Novel Detection Methods for Securing Wireless
Sensor Network Performance under Intrusion
Jamming
Carolina Del-Valle-Soto, Member, IEEE, Leonardo J. Valdivia, Julio C. Rosas-Caro
Universidad Panamericana. Facultad de Ingenierı́a.
Prolongación Calzada Circunvalación Poniente 49, Zapopan, Jalisco, 45010, Mexico.
cvalle@up.edu.mx, lvaldivia@up.edu.mx, crosas@up.edu.mx
Abstract—Nowadays, the Internet of Things concept is com-
posed of a scattered collection of different networks with different
purposes that has nodes that capture information to be processed
and, subsequently, used for purposes such as Smart Cities. These
devices, called sensors, have the ability to send large amounts of
information in a fairly efficient, but insecure, wireless environ-
ment. Intentional interference, named jamming, has emerged as
a source of growing concern in recent years. Since no or little
network information is required, this type of attack is extremely
easy to implement but has become difficult to detect because of
its variations in interference frequency.
In this document, we propose two new jamming detection
mechanisms that can identify reactive jamming without any free
jam operation information, called Connected Mechanism and
Extended Mechanism. The first one is based on the information
of the performance metrics collected from the directly connected
nodes. In the second approach, a collector node knows the
performance parameters of all nodes in the network and can
make comparisons between them. Through extensive simulations,
we demonstrate that the first mechanism has an improved
performance of 78% and the second has an improved 86%
performance in detecting the area affected by an interference
node with a proactive protocol such as MPH (Multi-Parent
Hierarchical) compared to well-known reactive protocols: AODV
(ad hoc distance distance vector) and DSR (dynamic origin
routing).
Index Terms—Detection jamming, energy, detection mecha-
nisms, performance metrics, Wireless Sensor Networks.
I. I NTRODUCTION
W IRELESS Sensor Networks (WSNs) may be comprised
of hundreds or even thousands of sensor nodes with
limited communication and calculation capabilities that can
cooperatively perform complex tasks such as monitoring or
control [1]. Due to their distributed nature and open access
to the wireless medium, WSNs are extremely vulnerable to
different kinds of attacks and security threats, both internal
and external [2]. In some cases, there may be intermittent
communication issues related to the network itself.
A key element of counteracting a jammer node is its
detection and localization, but a fundamental step is the
centralization of the attacker [3]. A jamming attack is intended
to generate interference, but it may be difficult to be detected
because other types of communication interference can also
occur. Therefore, the jamming detection problem is described
978-1-7281-1145-2/19/$31.00 ©2019 IEEE
by separating the resulting behavior from the wireless envi-
ronment and the network topology. When the performance
of the network decreases and the topology reconfigurations
are carried out constantly, this may indicate a possible at-
tack. Currently, some detection techniques are based on basic
measurements of signal-to-noise ratio deterioration [4], RSSI
(Received Signal Strength Indicator) or metrics such as packet
loss or packet delivery.
Detection techniques are commonly adapted in WSN com-
munication protocols [5]. Among then, reactive protocols
[6] are heavily used in WSNs since they create a small
overhead of packets on the network and only create nodes
when deemed necessary which enforces sending the minimum
required amount of messages to the neighbor nodes. Therefore,
the source node requires to find a route before sending a
message thus it has a processing time before it can start. Two
of the most common known reactive protocols are AODV and
DSR [7].
In this paper, a new collaborative mechanism for jamming
detection in WSNs based on cooperation by receiving feed-
back from other network nodes is here proposed. These two
techniques are a new proposal of a work already elaborated
and published by the authors of this study, in the reference
[8]. The two new techniques introduced in this work are free
training, that is, they do not require a previous learning step.
These techniques are: Connected Mechanism and Extended
Mechanism. The first one is based on the comparison of
performance parameters with respect to directly connected
neighbors by interchanging packets with performance metric
information. The second one is based on the comparison of
the parameters known to the collector node and can establish
differences between them and detect a possible affected zone.
We state the novel contribution that a sensor network
can be defended by taking advantage of the communication
characteristics between the sensor nodes and between these
and the collecting node. In this way, there are two types of
detection techniques against a jamming attack that will be
explained later. This mechanism works by identifying and
then tagging the nodes under attack so as to circumvent the
affected zone. The detection mechanism is based on a novel
persistence parameter that gives a value in the neighbor tables
1
for each node. Besides, the mechanism can be applied in
centralized (extended mechanism) or distributed (connected
mechanism) mode. One of the advantages of the extended
mechanism is that it provides a global view of the complete
network to the coordinator node. However, the main disad-
vantage is that this node requires the performance parameter
for each node which results in an undesired overhead. The
collector node groups nodes with similar behavior which
consists of the distance, the amount of retransmitted traffic
and average energy. Thus the extended mechanism establishes
