Optimized Energy Efficient Trust Aware System in Wireless Sensor Networks

Energy and security are very important issues in Wireless Sensor Networks (WSN) which need to be handled. These issues are interrelated because of limited energy there are some restrictions on implementation of security. Insider packet drop attack is one of the dangerous attacks for wireless sensor network that causes a heavy damage to WSN functionalities by dropping packets. It becomes necessary to identify such attack for secure routing of data in WSN. To detect this attack, trust mechanism has been proven as a successful technique. In this mechanism, each node verifies the trustworthiness of its neighbor node before packet transmission so that packets can only be transmitted to trustworthy nodes. But there is a problem of False Alarm with such trust-aware scheme. False alarm occurs when a good node’s trust value goes down due to natural packet dropping and being eliminated from the routing paths. This wastes network’s resources that further shortens network lifetime. In this paper, we have proposed a system for identification and recovery of false alarms (IRFA) which is the optimization of existing trust based system. But security solution needs to be energy efficient due to scarcity of energy resources in WSN. To provide energy efficiency, we have implemented proposed IRFA system in cluster based environment which detects insider packet drop attackers in an energy efficient manner. We have conducted OMNET++ simulation and results demonstrate that the proposed system performance is better than existing trust-based system in terms of packet delivery rate and energy efficiency which improves network lifetime. Keywords—Trust based system; Watchdog; Clustering; Insider packet drop attack; Energy efficiency.


