Identifying localization attacks in wireless sensor networks using deep learning

Abstract

Wireless Sensor Networks (WSNs) are vulnerable to various localization attacks where attackers intended to provide improper beacons or manipulate the location determination. Attack classification for localization in WSNs is not only the condition, prerequisite and premise of threat analysis, but, more significantly, a vital part of the security anomaly detection. In this paper, a localization attack recognition method using a deep learning architecture was proposed. To enhance the classification performance, a good feature representation was established through combining location features with topological indexes based on the complex network theory. The ability of Stacked Denoising Autoencoder (SDA) to learn the underlying features from input data was exploited. Back-propagation algorithm was performed to update weights through a stochastic gradient descent method. The proposed approach could efficiently distinguish the Sybil attacks, Replay attacks, Interference attacks, Collusion attacks and normal beacons. Extensive experiments demonstrated that the proposed algorithm can achieve an average classification accuracy of 94.39% and was more robust and efficient even in the existent of huge baneful beacons.

Keywords

Security wireless sensor networks attack classification deep learning

1 Introduction

Although, several open research fields in WSNs are proposed, there are a huge amount of problems when these networks are applied in some applications like tracking, surveillance, building and agriculture automation [1]. For all applications, one of the main missions is to help fundamental mechanisms like topology control or routing protocols to be aware of where their monitoring messages are located. For in-stance, in geographical routing protocol such as GPSR [2], sensors make routing decisions, to some extent, depend upon their own or neighbors’ positions [3]. A straightforward way is to equip each sensor with a GPS receiver that may offer accurate position to the sensor [4]. Be that as it may, the use of the technology is likely to be prohibitive owing to power and cost constraints [5].

Self-localization is an alternate solution of GPS, in which sensors may determine their own positions by employing various location calculation methods. These methods share a common characteristic: a majority of them use a few special sensors called beacons, which are supposed to know their own locations [6]. These beacons provide position information in the form of beacon messages for the benefit of non-beacon nodes also called unknown nodes ortarget nodes. Unknown nodes may use the location messages from adjacent beacons to determine their locations.

Although beacon-based localization techniques [7 –11] are fairly popular in most WSNs, they have one deficiency. The majority of beacon-based methods perform well when all the beacons are integrity. However, this is a hypothetical condition in the literature. Their accuracy suffers considerably decline in the existence of malevolent beacons. Beacons can deceive the location computation by broadcasting their own locations or manipulating the distance estimation. A simple malicious attack can disturb the accurate position estimating and even make the entire network functioning improperly. Attacks on localization can generally be launched by one or more malicious beacons to distort the information without system’s authorization, which means that traditional security mechanism like cryptography is limited to defend against such attacks.

In recent years, research efforts in securing localization techniques have concentrated on either re-moving malicious beacon nodes or on minimizing the influence of attack in the localization process [12]. However, before delving into possible solutions for secure localization, it is vital to address the following question that has been ignored by research efforts: how can we recognize, identify and classify various types of attacks against the localization procedure in WSNs?

Unfortunately, few works can explicitly categorize those attacks. Such a phenomenon may make the network defense fall into the passive situation and have a negative effect in preventing future repeated attacks. If the network merely detects localization attacks without the type classification and analysis, the possible consequence can be implied as follows. One of the main results is that it is inconvenient for the network to restore location-related information. The other one is that it can make the network difficult to provide more informative services and evidences in security event processing. Only after the alert information is collected and analyzed can we determine the dangerous region where attacks frequently take place and then design the targeted secure localization scheme according to certain threat. Naturally, this raise a serious question: Is it feasible to design a localization attack identification method for WSNs that can identify lying beacons and categorize maliciousattacks?

In this work, we proposed a new SDA-based Localization Attack Identification Approach (SDALAIA). To the best of our knowledge, this is the first work that proposes a deep learning approach to perform localization attack classification for WSNs. More specially, our approach possesses the following contributes:

It can recognize four common localization at-tacks that include Sybil, Replay, Interference and Collusion, with a higher classification ac-curacy for WSNs.

In order to explicitly distinguish different types of localization attacks, topological indexes based on complex network are added to feature representation to reveal the effect of localization attack.

It establishes a logical hierarchy model based on SDA, to self-learn the intrinsic characteristic of data, so as to fulfil the challenging task of localization attack detection and classification for WSNs.

It utilizes the Received Signal Strength Indicator (RSSI) ranging technology for localization, which can be easily extended to TOA, TDOA, and AOA ranging applications.

It employs a centralized methods to reduce the overhead of calculation in the unknown nodes by moving the calculation process to the base station that is free from the resource constraint.

The remainder of paper can be organized as follows: several related studies about security anomaly recognition algorithms were reviewed in Section 2. Section 3 introduced the preliminaries including the network assumptions and attack models. Section 4 described the details of the proposed method. In Sections 5, the performance of the proposed classification algorithm was verified through extensive experiments. Finally, Section 6 concludes the paper in which we also discuss some future work.

