Enhanced Extreme Learning Machine for Energy Efficient Vampire Attack Detection in Wireless Sensor Networks

Wireless sensor networks (WSNs) are comprised of sensor nodes that are interconnected wirelessly, forming a subset of ad hoc networks. Infrastructure is not required for self-configuring networks [1, 2]. Sensor nodes can detect, relay, and share data with external networks [3]. WSNs were originally developed for military purposes, namely for detecting enemy movements. However, they have since been used in several civil applications as well [4]. Security risks targeting WSNs have been extensively researched because hostile acts intended to prevent military-related WSN applications from operating normally naturally pose a danger to them [5]. The majority of earlier research has concluded that many attacks have the same objective of immediately, sufficiently, or quickly preventing the network from operating [6]. Even if the source of these assaults may not be found right away, the disturbances they produce may highlight other attempts that are already in progress [7]. The network operator will thus be informed and take action to protect against the impact of these assaults [8, 9]. This kind of attack strategy may be less successful from the attacker's perspective since it targets military-related networks, whose users have most likely taken security precautions before deployment [10]. It is preferable to carry out subtle assaults that go undetected for a while. Certain attacks aim to weaken the network gradually over a considerable amount of time rather than causing an instant disruption to its availability [11]. Vampire assaults [12] are one example of this kind of attack, which aims to covertly drain the network's energy resources (typically nodes' batteries). Vampire attacks pose a significant threat to WSN systems operating in challenging situations, such as environmental monitoring or enemy identification. These assaults are particularly detrimental since the nodes of these applications are difficult to access, making battery replacement a challenging or even impossible task [13]. Vampire attacks may take advantage of the absence of authentication in control messages of conventional routing protocols specifically built for WSNs. As indicated earlier in the preceding paragraph, it might be challenging (and often impossible) to recharge the energy storage of sensor nodes in some applications of WSNs. Vampire assaults may expedite the malfunctioning of certain sensors, leading to interruptions in the network. Therefore, network operators need to discover anomalous indicators of vampire attacks and ascertain probable perpetrators.

A vampire assault may do the following:

• The route loop assault, also known as the carousel attack, involves the deliberate creation of routing loops where data packets are made to constantly travel over the same loop [14].
• Stretch assault: In this kind of assault, the attackers attempt to increase the length of conventional routes as much as possible and compel data to pass through several unnecessary nodes.

Consequently, the average distance covered by data may see a substantial increase, and the number of nodes unintentionally involved in data transmission also increases.

Cluster creation is a prominent strategy in WSN that aims to decrease energy consumption [15]. CHs lead sensor node clusters. The best cluster head is chosen using bio-inspired algorithms such ensemble Particle Swarm Optimisation (PSO) and Gravitational Search Algorithm (GSA) [16], Genetic Algorithm (GA) [17], and Multi-Objective Evolutionary Algorithm (MOEA) [18]. The hybrid PSO/GSA calculates the cost function by incorporating CH proximity and energy. The cost function distributes the next hop for each CH to evenly share the workload across cluster heads. The HB (hybrid mode) method involves the selection of a group of cluster heads from the present nodes in the network. These cluster heads then establish the clusters depending on their positions. GA describes a system for dynamically optimizing wireless sensor node clusters using self-organizing network clustering. GA and multi-objective Particle Swarm Optimization (PSO) help the MOEA choose an efficient CH. Fuzzy methods select the best WSN cluster head from sensor nodes [19]. During the election process, sensor nodes are evaluated for their eligibility to become CH based on their eligibility index. Hierarchical routeing techniques such as LEACH and PEGASIS encounter difficulties in the selection of cluster heads and routeing of sink nodes. GEAR, GAF, and SPAN, location-based routing protocols, also have high overhead, energy consumption, and scalability issues in WSNs. Furthermore, these protocols do not prioritize the most efficient CH for packet routing. Therefore, there is an increase in energy consumption and a decline in the stability of the WSN. WSNs operate under stringent constraints, including limited processing power, memory, and bandwidth. Traditional security measures are often computationally intensive and energy-hungry. There is a need for lightweight, energy-aware strategies specifically tailored to the unique architecture of WSNs. Mitigating vampire attacks ensures that nodes maintain their operational lifespan, maximizing the utility and efficiency of WSN deployments, particularly in environments where replacing or recharging batteries is difficult (e.g., remote monitoring or disaster zones). Based on the aforementioned investigations, it is evident that WSN continues to face the challenges outlined below.

