Abstract

Wireless sensor network (WSN) faces severe security problems due to wireless communication between the nodes and open deployment of the nodes. The attacker disrupts the security parameters by launching attacks at different layers of the WSN. In this paper, a protocol layer trust-based intrusion detection system (LB-IDS) is proposed to secure the WSN by detecting the attackers at different layers. The trust value of a sensor node is calculated using the deviation of trust metrics at each layer with respect to the attacks. Mainly, we consider trustworthiness in the three layers such as physical layer trust, media access control (MAC) layer trust, and network layer trust. The trust of a sensor node at a particular layer is calculated by taking key trust metrics of that layer. Finally, the overall trust value of the sensor node is estimated by combining the individual trust values of each layer. By applying the trust threshold, a sensor node is detected as trusted or malicious. The performance of LB-IDS is evaluated by comparing the results of the three performance parameters such as detection accuracy, false-positive rate, and false-negative rate, with the results of Wang’s scheme. We have implemented jamming attack at the physical layer, back-off manipulation attack at the MAC layer, and sinkhole attack at the network layer using simulations. We have also implemented a cross-layer attack using the simulation where an attacker simultaneously attacks the MAC layer and network layer. Simulation results show that the proposed LB-IDS performs better as compared with Wang’s scheme.

1. Introduction

WSN is widely used in many applications such as industrial monitoring, environmental monitoring, forest monitoring, health care, and military. The architecture of WSN is categorized into clustered and flat [1]. In the flat architecture, the sensor nodes (SNs) communicate with the base station (BS) directly or by relaying the data through other nodes. When a WSN is clustered, the SNs are arranged within a specific area by forming a cluster. One node acts as a cluster head (CH) to control the whole communication between the nodes. The SNs communicate with the BS through the CHs. An SN exchange its information by forwarding the data to its CH, and then the CH sends the data directly to the BS or relaying the data through the CHs. Clustering is an important mechanism in WSN for many advantages such as energy efficiency, reduction in communication overhead, delay minimization, better communication, and topology management.

Security in WSN is a major issue during the past decade due to open deployment of SNs and wireless communications between them [24]. The attacker disrupts the security attributes by launching attacks at different layers. At the physical layer, a malicious node can be attacked by denial of service (DoS) attack by jamming the physical channel [59]. In this attack, an attacker continuously interferes with the frequencies used for communication by broadcasting unnecessary signals. These signals jam the network, and a genuine node denies to give services because it is busy in receiving the signals. The codes in the SN can also be modified, and the node can be tampered or replaced with an untrusted node [1, 7]. At the MAC layer [10, 11], the attacker disrupts the network availability by obtaining unfair channel priority, collisions, etc. The MAC layer include many types of attack such as back-off manipulation attack, RTS/CTS frame modification, guaranteed time slot attack, and collisions. At the network layer [1214], the attacker attacks by disrupting the routing of data from source to the destination by acquiring control on the data. The attacker attacks using selective forwarding attack, sinkhole attack, wormhole attack, black hole attack, sybil attack, etc. Apart from the single protocol layer attack, there is another type of attack called as cross-layer attack where multiple layers are attacked [1517]. IDS plays an essential role in securing the WSN as a second wall, where it detects the misbehavior of the nodes that violates the security mechanisms [1823]. In WSN, it is difficult to use complex security mechanisms because it increases the energy consumption of a SN. Therefore, WSNs are applying light-weight security mechanisms for protecting the network [24, 25], and IDS is providing a platform by recording the misbehavior of the SNs and reporting it to the administrator for taking countermeasures.

IDS is mainly divided into anomaly detection and misuse detection [26, 27]. In misuse detection, there is prior knowledge about the attacks, and it is easy to detect the attacks. However, it is difficult to detect the unknown attacks. Unknown attacks are detected using anomaly detection. Anomaly detection compares the current operations of a node with the behavior and status of a normal node to check the misbehavior. In this paper, we have mainly focused on the anomaly detection system (IDS). However, many IDS schemes only work on particular type of attacks based on a single layer. It is needed to identify the cross-layer attack where an attacker attacks multiple layers at a time. It is difficult to identify such type of attacks because the attacker has different behavior at a time. To improve the detection of such attacks, the trust metrics are selected at each protocol layer, and the parameters have a high impact on the performance of the IDS.