2 Related work

To investigate the scheme for identifying localization attacks in WSNs, a succinct summary of research on security anomaly detection using machine learning is provided.

Security anomaly detection plays an increasingly significant role in protecting computer systems from malicious attacks. In [13], the authors applied several conventional supervised machine learning algorithms to perform the attack classification. The top 20 features were chosen to train 8 classifiers. The overall accuracy of their classifiers ranges from 89.43% to 96.2%. However, manual feature selection could be a very tedious and time-consuming process. In [14], the authors proposed ak-NN-based approach for the in-network outlier detection in WSNs. Any missing reading of nodes was recalculated through the average value of the k-nearest neighbours. Nevertheless, such a non-parametric approach needs huge memory to store every reading collected in the monitored environment. In [15], the authors presented a distributed classification scheme that can be used for external localization attack classification in WSNs. The method was based on the distributed expectation maximization algorithm followed by the support vector machine. Nevertheless, the method concentrate on the attacked sensors that be not aware of their own positions rather than the assailed beacon. It is obvious that attacked beacons could exert a much worse influence on localization accuracy than comprised unknown nodes. Once the beacons were compromised, the whole network and service could be corrupted. Even if unknown nodes were attacked, legitimate beacons could also guarantee a high localization accuracy by relocating unknownnodes.

A severe limitation for machine learning is the need to perform tedious and time consuming feature engineering to achieve a good accuracy in attack detection. More often than not, the generated models are not optimal in achieving a high accuracy to address multi-class classification problems.

In recent, due to the superior predictive ability, deep learning models have become a hot topic of research and gained considerable attention in various fields, such as image recognition, natural language processing, speech recognition, and so forth. Deep learning approaches have been used for anomaly detection problem mostly using the classification approach. They have the capability of convergence to complex decision boundaries on account of the used non-linear activation functions, which make them appropriate for classification tasks.

In [16], the author developed an intrusion detection system by utilizing deep learning. The method could correctly classify the data with an accuracy of 79.1% and 88.39% for the 5-class and 2-class problem, respectively. In [17], the author presented a hybrid malicious code detection model, which is combined Auto-Encoder with DBN. The method was superior to the other one used single DBN in the detection accuracy, with the increase in the number of pre-training and fine-tuning iteration. Evidently, using Auto-Encoder to reduce the data dimension was effective. In [18], the author presented a data fusion method, which is combined Fisher score with the unsupervised learning,on the basis of the deep Auto-Encoder. The result indicated the deep Auto-Encoder algorithm remarkably improved the efficiency of big network traffic classification, compared with three different algorithms such as SVM, J48 and BPNN. Nonetheless, employing deep learning to probe into the localization attack recognition remains unexplored.

Motivated by the above observation, we propose a deep learning approach which can self-learn the features enough to detect localization attacks and perform the attack classification accurately. This paper focuses on the attacked beacon instead of the attacked unknown nodes.

3 Preliminaries

In the section, we describe the fundamental assumptions and further analyze the attack models to understand the abilities of adversaries.

3.1 Network assumptions

For the ease of presentation, the wireless sensor network model is considered to be in 2D and represented by a directed graph G (V, E) which consists of V, a set of nodes, and E, a set of edges, along with Base Station (BS) ∈ V. There exist two classes of nodes distributed randomly in the sensing area: beacons and unknown nodes. Let beacons be denoted as B1, …, B_M and unknown nodes be denoted as U1, . . . , U_T. Among these M beacons, quite a few beacons may beill. Let k represent the number of improper beacons. The malicious nodes may launch various attacks singly or in pairs.

First and foremost, the beacon nodes that know their own location, broadcast their own coordinates to unknown nodes. Moreover, unknown nodes, which are not aware of their own positions, are in charge of data-gathering and convey the location data to BS. Ultimately, BS is engaged in the data analysis and feature calculation, thus recognizing various localization attacks.

BS is assumed to be trusted, which is a shared and rational hypothesis. If BS was compromised, the sensor networks may face the possibility of a single-point of failure. Such a phenomenon means that the mission of the whole network may be undermined. BS is privileged in its storage capacity and computational capacity with additional energyresources.

We presume that each node has a unique ID in order that BS enable correctly parse the source of location claims. We also assume that distance measurement is performed through using the Receiver signal strength indication (RSSI) technology.

3.2 Attack models

Before probing into the details of the proposed method, it is indispensable to know how attacks could spoil the location determination in WSNs.

When a WSN was deployed in an adversarial attacking environment, adversaries might launch attacks to disrupt the localization procedure. In this study, the problem of identification for localization attacks is more concerned, and, thus, it is required that the proportion and extent of modification in other types of information do not surpass in distance related information.

In WSNs,localization attacks might emerge in the information gathering procedure, the location determination process and the location verification phase. Meanwhile, there exist some threats against localization, such as Sybil, Replay, Interference, and Location-reference attacks. Thus, in this paper, we concentrate on identifying the four attacks and normal nodes in the information collectionprocess.