the comparison parameters based on a set of nodes with
similar features. Since the collector node already has all the
information, it can easily spot when a node reports different
thresholds than those established in its group. Consequently,
an alert is generated and the node is marked as an affected
node. On the other hand, in the connected mechanism, each
node receives a packet with the performance parameters of its
neighbors directly connected, then this is the only reference it
has to know if the thresholds are within the normal conditions.
This mechanism generates less overhead, but the reference is
less reliable than the perspective of a conglomerate of nodes.
The performance of the proposed mechanism is analyzed
through the proximity of the nodes and how a malicious
node affects it, considering the possibility of false positives
resulting from the possible confusion between an affected
node and interference in a reactive jamming scenario. Reactive
jamming identification is usually based on finding abnormal
system behavior and, therefore, it requires the system to be
analyzed in absence of jamming. In addition, the effectiveness
of the proposed mechanism is contrasted over two well-known
reactive routing protocols, namely AODV (Ad hoc On-demand
Distance Vector) [9] and DSR (Dynamic Source Routing) [10],
and one proactive routing protocol, namely MPH (Multi-Parent
Hierarchical) [11]. Results reveal that the proposed technique
based on the affected zone is performed accurately for the
position of the attacking node, with a precision of 4% for the
proactive protocol and 15% for the studied reactive protocols.
The performance was compared in terms of retransmissions,
retries to listening to the channel, delay end-to-end, resilience,
and energy during the attack, revealing that AODV and DSR
are capable of reducing the area of the location of the jammer
node to approximately 15% of all the network, while MPH can
further reduce the area to 4%. When we mention the precision
parameter we refer to the amount (in percentage) with respect
to the total area in which we could find the attacker node.
II. T HE JAMMING DETECTION PROBLEM
The most dangerous attack can be harmful to a WSN is
jamming. When attacking, an adversary can limit the com-
munication capabilities of a WSN by interfering with signals
using certain interfering devices [12]. This is why our work
focuses its efforts on finding an alternative where the network
can defend itself, without the need to resort to techniques
with greater use of resources, such as cryptography. In our
analysis, we emphasize in the study of the most aggressive
case of jamming, the reactive, and we propose two techniques
978-1-7281-1145-2/19/$31.00 ©2019 IEEE
inherent to the network so that the nodes, taking advantage of
the communication capacities of a sensor network, can defend
themselves against an attacker and counteract its effect.
This work intends to cover the best of the previously studied
proposals in order to test protocols widely known in sensor
networks (proactive and reactive protocols) by modifying their
valid routes so that it can guarantee a reliable delivery of
information and isolate a possible attacking node from the
other nodes in the network. In other words, it makes an
accurate detection of the affected area based on more reliable
performance metrics.
Specifically, the contribution of this work to the state of the
art are as follows: (1) We study a reactive jamming that repre-
sents the worst-case scenario and the most aggressive attack.
(2) We also present an algorithm for measuring thresholds of
performance metrics to note the level of affectation of a node.
(3) We add a parameter in the routing tables and a control
packet for AODV and DSR protocols. (4) Different from other
works that find the best route to a destination, in this work we
isolate the affected area so that the protocol reconfigures the
valid routes and the information arrives reliably.
III. D ETECTION MECHANISM
We propose a mechanism that is inserted in the routing
protocol, which presents the following modifications to the
protocol. There is a persistence parameter that is bound to the
output of the neighbors tables of nodes. In case a node presents
alterations in its performance metrics so that its neighbors can
eliminate it as a valid route from their routing tables, there
is a control packet that is sent to the neighbors when these
performance metrics have an abnormal behavior (different
values from their numbers under normal conditions). These
metrics are: packet retransmissions, retries to listening to the
channel and, energy. Finally, there is a flag of marked node
that allows to choose the position of the node in the neighbor
table and to identify it as suspicious route and locate it as a
route at the end of the neighbor table.
To deal with the jamming attacks at the network layer,
a mechanism for discerning between the affected nodes and
free-jamming nodes should be implemented. Once the affected
nodes are identified, the corresponding entries in the routing
tables of their neighbors should be handled to avoid the use
of routes where such nodes are included. Therefore, the self-
configuration processes of the network due to other conditions
might produce similar performance degradation in a similar
way to the jamming attack, i.e. low-quality links to the
neighbor nodes would present a high packet loss rate and
collisions. Moreover to avoid such behaviors where neighbor
nodes are being added and removed frequently to and from
the routing tables due to causes other than a jamming attack,
we studied a proposed mechanism where we include the
persistence value p ∈ {0, 1, 2, 3} associated to each neighbor
node. The persistence is increased by one each time that the
corresponding neighbor answers the HELLO packet, otherwise
is decreased by one. When p is equal to zero the node is