We are mainly motivated from the method proposed by Wang et al. [1]. The authors proposed an IDS for WSN using trust-based system. In this model, a trust is separately calculated for each SN at the physical layer, MAC layer, and network layer using trust metrics. Finally, each layer trust is combined to form a single overall trust value. This trust value is called as the direct trust value of node A on node B, where node A is the evaluator node or monitoring node. In this model, the monitoring node calculates the trust value of the monitored node by using the direct experience with the monitored node (according to the trust metrics). This may reduce the performance of the system by reducing the detection accuracy (DA) and increasing the false-positive rate (FPR) and false-negative rate (FNR). However, in our model, we have calculated the trust value of the monitored node by taking direct experience and the experiences of other nodes (neighbor nodes) with the monitored node. This increases the DA and reduces FPR. If the trust value of a monitored node is higher than a threshold, then the node is treated as a reliable or genuine node. The main motivation is also elaborated with respect to the three layers as follows. In [1], at the physical layer, energy consumption is considered as the trust metric for the trust value calculation. As jamming attack is considered, a node that jams the network has high energy consumption due to continuous signal generation. However, if a genuine node in the communication range has performed communication for a longer time, then it has a low energy, and this node is considered as a malicious node [1]. Therefore, we have calculated the trust using the direct experience and experiences (signal reception) of other neighbor nodes with the monitored node. At the MAC layer, back-off time is considered as the trust metric for the trust value calculation. As back-off manipulation attack is considered, a node that has less back-off time will get higher access to the channel for communication. However, if a genuine node in the communication range sends more messages for communication, then this node is considered as a malicious node [1], because it is getting more channel priority. Therefore, we have calculated the trust using the direct experience and experiences (channel priority) of other neighbor nodes with the monitored node. At the network layer, the number of hops advertised is considered as the trust metric for the trust value calculation. As sinkhole attack is considered, a node that broadcasts less number of hops is considered as a malicious node. However, if a genuine node in the communication range has less number of hops, then this node is considered as a malicious node [1]. Therefore, we have calculated the trust by using the direct experience and experiences (hop count advertisement) of neighbor nodes with the monitored node. This increases the DA and reduces the FPR. This scheme is applicable for clustered and flat networks. The main contributions of this paper are stated as follows:(1)LB-IDS is proposed to detect the malicious nodes in the clustered WSN. In this method, a trust value of an SN is individually calculated at the physical layer, MAC layer, and network layer using the deviation of trust metrics. The deviation is calculated from the direct experience and experiences of the neighbor nodes with the monitored node.(2)The monitoring node or evaluator node estimates the trust value of the monitored node using the deviation factor. Then, the individual trust values of each layer are combined to calculate the overall trust value of an SN. Then, the trust value is transferred to the CH. Then, the CH decides whether the SN is genuine or malicious using a threshold value. This trust value is updated at regular intervals.(3)The analysis of LB-IDS is performed in terms of message complexity, memory overhead, energy consumption, and trust evaluation.(4)Simulation results show that LB-IDS performs better than the model by Wang et al. [1] in terms of DA, FPR, and FAR. The performance is analyzed by considering the jamming attack in the physical layer, back-off manipulation attack in the MAC layer, and sinkhole attack in the network layer, and finally cross-layer attack is also implemented at the network layer and MAC layer.

The remaining portion of the paper is organized as follows. Section 2 presents the work done in the field of trust-based security in WSN. Section 3 describes the proposed LB-IDS model. Section 4 presents the trust estimation at each layer. Section 5 presents the analysis of the LB-IDS. Section 6 presents the results and discussion. At last, the conclusion and future work is presented in Section 7.

Securing wireless sensor network using trust-based schemes are very effective methods for supporting WSN against the security threats and vulnerabilities. Many research works are performed to secure the network using the trust-based models [2833]. The trust-based models mainly use fuzzy models, probability models, statistical methods, weighting methods, etc. LB-IDS mainly focuses on the statistical method where it uses the average and deviation of trust metrics to detect an attack in a layer.