3.2.1 Sybil attack

The adversary makes it appear that it is a set of different nodes and sends a great deal of false information. Such false information may be position of nonexistent beacon node and erroneous signal strength [19]. The adversary can obtain control over the network with multiple pretend identities. Figure 1(a) illustrates the Sybil attack when node 11 also claims to be nodes 12–15.

Fig.1

Some common attacks on localization in WSNs: a) Sybil; b) Replay; c) Interference; d) Collusion.

3.2.2 Replay attack

Such an attack is the most commonly used attack by adversarial nodes. The adversary can jam the location information transmission between a sender and a receiver and replay the outdated message, thereby impersonating the sender. The adversary can generate plenty of the replicas and spread them throughout the network by merely compromise a node [20]. Figure 1(b) illustrates the Replay attack when a malicious node 16 copies the original packet received from Beacon node 1 and then send it to unknown nodes 31–33.

3.2.3 Interference attack

The adversary interferes with the signal measurement. In RSSI-based range localization systems, obstruct signals between a transmitter and a receiver to weaken the RSSI and increase the distance [21]. Figure 1(c) illustrates the Interference attack when malicious node 17 places obstacles between beacon node 2 and unknown node 34. Malicious node 17 has no relationship with other nodes.

3.2.4 Location-reference attack

Location-Reference attack can be classified into two types: non-collusion and collusion. In the network, each unknown node obtains the position references from beacon nodes to localization. The attack is to modify partial position references. Position references include locations and RSSI measurements of beacon nodes collected from Base Station. For non-collusion attack, wrong position references aim to mislead the unknown node to different wrong positions, while for collusion attack, to a random, but the same wrong position [22]. Therefore, Sybil attack, Replay attack and Interference attack can be considered as the type of non-collusion attack. Figure 1(d) illustrates the Collusion attack when malicious nodes 18–22 mislead together unknown node 35.

4 Localization attack recognition method

In the section, we present a SDA-based deep learning approach to derive inherent features from raw data with better discriminative ability to perform anomaly detection and attack classification. The approach involves three tasks: feature representation, feature extraction and classification.

4.1 Feature representation

As there exist no single variable to directly characterize the localization attack, it is crucial to capture some relevant and informative features so as to obtain a better representation of the dataset without reducing its predictive accuracy. This requires a comprehensive analyzing and addressing the issue: What features should be defined and analyzed so that the classification resulting can be accuratelyattained?

4.1.1 Feature selection

From the above-mentioned description of attack models, we can observe that it may interact directly with the location information delivered from beacons n unknown nodes, including locations and RSSI measurements. Therefore, two representative parameters are chosen to analyze and reveal the impact of localization attack.

The first feature selected is the RSSI difference RSSIDIFF_ij obtained from unknown node, between non-assailed and assailed situations. Studies of RSSIDIFF_ij is used to determine the beacon whose RSSI reading is influenced or the degree to which beacon is attacked. Accordingly, RSSIDIFF_ij can be written as:

$\begin{matrix} {RSSIDIFF}_{ij} = | {RSSIN}_{ij} - {RSSIA}_{ij} | \\ \forall i, . . ., M, j = 1, . . ., T \end{matrix}$ (1)

Where RSSIN_ij and RSSIA_ij are the RSSI reading between beacon node B_i and unknown node U_j under non-assailed and assailed scenarios, respectively. RSSIDIFF_ij contains different values with different kinds of attacks. However, for the relay attack, the attacker merely resends the same packet later. The transmitted power of the signal does not change and thus its RSSIDIFF_ij is always equal to zero.

The second selected is the location difference LDIFF_ij of beacon B_i sends to an unknown node U_j, between non-attacked and attacked scenarios. LDIFF_ij can be also used to analyze the beacon whose location is altered or the degree to which beacon is attacked. Accordingly, LDIFF_ij can be written as:

$\begin{matrix} {LDIFF}_{ij} = \sqrt{(\overset{\land}{x_{ij}} - \overset{\land}{y_{ij}})^{2} - (\overset{\lor}{x_{ij}} - \overset{\lor}{y_{ij}})^{2}} \\ \forall i, . . ., M, j = 1, . . ., T \end{matrix}$ (2)

Where $(\overset{\land}{x_{ij}}, \overset{\land}{y_{ij}})$ and $(\overset{\lor}{x_{ij}}, \overset{\lor}{y_{ij}})$ are the location of beacon node B_i sends to the unknown node U_j under non-assailed and assailed scenarios, respectively.