• The vampire attack presents a significant security threat whereby a compromised node, dubbed the "vampire", maliciously drains energy from neighboring nodes, hastening their depletion and potentially causing network failure. This attack jeopardizes the integrity and longevity of the network, requiring robust detection and mitigation strategies to safeguard against energy depletion and ensure the reliable operation of WSNs.
• Energy consumption is a significant issue in WSN. The majority of the works focus on clustering as a means to decrease energy use. However, it does not include a method for the selection of the most efficient CH. This diminishes the efficiency of aggregating data.

The following goals are constructed using our Energy-Scheduling utilizing Extreme Learning Machine Sleep Scheduling Algorithm (ELM_SSA) to address these flaws in the existing WSN communication protocols:

• This paper proposes a novel approach that combines K-Medoids clustering with an improved version of the Sailfish Optimization (SO) algorithm. The SO algorithm, inspired by the hunting behavior of sailfish, is known for its efficiency in optimization tasks. The SO algorithm is enhanced by introducing adaptive mechanisms to improve its exploration and exploitation capabilities. Fitness functions depend on residual energy, hop count, destination node distance, and bandwidth.
• By adopting the Extreme Learning Machine (ELM), this study formulates the detection of vampire attacks as a binary classification problem, where the objective is to distinguish between normal and attack traffic based on network features.
• To minimize the impact of vampire attacks, the hierarchical sleep scheduling mechanism should be dynamic and adaptive. Nodes may adjust their sleep patterns based on perceived threats. Nodes suspected of being under attack could reduce their active periods, increase sleep duration, or even temporarily disconnect from the network to prevent further energy drain.

This article is organized as follows: Section 2 provides an overview of the most advanced research related to the effective management of energy WSN. Section 3 examines the proposed work, including detailed discussions of the algorithms. Section 4 presents the experimental findings and a comparative analysis. Finally, Section 5 provides a conclusion and future works.

Sensors are deployed in the target environment and strategically placed to collect relevant data as shown in Figure 1. These sensors could be for measuring temperature, humidity, pressure, motion, light, sound, and so on. Each sensor node is configured with specific parameters, such as sampling frequency, data transmission protocols, and data format. This configuration ensures that the sensor nodes operate efficiently and transmit data accurately. From the collected data, some of the features, such as energy consumption patterns, node proximity, and communication traffic-oriented features, are extracted. Now, the features are trained using the Extreme Learning Machine (ELM) to predict vampire attacks with the assistance of the sleep scheduling algorithm for better energy efficiency. The sleep scheduling algorithm determines the optimal sleep-wake schedule for each sensor node based on factors, such as energy levels, data traffic patterns, and communication requirements. Now, ELM_SSA is deployed on the base station (BS) to enhance energy efficiency.

1.jpg

Figure 1. Block diagram to enhance energy efficiency using machine learning

3.1 Energy model

The energy required for packet transmission is denoted as $E n_t$ and is influenced by the length of the message segment $I_m$ and the distance between the transmitter and receiver, $d_t$. Consequently,

$E n_t\left(I_m, d_t\right)=I_m\left(E_{e l}+E_{c m}\right)$         (1)

$E n_t\left(I_m, d_t\right)=I_m\left(E_{e l}+\varepsilon_{s f} d_l^2\right)$ if $d_t<=d_l$        (2)

$E n_t\left(I_m, d_t\right)=I_m\left(E_{e l}+\varepsilon_{s f} d_t^2\right)$ if $d_l<d_t<d_u$         (3)

$E n_t\left(I_m, d_t\right)=I_m\left(E_{e l}+\varepsilon_{m d} d_t^4\right)$ if $d_t \geq d_u$       (4)

$E_{c m}$ represents the amount of energy used in transmitting a single bit of information. The symbol $\varepsilon_{s f}$ represents the free space method, whereas $\varepsilon_{m d}$ represents the multipath channel model. $d_l$ and $d_u$ is the lower and upper bounds of the distance $d_t$, whereas $E_{e l}$ denotes the energy use reference point. The energy used during packet receipt is mostly determined by the length of the message segment, denoted as $I_m$. Consequently,

$E_{r e c}\left(I_m\right)=I_m \times E_{e l}$        (5)

3.2 Analysis of vampire attack in the network

The network's nodes have the responsibility of both accurately transmitting data and modifying received data packets with new information before transferring them to the next node. Therefore, data transported between nodes must be verified as secure. A node loses trust after an aggressive or passive attack. Carousal attacks are instances when a malicious node creates a loop with a data packet, therefore obstructing its intended path to the BS or destination node. The node's aberrant conduct rapidly depletes its energy, resulting in a vampire assault. In the event that the BS does not receive the data packet within the designated timeframe, it will request the CH to assess the trust levels of all member nodes.