removed from the neighbor table. We propose three scenarios
2
to try out some variations in the behavior of this mechanism
based on the executed routing protocol.
A. Scenario 1
In this case, the value of persistence parameter grows as fast
as decreases. That is, when a node is located in a neighbor
table of another node acquires the maximum persistence value
(p = 3). If the node that sends a HELLO packet does not
receive an ACK from any of its neighbor nodes, the value
of persistence of this node decreases by one, and so on, until
drops down to zero and the node is removed from the neighbor
table. In this scenario, the node that has been removed from
the neighbor table is marked with a confidence flag. Then, if
this node responds again to a HELLO packet, enters in the
last valid route of the neighbor table but with a persistence of
1 and it may be increasing one by one if its responses to the
HELLO packets are satisfactory.
B. Scenario 2
In this scenario, when a node does not respond to a HELLO
packet, it is immediately removed from the neighbor table,
i.e. its persistence value goes to zero immediately, not with a
soft output. In fact, this scenario is typically implemented by
routing protocols, because if a node does not receive an ACK
from any route that it has, it makes that route obsolete.
C. Scenario 3
This scenario has a mitigation technique. There is a control
packet which is sent by a node based on the review of three
parameters: CSMA (Carrier Sense Multiple Access) retries
of listening to the channel, re-transmissions of packets and
energy. The thresholds of these parameters are calculated and
compared with the same parameters of other nodes. This
comparison of metrics depends on whether these nodes are
directly connected so the metrics are compared with these
neighbor nodes, or these parameters are obtained from the
perspective of the collector node under an average value of
the nodes in the same group of the topology. If a node feels
an abnormal performance, it can be thought as an “attacked
node”, then this node itself sends a control packet to its
neighbors in order to get it out of their neighbor tables. Then,
this node leaves from the neighbor tables of its neighbors
with a flag on “marked node”. The threshold is chosen by
comparing an average depending on the scheme: extended
or connected. Then, for the connected scheme the average is
achieved by reviewing the metric parameters of the directly
connected nodes and based on that average, the threshold is
established under stable conditions. On the other hand, in the
extended scheme the comparison is established based on the
ring of the nodes that have more or less the same distance to
the coordinator.
The Algorithm 1 describes the collaborative detection mech-
anism. When a node leaves the routing tables there is a recon-
figuration of the topology and a resilience effect of the network
according to each routing protocol. The algorithm consists
in establishing thresholds of performance metrics, according
978-1-7281-1145-2/19/$31.00 ©2019 IEEE
to the scheme used: connected or extended. The comparison
is based on measuring the performance parameters in steady
state in the nodes and compare them with their neighbors.
According to the scheme to be followed, the comparison
is made with the nodes directly connected (connected) or
according to the nodes that are in the same ring or distance
to the coordinator node (extended).
while N odei do
if Extendedm echanism then
while N odex is in the same zone with respect to the
collector do
Collector node selects metric values from this
group of nodes;
Calculate [Energymin , Energymax ];
Calculate [ReT xmin , ReT xmax ];
Calculate [CsmaRetriesmin , CsmaRetriesmax ];
end while
end if
if Connectedm echanism then
while N odex is connected directly do
Send packet with metric values to nodei ;
Calculate [Energymin , Energymax ];
Calculate [ReT xmin , ReT Xmax ];
Calculate [CsmaRetriesmin , CsmaRetriesmax ];
end while
end if
end while
if 2o rm oreo fm etricsa reo uto ft het hreshold then
N odei sends a control packet to every N odex ;
N odex deletes N odei from its routing table;
end if
if N odei answersagain then
N odei is marked like suspicious route;
end if
Algorithm 1: Collaborative detection mechanism
IV. R ESULTS
The results are tested in a grid of 7×7 with a collector node
in the lower left corner, with 5 m between each node and its
neighbor horizontally and vertically, see Table I. In this table
we show three shading nodes, representing the three possible
points of an attacker node. The traffic rate is 10 packets per
second in every node. The jammer node is sending packets
under reactive jamming. Table II describes the parameters of
the simulations under the datasheets of the CC2530 sensors
[13]. We use an event-driven simulator based on C++ language
designed and implemented by us, proven in [14]. This is
a network simulator with parameters of MAC and Network
layer, and it has punctual features of the Physical layer such as:
percentage of interference in the channel and RSSI (Received
Signal Strength Indicator) parameters.
3
 TABLE I respect to the collector node and are: near (position [2,2] of
G RID . the grid matrix of the Table I, middle (position [4,4] The Table
42 43 44 45 46 47 48
I) and far (position [7,7] of the grid matrix of Table I). The
35 36 37 38 39 40 41 results show in white squares the nodes that remain in the
28 29 30 31 32 33 34 routing tables of their neighbors and in black squares those that
21 22 23 24 25 26 27 are not included as neighbors, while the gray colors represent
14 15 16 17 18 19 20 intermediate conditions (may be also under attack).
7 8 9 10 11 12 13
0 1 2 3 4 5 6
No jamming Near Middle Far
3 3 3 3
7 7 7 7
6 6 6 6
5 2 5 2 5 2 5 2
Scenario 1
There are two perspectives for forming the groups of nodes 4
3
2
1
4
3
2
1
4
3
2
1
4
3
2
1

