people.In this area, there are all the solutions designed to improve the quality of life of patients, or in the effective and immediate communication between a patient and his family doctor.There are proposals in which the patients have devices attached to their bodies that constantly make readings of their vital signs (sugar, pressure, variables related to the functioning of the heart, etc.) generating alerts to medical staff if there are unusual values [16].The various applications of IoT focused on health can be categorized in offering the following services [81,123]: • Telemedicine [40]: remote medical care-patient.

Shopping
Customer satisfaction is the main objective of a commercial organization.The implementation of solutions based on the Internet of Things paradigm can be used for the fulfillment of this objective.One of these proposals might be to ease the location of a given product in the store prior description.The authors of [96] propose a prediction scheme for the location of articles, based on current and previous locations, in which the objective is to locate products in the shopping store.On the other hand, the authors of [26] propose a system based on barcode and RFID technology to improve the shopping experience and provide the customer with the required information of the desired product.

Logistics and Transport
Logistics and transportation is an area with an increase in business solutions.It is important for employers to predict transport routes that optimize package delivery time, for example, fuel-saving routes.In the same way, devices have emerged in the market that allow to immediately know the data collected from vehicles, such as gasoline level, location, speed, etc.The authors of [122] propose a solution in which users can see in real time the availability of seats in public transport in order to avoid the agglomeration in the transport system.In [130] the authors propose a model of "intelligent logistic transport" to support the supply chain system.

Smart City
Smart cities are also a growing area of research within the internet of things paradigm.An intelligent city is one that is capable of adequately responding to the basic needs of institutions, companies, and citizens themselves, both economically and operationally, socially and environmentally.An example of a solution in this area would be the autonomous management of semaphores according to the current vehicular flow.In [45] the architecture of a middleware based on IoT is implemented and acts as a communication layer between the heterogeneous systems of a city, giving the authorities control over the infrastructure and collected data.Another example is the proposed research explained in [120], which describes a system for the management and reservation of parking spaces of vehicles in a city.

Smart Home
A smart home, in addition to providing comfort, can influence energy savings.This is done by installing sensors to make decisions and to detect certain behaviors, or home care, which goes very closely with the area of health and home care.Inside a smart home, people can control remote devices such as lights, curtains, appliances, etc.In [89] a pattern recognition system of human activities is proposed with the support of multiple devices, to be used for people with signs of Alzheimer's.In [35] authors design a smart home automation system turning a customary home to a smart home for accessing and controlling devices and appliances remotely, using Android based Smartphone applications.

Security Threats
One of the fundamental bases of IoT is the WSN, with the consequence that security problems presented in WSN are transferred to IoT.In this section, the main threats for each of the layers of the OSI model are discussed.Security controls in WSN should be designed taking into account each of the network components.On many occasions, security in the system is considered as an independent aspect of the architecture [88], which is a wrong approach.The security in a system must be considered from the beginning, taking into account security along all the other network components.As mentioned in the previous section, real-time monitoring is one key advantage of sensor networks once sensor nodes are connected to the Internet.Maintaining data confidentiality in WSN is important, but maintaining a secure architecture and topology is also necessary.Achieving both tasks simultaneously is a complex design problem given the wireless transmission medium used by WSN [132,133] and the low processing capacity of the sensors.One key security goal of WSN is to ensure data security.This implies security requirements such as confidentiality, integrity, authenticity, and availability of all messages [50,78].
• Confidentiality: It refers to the privacy of data and resources.Should ensure that the data disclosed do not reach unauthorized destinations.• Integrity: It refers to the reliability of the data or resources.
• Authenticity: The goal is the authentication of all participants in the transmission and/ or the data itself.• Availability: Ability to use data or resources.
• Freshness: It refers to the frequency in which data is captured in order to have updated information.
Table 2 summarizes by layer which are the attacks to which the sensor networks are exposed.
Traditional wireless networks do not have as many limitations as WSN, which is why the implementation of security mechanisms is not an easy task [44], and many authors ignore this aspect in their proposals.The wireless sensor network, as compared to traditional computer networks, has certain limitations that are highlighted in [124], including: • Limited resources: in many cases, the implementation of a secure mechanism requires the availability of certain resources, such as memory and power, however, these resources are limited in a wireless sensor network.• Unreliable communication: this covers the reliability of received packets, the conflicts in the transmission, and network latency (total time delays).• Unattended operation: a node cannot perform its function in the network for long periods of time; therefore, they may be exposed to physical attacks and/or remote management.Likewise, the decentralized operation of nodes involves greater organization of the network.
Next, we will discuss the attacks that may occur in the network layer according to [86].