Be that as it may, there are some variables whose value are null for all the records in the training and test data under some conditions. For beacon node B_i comprised by the Sybil attacker, itsRSSI and location reading may be null value under non-attacked scenario. This observation is not surprising since the Sybil attacker has the ability of presenting itself as different identities in a network to function as distinct nodes. These multiple identities are nonexistence. While for beacon node B_i comprised by the Interference attacker, itsRSSI and location reading may be null value under attacked scenario. This is mainly because the malicious beacon has no link with all nodes. These readings, which are closely associated with whether the node suffers from attacking, can be also considered as feature candidates for recognition. Therefore, four binary features, NRSSIN_ij, NRSSIA_ij, NLN_ij, and NLA_ij, are defined to represent that the RSSI reading is empty or not in the non-attacked an attacked conditions, and the location value is null or not under the non-attacked an attacked conditions, respectively.

In addition, considering the change of the network topological structure between non-attacked and attacked scenarios, the node degree and clustering coefficient are introduced into the feature representation to enhance classification results. Because the WSN is comprised of large amounts of nodes, it belongs to complicate network structure. Furthermore, the topological property will vary with the type of attack on the node. It implies that new features can provide more statistical feature information to reveal the impact of localization attack on classification.

The node degree D_i is the number of edges of the beacon node B_i. In the case of the directed network, we need to tell the difference between the in-degree, which represents the number of incoming neighbors, and the out-degree, which denotes the number of outgoing neighbors, of node. The in-degree and out-degree of node in a graph indicate the amount of functional convergence and divergence of its neighbors, whereas the clustering coefficient quantifies how close its neighbors are to be clique. Hence, these topology indexes can be regarded as feature entrants to identify highly connected beacons and provide an initial functional analysis of beacons as either broadcasters or receiver of signals.

The in-degree and out-degree of beacon B_ican be calculated as follows:

$\begin{matrix} {ID}_{i} & = & \sum_{j = 1}^{N} k_{ji} \\ {OD}_{i} & = & \sum_{j = 1}^{N} k_{ij} \end{matrix}$ (3)

Where k_ij and k_ji represent the number of afferent and efferent connections for the beacon node B_i, respectively.

Accordingly, the seventh and eighth selected feature are the in-degree difference IDDIFF_i and out-degree difference ODDIFF_i defined as follows:

$\begin{matrix} {IDDIFF}_{i} = | {IDN}_{i} - {IDA}_{i} | \\ {ODDIFF}_{i} = | {ODN}_{i} - {ODA}_{i} | \end{matrix}$ (4)

Where IDN_i and IDA_i are the in-degree of beacon node B_i, under non-assailed and assailed scenarios, respectively. In the same way, ODN_i and ODA_i are the in-degree of beacon node B_i, under non-assailed and assailed scenarios, respectively.

The clustering coefficient C_i for beacon node B_i is given through the proportion of links between nodes within its neighbors divided by the number of links that possibly exist between them [23]. In the directed graph, for beacon node B_i there are q_i × (q_i - 1) links that presumably exist among neighbors (q_i is the number of neighbors of beacon node B_i). Hence, in the directed graph, the clustering coefficient can be calculated as: $C_{i} = \frac{e_{i}}{q_{i} (q_{i} - 1)}$ (5)

Where e_i is the number of actual links among neighbors of beacon node B_i. In nature, qi is equal to the sum of M and T.

Accordingly, the tenth selected feature is the difference of clustering coefficient CDIFF_i, written as follows: ${CDIFF}_{i} = | {CN}_{i} - {CA}_{i} |$ (6)

As a result, the sum of the feature vectors for beacon node B_i can be expressed by X_i = [RSSIDIFF_i1, … , RSSIDIFF_iT, LDIFF_ij, …, LDIFF_iT, NRSSIN_i1, …, NRSSIN_It, NRSSIA_i1, …, NRSSIA_It, NLN_i1, …, NLN_It, NLA_i1, …, NLA_iT, IDDIFF_i, ODDIFF_i, CDIFF_i, A_i], in which the dimension of X_i is equal to 6 × T + 4 and the last feature A_i is the corresponding category. They are Normal (that is, legitimate beacon), Sybil, Replay, Interference and Collusion. We formulate the attack classification as a 5-class problem in this paper.

4.1.2 Feature normalization

To standardize the feature range, it is essential to convert the feature into an appropriate structure to facilitate the subsequent deep learning process. Considering that probability values in the output layer during the feature learning phase, we exploit Linear Scaling technology to normalize data in range [0, 1]. Since, the output layer values are identical to the input layer values in this phase, causes to normalize the values in the input layer from 0 to 1.

Given a lower bound min (X_i) and upper bound max (X_i) of a feature X_i, the normalized value is given by: $NX = \frac{X_{i} - min (X_{i})}{max (X_{i}) - min (X_{i})}$ (7)

For convenience, normalization form of RSSIDIFF_ij, LDIFF_ij, IDDIFF_i, ODDIFF_i, and A_i can be denoted as NRSSIDIFF_i1, NLDIFF_ij, NIDDIFF_i, NODDIFF_i, and NA_i, respectively. In addition, CDIFF_i is not required to be normalized for the reason that the clustering coefficient C_i is always a number between 0 and 1for a beacon node.

