Nothing Special   »   [go: up one dir, main page]
Next Article in Journal
Investigating the Effect of Lubricating Oil Volatility and Ash Content on the Emission of Sub-23 nm Particles
Previous Article in Journal
Effect of Honey Concentration on the Quality and Antioxidant Properties of Probiotic Yogurt Beverages from Different Milk Sources
Previous Article in Special Issue
Indoor Walking Trajectory Estimation Using Mobile Device Sensors for Hand-Held and Hand-Swinging Modes
You seem to have javascript disabled. Please note that many of the page functionalities won't work as expected without javascript enabled.
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 15
Issue 4
10.3390/app15042213
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

A Survey on Energy Drainage Attacks and Countermeasures in Wireless Sensor Networks

by
Joon-Ku Lee
1,
You-Rak Choi
1,
Beom-Kyu Suh
2,
Sang-Woo Jung
2 and
Ki-Il Kim
2,*
1
Korea Atomic Energy Research Institute, Daejeon 34057, Republic of Korea
2
Department of Computer Science and Engineering, Chungnam National University, Daejeon 34134, Republic of Korea
*
Author to whom correspondence should be addressed.
Appl. Sci. 2025, 15(4), 2213; https://doi.org/10.3390/app15042213
Submission received: 9 January 2025 / Revised: 8 February 2025 / Accepted: 13 February 2025 / Published: 19 February 2025
(This article belongs to the Special Issue Trends and Prospects for Wireless Sensor Networks and IoT)
Browse Figures
Figure 1
<p>Components on a sensor node.</p> "> Figure 2
<p>Research classification in [<a href="#B11-applsci-15-02213" class="html-bibr">11</a>].</p> "> Figure 3
<p>Number of papers in research areas.</p> "> Figure 4
<p>Number of papers in published years.</p> "> Figure 5
<p>Categorization of EDAs in [<a href="#B23-applsci-15-02213" class="html-bibr">23</a>].</p> "> Figure 6
<p>Example of SFA detection in E-watchdog.</p> "> Figure 7
<p>Example of a wormhole attack.</p> ">
Versions Notes

Abstract

:
Owing to limited resources, implementing conventional security components in wireless sensor networks (WSNs) rather than wireless networks is difficult. Because most sensor nodes are typically powered by batteries, the battery power should be sufficiently long to prevent the shortening of the network lifetime. Therefore, many studies have focused on detecting and avoiding energy drainage attacks in WSNs. However, a survey paper has yet to be published for energy drain attacks in WSNs since 2019. Therefore, we present a novel comprehensive survey paper for energy drainage attacks in WSNs. First, we address an overview of WSNs and their security issues. Next, we explain the methodology for this study and explain the existing approaches for energy drainage attacks in layered architectures. Based on the results of this analysis, open issues and further research directions are presented.

1. Introduction

Wireless sensor networks (WSNs) are typically used to monitor and control a specific event remotely. For example, WSNs are used in agriculture to monitor physical environments and measure specific scalar values to improve the quality and productivity of farming. Other perspective applications of WSNs include health monitoring of physical structures, such as structural health monitoring of intelligent buildings and bridges through physical sensors and prevention and control of radiation leaks in the surroundings of the nuclear power plant, as an example in [1].
In typical cases, numerous sensors deployed in networks are supposed to deliver the obtained value to the sink node located remotely at a location where a sensor node can gather and process sensory data and interconnect with other nodes in the network. To accomplish the given tasks, a sensor node has the following four basic components: (1) a processing unit to execute data processing and control other components through memory, (2) a transmission unit to transmit and receive radio frequencies, (3) a sensing unit with a specific sensor that converts the read value in a sensor, and (4) a power unit to supply power to these components, as depicted in Figure 1. Additionally, a location system can be implemented to recognize the current position and mobilizer to support the movement of sensors if this function is required for a task. These two optional components are depicted in the dashed line in Figure 1.
Compared with a conventional computing platform, sensor nodes exhibit considerable advantages because of their low installation costs and flexible system configurations. In contrast, because of the limited capability of components, a sensor node has high latency in communication and low computing speeds. Furthermore, sensor nodes are vulnerable to various threats and attacks because they are deployed in unattended and unprotected environments with limited infrastructure. Thus, security is a primary challenge and attracts considerable research interest. Numerous studies have comprehensively discussed security issues and WSN technologies. Consequently, various possible attacks at each layer of the communication protocol stack and their possible countermeasures have been identified in terms of constraints and security requirements.
However, a comprehensive review study of energy drain attacks on WSNs is yet to be conducted. Furthermore, the types of detection mechanisms have been described; however, the types of attack detection have not been elucidated. Because most sensor nodes operate with non-rechargeable batteries, this attack causes a severe operational problem: node failure. WSN node faults are typically caused by the failure of modules, enemy attacks, battery power depletion, and the node being beyond the communication range of the entire network. Sequentially, a node failure partitions networks and subsequently shortens network lifetime. Although several energy harvesting technologies have been proposed to extend the network lifetime, the prevention of this attack is prioritized.
To address the mentioned problem, we proposed a novel survey paper dealing with energy drain attacks in WSN in this study. We reviewed the types of possible attacks for energy consumption in detail and provided security solutions in each layer. Table 1 lists the main acronyms used in this paper.
The contributions of this study are as follows:
  • Research challenges for security in WSNs: To address security issues and research challenges, we reviewed surveys and compared them.
  • Investigation for energy drain attack in WSNs: Specifically, we focused on energy drain attacks and countermeasures against this type of attack in the aspects of layers. In particular, we focused on and analyzed energy drainage attacks by denial of service (DoS) attacks.
  • Further research challenges: We discussed the open research challenges for energy drainage attacks, including new network architecture and the use of machine learning (ML).
The paper is organized as follows. We provide background and motivation for this review paper in Section 1. Security issues and specific attacks targeting WSNs are followed in the next section. In Section 3, we investigate energy drain attacks from the perspective of each layer for WSNs. We present open research challenges and discuss them in the Section 4. Finally, we conclude and suggest further work.

