METHOD FOR THE PERIOD DETERMINATION OF SECURITY LEVEL UPDATE IN STATISTICAL EN-ROUTE FILTERING FOR THE PERIOD DETERMINATION OF SECURITY LEVEL UPDATE IN STATISTICAL EN-ROUTE FILTERING.”

Energy management of WSN is one of the major issues. Many kind of attacks in WSN paralyze the network by exhausting node energy. Especially false report insertion attack, which is one of the several WSN attacks, is to inform users of false alarms as well as unnecessary energy consumption. F. Ye et al. proposed statistical en-route filtering to prevent false report injection attacks. In order to effectively use their scheme, techniques for determining thresholds using fuzzy logic have been studied. To effectively apply these techniques to the network, an appropriate security level period update should be set according to the network environments. In this paper, we propose a security period update method using fuzzy logic in order to improve the lifetime of the network in the statistical en-route filtering approach based on a wireless sensor network of the cluster environment. Normally SEF thresholds should be changed by a user according to the network environment. Our proposed method allows automatically setting the effective threshold for the environment by fuzzy logic. The experimental results show that the energy efficiency increased by 26.5%. the information messages needed for the update and can save energy by adjusting the security strength in a timely manner. We demonstrated the performance of the proposed method through performance analysis by the applied various environment. The experimental results show that the proposed method saves up to 26.5% of energy.


Introduction
A wireless sensor network (WSN) consists of hundreds to thousands of sensor nodes and a base station (BS), providing real-time monitoring of sensor fields in industrial, medical, and military applications. A sensor node consists of a processor, memory, a battery, and a wireless transmitter [1][2]. Due to battery limitations, research involving increasing the network lifetime considering limit factors is currently actively studied [3]. If an event occurs, the sensor node generates a report with detected information and sends it to the BS using a hop-by-hop technique to notify the user. Sensor nodes are vulnerable to physical attacks because they have limited memory and batteries, and are deployed in open environments [4]. The attacker can compromise the sensor node and generate a false report using the secret information contained in the node. In addition, the attacker can inject a false report with the wrong event data type into the networks, as shown in Figure 1.

Figure 1: False report injection attack
If a WSN consists of a cluster, false report insertion attacks are divided into two cases when the cluster head (CH) node that generates the report is compromised and when the member (MB) node that creates the authentication key is compromised. If the CH node is compromised, the attacker generates an arbitrary report and transmits it to the next node, causing false notification and energy exhaustion problems of intermediate nodes in the routing path [5][6]. If the MB node is compromised, it can generate a false event notification to the CH node, depleting the node energy of the cluster region and deploy incapacitating nodes. To minimize this problem, it is necessary to detect and remove the false report early and to filter out incorrect alarms to users. To prevent false report injection attack, F. Ye et al. proposed statistical en-route filtering (SEF) [7]. In SEF, it is important to set an appropriate security threshold because the security threshold has a trade-off relationship between power consumption and filtering probability. Security threshold determining methods using fuzzy logic was proposed to obtain an appropriate security threshold value [8]. However, this method does not consider the security update cycle of the node. If the update period is not taken into consideration, the worst case consumes more power.
In this paper, we propose a security period update method using the fuzzy logic to improve the energy efficiency of SEF-based WSNs. The proposed method automatically determines the update cycle considering network environment factors. Nodes that are updated on a periodic basis do not have to send the information messages needed for the update and can save energy by adjusting the security strength in a timely manner. We demonstrated the performance of the proposed method through performance analysis by the applied various environment. The experimental results show that the proposed method saves up to 26.5% of energy. The remainder of the paper is organized as follows. In Section 2, we explain the statistical enroute filtering scheme and motivation. Section 3 introduces the proposed scheme using fuzzy logic. Section 4 details the experiment results and, finally, the conclusions of this study are discussed in Section 5.

Related Works
This section describes the background and motivation of this paper.

Statistical En-route Filtering (SEF)
F. Ye et al. proposed SEF to prevent false report injection attacks. SEF statistically filters false reports by adding threshold values for authentication to the report generated by the representative node. The intermediate node verifies the report when a false report is transmitted. In addition, the intermediate nodes block false reports, thereby reducing unnecessary energy consumption to the BS. The SEF method consists of four phase: the key distribution phase, report generation phase, intermediate filtering phase, and BS node verification phase. In the key distribution phase, the user sets various setting values including the threshold value before the sensor nodes are deployed in the target area. The higher the threshold, the greater the false report detection rate, which makes it difficult for an attacker to generate false reports. However, high thresholds require high power consumption to transmit reports. Each node is randomly distributed among the key sets divided by the partition in the global key pool created at the BS. Figure 2 shows the key distribution process, where p 1 to p l denote the partition containing the key. After the key distribution process is over, the nodes are deployed in the target area where they want to collect information. When the deployed sensor nodes detect the event, the node with the highest detection rate is selected as the representative node. The representative node broadcasts event information to find neighboring nodes that have detected the same event signal value. Neighboring nodes that have received the event information compare whether occurrence same event information. If the generated events are the same, the message authentication code (MAC) is generated and transmitted to the representative node using the pre-distributed key and hash function. The generated MACs are used to verify the report. The threshold value signifies the number of MACs included in the report when the representative node generates the report. If a MAC is collected that is smaller than the threshold for collecting MACs, no reports are generated. The representative node generates the report by including event contents and MACs that vary from one another as the threshold value. Since each node has a certain probability of a common key, it can probabilistically detect false reports. Event reports are transmitted to the BS node through multi-hop routing. If the forwarding node receives the report, it goes through the verification process shown in Figure 3. M ij refers to the MACs included in the report. The MAC consists of K, which is the key value of the node, Le is the event information, t is the event occurrence time, and E is the contents of the event. Finally, when the BS node receives the report, it verifies all MACs included in the report using the global key pool. If the BS node determines that it is a normal report after verification, it sends the event contents to the user. Figure 4 shows the false report filtering process. In Figure 4, MAC n refers to the MAC belonging to n partitions. The attacker must compromise the same number of nodes as the threshold value to generate a complete false report using the compromised node. In Figure 4, assuming that the partition compromised two different nodes in a situation where the threshold value is three, MAC 1 and MAC 4 are known, but MAC 2 is unknown. In the forwarding node, the node having MAC 2 compares it to the verification report to verify the compromised MAC and drops the report. This mechanism can reduce unnecessary energy consumption by performing intermediate filtering of false reports.

