Intrusion Detection System to Overcome a Novel Form of Replay Attack (Data Replay) in Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are widely and successfully employed in various application domains. They are easily deployed to collect valuable information and monitor potential environmental phenomena. However, the special nature of WSNs as well as their severe constraints and resource limitations make them vulnerable to various types of threats. Replay attack, is one example. According to this attack, the adversary intercepts and replays several times the same (old) message leading either to missed alerts or to false alerts. Many solutions have been proposed to mitigate message replay attack. However, all these solutions are of cryptographic natures and consider only external attacks exercising a trivial scenario of replay attack. In fact, the attacker could be a lot smarter, and in this case, it replays only the data field in the message while keeping the remaining fields updated. This novel form of replay attack is much more dangerous and difficult to be detected. We call this attack variant by data replay attack. As sensor nodes may be easily captured and compromised, the worst scenario occurs if data replay attack is performed by an internal intruder. In this paper we propose an efficient intrusion detection framework to overcome data replay attack in WSNs. The proposed intrusion detection system is named DR-IDS (Data Replay Intrusion Detection System). The performance evaluations performed under NS2 simulator show that the proposed solution is sufficiently robust.