$T^d(t)=\frac{p_{n 1}(t)}{p_{n 2}(t)}$          (6)

where, $T^d(t)$ represents the direct trust calculated between the nodes $n 1$ and $n 2$. The variable $p_{n 1}(t)$ represents the packets that have been received.

The total number of packets transmitted is denoted as $p_{n 2}(t)$. The estimated trust of the neighboring nodes is indicated in Eq. (6).

$T^t(t)=\frac{1}{k} \sum_{d=1}^k T^d(t)$               (7)

$T=\alpha T^d(t)+\beta T^t(t)$            (8)

The values of $\alpha, \beta$ vary from 0 to 1, with the condition that $\alpha+\beta=1$. The value has been evaluated from the Eqs. (7) and (8). The trust threshold ranges from 0.99 to 1. If the predicted value is below this level, the sensor is an MN because it loses more packets during transmission. To ensure efficient data transfer, the trust requirements are considered while selecting the route for sending packets. The BS will inform the CH of the MN's ID and position after calculating the trust degree during verification. The CHs have taken the action of blacklisting and isolating the rogue node, while also disseminating its ID to all of their members.

3.3 Clustering process

Every node in the network actively engages in the clustering process and autonomously determines whether it is a Head Node or a Member Node. Neighbors of a certain node are defined as all the nodes that fall inside its communication radius. The energy parameter of the nodes is used to form clusters, which are regularly updated. The CH selection technique adopts the K-Medoids algorithm with an upgraded version of Adaptive Sailfish Optimisation (IASFO) for better effectiveness. After clustering the sensor nodes, a CH is selected for each WSN cluster. The CH's main task is to gather and send cluster node data to the BS. This paper suggests WSN clustering using K-medoids. K-medoids group all sensors. K-medoids associates each cluster with one item. A medoid, the cluster's centre, has been identified. The group of K-medoids linked to a cluster node is the shortest distance between clusters because they find the best centre. Improves sensor node communication, decreases energy use, and locates cluster centres to eliminate packet delays. Efficiency and a defined number of convergence stages characterise K-medoids. The K-medoids clustering technique follows these steps.

Step 1: Randomly choose k points from the input data.

Step 2: Every individual data point is allocated to the cluster including the center point that is closest to it.

Step 3: Determine and add the distance between all cluster ‘i’ data points. The centroid of the i cluster is the point with the lowest calculated distance from all others.

Step 4: Continue iterating steps 1 and 3 until convergence is achieved, meaning that the central point stops moving.

Clustering classifies sensor nodes and selects CHs for each WSN group. Data from a cluster node is sent to the BS through the CH. The K-medoids technique is used to achieve cluster formation by identifying precise core clusters or centroids. This approach leads to reduced power consumption, minimal packet delay, and improved performance of sensor nodes. The procedure entails determining the approximate number of clusters and computing the initial CH node by

$c=\sqrt{\frac{n}{2}}$         (9)

where, the number of nodes is n. These methods calculate the beginning average point and central location (L) for all nodes.

$L=\frac{\sum_{n=1}^N x_n}{n}$          (10)

where, $x_n$ represents the sensor's coordinate. The formula represents the average spacing among the SN and L as D.

$D=\frac{\sum_{n=1}^N\left|x_n-L\right|}{n}$         (11)

The SN distance from the center location L may be utilized to compute the centroid. Use Eq. (10) frequently to cluster until a CH is selected. Algorithm 1 shows the process of creating clusters by K-medoids using Sailfish Optimizer.

3.4 Extreme Learning Machine

Anomaly-based intrusion detection at the BS uses the ELM. All packet behaviors are established via anomaly detection. Implementing ML algorithms requires more energy, which sensor nodes cannot handle. ML is applied at the BS. ELM is a feedforward neural network with one or more hidden nodes. Hidden nodes' input weights and biases may be given arbitrarily, but the output layer-hidden layer weights can be determined analytically. Figure 2 shows that ELM learns the output weights of the hidden nodes in one step, making it faster than BPN.