Consequently, the feature representation of beacon node B_i can be expressed by X_i = [NRSSIDIFF_i1, …, NRSSIDIFF_iT, NLDIFF_ij, …, NLDIFF_iT, NRSSIN_i1, …, NRSSIN_It, NRSSIA_i1, …, NRSS - IA_It, NLN_i1, … , NLN_It, NLA_i1, … , NLA_iT, NIDDIFF_i, NODDIFF_i, CDIFF_i, NA_i]. So, V_i will be entirely used as an input into the feature extraction at the next stage of recognition.

4.2 Feature extraction based on SDA

The objective of SDA is utilizing the unsupervised deep learning to extract robust and useful features from raw data. The SDA is an extension of the traditional Stacked Denoising Autoencoder (SAE) neural network by adding the noise with a certain probability distribution to the input data. SDA consists of multiple layers of auto-encoders in which the outputs of each layer are wired to the inputs of the next layer [24].

Assume a SDA with a set of training samples x = {x⁽¹⁾, x⁽²⁾, . . . , x⁽ⁿ⁾, . . . , x^(N)}, which is corrupted into $x \tilde{(n)}$ through a stochastic mapping $\tilde{x} = q_{D} (\tilde{x} | x)$ and the corresponding labels are y = {y⁽¹⁾, y⁽²⁾, …, y⁽ⁿ⁾, . . . y^(N)}. The encoding and decoding process can be presented by

$\begin{array}{l} r = f (W^{1} \tilde{x} + b^{1}), θ = {W^{1}, b^{1}}, \\ z = f (W^{2} r + b^{2}), θ = {W^{2}, b^{2}}, \end{array}$ (8) where W^l and b^l denote the parameters for the lth auto-encoder; θ and represent the optimized weight and bias vectors; f(.) represents the activation function, which is a significant part of a neuron. The motivation is to find the desired parameters W and b so as to minimize the difference between the output z and the real label y. Therefore, the energy function or loss function for sample $\tilde{x (n)}$ can be defined as $J (W, b; \tilde{x^{(n)}}, y^{n}) = \frac{1}{2 N} \sum_{n = 1}^{N} {∥ y (n) - z (n) ∥}_{2}^{2}$ (9)

The parameters of W and b are optimized through minimizing the loss function.

In the current deep learning network,the main activation function is the Sigmoid activation function whose output range is between [0, 1]. However, one of the problems with the Sigmoid is that as the size of the input increases, the gradient approaches zero, which is also fairly computationally expensive [25]. The Sigmoid function can be calculated as $f (x) = \frac{1}{(1 + e^{- x})}$ (10)

According to the above phenomenon, there exist some works that use Rectified Linear Unit (ReLU) activation function rather than Sigmoid. However, ReLU faces another problem that neurons may be irreversibly taken off the training phase, as it goes to zero when x < 0, which is shown in Fig. 2 ReLU can be calculated as $f (x) = {= 3 pt \begin{matrix} 0 & if x \leq 0 \\ x & if x > 0 \end{matrix}$ (11)

Fig.2

The PReLU activation function.

In an improved version of ReLU, known as Leaky ReLU (LReLU), the aforementioned issue can be resolved through the introduction of a small negative slope determined by a when x < 0. Parametric Rectified Linear Unit (PReLU) can be seen as a development of LReLU. For PReLU, a is adaptively learned during the training phase, while for LReLU, a is a fixed value, as shown in Fig. 3. LReLU and PReLU can be calculated as $f (x) = {= 3 pt \begin{matrix} ax & if x \leq 0 \\ x & if x > 0 \end{matrix}$ (12)

Fig.3

The LReLU and PReLU activation function.

PReLU prevents from the direct death of neurons by adding the negative response on the basis of ReLU. Hence, it not only can reduce training time, but, more significantly, avoid over-fitting like ReLU. On the whole, PReLU can overcome the demerit of the common activation function. Consequently, this paper employs PReLU as the activation function.

4.3 Classification

In the above framework, the optimal SDA parameters are learnt. After which, we utilized Softmax regression (known as multinomial logistic regression), which is a generalization of logistic regression, to generate the classes of the input data. Softmax regression can support multi-class classification, which is more suitable for our issue, whilst logistic regression can only support the binary class setting.