Motivation
Setting an erroneous threshold according to the environment in the SEF has an adverse effect on the energy consumption efficiency [9]. To perform this task, research was conducted to determine the threshold value using fuzzy logic [8]. However, we did not consider the cycle of updating the threshold value for efficient use of this scheme. If the update period is wide, the node information value must be requested to the node every time, which is inefficient in an environment where the attack rate does not change. Conversely, if the period is narrow, it is inefficient in environments where the attack rate changes frequently. Therefore, in order to manage energy efficiently, it is important to determine the threshold update period. In particular, a method of determining the threshold update period is needed to establish an adaptive fuzzy system that can reduce energy consumption while maintaining security.

Assumptions
It is assumed that the plurality of sensor nodes is randomly placed in the destination field and arranged closely to each other. The route path is set during the pre-deployment phase and is assumed to use single-path routing. Each sensor node has a unique identification number. Each time the CH nodes transmit node information to the BS, the BS knows the specific information of the CH node. The WSN uses a cluster approach, which is advantageous because it considers performance and limited resources [10]. One cluster consists of a cluster head node and nine member nodes. Each member node collects the event and notifies the cluster head node, and the cluster head sends the report to the BS. composition [11] of the mandani model, which is one of the inference models, and the center of area (COA) method is used for the defuzzification method. Figure 5 shows that the CH node receives specific data and determines a new threshold value and new update period for the environment according to the update cycle. The FTR (False Traffic Ratio), BS_H (Base Station Hop), and RE (Residual Energy) were used fuzzy logic inputs for the new threshold value determination. And the DIF (Differential), RE (Residual Energy) were used Fuzzy logic inputs for new period determination.

Security Level Period Update Method
In the initial period in the CH, the CH transmits specific information such as the current set period value, the power consumption value of the node, and the attack rate to the BS. The BS transmits a new threshold value and period to the CH node after determining whether to update the update period through the received information and new period decision fuzzy logic. DIF means the change rate of the environment of the network. If there is no change to the attack on the network, this value will be small. The BS evaluates the security rate for determining the new period. When the cycle is determined, the new threshold value is output using the fuzzy algorithm as shown below. The proposed scheme adjusts the security strength and the energy consumption of the node by setting the attack rate, the energy state measured by the period, and the distance to the BS as the input value of the fuzzy system to set the new threshold value suitable for the current network situation. The new threshold and the new period are broadcast to the sensor network, as shown in Figure 5.    In this section, we compared the performance of the SEF with the fuzzy update period through experiments. Table 3 shows the parameter values for the experiment. The node information was created based on the Mica2 model [12]. The report size depends on the threshold value. The reason why the threshold value starts from two is that if the threshold value is one, even if only one node is damaged, a complete false report can be made. If the false report threshold is one, the BS cannot filter the false report. The threshold is updated every cycle and is determined by the fuzzy rule. The global key pool size is fifty and five partitions are used. Events occur one thousand times at random locations.  Figure 8 shows the energy consumption of the FTR and fuzzy logic according to the threshold update period. SEF (T = 2) means the initial threshold set by the existing SEF scheme. As shown in Figure 8, the proposed scheme consumes less energy than the existing SEF scheme because it considers the environment and maintains the appropriate threshold.  Figure 9 shows the graph of the energy efficiency comparison with the optimum cycles. When the thresholds are two and ten, the energy efficiency improved by up to 25.16% and 26.5%, respectively. If the user applies the proposed scheme in an area where the attack occurs frequently, it helps to save energy.

Conclusions
WSN is vulnerable to false report injection attacks because nodes are exposed to the open environment. To solve this problem, Fan Ye et al. proposed a SEF scheme that performs en-route filtering using a key. In statistical filtering techniques, thresholds affect energy management.
Although research has been conducted to establish thresholds appropriate to the environment, energy management is adversely affected if the cycle is set incorrectly because the threshold update period is not taken into consideration. In this paper, we proposed a method of updating the threshold value through the fuzzy logic to update the appropriate period of the threshold value suitable for the network environment. The experimental results show that the energy efficiency increased by 26.5% with the optimum cycles.