I. INTRODUCTION
Wireless Sensor Network is made up of small, minimal effort, self-organised and power consuming sensor nodes that are arbitrarily spread out in monitoring zone to monitor environmental conditions.Sensor nodes comprise of essential parts for sensing data, handling data, for correspondence, for giving power supply and numerous other voluntary segments like GPS for area discovering, mobilizer to support mobility of nodes etc. Basically sensing units are responsible for sensing, processing and routing information to different sensors or base station (BS) by multi-hops utilizing wireless channels.A BS might be stable or portable node which acts as gateway between sensor system and outside world or can say, BS connects sensor system to internet from where end users can access collected information.WSN is essentially infrastructure less, as shown in Figure 1.[3] and can be deployed anywhere in the land, water, air, building, vehicle and so on.It can also deployed in inaccessible zones like battlefield, air contaminated territory, calamity relief operations for example, land slide.In WSN, energy, data transmission and processing and security issues are interrelated.For any application if network is not secure from attack, then entire effort of transmitting data in energy efficient manner is useless.As there is always a chance of attack on WSN due to their deployment in open, remote and unattended zones, a proper defence mechanism is needed to protect WSN from attacks.There may be two types of attacks on WSN.First one is internal attack and second one is external attack.In internal attacks, an attacker may compromise nodes.These malicious or compromised nodes in the network can drop or modify packets received from other nodes of the network.In external attacks, attacker does not access to the network [3].Insider packet drop attack is one of the most dangerous internal attacks in WSN which cause packet dropping intentionally by compromised nodes [1,5,6].This attacker places itself on routing path for receiving packets from sensor nodes and simply drops packets to cause serious damage to the sensor system.Black hole attack, grey hole attack, and on-off attack come under the category of insider packet drop attack.Due to packet dropping, performance of network degrades such as packet delivery rate reduces.Detection and prevention of such attack is necessary for proper functioning of WSN such as information routing.As the utilizations of WSNs have turned out to be more intricate and far reaching, so to secure such frameworks has become progressively vital.There are two major problems we face while detecting insider packet drop attack.First one is network congestion and second is power failure of sensor nodes.Network congestion leads to dropping packets at sensor nodes so it is difficult to detect whether dropping is due to attack or not.Due to lack of energy and power, there may occur power failure on sensor nodes, sensor nodes may die.This also leads to packet dropping at failed nodes.To provide security to WSN from malicious nodes, many cryptographic and authentication based routing schemes exist.But these are not suitable for resource constraint (low in memory, energy) WSN because most of the existing cryptographic algorithms demand high computational overhead, power consumption, memory requirements and large communication bandwidth etc. [8,9].Exchanging of keys between nodes incur a lot of congestion in the network.Security of WSN will become ineffective once keys in cryptographic approaches are leaked.Centralized administration is demanded by most of the existing encryption and authentication mechanisms to work properly [10,11], which is usually not practical in WSNs.Thus these cryptographic and authentication mechanisms are very economical and infeasible.
Sensor nodes are typically battery powered hence it is also a need to be taken into consideration for security purpose.Energy consumption will increase if the authentication mechanism is increased.To overcome the drawbacks of existing approaches, trust based approaches come into light.Trust based approaches utilize trust mechanism to detect malicious nodes in the network [14, 15 16, 17].Trust in WSN assumes to be an essential part in development of secure system.Trust basically represents a node's opinion about other node in the network.It basically finds secure trusted path from source to base station by detecting and removing a malicious node which is not behaving as normal node.Trust system has a high capability to detect malicious node.Trust mechanism detects insider packet drop attack in three stages i.e.Neighbour Behaviour Monitoring, Trust measurement, Insider attack detection.In first stage, for monitoring, Watchdog [5] mechanism is used.Beta trust model [12] is considered as major component of any trust mechanism for calculating trust values of nodes.If a malicious node A drops packets received from its neighbour node N then node N will decrease A's trust value in its record.If A's trust value drops down a certain threshold, A will be assumed untrusted and removed from the routing path.Node N will choose another neighbor node for communication whose trust value is greater than trust threshold.Thus we can say trust based proficient routing is possible.Trust based routing improves packet delivery rate over existing routing schemes that do not takes trust into consideration [18,19,20].But sometimes it is difficult to distinguish natural packet drops (due to network problems for e.g.fading, interference, collision, noise, congestion etc.) from the intentional packet drops (by inside attackers) in trust mechanism.Because if a node drops a packet due to some network problem, its trust value will get decreased.As a consequence, a good node (which drops packets naturally) can be considered an attacker and will be removed from the trust aware routing process.This problem is named as false Alarm.It shortens network lifetime because network lifetime depends on the time when first node in the network goes down [21].It is necessary to decrease false alarm rate in trust-based routing to improve performance in terms of packet delivery rate and network lifetime.Hence, a false alarm identification and recovery technique is proposed.For false alarm identification and recovery, idea is to give second chance to the node due to which false alarm is generated.This node will not be removed from the network due to false alarm.Neighbors of this node will again evaluate its trustworthiness.If false alarm occurrence is confirmed, this node will be considered as good node and can take part in routing and if node is proved as an attacker, it will be removed from the routing table.
Sensor nodes are basically charged with battery power and it is very difficult and expensive to recharge or replace the deployed sensor node.These nodes are highly energy constrained nodes and expected to operate for longer period of time it is needed that security solution must be energy efficient to perform the functionality of the network (routing of packets properly and securely) because nodes are limited in energy (battery power).To make our approach energy efficient, we have implemented our proposed approach in cluster based network.

A. Trust Based System [TBS]
In trust based system [28], a node forwards data packets to only trustworthy neighbor nodes.Whether a node trustworthy or untrustworthy, it is decided based on the node's trust value.Suppose a node wants to forward data to its neighbor node.First of all, the node will monitor its neighbor's data forwarding behavior to calculate its trust value.Monitoring can be done using Watchdog monitoring mechanism [5].Trust value will be calculated using Beta trust model [12] from data collected using monitoring, although there are many trust models exists in WSN for trust calculation.Thus a node can be either trusted node (T node ) or untrusted node (U node ).If neighbor's trust value falls below the pre-fixed threshold TH value then this node will be U node .Then monitoring node will stop forwarding data to its neighbor node and updates its trust value.This whole scenario is shown in below Figure 2.