Given a k classes input training set ${x^{(i)}}_{i = 1}^{n}$ and the class label set ${y^{(i)}}_{i = 1}^{n}$ where y⁽ⁱ⁾ ∈ {1, . . . , k}, the classification probability for each category can be expressed: $P (y^{(i)} = j | x^{(i)}; θ) = \frac{1}{\sum_{j = 1}^{k} e^{θ_{j}^{T} x^{(i)}}} [\begin{matrix} e^{θ_{1}^{T} x^{(i)}} \\ e^{θ_{2}^{T} x^{(i)}} \\ . . . \\ e^{θ_{k}^{T} x^{(i)}} \end{matrix}]$ (13) where j = 1, 2, …, k and θ = [θ₁, θ₂, …, θ_k] represent the parameters of Softmax regression model. Its cost function can be calculated by:

$\begin{matrix} J (θ) \\ = - \frac{1}{n} [\sum_{i = 1}^{n} \sum_{j = 1}^{k} 1 {y^{(i)} = j} \log \frac{e^{θ_{j}^{T} x^{(i)}}}{\sum_{j = 1}^{k} e^{θ_{j}^{T} x^{(i)}}}] \end{matrix}$ (14) where 1{.} refer to the indicator function. θ can be calculated through minimizing the cost function. Moreover, back-propagation can be performed to update the weights of all layers through the gradient descent. The purpose is to minimize the error between the desirable and true label using the labelled dataset. The parameters W^l and b^l are updates by:

$\begin{matrix} W^{l} & = & W^{l} - α \frac{\partial}{\partial W^{l}} J (W, b; X, y) \\ b^{l} & = & b^{l} - α \frac{\partial}{\partial b^{l}} J (W, b; X, y) \end{matrix}$ (15) where α represents the learning rate. The gradients can be calculated through the back propagation algorithm.

In this study, beacons are divided into 5 categories including normal, Sybil, Replay, Interference and Collusion. Therefore, the proposed deep architecture combined SDA with the Softmax classifier can stack into a deep learning neural network, shown in Fig. 4 where P represents the result of classifier.

Fig.4

The deep architecture of our 3-hidden-layer SDA and classifier.

Figure 5 depicts the specific steps that how to train a SDA-based deep learning architecture. The procedure of SDA is mainly divided into three stages. The first stage, unsupervised learning stage, is a greedy layer-wise training process. The training set is utilized in the unsupervised learning stage only involved in unlabeled data. The second stage, supervised learning with fine-tuning stage, adds a logistic regression layer for classification on the top of the SDA. The entire neural network is then trained as a multilayer perceptron and optimize all the parameters using labeled samples. Finally, the test set is employed for the classification task and evaluating the performance of classification.

Fig.5

Specific steps to train a SDA-based deep learning architecture.

5 Simulation results

To verify the accuracy and efficiency of the proposed solution, we present extensive experiments that are performed in different conditions. In our simulation, 600 sensors including 200 anchors are randomly distributed over a 600 m×600 m area. The fraction of malicious beacons is 20%, where each kind of localization attack has one-fourth number of the total. The noise level is set to 0.1. The experiments are repeated for 10 times under non-assailed and assailed scenarios, respectively. The first eight datasets are adopted as training sets whereas the last two ones are used as testing sets.

To evaluate the performance of the proposed method, the classification accuracy is used to calculate the overall correct detection accuracy of the dataset. The formulas of the criteria can be written as follows:

$\begin{matrix} classification accuracy \\ = \frac{the number of correct classified samples}{the total number of samples} \end{matrix}$ (16)

5.1 Influence of the number of hidden layer

We first investigate the proposed method in terms of localization attack, for two and three hidden layers. The motivation for this experiment is quantify the value of the deeper architecture, when the same number of output features are extracted. The number of hidden unit in the two-layer SDA is 1000 and 500, while the three-layer SDA is 1000, 500and 100.

From Fig. 6 we can observe that two hidden layers did not lead to better classification of attack, although deep architectures induce the reduced computational complexity. Referring to Fig. 6 our experimental results demonstrated that the generated 3-hidden-layer model using the PReLU activation function is able to obtain a consistently high classification accuracy for all categories. Such a model can maintain a good classification accuracy at 97.91% and 95.46% for the normal and replay attack,respectively.

Fig.6

Classification accuracy comparison of the PReLU activation function under different architectures.

While the 2-hidden-layer PReLU based model achieved the average classification accuracy of 76.77%, which is mainly attributed to its good performance in identifying replay attacks, with the recognition accuracy of 83.75%. However, there is a significant drop in the sybil attack classification accuracy, at 67.91%. This is due to the inability of the model to learn sufficiently good higher order features for the sybil attack, as compared to the other classes.

5.2 Influence of back-propagation

Then, the classification performance in the three-hidden-layer SDA are compared between the non-back-propagation and back-propagation used technology, as shown in Fig. 7.

Fig.7

Classification accuracy comparison on the effects of back-propagation.

Concerning the impact of back-propagation, it is clear that there is a significant increase in the performance. The average success classification rate using back-propagation significantly rise 6.09% compared to the one without back-propagation technology. For example, for the replay attack, the proposed method with back-propagation offers the highest classification accuracy of 95.46%, compared to the non-back-propagation, at 89.17%.

Taking an overall view, we observed that both the non-back-propagation and back-propagation based models can provide a well-balanced classification for all five classes, with the back-propagation based model having a better performance over the non-back-propagation model.

5.3 Influence of the proportion of malicious beacons

We explore the classification robustness of the PReLU activation function with three activation function classifiers, namelyReLU, LReLU, and Sigmoid. As mentioned in the previous section, PReLU enable self-learn the optimal parameter, while for LReLU, the parameter is a fixed value. We randomly set a for the LReLU to be 0.001.