1 1 1 1
that deliver information for the self-aware jamming algorithm: 1 2 3 4 5 6 7
0
1 2 3 4 5 6 7
0
1 2 3 4 5 6 7
0
1 2 3 4 5 6 7
0

connected group and extended group. In the connected group 7

6
3
7
6
3
7
6
3
7
6
3

5 2 5 2 5 2 5 2

the nodes are neighbors directly connected, and the values Scenario 2 4
3 1
4
3 1
4
3 1
4
3 1
2 2 2 2
of performance parameters are obtained from them in order 1
1 2 3 4 5 6 7
0 1
1 2 3 4 5 6 7
0
1
1 2 3 4 5 6 7
0 1
1 2 3 4 5 6 7
0

to compare them with the actual parameters in the node in 7

6
3
7
6
3
7
6
3
7
6
3

evaluation. In the extended group the included nodes are all Scenario 3
5
4
3
2

1
5
4
3
2

1
5
4
3
2

1
5
4
3
2

that have similar performance metrics because they are in the 2

1 0
2
1
0
2
1 0
2
1
0
1 2 3 4 5 6 7 1 2 3 4 5 6 7 1 2 3 4 5 6 7 1 2 3 4 5 6 7
same area of the topology or at the same distance from the
collector node. In the extended group more nodes can be
considered, i.e. the whole set of nodes in the same area in Fig. 1. Three scenarios using the detection technique over MPH protocol
the topology with respect to the collector node, which forms
a set of nodes with similar performance parameters.
Table III shows the percentage accuracy of each scenario
TABLE II with respect to the attack zone (where the jammer node should
S IMULATION AND REAL NETWORK PARAMETERS . CSMA/CA, CARRIER be found). In addition, it presents the percentage of false
SENSE MULTIPLE ACCESS WITH COLLISION AVOIDANCE [15]. positives that are nodes incorrectly marked as attacked, but
in reality they should not be. This can be due to interference
Parameter Value or some problems in the communication channel, but it diverts
Physical Layer Parameters the attention of the network in the zone really affected.
Sensitivity threshold receiver −94 dBm In Figure 2 we observe the two approaches for gathering
Transmission power 4.5 dBm the performance metrics information: connected and extended
Propagation model Free Space groups. This simulations were run assuming Scenario 3. The
MAC Layer Parameters results show that we have about 10% better resolution of
Waiting time for ACK packet 30 ms the affected area under jamming with the extended group
Maximum retransmission number 3 approach. This is because the comparisons among performance
Maximum retry number 5 metrics are done with more information, which provides a
Maximum number of tries to reach 9 more assertive decision for sending the control packet. In the
a node from the collector connected group approach, the information is only gathered
Packet error rate 1% from the directly connected neighbors, so the self-aware
Average frame length 22 bytes algorithm is less efficient.
Maximum number of backoffs 4
MAC protocol IEEE 802.15.4
MAC layer CSMA/CA No jamming
7
3
7
Near
3
7
Middle
3
7
Far
3
6 6 6 6
Network Layer Parameters Connected
5
4
2 5
4
2 5
4
2 5
4
2