B. Clustering in WSN
Cluster based routing [2,25,26,31,32,33] is one of the best solutions for communication in energy constraint sensor networks due to its energy saving qualities.To reduce overhead in handling the network as a whole, sensor nodes are grouped into clusters as shown in Figure 3.Each cluster contains a cluster head (CH) that is responsible for collecting and aggregating data from its own CMs.Data aggregation by CHs is an energy efficient technique where nodes forwards data to a cluster head for processing and fusion before transmitting to base station.This limits the amount of data transmitted to the BS thus further reduces energy consumption as transmission of data takes a lot of energy [21].Implementing static clustering once at the beginning of network operation and selecting proper cluster heads (CHs) dynamically in every round results in improved network lifetime because of efficient uniform energy consumption among sensor nodes.Thus clustering distributes energy load equally among nodes in sensor network by rotating CH role in each round thus avoids battery depletion of individual sensor node.To the best of our knowledge, all of the cluster based protocols assume that nodes are trustworthy.But this may lead to the selection of a compromised or malicious node to be the cluster head.Having a malicious cluster-head severely compromises the security of the network.Thus clustering affects the performance of sensor network in terms of energy and network lifetime.In simple routing where multihopping is used for data transmission, each and every node processes and aggregates data which results in more computational work and energy consumption on those nodes.Without clustering, it is very difficult for valuable data to reach BS during heavy traffic.A Hierarchical clustering based routing reduces communication overhead and moves the collected data to base station in a very fast manner in comparison to other multi-hop routing model.Clustering removes data redundancy and congestion in the network.But in simple routing, each and every node sends data to BS directly thus energy of nodes depletes very quickly resulting in short network lifetime.An inefficient use of available energy leads to poor routing performance and short network lifetime.Therefore clustering is more preferred over other multi-hop routing for real time application where delay is not accepted.Due to the clustered structure, there will be less traffic, because the route requests will only be passed between cluster heads.So here we are selecting CHs based on residual energy of nodes.Communication between CHs and BS will be carried out in multi-hop manner if distance between CH and BS is more.
Enabling trust in clustered environment is more advantageous than that in simple routing.
• CH can detect faulty or malicious node in a cluster.
• In case of multi-hop clustering, trusted nodes will be selected using trust systems through which CMs can send data to CH.
• Trust based system allows selection of trusted CH through which sender node will forward data to the base station in inter-cluster communication.
Thus trust based clustering approach provides successful delivery of data to base station through optimal and trusted route in an energy efficient way.Communication using trust based clustering approach will be highly secure and energy efficient.Thus this approach increases life expectancy of a sensor network.

