Wormhole Detection Based on Z-Score And Neighbor Table Comparison
Zezhi Zeng
TL;DR
This work tackles wormhole attacks in disaster-relief, opportunistic networks by introducing a pure statistical detection method based on the Z-Score. It leverages a third-party auditor to compare routing-related data, including neighbor distributions, without GPS or timers, enabling practical deployment in resource-constrained scenarios. Key contributions include formalizing a wormhole model for disaster relief, developing Z-Score–based outlier detection with improvements (Modified, Local, Dynamic), and a neighbor-table similarity framework that uses routing and communication metrics. Evaluation in ONE demonstrates high detection success with very low false alarms and rapid detection times, highlighting the method's economic value and applicability to real-world rescue operations.
Abstract
Wormhole attacks can cause serious disruptions to the network topology in disaster rescue opportunity networks. By establishing false Wormhole(WH) links, malicious nodes can mislead legitimate paths in the network, further causing serious consequences such as traffic analysis attacks (i.e., by eavesdropping and monitoring exchanged traffic), denial of service (DoS) or selective packet loss attacks. This paper uses rescue equipment (vehicle-mounted base stations, rescue control centers, etc.) as an effective third-party auditor (TPA), and combines the commonly used Z-Score (Standard Score) data processing method to propose a new detection method based on pure mathematical statistics for detecting wormhole attacks. Finally, we perform a large number of simulations to evaluate the proposed method. Since our proposed strategy does not require auxiliary equipment such as GPS positioning and timers, as a pure data statistical analysis method, it is obviously more economically valuable, feasible, and practical than other strategies in disaster relief.