Attacks on the Network Layer
The transmission medium is one of the reasons why wireless networks are vulnerable to certain types of attacks [57].In general, a wired network is more secure than a wireless network.Features such as useful life, processing capacity, etc., significantly affect the security of the network.If a wireless network is composed of nodes with low processing capacity and useful lifetime, this network may be compromised.This is why WSN are even more vulnerable to attacks than traditional wireless networks.WNS typically cannot implement complex defense mechanisms because they can significantly affect the network's useful lifetime.In addition to other vulnerabilities related to the environment in which the WSN is deployed, this environment can become a hostile and dangerous place [57].There are different security solutions that counteract the problems mentioned above.In this paper, we analyze different attacks (in the network layer) that can occur in wireless sensor networks as well as the network topologies being proposed during the attacks.We also analyzed the evaluation metrics implemented by the authors.The attacks analyzed in this paper are sybil, wormhole, sinkhole, and SF.

Sybil Attacks
The objective of this attack is to attract traffic to malicious nodes, and away from legitimate nodes.This attack is achieved by stealing the identity of legitimate nodes [57]

Wormhole Attack
A wormhole attack destroys the network topology.

Sinkhole Attack
The goal of a sinkhole attack is to attract network traffic to a specific node, this is achieved by altering the routing tables of the network.Once the traffic arrives at the malicious node, the messages can be modified or deleted.Different solution methods have been proposed for this attack [5, 24, 36-38, 49, 53, 54, 60, 99, 103, 114-116, 119, 128, 129], 17 proposals in total.

Network Topologies
The analysis presented in the following section includes the network topologies used in the revised proposals.For this reason, before entering the analysis, a brief description of each of them will be made.The topology of a network is a graphic description of how the nodes of the network are connected.There are several types of topology, star, tree, cluster, or mixed.With the technological advancements, it is common to find mixed topologies generated by MANET or VANET networks in which nodes must have the intelligence to redistribute their topology given their constant movement.Figure 4 shows the most common types of topology, which are described below: Fig. 4a: Star Topology, where there is a central node, and the others are directly connected to it.Figure 4b: Tree topology, where there is a sink in which the other nodes are connected to it through a direct link or some route.Figure 4c: Cluster topology, where several groups are evidenced within the same network, in which each group has its sink node.Figure 4d: Mixed topology in which 2 or more topologies are agreed.