II. LITERATURE SURVEY
Now a days, Security and Energy are the most prevailing issues in Wireless sensor Network.There is always a risk of attack on WSN due to its open, random and unattended deployment as well as due to resource limitations of sensor nodes.Insider packet drop attack is one of the most dangerous attacks on WSN.Many cryptography based techniques have been proposed to detect and prevent such type of attacks.But these techniques are not effective for resource constraint (low in memory, energy) WSN because they demand high computational overhead, power consumption, memory requirements and large communication bandwidth etc. [8,9].Exchanging of keys between nodes incur a lot of congestion in the network.Security of WSN will become ineffective once keys in cryptographic approaches are leaked.So to overcome the discrepancies in existing approaches, trust based techniques have been proposed.
Many trust based schemes [5-7] [13-23] have been proposed and deployed in WSN for identifying and isolating "legitimate" sensor nodes which are compromised by attackers.Many Trust based systems use trust mechanism proposed in [24,28,30 ].In trust mechanism, each sensor node calculates trust value of its neighbor by checking whether its neighbor node forwards packet further or not through monitoring mechanism.Monitoring mechanism popularly used in this approach is watchdog which is proposed by Marti et al. [5].It identifies malicious nodes in the network.Each sensor node contains its own watchdog.Let us take an example of two nodes A and B to clearly understand above mentioned procedure.First of all, a sender node A stores the same packets in its buffer which it sends to its neighbor node B. Then watchdog of A verifies neighbor node's packet transmission towards BS through sensor's overhearing within its transceiver range and compares each overheard packet with the packet in its buffer.If a match is found means B has forwarded the data packet and node A will remove this packet from its buffer.Packet possession by the node A in its buffer for a duration longer than a pre-determined threshold time indicates failure in packet transmission by neighbor node B. Thus watchdog will increase failure tally of node B. If B's failure tally exceeds a certain threshold, it will be considered as a malevolent node by A.
Many of the proposed systems [5,7,14 ] utilize a watchdog or watchdog-like approach for monitoring node's behavior or collecting past behaviors for trust evaluation and claim that they achieve a very good performance in protecting data sensing and multi-hop routing.But no existing trust based systems proposed an appropriate solutions to save the energy of nodes in the network.
A lightweight and dependable trust system (LDTS) for clustered wireless sensor networks [14] is proposed by Xiaoyong Li et al.Main purpose of this approach is to detect malicious, selfish or faulty nodes and reduce the effect of these nodes on network.Two levels of trust relationship are used in LDTS.First one is Intracluster trust and second one is Intercluster trust.In Intracluster, trust computation is done at two levels.First one is CM-to-CM and second one is CH-to-CM feedback.In Intercluster, trust evaluation is also done at two levels.First one is CH-to-CH and second is base station-to CH feedback.Communication between CMs to CH leads to a lightweight system and dependability of system is enhanced due to communication between CH to CH.A self-adaptive weighting method is used by LDTS to aggregate trusts of CHs to obtain a global trust degree.LDTS facilitates less communication and storage overhead.No broadcasting is used in LDTS.Thus it saves energy.Overall efficiency is improved of the system because an indirect trust based on the feedback is received from CH about a node.Thus total trust degree is computed using direct observation and indirect feedback.As feedback is not considered between CMs, this can significantly reduce network communication overhead thus improving the system resource efficiency.All the functioning of this approach will not work if CH becomes failed or compromised.LDTS is applicable in Large systems.
Song et al. [16] proposed a trust based LEACH protocol (T-LEACH) for WSNs to improve the network lifetime in the presence of malicious nodes.T-LEACH basically consists two main components.First one is the Monitoring Module and second one is the Trust Evaluation Module.To calculate trust values of nodes, both direct and indirect trust observations are taken into consideration.This trust value is used for decision making during cluster head selection and routing.The trust update slot allows the CH to share its trust values with its CMs.However, it uses special messages to report secondary trust values that may increase the communication and energy overhead.
ATSR is a distributed and trust-based routing convention.This protocol is suitable for large sensor networks.A variety of trust metrics are used to calculate direct trust value of a node.Every trust metric detects one or more routing assaults.A weight is assigned to each trust metric in this scheme.Thus weighted reputation mechanism evaluates the trustworthiness of nodes in the system.ATSR also considers indirect trust value of a node.Every node asks for trust data from its neighbors with respect to third nodes to expedite the trust build-up method.Final trust value of a node is calculated by adding direct and in-direct trust value of a node.At last, routing choices depend on two parameters.First one is distance of a node from base station and second one is total trust value of a node.Every node broadcasts its location, id, remaining energy, reputation request message used to periodically request indirect trust value and reputation reply message used to provide indirect information.This creates routing overhead.Hence this protocol protects WSN from many routing attacks and provides scalability advantages due to the combination of distributed trust model and location based routing [18].
A weighted trust evaluation model to detect malicious nodes in hierarchical WSNs is proposed by Atakli et al. [19].Hierarchical communication takes place in this approach in which BS will be at the root level and sensor nodes will be at leaf level.Some highpower nodes act as forwarding nodes between leaf nodes and BS.Initially, a weight factor is assigned to each sensor node.The forwarding node assesses the behavior of nodes using the weight factor and sensor node sensory output.If the computed value found appropriate then the weight factor of the corresponding sensor node will be incremented by 1, otherwise, weight factor is decremented by 1.In this way, this trust model evaluates the trust value in a hierarchical network.
Das et al. [20] proposed an algorithm to detect malicious nodes using an enhanced LEACH protocol.Since CH election is an important factor in the data aggregation process, authors modified the CH election process to save the energy and to detect the malicious nodes using the evaluated trust value.
To secure dynamic WSN from various routing attacks like sinkhole attack, Sybil attack, wormhole attack and selective forwarding attack, a trust-aware routing framework [21] is proposed by researchers.
Here trust value and energy cost of motes are used in choosing safe routing paths that circumvent intruders.Here intruders mislead an identifiable amount of path related information in the network with a fake identity.Routes provided by TARF are reliable and energy effective without making use of geographic information and time synchronization.There are two components are used by each and every node in this scheme.First one is Trust Manager which computes trust value of each neighbor on the basis of network loop discovery and broadcast messages from the base station about data delivery.Second one is Energy Watcher which records energy of each neighbor node.Each node maintains a neighborhood table, in which energy cost and trust level of neighbor node is stored.Each node chooses a next node on the basis of trust value and energy level of a node for forwarding data and broadcasting its energy cost.TARF recognizes attackers by their low trust value and routes information through paths avoiding those intruders to accomplish desired throughput.Thus TARF is scalable, energy efficient and secure System.Although trust systems enhance WSNs' functionality and security but energy overhead increased by the construction of such systems cannot be neglected.Energy of sensor nodes needs to be utilized efficiently to increase network lifetime because nodes in WSN are restricted in energy.Nodes are basically battery powered.Battery of nodes can't be replaced and recharged easily.Nodes have to work in unattended areas for longer period of time without battery recharge.Main cause of energy exhaustion in WSN is energy consumed by the sensor nodes for transmitting data from sensor nodes to BS.So Security mechanism should be energy efficient.Cluster-based routing [25] [26] has widespread use to make wireless sensor network energy efficient.As in cluster based routing, only CH in a cluster performs aggregation of sensed data received from its CMs.Thus aggregation reduces the number of messages transmitted to BS.And only CHs send collected data to BS instead of all nodes in simple routing.Thus clustering in WSNs reduces congestion, data redundancy, energy consumption on sensor nodes and improves lifetime and scalability of the network.
Numerous researchers recognize or notice the importance of the energy efficiency in trust based systems and proposed some introductory solutions in their research.In [24], a trust model is proposed which is made storage-efficient by applying a geographic hash table for identifying trust managers (may save energy due to low storage usage).In [23], an energy watcher is implemented in trust based system.Which is used by sensor nodes to compute their neighbor nodes' energy cost for each packet forwarding.Through this, nodes select most efficient nodes as their next hop in the route.To make WSN and trust system energy efficient, literature [13], [14], [15] and [22] used clustering technology.A number of CHs are selected to manage cluster members on behalf of the base station.As nodes sends data to CHs only.CHs transmit data directly or through intermediate CHs to BS thus due to shorter communication distance, energy consumption is reduced.In [14], a lightweight trust system is proposed based on the clustered topology in which energy is reduced because feedback (i.e., trust recommendation) is not considered between CMs and/or between CHs.As sensor networks are highly demanded in future so energy-efficient trust based approaches need to be incorporated in resource constrained WSN to prevent network from malicious nodes.Thus our proposed trust based system is made energy efficient by implementing trust in clustering environment which also solves the problem of false alarms which occurs in existing trust based systems when a node's trust value goes down due to natural packet dropping.