group 3 1 3 1 3 1 3 1
Number of nodes 49 2
1 0
2
1 0
2
1 0
2
1 0
1 2 3 4 5 6 7 1 2 3 4 5 6 7 1 2 3 4 5 6 7 1 2 3 4 5 6 7
Maximum number of neighbors 16
Discovery neighbor time 30 s
Update time neighbors table 30 ms 7
3
7
3
7
3
7
3
6 6 6 6
Maximum data rate 250 kbps Extended
group
5
4
2 5
4
2 5
4
2 5
4
2

3 1 3 1 3 1 3 1
Scenario Static nodes 2
1 0
2
1
0
2
1 0
2
1
0
1 2 3 4 5 6 7 1 2 3 4 5 6 7 1 2 3 4 5 6 7 1 2 3 4 5 6 7

Figure 1 shows the results of the proposed extended mecha-

nism for identification of jammed nodes for the MPH protocol. Fig. 2. Connected vs extended groups over MPH protocol under the Scenario
The three possible positions of the jammer node are with 3.

978-1-7281-1145-2/19/$31.00 ©2019 IEEE 4

 TABLE III
D ETECTION OF AFFECTED ZONE AND FALSE POSITIVES .

Scenario 1 Scenario 2 Scenario 3

Position
Affected False Affected False Affected False
area positives area positives area positives
Near 100% 18% 75% 29% 100% 8%
Middle 100% 8% 100% 22% 100% 4%
Far 100% 8% 75% 39% 100% 4%

A. Energy analysis as a comparison metric We must take into account that one of the main effects
of attacks on wireless sensor networks is the increase in
Another contribution of our work is our proposed energy
consumption in the attacked nodes, which reduces the useful
model capable of quantifying the total energy consumed and
life of the node and the network. Therefore, it is essential
the energy invested in the main activities of the nodes in a
to estimate the consumption impact of both the attacks and
network. This model is based on the time it takes each node
the strategies adopted to improve the system security. Table
to perform the main tasks as a part of a network. This time
V shows the energy consumption for each of the node’s main
is reflected into a consumed energy in each activity, and is
activities at network level. Each of the energies described here
calculated depending on the parameters involved in each task
are total energies for 30 seconds of simulation time and based
performed by the node. These times and its voltage and current
on the grid described in Table I.
consumption are listed in Table IV, where the different types of
energy considered are shown. Our work considers the energy B. Comparison among AODV, DSR, and MPH routing proto-
spent by the MAC and the Network layers. An analytical cols
model based on the CC2530 chip operation [16], system-on-
chip (SoC) solution for IEEE 802.15.4, ZigBee, from Texas Energy is an important metric for studying the distribution
Instruments is proposed here. This model describes the energy of resources at network nodes. In Figure 3 we compare the
used for each of the functions performed by a CC2530 chip. performance in terms of the persistence parameter of MPH and
two others widely known protocols, AODV and DSR. Another
point worth noting is that the Figure 3 describes the location
TABLE IV
E NERGY M ODEL [17]. of the jammer node for three different positions (near, middle
and far from the collector node). In this case, simulations
were performed considering Scenario 3 and modifying AODV
Voltage (mV) Current (mA) Time (ms) Energy (J)
Start-up mode 120 12 0.2 EStarting = 0.000288
and DSR protocols by including the transmission of a control
MCU (32-MHz clock) 75 7.5 1.7 EM C = 0.000956 packet. The results show that AODV and DSR are capable
CSMA/CA algorithm 270 27 1.068 ECSM A = 0.00778
Switch from RX to TX 140 14 0.2 ESwitching = 0.000392 of reducing the area of the location of the jammer node to
Switch from TX to RX
Radio in RX mode
250
250
25
25
0.2
4.1915
ESwitching = 0.00125
ERX = 0.0262
approximately 15% of all the network while MPH can further
Radio in TX mode 320 32 0.58 ET X = 0.00426 reduce the area to 4%. This ensures that the attacker node may
Shut down mode 75 7.5 2.5 EShutdown = 0.00141
be better located facing a possible jamming with a reduced
zone.
The energy model described by the above equation measures
the energy used by the main functions of a node belonging to
a sensor network, assuming that the functions related to the
wireless communications are the most relevant form an energy
point of view.