In [25, 34, 35], to determine the trust degree, the authors have used the fuzzy theory concept in the network. Feng et al. [34] proposed a trust evaluation algorithm (NBBTE) based on banding belief theory. In this scheme, a node finds the trust value of its neighboring node using the direct and indirect trust based on many trust factors. Then, fuzzy model is used to know the level of trustworthiness of each neighbor node. Then, DS evidence theory is used to aggregate the trust values to find a final trust level of a node. Wu et al. [35] proposed a trust model for securing WSN using fuzzy model and evidence model. Fuzzy set theory is used for finding trust level of the sensors, and evidence theory is used for aggregating the trust value. Shao et al. [25] proposed a trust model for WSN where the trust recommendations provided by the sensors are evaluated using fuzzy model. In [36, 37], the authors calculated the trust value of a sensor node using probability distribution method. Ganeriwal et al. [36] proposed a method that is based on distributed reputation framework. It uses watchdog technique to observe behaviors of nodes. Luo et al. [37] used identity labels for the sensor nodes to design a dynamic trust management scheme. In [24, 3842], the authors used the weighting method for trust calculation and evaluation. Atakli et al. [38] used weighting method to detect malicious activity in the network by maintaining the hierarchy and continuous monitoring. Shaikh et al. [41] detected the malicious nodes in a clustered network by finding group trust for a node. Yao et al. [42] proposed a parameter and localized based trust management scheme to provide security to WSN. Li et al. [24] proposed a simple and dependable trust model for clustered environment of WSN. Jiang et al. [40] used direct as well as indirect trust for trust calculation of a sensor node in WSN. Direct trust calculation includes energy, data, and communication trusts. Indirect trust calculation includes the recommendations from the neighbor nodes for the monitored node. Ishmanov et al. [43] measured the weightage of misbehavior of a node for the detection of malicious nodes in the network. Bao et al. [44, 45] proposed a trust model for WSN using weighting parameters and reduced the false-positive rate using statistical methods. Zhang et al. [46] proposed a trust model based on cloud model for clustered WSN. Rajeshkumar et al. [47] proposed an adaptive trust-based acknowledgment IDS using active successful deliveries. In this method, Kalman filter is used to estimate the trust factor of a node. In [48], we have proposed a physical layer IDS to provide security at the physical layer. This method only detects the denial of service attack due to jamming attack. It lacks security at MAC layer and network layer.

From the literature discussed above, it is observed that selecting proper trust metrics to calculate the trust of an SN is very essential. Therefore, to design an IDS, the behavior of the nodes should be monitored. In this work, we have selected the proper trust metrics at each layer for trust calculation and detected the behavior of a node according to the attack. To the best of our knowledge, very less work has been done in this area to design a protocol layer trust-based IDS. In this paper, the trust is calculated at each layer by considering the deviation of trust metrics. Then, the overall trustworthiness of a sensor node is estimated by combining the individual trust values.

3. System Model

The system model describes about the topology and communication, and also about the attack models used in this work.

3.1. Network Model

The network model consists of a WSN that is clustered. A cluster in the network has a CH and SNs. The SNs communicate with each other using wireless communication. The SNs can directly communicate with the base station (BS) using wireless communication or indirectly through other SNs. The CHs can communicate with each other using wireless communication. The CH has high processing and high computing capability. It is assumed that the CH has high battery power. In this model, an SN evaluates its neighbor using the LB-IDS model. Then, the trust value is periodically transferred to the CH. The trust is periodically updated at the CH in time. Here, each node applies the watchdog technique, where a node monitors its neighbor nodes continuously by updating the trust value. Figure 1 shows the clustered WSN framework. The individual trust is calculated at each layer, and it is finally aggregated to generate the overall trust of an SN. The trust metrics are considered as the behavior of the nodes at each layer. These parameters are used for trust calculation at each layer.

The model for LB-IDS is shown in Figure 2, and the notations used in this paper are presented in Table 1. In this model, an SN monitors its neighbor node by estimating the trust value at each layer such as physical layer, MAC layer, and network layer. Most of the attacks are mainly on the network layer because this layer is mainly used for routing the data in the network [1]. Therefore, we have only considered these three layers to estimate final trustworthiness of an SN [1, 48]. Firstly, the trust metrics are chosen to calculate trust at each layer. The trust metrics at the physical layer are energy consumption of an SN and the number of messages received from the SN. The trust metrics at the MAC layer are back-off time and the number of successful transmission. The trust metrics at the network layer is the number of hops advertised. In the later sections, we have justified why these parameters are considered for individual trust calculation at each layer. The overall trust of an SN is calculated by aggregating all individual trusts of each layer. Then, the overall trust value of the SN is forwarded to the CH. The CH finds whether the SN is malicious or genuine using the thresholding scheme.