Analysis of Proposals
In this section, we analyze the proposals that mitigate each one of the attacks evaluated in this revision.The analysis identifies aspects such as the topology implemented, if the proposal evaluates the detection of intruders or if the proposal detects or prevents the attack, as well as the metrics used for the evaluation of each of proposal.Among the proposals analyzed, there are different evaluation metrics used by the authors.These metrics include packet delivery ratio (PDR), forwarding misbehaviors, power consumption, time detection, latency, accuracy detection/detection rate, network lifetime, throughput, packet loss rate, delay, data transmitted, data packet overhead or computational overhead, collision avoidance, bit error rate, jitter, number of encryptions, the impact of signatures, position accuracy, exchange message, impact of attack frequency, the average localization errors of different average network connectivity, distance bounding and comparison of Intrusion Warning Score (IWS) at different motes.Figure 5 shows the distribution of attacks with a total of 93 proposals reviewed.It is important to mention that 5 of the proposals included in this revision mitigate more than one attack.These proposals are [52,58,101,102,129].
The attack that is the most popular with researchers is the Sybil attack, with 34 proposals.Likewise, the less popular one is the sinkhole attack, with 17 proposals.Table 3 shows the different network topologies that were found in these proposals.Figure 6 associates these topologies with each evaluated proposal.
According to Fig. 7, the most used topology by the authors is tree topology, also known as cluster or hierarchical.This topology accounts to 49.46 %, or what is the same to 46/93 proposals.Then follow Ad-Hoc WSN, MANET, VANET, Mesh, and Ad-Hoc WMN topologies which were used in 18, 17, 9, 2, and 1 proposal, respectively.With respect to the sources and databases consulted, 4 databases were used, they were IEEE, Science Direct, Springer and Google Scholar. Figure 6 shows the distribution of the proposals analyzed with their respective source.
Figure 7 shows that the largest reference source for this review was IEEE, followed by Google Scholar, Science Direct, and Springer.In these sources, keywords like "security in WSN", "attacks in WSN", "sybil attack WSN ", "wormhole attack WSN ", "sinkhole attack WSN ", "selective forwarding attack WSN " were used.For the purposes of this paper, only the last 4 years, from 2014, were taken into account and only those articles that proposed a new mechanism, scheme or protocol that mitigated each of these attacks mentioned before were selected.network topology used by the authors.The topologies used in these 34 proposals were Ad-Hoc WSN, cluster/tree, MANET and VANET being cluster/tree the most popular among researchers.
Table 3 shows the topologies used by each proposal, whether the proposal makes an analysis or takes into account the detection of false positives, and also if the proposal detects and prevents the sybil attack.Ad-Hoc WSN No Yes Yes [111] Cluster/Tree Yes Yes No [52] Cluster/Tree Yes Yes No [62] VANET Yes Yes Yes [62] Cluster/Tree No Yes No [64] MANET No Yes Yes [42] Cluster/Tree No Yes Yes [9] VANET No Yes Yes [67] MANET Yes Yes Yes [94] Cluster/Tree Yes Yes No [79] MANET Yes Yes Yes [107] VANET No Yes Yes [109] VANET No Yes Yes [71] MANET No Yes Yes [102] Ad-Hoc WSN No Yes Yes [91] Cluster/Tree Yes Yes No [58] Ad-Hoc WSN No Yes No [61] Ad-Hoc WSN No Yes Yes [112] Ad-Hoc WSN Yes Yes No [80] Cluster/Tree No Yes No [93] Ad-Hoc WSN Yes Yes No [139] MANET No No Yes [32] VANET Yes Yes No [95] VANET No Yes Yes [134] VANET Yes Yes Yes [12] Cluster/Tree Yes Yes No [92] Cluster/Tree No Yes No [43] Ad-Hoc WSN No Yes Yes [110] MANET Yes Yes No Figure 9 summarizes Table II and quantifies the last 3 columns.The 91,2% of the proposals detect the sybil attack, the 41,2% include in their proposal the detection of false positives, and 50% prevents the sybil attack.
Table 4 details the proposals that used each of the metrics found throughout this bibliographic review.The most used metric to evaluate the proposals that mitigate the sybil attack is the Accuracy Detection/Detection Rate, which is used by 17 proposals.
Figure 10 details the number of evaluation metrics used by authors whose proposals mitigate sybil attacks.5 proposals [52,71,79,98,102] used 4 evaluation metrics, this was the highest number used. 2 proposals [80,95] do not use evaluation metrics.

Wormhole Attack
In this section, only the proposals that mitigate the wormhole attack were analyzed.Figure 11 shows the distribution of the proposals that mitigate the wormhole attacks in terms of the network topology used by the authors.The topologies used in these 27 proposals were Ad-Hoc WSN, cluster/tree, MANET, mesh, and VANET being cluster/ tree the most popular.
Table 5 shows the topologies used by each proposal, if this proposal makes an analysis or takes into account the detection of false positives, and also if the proposal detects and prevents the wormhole attack.
Figure 12 summarizes Table IV and quantifies the last 3 columns.The 96,29% of the proposals detect the wormhole attack, the 25,9% include in their proposal the detection of false positives and the 66,6% prevents the wormhole attack.
Table 6 shows which the different metrics found throughout this bibliographic review used by each proposal.The most used metric that mitigates the wormhole attack is the PDR used by 16 proposals.
Figure 13 shows the number of evaluation metrics used by authors whose proposals mitigate wormhole attacks.6 proposals [85,91,108,117,127,129] used 4 evaluation metrics. 2 proposals [8,84] do not use evaluation metrics.