TABLE V
E NERGY CONSUMPTION FOR EACH DETECTION MECHANISM .

Type of Energy Connected Mechanism Energy (J) Extended Mechanism Energy (J)
EStarting 0.0172 0.0144
EM C 0.1338 0.0960
Fig. 3. Comparison for AODV, DSR and MPH protocols under Scenario 3.
ECSM A 0.8021 0.7982
ESwitching 0.0509 0.0411
ERX 0.2156 0.2268
ET X 0.1062 0.0923
EShutdown 0.0809 0.0749
Table VI shows the performance of the three considered
protocols in order to comparatively observe the reaction of the

978-1-7281-1145-2/19/$31.00 ©2019 IEEE 5

 TABLE VI
P ERFORMANCE METRICS UNDER ATTACK AND S CENARIO 3 WHEN THE JAMMER IS IN THE MIDDLE OF THE TOPOLOGY.

Retransmissions CSMA Retries Delay end-to-end (sec) Resilience capacity (%) Affected nodes Energy (J)
AODV 2.52 3.44 1.398463 80 18 6.4
DSR 2.47 3.33 1.284773 75 13 6.0
MPH 1.93 2.60 0.811836 85 9 3.9

protocols against known metrics that show the performance
and the reliable delivery of information. These performance
metrics are well known in the WSN. Retransmissions show
the number of packets to be transmitted again because the
source node did not receive an ACK message. CSMA retries
are attempts from the node to listen to the channel before
there is more atypical data than in the other two protocols
because in both mechanisms, the nodes that surround the
jammer node consume more energy, a parameter that is very
noticeable in order to isolate an area of the network.
Connected Group Extended Group

sending a packet. Delay end-to-end is the average total time 0.4 0.4

Energy (J)
Energy (J)
taken by a transmitted packet since it leaves the source node

AODV
0.2 0.2
until it reaches its destination. The number of affected nodes
is the area that is actually affected by the jammer node, i.e., 0 0
0 10 20 30 40 50 0 10 20 30 40 50
the smaller the number of affected nodes the more delimited
or fenced the jammer node will be, and the probability of 0.4 0.4

Energy (J)

Energy (J)
finding it in that area will be higher. Finally, Energy is a
DSR
0.2 0.2
common metric per node of the energy expenditure that the
node needs to perform the main tasks of the network. Table VI 0 0
0 10 20 30 40 50 0 10 20 30 40 50
exposes that the MPH protocol outperforms AODV and DSR
protocols in all metrics. Regarding MPH protocol performance 0.4 0.4
Energy (J)

Energy (J)
against AODV and DSR, it has 23% fewer retransmissions,
MPH

0.2 0.2
24% less CSMA retries, it has less delay by 35%, its resilience
to topology changes is 8% faster, the number of affected nodes 0 0
0 10 20 30 40 50 0 10 20 30 40 50
is 40% less, and the energy is reduced by 37% over the other Nodes Nodes
protocols mentioned.
Fig. 4. Energy per node under each protocol.
Figure 4 shows a direct comparison between the three
protocols under the two proposed jamming techniques, based
on the total energy for each of the three protocols. At first,
is easy to note how MPH has a better performance than
AODV DSR MPH
DSR and AODV with a value of 0.0390 on the extended
Connected Mechanism

0.2
0.3
0.1
Energy (Joules)

group and 0.0306 on the connected group since DSR has 0.25
0.15 0.08
a value of 0.0758 and 0.1062 and AODV has a value of 0.2
0.06
0.15
0.0984 and 0.1147 on the extended group and connected group 0.1
0.1
0.04
respectively. In figure 5 we represent the energy values for 0.05 0.05
0.02

each of the three protocols in a box and whiskers scheme.