Let is the overall trust value of node k at time t, calculated by node j. This is represented as follows:where is the trust calculated at the physical layer (PHY) by considering the deviation, is the trust calculated at the MAC layer (MAC) by considering the deviation, and is the trust calculated at the network layer (NET) by considering the deviation. The sum of the weight parameters , , and are 1 (). The value of individual weight λ ϵ [0, 1]. The values of the weights are decided according to the IDS, i.e., whenever there is attack at the physical layer, the will be considered by the IDS as 1 and the rest of and are considered as 0. However, at the time of cross-layer attack between the MAC layer and network layer, and values are given equal weights and is considered as 0. To reduce the complexity of the network, we have chosen parameters according to the requirement. We have considered the minimum number of parameters that are mostly suitable to detect the attacks at each layer. The trustworthiness of a node is updated periodically after a time:where represents the past trust value of node j on node k. The weight value μ ϵ varies between 0 and 1. The value of μ depends on the IDS. This weight factor describes the priority of previous trust value and current trust value to generate the new trust value for a node. From equation (2), it is observed that the past experience is also considered because the overall trust should take the previous and current trust values. In the next section, we have computed the trust values at each layer.

3.2. Attack Model

In the attack model, we have discussed those attacks that are used for evaluating the performance of LB-IDS. The attacks are described with respect to each layer such as physical layer, MAC layer, and network layer.

3.2.1. Attack at the Physical Layer

At the physical layer, jamming a network is a common security problem where a malicious node continuously transmits short range signals. These signal transmission create traffic in the network. Due to this traffic, a genuine node remains busy in receiving the unnecessary signals and denies other applications. This is called as denial of service (DoS). The attack model can be represented mathematically as follows:where i is the information that may be correct or incorrect depending on the IDS, e denotes the information expected, and m denotes the information which has malicious content. In this layer, energy consumption () and the number of messages received () are considered as the i to detect the malicious nodes in the network. Figure 3 shows the jamming attack where the malicious node k sends continuous signal to the genuine node j. In this model, we assume that the number of messages () generated for a genuine node in a particular time interval is smaller than the number of messages generated by a malicious node (), where . In this model, the number of messages generated follows the pseudorandom number uniform distribution pattern.

3.2.2. Attack at the MAC Layer

At the MAC layer, getting a channel priority is a major factor. Therefore, we have considered back-off manipulation attack where the malicious node attacks the system by modifying the back-off time. Here, back-off time is random in nature. It is manipulated by lowering the back-off time, so that the priority of getting the channel access increases. This increases the number of successful transmissions (). In this layer, back-off time () parameter and the number of successful message transmission () parameter are considered as i to detect the malicious nodes in the network. Figure 4 shows the back-off time manipulation attack where the malicious node k sends continuous signal to the genuine node j by getting the channel priority in less time.

3.2.3. Attack at the Network Layer

At the network layer, routing information is mainly affected by the attackers by advertising incorrect information in the network like the minimum hop count. In this work, we have considered the sinkhole attack. In this attack, the malicious node send regular updates by advertising bogus routing information like low hop count. From Figure 5, it is observed that the malicious node 2 advertises minimum hop count to the destination (to the source node 1). The node 1 then forwards the data in the direction of node 2. The data may be selectively forwarded to the next node or all packets are dropped. We assume that the node advertises the low hop count information in the route reply packet (RREP) during route discovery in Ad hoc On Demand Distance Vector routing protocol (AODV) [1]. Therefore, the sinkhole attack needs to be detected. In this layer, hop count () parameter is considered as i to detect the malicious nodes in the network.

3.2.4. Cross-Layer Attack

In cross-layer attack, a malicious node in the network attacks two or more layers at a time. In this model, we have considered the back-off manipulation attack and sinkhole attack at the MAC layer and network layer, respectively. The attacker gets high priority of accessing the channel and advertises minimum hop count information. This attack should also be detected by the LB-IDS. Figure 6 shows the cross-layer attack by the malicious node k on the MAC layer and network layer.

4. Estimation of Trust

In this section, we have estimated the trust at the physical layer, MAC layer, and network layer.