Figure 8 manifests the average recognition accuracies for four activation functions under different malicious beacons proportions. In Fig. 8(a), the average recognition accuracy using the PReLU based method is approximately 4% –11% higher than the ReLU, LReLU, and Sigmoid based method. Moreover, the PReLU-based model achieves higher recognition accuracy than the others; on the contrary, the Sigmoid-based models fails to offer good recognition accuracy. For classification error existing in the result, it can often be ascribed to the lack of sufficient training samples for classifier.

Fig.8

Classification accuracy comparison of the PReLU activation function with ReLU, LReLU, and Sigmoid under different malicious beacon rates.

Next, to demonstrate the robustness of the proposed method, Fig. 8(b) compares the recognition performance with others under a higher malicious sensors ratio. When the ratio of the malicious beacons exaggerates, the average attack recognition rates have a certain improvement for all classifications, which means that the additional data of the malicious beacons provide more sample to the classifier and affect the classification result.

For the two scenarios, the Sigmoid based models did not manage to attain the highest classification accuracy for any of the attack, while the LReLU and ReLU based models attained the highest classification accuracy for the normal and interference attack under 30% malicious beacons ratio, at 95.73% and 93.14%, respectively. Particularly, the average recognition rate of the PReLU-based method is increased from 92.51% to 94.39%. Thus, the proposed algorithm is more robust to recognize localization attacks even under a severe scenario.

5.4 Influence of the beacon density

To further examine the classification performance of the SDA-based approach, we compare it with other two learning approaches like SAE and SVM when beacon density (BD) varies. The total number of sensors also is set to 600 and the proportion of malicious beacons is approximately 20%, where each kind of attack has one-fourth number of the total. The sensor parameters can be listedin Table 1.

Table 1
Parameter settings

Beacon density Number of Beacons Number of unknown nodes Number of malicious beacons Number of each type of attack

1/2 300 300 60 15

1/3 200 400 40 10

1/4 150 450 32 8

Beacon density	Number of Beacons	Number of unknown nodes	Number of malicious beacons	Number of each type of attack
1/2	300	300	60	15
1/3	200	400	40	10
1/4	150	450	32	8

Table 2 describes the classification results using three schemes under different node density rates. It is indicated that when beacon density reaches 1/3 the proposed approach provides a slightly higher classification accuracy in comparison to that with the 1/2 beacon density. This mainly because the increase in the number of features lead to upgrade the performance of classification. This is consistent with the stronger the power of feature representation, the higher the accuracy. SDA obtains the highest recognition accuracy among three approaches with the probability of 83.97% –97.91%, whereas SAE and SVM had the lower probability of 82.23% – 95.44% and 73.02% –89.21%, respectively.

Table 2

Classification results of different learning methods

Beacon Density	Type	SDA	SAE	SVM
1/2	Replay	91.97%	90.18%	80.58%
	Collusion	90.84%	89.43%	70.20%
	Interference	86.74%	83.51%	86.75%
	Sybil	80.53%	74.64%	82.12%
	Normal	95.78%	91.67%	88.75%
1/3	Replay	95.46%	93.34%	81.61%
	Collusion	93.92%	91.59%	73.02%
	Interference	91.31%	88.45%	87.66%
	Sybil	83.97%	82.23%	84.14%
	Normal	97.91%	95.44%	89.21%
1/4	Replay	90.32%	86.12%	76.37%
	Collusion	88.28%	84.27%	69.16%
	Interference	85.80%	82.03%	80.93%
	Sybil	80.41%	72.86%	77.13%
	Normal	91.23%	87.05%	81.42%

The classification accuracy drops obviously when beacon density decreases 1/4, as the number of samples depended on the number of beacons. It is noted that the SDA can outperform other techniques which enable explicitly extract the essential features and reflect the data structure. Thereby, its average accuracy is 4.74% and 10.21% higher than SAE and SVM whose kernel function is RBF, respectively. In general, SDA-based model is more efficient in identifying localization attacks for WSNs.

6 Conclusions

This paper presented a centralized classification algorithm, which is especially effective for localization attack identification in WSNs. Learning the positional and topological features through a SDA-based deep architecture, the accuracy of categorization can be improved dramatically. To tune the proposed SDALAIA for the particular supervised learning setup, back-propagation algorithm was applied to the feature extraction and classification. Experiments demonstrated that the proposed algorithm is an excellent feature learning method and can achieve a good recognition performance with only a simple Softmax classifier.

In future, we plan to implement a real-time localization attack recognition system for real wireless sensor networks using the deep learning technique. Additionally, we also plan to investigate some features, which can be applied for secure localization mechanism using deep learning.

Footnotes

Acknowledgments

The work was supported by the National High Technology Research and Development Program of China (Grant No. 2015AA016005), the National Natural Science Foundation of China (Grant No. 61402096), and the Fundamental Research Funds for the Central Universities of China (Grant No. N161604003).