2.jpg

Figure 2. Architecture of ELM-SSA

The following is a method for a single hidden layer ELM.

The output function of the $i^{t h}$ hidden node received a

$h_i(x)=G\left(a_i, b_i, x\right)$         (12)

The $i-t h$ hidden node parameters are $a_i$ and $b_i$. The ELM output function is

$f_L(x)=\sum_{i=1}^L \beta_i h_i(x)$           (13)

Here, L is the number of hidden nodes, and $\beta_i$ is the output weight of hidden node. The hidden output mapping is

$h(x)=\left[G\left(h_i(x), \ldots . h_L(x)\right]\right.$        (14)

Similarly, the output matrix H of the hidden layer is given as

$H=\left[\begin{array}{c}h\left(x_1\right) \\ \ldots \\ h\left(x_N\right)\end{array}\right]=\left[\begin{array}{ccc}G\left(a_1, b_1, x_1\right) & \ldots & G\left(a_L, b_L, x_L\right) \\ \ldots & \ldots & \ldots \\ G\left(a_1, b_1, x_N\right) & \ldots & G\left(a_L, b_L, x_N\right)\end{array}\right]$          (15)

where, N is training samples. The target matrix T for the training data is provided as

$T=\left[\begin{array}{c}t_1 \\ \cdots \\ t_N\end{array}\right]$        (16)

The ELM algorithm employs a simple form

$Y^{\prime}=W_2 \sigma\left(W_1 x\right)$            (17)

The hidden layer's input weights are represented by $W_1$ and its output weights by $W_2$. The symbol $\sigma$ denotes an activation function. The algorithm operates in the following manner.

• The input weights of the hidden layer, $W_1$, are allocated random values.
• $W_2$ is calculated by least-squares fitting a matrix of response variables Y using the pseudoinverse.

This section provides a detailed description of the proposed Hierarchical Sleep Scheduling Mechanism (HSSM). The candidate-CHs disseminate their participation information to neighboring nodes within the competition radius using the appropriate transmission power. The comp_MSG message includes the candidate-CH ID and residual energy. If they get that message, additional candidate-CHs will add its ID to the neighbor candidate-CH database. The competition radius from candidate-CHs may vary, causing the following. If s_i's competition radius is bigger than candidate-CH, $s_j$ and $s_j$ may receive the comp_MSG message from $s_i$. Due to $s_j^{\prime} \,\,\mathrm{s}$ transmission range, the comp_MSG message cannot be delivered to $s_i$, hence $s_i$ will not know about candidate-CH $s_j$. Any candidate-CH must estimate the sender's distance after receiving the comp_MSG message to learn about nearby rivals. Reissue a comp_MSG message to the sender if the distance exceeds their competition's radius. Thus, it may let senders get comprehensive neighbor candidate-CH information and update the database. Candidate-CH compares its residual energy to the sender's after receiving comp_MSG. If its energy is less than the sender's, it quits the competition, becomes a member node, and broadcasts quit_MSG. Otherwise, it will wait for the comp_MSG from other competitors until the conclusion of the CH selection. If it does not withdraw from the competition, it will broadcast a sus_MSG message to all nodes in its transmission range to announce election to the CH and change the state fag. If a candidate-CH gets quit_MSG, the node checks the final state. Already a CH or member, it drops this notice. The sender will be updated to the member state in the neighbor candidate-CH table if the node is still in the candidate-CH state, and it will wait for messages from other neighbor candidate-CHs to determine its ultimate state. Members submit data to CH through TDMA. The CH will first divide data collecting time into numerous time slots and assign each interval to a member node to schedule data aggregation. The CH then sets its transmission range and sends sched_MSG to all member nodes for scheduling based on distance. Once the sched_MSG arrives, the member nodes record the data transmission time interval. In non-transmission slots, they may switch off the wireless communication device to conserve energy. While receiving data from all member nodes, the CH restores them and uses fuzzy clustering to identify redundant nodes.

When alerted, nodes in the redundant set $\left\{R_1, R_2, \ldots . R_t\right\}$ will adjust their status information and be scheduled for dormancy in the following cycle. Later, the CH would aggregate data and transmit it singly to the BS. Final round: BS gets all CH communications and ends round. These nodes will become members and clean their neighbor CHs tables after each round.