4.1. Estimation of Physical Layer Trust

At the physical layer, and are considered as the trust metrics to calculate the deviations. The physical layer of the protocol layer represents the transmission of bits and receiving of bits [48]. Therefore, energy consumption is a trust metric for the transmission of or receiving a message of length bits. According to the jamming attack at the physical layer, an attacker continuously transmits signals or packets, due to which energy consumption occurs. Therefore, and are considered as the trust metrics for trust estimation at the physical layer. Here, the monitoring node j collects recommendations from its neighbor nodes after the time period . These recommendations are the and values generated by direct experience of the neighbor nodes with monitored node k. The average of the recommendations ( and ) are calculated as follows:where and are the average of the recommendations collected after time, respectively, and n is the number of neighbor nodes. The provided by the neighbor node to the monitoring node j is computed by the energy consumed in transmission during the time and it is represented as follows [49]:where is the number of messages transmitted by node k to the neighbor node. From , we can know the number of messages received at the neighbor node.

After calculation of and , the relative deviation of the trust metrics of node k (monitored node) are represented as follows:where and are the deviations of trust metrics, respectively. is and is . denotes the energy consumed at time t and is the energy consumed during time (between node j and node k).

Now, we calculate the individual trust using the and parameters as follows:

From equations (7) and (8), it is observed that if and are greater than the average values, then the trustworthiness of the node reduces. The final trust at the physical layer is calculated as follows:where and belong to [0, 1] and the sum is 1 (). The values of and depend on the IDS system.

4.2. Estimation of MAC Layer Trust

At the MAC layer, back-off time and the number of successful message transmission are considered as the trust metrics to calculate the deviations. The MAC layer of the protocol layer is mainly used for accessing the channel. Therefore, back-off time is a trust metric for the successful transmission of a message. According to the back-off manipulation attack in the MAC layer, a malicious node shortens the back-off time to get quicker channel access. Then, it successfully transmits the messages to the neighbor nodes with a high channel priority. Therefore, and are considered as the trust metrics for trust estimation at the MAC layer. Here, the monitoring node j collects recommendations from its neighbor nodes after the time period . These recommendations are the and values generated by direct experience of the neighbor nodes with monitored node k. The average of the recommendations ( and ) are calculated as follows:where and are the average of the recommendations collected after time, respectively, and n is the number of neighbor nodes.

After calculation of and , the relative deviation of the trust metrics of node k (monitored node) are represented as follows:where and are the deviations of trust metrics, respectively. is and is . denotes the back-off time at time t and is the back-off time during time (between node j and node k).

Now, we calculate the individual trust using the and parameters as follows:

From equations (12) and (13), it is observed that when is lesser than average, the node is less trustworthy, and when is greater than average the node has less trustworthiness. The final trust at the MAC layer is calculated as follows:where and belong to [0, 1] and the sum is 1 (). The value of and depends on the IDS system. The value of β depends on the IDS. These weight factors and describe the priority of back-off time and the number of successful message transmission to generate the trust value of a node at the MAC layer.

4.3. Estimation of Network Layer Trust

At the network layer, hop count is considered as the trust metric to calculate the deviation. The network layer of the protocol layer is mainly used for routing. Therefore, hop count is used as the route metric for the successful delivery of the message. According to the sinkhole attack at the network layer, a malicious node advertises bogus route information. It may advertise low hop count in the path for reliable data delivery. Therefore, is considered as the trust metric for trust estimation at the network layer. Here, the monitoring node j collects recommendations from its neighbor nodes after the time period . These recommendations are the values generated by direct experience of the neighbor nodes with monitored node k. The average of the recommendations () is calculated as follows:where is the average of the recommendations collected after time and n is the number of neighbor nodes.

After calculation of , the relative deviation of the trust metric of node k (monitored node) is represented as follows:where is the deviation of trust metric. is . denotes the hop count at time t and is the hop count during time (between node j and node k).

Now, we calculate the individual trust using the as follows:

From equation (17), it is observed that when is lesser than the average the node has less trustworthiness. Here, is the trust at the network layer.

5. Analysis of LB-IDS

In this section, we have analyzed the message complexity, memory overhead, energy consumption, and trust evaluation of LB-IDS.

5.1. Message Complexity

The message complexity of LB-IDS scheme depends on the individual trust calculation of a layer. Let there exists a clustered WSN, where c denotes the number of clusters existing, and the average number of SNs in a cluster is n. If the average number of neighbors for an SN is p, then n × p communication occurs to calculate the overall trust values of the SNs in a cluster in time. Therefore, the message complexity to calculate the overall trust of all SNs in a cluster is . For c clusters, the time complexity of the clustered WSN is .