III. PROPOSED IDENTIFICATION AND RECOVERY OF
FALSE ALARM (IRFA) SYSTEM Our proposed system makes WSN secure from insider packet drop attacks in an energy efficient manner.It increases energy efficiency, packet delivery rate and network lifetime of WSN.Trust mechanism is proved as a successful approach to identify insider packet drop attacks [27, 28, 29 30].But all the insider packet drop attackers cannot be detected by existing trust based systems.Some systems misclassify good nodes as attackers.So false alarms (discussed in section D in detail) occur in existing trust based system (TBS) while detecting insider packet drop attacks.Thus existing trust based system is optimized to identify false alarms which also recovers those good nodes which are eliminated due to false alarm generation.Along with it, we emphasized to make our scheme energy efficient because energy issue is not taken into consideration in existing trust based systems.Therefore, we implemented our proposed system in clustered environment which results increased overall network lifetime and packet delivery rate.

A. Assumptions
Suppose there are two nodes A and B in the network.We assume that A and B both will be in transmission range of each other.Initially each sensor node has equal amount of energy.Location of BS is fixed.BS and cluster nodes are immobile.There is no resource limitation for BS and it will never become malicious.Nodes are organized into clusters where cluster number is limited to 4 clusters.A secure communication channel is assumed between nodes to secure trust values that are transferred from one node to another.