Sinkhole Attack
In this section, only the proposals that mitigate the sinkhole attack were analyzed.Figure 14 shows the distribution of the proposals that mitigate sinkhole attacks in terms of the network topology used by the authors.The topologies used in these 17 proposals were Ad-Hoc WSN, cluster/tree, and MANET.By far the most used topology was cluster/tree.
Table 7 shows the topologies used by each proposal, if this proposal makes an analysis or takes into account the detection of false positives, and also if the proposal detects and prevents the sinkhole attack.
Figure 15 summarizes Table IV and quantifies the last 3 columns.The 100% of the proposals detect the sinkhole attack, 52,9% include in their proposal the detection of false positives and the 41,2% prevents the sinkhole attack.
Table 8 shows which of the metrics found throughout this bibliographic review was used by each proposal.The most used metric to mitigate the sinkhole attack is the PDR, which is used by 8 proposals.
Figure 16 shows the number of evaluation metrics used by authors whose proposals mitigate sinkhole attacks. 1 proposal [115] used 6 evaluation metrics, being this the highest number used by any proposal.

Selective Forwarding Attack
In this section, only the proposals that mitigate the sinkhole attack were analyzed.Figure 17 shows the distribution of the proposals that mitigate SF attacks in terms of the network topology used by the authors.The topologies used in these 20 proposals include Ad-Hoc WMN, Ad-Hoc WSN, cluster/tree, MANET, and mesh.Again cluster/tree was the most popular used topology.Table 9 shows the different topologies used by each proposal, whether the proposal makes an analysis or takes into account the detection of false positives, and also if it detects and prevents the SF attack.Ad-Hoc WSN Yes Yes No [28] Cluster/Tree No Yes No [44] Ad-Hoc WSN No Yes No [14] MANET No Yes Yes [84] MANET No Yes Yes [117] MANET Yes Yes Yes [1] MANET Yes Yes Yes [56] MANET No Yes Yes [20] Ad-Hoc WSN No Yes Yes [33] MANET No Yes Yes [39] MANET No Yes Yes [59] Cluster/Tree No Yes No [118] MANET Yes Yes No [85] Mesh No Yes Yes [8] VANET No No Yes [121] MANET No Yes Yes [29] Cluster/Tree No Yes Yes [140] Ad-Hoc WSN No Yes No [127] Cluster/Tree Yes Yes Yes [108] Ad-Hoc WSN No Yes No [126] Ad-Hoc WSN No Yes Yes [20] Ad-Hoc WSN No Yes Yes [21] Cluster/Tree No Yes Yes [70] Cluster/Tree No Yes Yes [129] Cluster/Tree Yes Yes Yes   Table 10 shows which of the metrics found throughout this bibliographic review were used by each proposal.The most used metric to mitigate the sybil attack is power consumption, in fact, 12 proposals used this metric.
Figure 19 shows the number of metrics used by authors whose proposals mitigate SF attacks. 1 proposal [102] used 4 evaluation metrics, being this the highest number used by any metric.

Conclutions
This paper presents an analysis of the relevant attacks in WSN focused on IoT.The IoT model is considered to be a heterogeneous network object, and one of the networks that are part of this heterogeneity is the WSN.It is important to highlight this type of analysis because of its benefits, disadvantages, and security problems that IoT inherited from WSN.Given the analysis presented in Sect.6, several conclusions can be made: the most used topology is the tree or cluster, with a total of 46 proposals.The most used metric employed as a mechanism to evaluate their proposals is the detection accuracy,  [5] which is used by 34 proposals.This work also highlights the importance of including security mechanisms from the very beginning of the design of the topology of the network, these mechanisms cannot be treated in an exclusive manner.Finally, as a concluding remark, it is clear that it is time to give more importance to the area of security in

Fig.
Fig. Topologies used by the authors

Fig. 9
Fig. 9 Detection and prevention in sybil attack

Fig. 12
Fig. 12 Detection and prevention in wormhole attack

Fig. Metrics in wormhole attackFig.
Fig. Metrics in wormhole attack

Table 4
Metrics in sybil attacks

Table 5
Detect and prevent technics in wormhole attacks

Table 7
Future work is expected to identify vulnerabilities in wireless sensor networks inherited from the Internet of Things technology.These vulnerabilities can generate attacks in the network layer allowing access to confidential information of unauthorized people.Identifying these attacks in the network layer would lead us to the implementation of strategies that can mitigate that.

Table 8
Metrics in sinkhole attacks

Table 10
Metrics in sinkhole attacks