Figure 7 shows the message overhead in a cluster network with 50 SNs. According to LB-IDS, if node j estimate the trust value of node k then it requires a recommendation message from those n neighbors those have a direct experience with node k. Then, the total number of messages N to compute the trust value of k is n. For 50 SNs, the total number of messages is , where is the number of average neighbors that provides the recommendation message. From Figure 7, it is observed that when the number of average neighbors increases, the number of messages in the network also increases.

5.2. Memory Overhead

From the above scenario, if a single cluster is considered, then n × p communication occurs to calculate the overall trust values in a cluster. If a recommendation message of length bits is received from a neighbor node for trust calculation, then the whole cluster requires (n × p × ) memory overhead. Hence, the memory overhead to calculate the overall trust values of a clustered WSN is .

5.3. Energy Consumption

From the above scenario, if a single cluster is considered, then n × p communication occurs to calculate the overall trust values of a cluster. Let a message of length bits is transmitted from a neighbor node for trust calculation, and the energy consumed is η joules. For receiving the message, let energy consumed is ρ joules. Then, the whole cluster consumes (n × ρ + n × p × η) joules. Therefore, the energy consumption of the clustered WSN is (n × ρ + n × p × η) × c joules during time.

Figure 8 shows the energy consumption in a cluster network with 50 SNs. According to LB-IDS scheme, if a node j estimates the trust value of node k, then it requires a recommendation message from those n neighbors those have a direct experience with node k. The message size in this simulation is considered to be 4 bytes, and the energy consumption is taken as 3.12  [49]. Hence, for 4 bytes transmission, 99.84 μJ energy is consumed. For receiving a message of size 4 bytes, 74.88 μJ energy is consumed because the energy consumption to receive a bit is taken as 2.34 μJ [49]. From Figure 7, it is observed that when the number of average neighbors increases the energy consumption also increases in the network.

5.4. Trust Evaluation

In LB-IDS, we have considered the trust calculation of an SN using the direct experience and experience of the neighbor nodes with node k. Therefore, the hybrid of indirect experience and direct experience gives better detection accuracy because in direct trust computation, the monitoring node uses only its experience with other nodes, which may be incorrect.

6. Results and Discussion

The performance of LB-IDS is evaluated by comparing the results of the three performance metrics such as detection accuracy, false-positive rate (FPR), and false-negative rate (FNR) with the results of Wang’s scheme. Detection accuracy calculates the accuracy of IDS in detecting the malicious nodes. FPR and FNR calculate at what ratio the detection accuracy is true or false. The computer simulations are performed using MATLAB R2015a. The machine in which the simulation is performed has 6 Gb RAM, core i7 processor, and Windows 10 platform. The LB-IDS scheme is compared with the most recent Wang et al. [1] scheme, which is also based on protocol layer trust. The performance metrics for the simulation are defined as follows:(1)Detection accuracy: the number of malicious SNs detected from the total number of malicious SNs present in the network.(2)False-positive rate (FPR): the number of genuine SNs detected as malicious from the total number of genuine SNs.(3)False-negative rate (FNR): the number of malicious SNs detected as genuine from the total number of malicious SNs.

6.1. Simulation Setup

The simulation is set in an area of size 100 × 100 m2. The area is considered as a cluster network with 1 CH and 50 sensor nodes. The nodes are randomly deployed using the coordinates , which are generated using randi(). The communication range of an SN is set to be 20 m. In this simulation, we have considered 4 types of attack such as (1) jamming attack, (2) back-off manipulation attack, (3) sinkhole attack, and (4) cross-layer attack. To evaluate the LB-IDS scheme, we have varied the attackers from 2–25% of the SNs. For example, if 10% nodes are added as malicious, then 5 SNs are malicious in the network. At the physical layer, an SN is created as malicious by transmitting 1–10 messages of size 4 bytes during time. Similarly, in this layer, a node is created as genuine by transmitting 1–3 messages of size 4 bytes. The is generated using the randi(). The energy consumption for sending a bit is 3.12  [49]. At the MAC layer, the malicious SN is created by setting the back-off time between 10 and 25 μs. Similarly, for a genuine node, the back-off time is set between 20 and 30 μs. The is generated using the randi(). At the network layer, a node is created as malicious by setting the between 1 and 2 and for a genuine node, it is set between 1 and 5. The is generated using randi(). The values of , , , and are set to 0.5. We have considered equal weightage to all the parameters used for trust calculation in LB-IDS. When the jamming attack is implemented at the physical layer, then the value of is taken as 1 and rest of and are taken as 0. Similarly, for the back-off manipulation attack at the MAC layer, , and the rest of the λ values are 0. For the sinkhole attack at the MAC layer, , and the rest of the λ values are 0. At the time of cross-layer attack implementation, and values are given equal weights (0.5) and is considered as 0. Table 2 shows the simulation setup.