References

Carlos-Mancilla

, López-Mellado

and Siller

, Wireless sensor networks formation: Approaches and techniques, Journal of Sensors2016 (2016).

Karp

and Kung

H.T.

, GPSR: Greedy perimeter stateless routing for wireless networks, Proceedings of the 6th annual international conference on Mobile computing and networking2000, 243–254.

Liu

, Ning

and Du

, Detecting malicious beacon nodes for secure location discovery in wireless sensor networks, Proceedings ofthe 25th IEEE International Conference on Distributed Computing Systems (2005), 609–619.

Esposito

and Choi

, Signaling game based strategy for secure positioning in wireless sensor networks, Pervasive and Mobile Computing40 (2017), 611–627.

Jha

, Tripakis

, Seshia

S.A.

and Chatterjee

, Game theoretic secure localization in wireless sensor networks, Proceedings of the International Conference on the Internet of Things (2014), 85–90.

Chen

, Thombre

, Järvinen

, Lohan

E.S.

, Alén-Savikko

, Leppäkoski

and Lindqvist

, Robustness, security and privacy in location-based services for future iot: A survey, IEEE Access5 (2017), 8956–8977.

Liu

, Ning

and Du

, Attack-resistant location estimation in sensor networks, Proceedings of the 4th international symposium on Information processing in sensor networks (2005).

Oguejiofor

O.S.

, Aniedu

A.N.

, Ejiofor

H.C.

and Okolibe

A.U.

, Trilateration based localization algorithm for wireless sensor network, International Journal of Science and Modern Engineering1(10) (2013), 2319–6386.

Rezazadeh

, Moradi

, Ismail

A.S.

and Dutkiewicz

, Superior path planning mechanism for mobile beacon-assisted localization in wireless sensor networks, IEEE Sensors Journal14(9) (2014), 3052–3064.

10.

Singh

and Khilar

P.M.

, Mobile beacon based range free localization method for wireless sensor networks, Wireless Networks23(4) (2017), 1285–1300.

11.

Han

, Zhang

, Jiang

, Yang

and Guizani

, Mobile anchor nodes path planning algorithms using network-density-based clustering in wireless sensor networks, Journal of Network and Computer Applications85 (2017), 64–752017.

12.

Jadliwala

, Zhong

, Upadhyaya

S.J.

, Qiao

and Hubaux

J.P.

, Secure distance-based localization in the presence of cheating beacon nodes, IEEE Transactions on mobile computing9(6) (2010), 810–823.

13.

Kolias

, Kambourakis

, Stavrou

and Gritzalis

, Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset, IEEE Communications Surveys & Tutorials18(1) (2016), 184–208.

14.

Branch

J.W.

, Giannella

, Szymanski

, Wolff

and Kargupta

, In-network outlier detection in wireless sensor networks, Knowledge and Information Systems34(1) (2013), 23–54.

15.

Wang

S.Z.

, Li

and Cheng

, Distributed classification of localization attacks in sensor networks using exchange-based feature extraction and classifier, Journal of Sensors2016 (2016).

16.

Niyaz

, Sun

, Javaid

A.Y.

and Alam

, A deep learning approach for network intrusion detection system, Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (2015), 21–26.

17.

, Ma

and Jiao

, Hybrid malicious code detection method based on deep learning, Methods9(5) (2014), 205–216.

18.

Tao

, Kong

, Wei

and Wang

, A big network traffic data fusion approach based on fisher and deep auto-encoder, Information7(2) (2016), 20.

19.

Newsome

, Shi

, Song

and Perrig

, The sybil attack in sensor networks: Analysis & defenses, Proceedings of the 3rd international symposium on Information processing in sensor networks (2004), 259–268.

20.

Chen

C.L.

, Shih

T.F.

, Tsai

Y.T.

and Li

D.K.

, A bilinear pairing-based dynamic key management and authentication for wireless sensor networks, Journal of Sensors2015 (2015), 1–14.

21.

Cao

X.M.

, Yu

, Chen

G.H.

and Ren

F.Y.

, Security analysis on node localization systems of wireless sensor networks, China Journal of Software19(4) (2008), 879–887.

22.

C.M.

, Lu

C.S.

and Kuo

S.Y.

, Efficient and distributed detection of node replication attacks in mobile sensor networks, Proceedings of the IEEE Vehicular Technology Conference Fall (VTC 2009-Fall) (2009), 1–5.

23.

Ichinose

and Kobayashi

, Emergence of cooperative linkages by random intensity of selection on a network, BioSystems105(1) (2011), 1–9.

24.

, Zhuang

, He

and Shi

, Learning deep representations via extreme learning machines, Neurocomputing149 (2015), 308–315.

25.

Jassman

T.J.

, Mobile Leaf Classification Application Utilizing a Convolutional Neural Network. Appalachian State University Press, 2015.