B. Network Model and Energy Model
A set of n static sensor nodes are deployed statically in N*N square area.Every sensor node has some transmission range and aware of its physical location.In simple multi-hop routing, every node senses, processes and routes data to BS.This increases energy consumption on every node so here we are using clustered based wireless sensor network(shown in figure 4) which is proved to be energy efficient network [25,31,32].Static clustering with dynamic cluster head selection is implemented here.First of all sensor nodes are organized into fixed sized clusters using LEACH protocol [25].Each cluster has exactly one CH.Clusters maintain same members because we are using static clustering (except when nodes died due to complete energy consumption).Role of CH changes to equally divide energy load among nodes.CH of a cluster aggregates data received from its CMs.This provides reduced amount of data forwarded to the base station.Thus energy consumption of CH in transmission of data will be less.First set of the CHs will be self-elected using basic Leach's cluster head selection formula [25] because initially all nodes have same energy level.Initially it is assumed no nodes are compromised at setup.When the duration of current CH's working expires or its trust value falls below predefined thresholds and it is declared malicious using technique defined below in section E, CH selection process starts again.Node with highest remaining energy is selected as CH.First order radio model [25] is used to calculate the total energy dissipation.
A TDMA schedule is created by CHs and each cluster member is informed about its time slot during which it should send data to CH. Monitoring of a node in the cluster is also carried out during this time slot.A Node monitor its neighbors' (non-CH or CH) behavior, calculate their trust value and apply technique, described in section E, to detect whether their neighbors are malicious or false alarm.Each node maintains a trust table of its neighbors in which trust values are stored.Nodes do not share trust information with other nodes in the cluster.After receiving data from its CMs, a CH performs data aggregation, data fusion and transmits data to BS through intermediate CHs if BS is far from CH. Intermediate CHs receive data from CH and forwards data to BS.Thus here we are using multi-hopping to transmit data to BS to reduce energy consumption and load on CH in transmitting data to BS.

C. Trust value calculation
Trust mechanism [28] is basically used to define the trust value of nodes in the network and how a node will compute trustworthiness of a node.
In this mechanism, each sensor node checks whether its neighbor node forwards packet further or not through monitoring mechanism.Monitoring mechanism popularly used here is watchdog [5].For monitoring neighbor's packet forwarding behavior, sender node stores the same packets in its buffer which it sends to its neighbor.Then it overhears neighbor node's packet transmission and compares the overheard packet with the packet in its buffer.If a match is found means neighbor node has forwarded the data packet and node will remove this packet from its buffer.Packet possession by a node in its buffer for a duration longer than a pre-determined threshold time indicates failure in packet transmission by neighbor node.Storage of packet in node's buffer provides one more advantage.A neighborhood node can check the contents of message if it was modified before retransmission by comparing with the message stored in its buffer.
Based on the above data collected, a trust model computes the trust value of monitored sensor node.Use of different trust models may lead to different trust value of a node.Here beta trust model [12] is used which assigns trust value TV to the monitored sensor node.The value of TV is defined as: Where 0≤ T V ≤1 and s denotes number of times a node forwards packet and f denotes number of times a node drops packets.After trust value calculation, a decision about monitored neighbor node's trustworthiness is made whether it should be considered Tnode for further packet forwarding or not.This decision will be taken using proposed technique described in section E.
Thus overall concept is that a node decreases the trust level of its neighboring node if the number of unsuccessful interactions between a node and its neighbor increases.In this situation, sender node declares its neighbor faulty or malicious.Co-operation between nodes are called interaction.Interaction is considered successful by a sender node if two requirements, discussed below fulfill.
First one is that an ACK is received by the sender of the packet that the packet is successfully received by receiver node.Means receiver sends an ACK to sender node after receiving packet from sender.If an ACK is not received by a sender within the predefined time then it will retransmit the packet.
Second requirement is that sender should be ensured that its neighboring node has further forwarded the packet received from it.To ensure, sender overhears its neighbor's packet transmission and compares overheard packet with the packet stored in its buffer.