On the bottom of the box is shorter than the one on the right
Extended Mechanism

0.4 0.3

in the three studied protocols; 25% of the nodes that spend

Energy (Joules)

0.1
0.25
0.3
less energy are more concentrated than 25% of those which 0.2
0.08

consume more. In addition, for the three protocols, the energy 0.2 0.15
0.06

0.04
consumed by nodes between 25% and 50% of the population is 0.1
0.1
0.02
more dispersed than between 50% and 75%. We observe that 0.05

the displacement of the box plots downwards, especially in

the MPH protocol, indicating that here the majority of nodes
spend less energy in both mechanisms, being the difference
between the maximum and the lowest minimum, as well as
the interquartile difference. The results show that in the AODV
protocol the energy distribution is more dispersed than in the
other two protocols and there is a higher energy expenditure
compared to the other two protocols. For the MPH protocol,
Fig. 5. Comparison of energy distribution for AODV, DSR and MPH protocols
under Scenario 3.
In Table VII we compare results of this work with results
with the other technique raised in [8] in order to establish
advantages and disadvantages.

978-1-7281-1145-2/19/$31.00 ©2019 IEEE 6

 TABLE VII
P ERFORMANCE METRICS UNDER LEARNING CONDITIONS STUDIED IN [8] AGAINST E XTENDED M ECHANISM AND C ONNECTED M ECHANISM .

Retransmissions CSMA Retries Delay end-to-end (sec) Resilience (sec) Affected nodes Overhead (%) Energy (J)
AODV-M 2.28 3.91 1.209485 7.0 7 of 9 51 6.30
AODV-under Connected Mechanism 2.15 3.55 1.149485 6.3 7 of 9 48 6.22
AODV-under Extended Mechanism 2.06 3.18 1.116753 6.1 8 of 9 45 6.02
DSR-M 2.20 3.77 1.168756 5.0 8 of 9 42 6.12
DSR-under Connected Mechanism 2.14 3.42 1.135688 4.7 8 of 9 39 6.04
DSR-under Extended Mechanism 2.03 3.13 1.118763 4.5 8 of 9 36 5.89
MPH-M 1.98 3.39 0.589765 2.0 9 of 9 27 3.95
MPH-under Connected Mechanism 1.88 3.15 0.458766 1.6 9 of 9 21 3.44
MPH-under Extended Mechanism 1.70 3.02 0.408765 1.4 9 of 9 18 3.21