6.2. Results

Figure 9 shows the calculation of trust value of a malicious node under different types of attacks. It is observed that when a malicious node uses jamming attack, the trust value is below 0.8. Similarly, when a malicious node uses back-off manipulation attack, cross-layer attack, and sinkhole attack, the trust values are below 0.74, 0.67, and 0.62, respectively. It is also observed that when the number of iterations or observations increases, the trust value gains stability. However, when the number of iteration is between 1 and 4, the trust value fluctuates due to less number of trust value data. From equation (2), we combined the previous experience with the current experience, and this leads to stability of the trust values. These trust threshold values are used to detect the malicious nodes in the network.

Figure 10 shows combined detection accuracy of Wang et al. [1] and LB-IDS scheme under different types of attacks. It is observed that the detection accuracy of LB-IDS is greater than Wang et al. [1] scheme under different attacks. From Table 3, it is observed that when the number of malicious nodes increases in the network, the average DA reduces. When jamming attack is implemented, the average detection accuracy of Wang et al. [1] and LB-IDS are 87.33% and 89.83%, respectively. When back-off manipulation attack is implemented, the average detection accuracy of Wang et al. [1] and LB-IDS are 89.66% and 92.16%, respectively. When cross-layer attack is implemented, the average detection accuracy of Wang et al. [1] and LB-IDS are 93.66% and 95%, respectively. When sinkhole attack is implemented, the average detection accuracy of Wang et al. [1] and LB-IDS are 95.53% and 96.83%, respectively.

Figure 11 shows the combined result comparison of LB-IDS with Wang et al. [1] scheme. It is observed that the FPR of LB-IDS is lower than that of Wang et al. [1] scheme under different attacks. From Table 4, it is observed that when the number of malicious nodes increases in the network, the average FPR increases. When jamming attack is implemented, the average FPR of Wang et al. [1] and LB-IDS are 18% and 15.66%, respectively. When back-off manipulation attack is implemented, the average FPR of Wang et al. [1] and LB-IDS are 15.16% and 13.16%, respectively. When cross-layer attack is implemented, the average FPR of Wang et al. [1] and LB-IDS are 10% and 8.66%, respectively. When sinkhole attack is implemented, the average FPR of Wang et al. [1] and LB-IDS are 8.33% and 6.66%, respectively.

Figure 12 shows the combined result comparison of LB-IDS with Wang et al. [1] scheme. It is observed that the FNR of LB-IDS is lower than that of Wang et al. [1] scheme under different attacks. From Table 5, it is observed that when the number of malicious nodes increases in the network, the average FNR increases. When jamming attack is implemented, the average FNR of Wang et al. [1] and LB-IDS are 16% and 15%, respectively. When back-off manipulation attack is implemented, the average FNR of Wang et al. [1] and LB-IDS are 13.50% and 11.66%, respectively. When cross-layer attack is implemented, the average FNR of Wang et al. [1] and LB-IDS are 6.8% and 6.66%, respectively. When sinkhole attack is implemented, the average FPR of Wang et al. [1] and LB-IDS are 8.33% and 6.66%, respectively.

7. Conclusion

The proposed LB-IDS secures the WSN by detecting the jamming attack, back-off manipulation attack, sinkhole attack, and cross-layer attack at the physical layer, MAC layer, and network layer, respectively. The threshold values of the trust at each layer are used for detecting the malicious nodes and genuine nodes in the network. From the results, it is observed that LB-IDS performs better than that of Wang et al. [1] scheme in terms of detection accuracy, false-positive rate, and false-negative rate. The analysis for LB-IDS is also performed in terms of message complexity, memory overhead, energy consumption, and trust evaluation. LB-IDS will be a better security solution for the clustered WSN. In future, we will implement and validate the proposed LB-IDS using wireless transceiver modules deployed in an outdoor environment.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work was supported by the Rajiv Gandhi National Fellowship (RGNF) Scheme funded by Ministry of Social Justice and Empowerment and Ministry of Tribal Affairs, Govt. of India. We want to thank Berhampur University (Govt. of Odisha), India, for providing adequate infrastructure to conduct the experiments.