D. FALSE ALARM PROBLEM IN EXISTING TRUST BASED SYSTEM (TBS) AND ITS IMPACT
In existing TBS, a monitoring node A evaluates its neighbor node B based on how reliably B forward packets it receives from A. If node B drops packets, A cannot tell whether a given packet is dropped by B due to network problem or maliciously.A declares B as Unode even if natural packet drops (due to fading, congestion, collision, interference) occur in B. And this node will be removed from the routing path and another trustworthy node will be used for data forwarding.This is called false alarm problem.
Due to false alarm problem, some non-malicious nodes get eliminated from the network by monitoring node.This reduces network lifetime as it is closely related to the time when the first node in the network get died or stops working due to some problem.

E. Proposed technique to identify and recover false alarms
To solve the problem of false alarm, our main contribution is to provide a falsely detected good nodes with second chance so that they can reconsidered as good nodes.In existing system as we have shown in figure 2, a T node becomes U node even if it is dropping packets due to network problem (not due to malicious activity).Once a node becomes U node , it can't become T node again.So, we need a mechanism to recover falsely detected good nodes in routing process again.In the model shown in figure 2, there is a need of an edge from U node to T node for recovering falsely detected good node from un-trusted category to trusted category.But only this transition is not sufficient because in this, it is not clear, how to stop inside attacker from being recovered.For solving this problem, we insert a new intermediate state S node between T node and U node Recovery transition of this approach is shown in below figure 5.A node uses two thresholds TH max and TH min to classify its neighbor node into one of the three states (T node , S node , U node ).Where TH max is an upper trust threshold which decides whether a node will be T node or U node , and TH min is a Lower trust threshold to decide whether a node will be S node or U node .
Assume that a node A sends packet to node B over the time t.If trust value of node B falls below TH max , it be put into the category of S node rather than in U node (as in existing trust system).It is put into the category of S node because it may be possible that it is not malicious node.It is dropping packets due to some network problem so its trust value falls below.Node A now chooses another trustworthy node for packet forwarding to replace B and re-evaluates node B to check whether it is false alarm or attacker.If node B trust value falls below TH min also.Means it is untrusted node or can say malicious.Then node A remove B permanently.Otherwise if it is proved that false alarm is occurred then B will be again used by A for routing data.The complete process for identification and recovery of false alarms are computed by proposed IRFA algorithm shown in below table 1: A needs some data for re-evaluating S node B to determine whether it is falsely detected or not.The most reliable data for this purpose is A's direct observation on B's packet forwarding behaviors to data packets that A sent to B. A may also observe B's packet forwarding behavior to other nodes but this approach is doubtable.It may be possible that B forward another node's packets successfully but there is no guarantee that it also forwards A's packet successfully.For trust re-evaluation, A sends its duplicated data packets to B.
There are several reasons why we use this approach.
a) First, A can directly observe B's packet forwarding behavior and re-evaluates B's trust value reliably.b) Second, even if B drops duplicated data packets, but the original packets will be delivered to BS through other trustworthy node.Thus, this scheme ensures that overall packet delivery performance will not be degraded due to trust re-evaluation.

Trust re-evaluation method
Whenever node A starts re-evaluating node B, A creates a random sequence R (n) that indicates which of its data packets is duplicated and sent to B for trust re-evaluation.

R (n) = s + i *(n-1) for n=1, 2, ……...n
Here i is the interval between two consecutive values of R (n).Before trust re-evaluation, A randomly chooses value of s and i.For example if s=30 and i=5 then random sequence of packets will be R(n)={25+5n where n=1,2,3,4…..n}.Means If B is detected untrustworthy, A will first duplicate its 30th packet and send that packet to node B for trust re-evaluation.For further re-evaluation A will duplicate every 5th packet i.e. 35 th , 40 th , 45 th ,….. until trust re-evaluation is terminated.