The Table VII shows values of performance metrics in
the network. The tests were made with non-ideal links and
traffic rate of 10 packets per second per node under the grid
topology shown in Table I. Metrics are average values of
re-transmissions and CSMA retries. The Delay end-to-end is
calculated as the average per route. Overhead is a metric that
influences the amount of network collisions and the channel
occupancy. It depends on the number of routing packets that
the routing protocol needs to connect nodes and to route packet
traffic. Thus, it is calculated taking into account the number
of control packets that are needed to route a traffic packet.
Ideally, a routing protocol should need the least amount of
control packets. Metric such as Energy is given by the average
energy per node along the network. Resilience is a parameter
that measures the recovery time of a system. This metric is
analyzed under the network under normal conditions and after
30 seconds the jammer node is introduced in the middle of the
topology and after 10 seconds the jammer node goes out and
here we observe and measure how long it takes the network
to recover and return to its normal conditions. The affected
nodes is a metric that is set as a ratio of nodes that appear
altered in their performance parameters and are those that are
actually encircling the jammer node between nodes that ideally
should surround the jammer node completely. For this grid
theoretically establish 9 nodes that should completely surround
if the jammer node is in position 24 of the topology in ??.
V. C ONCLUSIONS
In recent years, a very common requirement of wireless sen-
sor networks is the assessment of security, especially because
attackers can corrupt the network, accessing or modifying in-
formation and affecting the behavior of nodes. Due to the low-
cost and low-power requirements of these types of systems,
nodes usually have limitations in both hardware/software and
computing capacities. This is why the design of security in
wireless sensor networks has to take into account the memory,
computational capacity and availability of hardware/software
resources. In addition to this, energy consumption is limited.
We propose a detection mechanism that masks the af-
fected area and does not allow the attack to propagate. Our
mechanism is based on cooperation, namely by receiving
feedback from neighbor nodes. The mechanism was tested for
reactive jamming, which is considered a worst-case scenario in
jamming attacks. In addition, the methodology was evaluated
with two extreme situations, namely by considering high
traffic and high packet loss due to link interference. Thus,
we described and compared two different jamming detection
techniques which are the extended group and connected group.
Both of them are natural to the network and take advantage
of the intrinsic characteristics of the wireless sensor network
which mainly reside on the routing protocols that are designed
to be fast and efficient. However, the extended group technique
displays an almost 20% better performance than the connected
group, the main reason behind it is that the extended requires
a collector node to be robust and have good connectivity on
the topology, in other words, it has to be a root node.
Results show that the proposed mechanism is more efficient
in a hierarchical protocol like MPH. Moreover, the extended
approach presents better accuracy compared to the connected
group approach due to its global character and the fact that
the collector node has the perspective of all nodes with similar
performance features.
R EFERENCES
[1] J. Zhu, Y. Zou, and B. Zheng, “Physical-layer security and reliability
challenges for industrial wireless sensor networks,” IEEE Access, vol. 5,
pp. 5313–5320, 2017.
[2] K. Vijayan and A. Raaza, “A novel cluster arrangement energy efficient
routing protocol for wireless sensor networks,” Indian Journal of science
and Technology, vol. 9, no. 2, 2016.
[3] O. Osanaiye, A. S. Alfa, and G. P. Hancke, “A statistical approach to
detect jamming attacks in wireless sensor networks,” Sensors, vol. 18,
no. 6, p. 1691, 2018.
[4] L. Liu, G. Han, S. Chan, and M. Guizani, “An snr-assured anti-jamming
routing protocol for reliable communication in industrial wireless sensor
networks,” IEEE Communications Magazine, vol. 56, no. 2, pp. 23–29,
2018.
[5] P. Bhavathankar, S. Chatterjee, and S. Misra, “Link-quality aware path
selection in the presence of proactive jamming in fallible wireless sensor
networks,” IEEE Transactions on Communications, vol. 66, no. 4, pp.
1689–1704, 2018.
[6] B. Paul, K. A. Bhuiyan, K. Fatema, and P. P. Das, “Analysis of aomdv,
aodv, dsr, and dsdv routing protocols for wireless sensor network,” in
Computational Intelligence and Communication Networks (CICN), 2014
International Conference on. IEEE, 2014, pp. 364–369.
[7] C. Perkins, E. Belding-Royer, and S. Das, “Ad hoc on-demand distance
vector (aodv) routing,” Tech. Rep., 2003.
[8] C. Del-Valle-Soto, C. Mex-Perera, R. Monroy, and J. A. Nolazco-Flores,
“Mph-m, aodv-m and dsr-m performance evaluation under jamming
attacks,” Sensors, vol. 17, no. 7, p. 1573, 2017.
[9] C. Perkins, E. Belding-Royer, and S. Das, “Ad hoc on-demand distance
vector (aodv) routing,” Tech. Rep., 2003.

978-1-7281-1145-2/19/$31.00 ©2019 IEEE 7

[10] D. A. Maltz, J. Broch, J. Jetcheva, and D. B. Johnson, “The effects of
on-demand behavior in routing protocols for multihop wireless ad hoc
networks,” IEEE Journal on Selected areas in Communications, vol. 17,
no. 8, pp. 1439–1453, 1999.
[11] C. Del-Valle-Soto, C. Mex-Perera, R. Monroy, and J. A. Nolazco-Flores,
“On the routing protocol influence on the resilience of wireless sensor
networks to jamming attacks,” Sensors, vol. 15, no. 4, pp. 7619–7649,
2015.
[12] S. Jaitly, H. Malhotra, and B. Bhushan, “Security vulnerabilities and
countermeasures against jamming attacks in wireless sensor networks:
A survey,” in Computer, Communications and Electronics (Comptelix),
2017 International Conference on. IEEE, 2017, pp. 559–564.
[13] T. Instruments, “Cc2530 data sheet,” 2009.
[14] C. Del-Valle-Soto, F. Lezama, J. Rodriguez, C. Mex-Perera, and E. M.
de Cote, “Cml-wsn: A configurable multi-layer wireless sensor network
simulator,” in Applications for Future Internet. Springer, 2017, pp.
91–102.
[15] I. C. S. L. M. S. Committee et al., “Wireless lan medium access control
(mac) and physical layer (phy) specifications,” IEEE Standard 802.11-
1997, 1997.
[16] T. Instruments, “A true system-on-chip solution for 2.4-ghz ieee 802.15.
4 and zigbee applications,” CC2530 datasheet, February, 2011.
[17] C. Kim, “Measuring power consumption of cc2530 with z-stack,”
Application Note AN079, 2012.

978-1-7281-1145-2/19/$31.00 ©2019 IEEE 8