A. Network Simulation goals, Scenario and Evaluation Parameters
Goal of our simulation is to test the performance of our proposed IRFA system and compare it performance with existing trust based system (TBS).Simulation is conducted on OMNET++ tool.Here we consider a WSN with one insider packet drop attacker.We have tested our system on the below wireless sensor network setting shown in Table 2. Nodes are deployed within sensing area of 200*200 m2.All the nodes have the same energy level (1 KJ) initially.We place the base station at (100, 10).To simulate packet drops in a lossy network, we randomly choose some nodes and let them drop packets.Sensor nodes' initial trust value is set to be 0.99.Trust mechanism catches the attacker and some of p% of nodes we selected to simulate lossy network.Later ones will be false alarms.The values of TH max and TH min are assumed 0.8 and 0.6 and number of recovery chances is set to be two.In this work, we performed comparison between proposed IRFA system and existing TBS based on the following performance metrics:

B. Simulation Results and Analysis
Here red curve signifies previous scheme (i.e.TBS) and green bar signifies our proposed IRFA system.It is observed that packet delivery rate is always high in our proposed scheme than existing trust-aware routing scheme.More packets will be delivered to the destination in our proposed approach due to false alarm identification and recovery as well as due to reduced congestion in clustering which leads to drop less packets.This packet delivery rate (PDR) graph is shown in below figure 6. Figure 7 shows total energy consumption of sensor nodes versus rounds.Here red curve signifies previous scheme and blue curve signifies proposed scheme.From this graph it is verified that energy consumption of proposed scheme is lower than existing trust based scheme because of clustering used in proposed approach which leads to consume less energy of nodes.
A relation between number of alive nodes versus network lifetime (rounds) are shown in figure 8.Here red curve signifies previous trust-aware routing approach and black curve signifies our proposed approach.It is observed that last alive node died at 5000th round in previous work means network lifetime of previous approach is 5000th round while network lifetime of proposed approach is 6500th which is much better than previous approach.

V. CONCLUSIONS AND FUTURE WORK
We optimized existing trust based system to identify false alarms which also recovers false alarm nodes.As our security solution need to be energy efficient.Clustering is the best solution for providing energy efficiency in WSN.Hence, to make our security solution energy efficient, we implemented our proposed IRFA algorithm in cluster based environment to detect insider packet drop attacks.Our proposed approach increases total energy efficiency, packet delivery rate and network lifetime as compared to existing TBS.In this work, we have used Beta trust model for trust values computation.
Future work can be done to check the performance of our proposed approach by utilizing other optimized trust models.There is still a scope to improve the recovery rate of false alarms.Our approach may not work well in detecting on-off attack, as on-off attacks change their attack patterns.Attacker nodes will stop dropping packets when they are detected as suspicious and resume packet dropping when their trust value increases.So this approach can further be enhanced to detect on-off attacks accurately.

Figure 1 .
Figure 1.Structural view of sensor network

Figure 3 .
Figure 3. Cluster Based Network Architecture

Figure 5 . 3 -
Figure 5. 3-State Trust Based Approach with a Recovery Transition A evaluates B's trust value T V [B] based on its direct observations on B's packet forwarding behavior over t.Note that T V [B] is measured by Beta trust model used in the network.State of node B at node A is denoted by S A [B] which is defined as: S B [C] denotes state of node C at node B. S C [D] denotes state of node D at node C and so on.
i. Network Lifetime: It is defined as time interval (in terms of round) between the beginning of network operation and the death of the last alive node.Network lifetime improves when packet delivery rate increases dramatically and energy decreases.ii.Energy consumption by sensor nodes with respect to network lifetime or rounds is represented through graph.iii.Packet delivery rate: Number of packet received by BS vs. simulation time (seconds) are also represented in form of graph.

Figure 6 .
Figure 6.Graph showing Packet Delivery Rate for previous scheme versus proposed scheme

Figure 7 .Figure 8 .
Figure 7. Graph showing Total energy consumption for previous scheme versus proposed scheme

Table 1 :
Identification and recovery of false alarms (IRFA) algorithm 1. Begin 2. Node 'A' monitors node 'B' and calculates its trust value T V [B] 3.If T V [B] TH max then 4. Go to step 2 5. else 6. 'A' replaces 'B' with another trustworthy node 'C' 7. 'A' monitors 'B' and updates trust value of 'B' i.e.T V [B] 8.If this is a false alarm then 9. 'A' replaces 'C' with 'B' and goto step 2 10.Else 11. 'A' removes 'B' from its routing table 12. End if 13. End if 14. Stop