2. Security Issues in WSN

Many researchers have focused on security issues and their countermeasures in WSNs, providing comprehensive reviews and publishing numerous articles. These survey papers can be categorized as general-purpose and specific papers. General-purpose papers provide an overview of security issues in WSNs, whereas specific papers focus on specific issues for security, such as data aggregation. We selected credible literature in terms of the insights it provided.

2.1. Literature Review for Overall Attacks

Table 2 lists the technical contributions and key features of the literature in chronological order.
Wang et al. [2] first addressed the restrictions of WSNs and their security requirements in 2006. Attacks and their corresponding countermeasures are categorized into five classes: cryptography, key management, secure routing, secure data aggregation, and intrusion detection. In this study, the requirements of security for WSNs include availability, authorization, authentication, confidentiality, integrity, non-repudiation, and freshness. Freshness indicates that the data are recent and ensures that no adversary can replay old messages. Furthermore, feasible attacks in each layer and their countermeasures with open research issues are presented and compared in terms of their advantages and disadvantages.
Chen et al. [3] published a new survey paper on security issues in WSNs. The security requirements for WSNs are the same as those in [2]. In this study, threats and attacks were categorized as external and internal attacks. Moreover, the authors mentioned that internal attacks are more difficult to detect than external cases. Attack detection and prevention mechanisms typically involve five aspects: normal external attack defenses, attack/failed node detection, DoS attack and countermeasures, code testing schemes, and location verification schemes. Unlike [2], they focused on securing a location to provide reliable location information in two ways, namely a secure location scheme with and without beacons. In addition to analyzing attacks and countermeasures, they determined that end-to-end security, rather than a hop-by-hop security paradigm, as well as information assurance, are open research challenges.
Sen [4] discussed security issues. Similar to two previous survey papers, various possible attacks and their possible countermeasures at various layers of the communication protocol stack in WSNs were identified, along with further research challenges. In addition, more than three requirements were addressed by considering self-organization, secure location, and time synchronization. Self-organization implies that a pre-installed key distribution scheme can be used. Moreover, secure locations can prevent false location information by reporting false signal strengths and replaying messages. Time synchronization is required for collaboration between sensor nodes among a group of sensors for a given task. In the case of attacks, countermeasures for traffic analysis in WSNs were presented to prevent rate-monitoring and time-correlation attacks. Furthermore, the detection of node replication attacks in WSNs was investigated using the randomized multicast scheme. Yang et al. [5] published a new survey paper that incorporates recent works on this topic. They focused on three aspects: key management, authentication, and secure routing. They also investigated two more security requirements: robustness and access control. Robustness implies a minimized impact on performance in cases of successful attacks, whereas access control ensures legitimacy by determining access to the system. Furthermore, secure multipath routing and hierarchical routing were presented.
In 2017, Tomic et al. [6] presented a novel survey paper focusing on systematic studies by studying popular protocols in WSN deployments. They included IPv6 over low-power wireless personal area networks, collection tree protocols, and constrained application protocols. In response to these requirements, three additional requirements were defined: data, access, and network-level requirements. First, anonymity, which hides the source of the data, was defined for information protection and confidentiality. Furthermore, robustness/resiliency implies a lack of significant impact for networks without considering the number of nodes that increased. The most important contribution of this study is to address possible attacks and their countermeasures for protocols in each layer. This is in contrast to previous work. Specifically, some relevant works were also analyzed and compared to address the shortage of IPv6 routing protocols for low-power and lossy networks (RPL) designed to support confidentiality, integrity, availability, and non-repudiation.
Authors in [7] mapped various security factors and established the relationships between them through a newly defined systematic analysis framework. As a primary technical contribution, they illustrated the relationship among constraints in the security aspect, security requirements, and countermeasures. Figure 2 shows an example of security requirements for energy and low specification. In this study, two more security requirements were introduced, namely forward and backward secrecy and quality of service. The forward and backward secrecy implies that encrypted data should not be decrypted at the intermediate node in WSNs, whereas the quality of service is focused on the quality of service by congestion at the base station. Some side effects, such as buffer overflow and channel contention caused by congestion, should be mitigated. Unlike the above-mentioned papers, attacks and countermeasures were mapped based on the characteristics of the security aspect. For example, secure infrastructure to ensure easy access can be implemented using various techniques, such as encryption, digital signature, and maintenance of the timing previously related to time synchronization.
We also reviewed survey papers published in 2023 and 2024. First, Faris et al. [8] presented a novel taxonomy of security threats in each layer and various countermeasures studied since 2020. This study focused on constructing an intrusion detection system in the WSNs. Various frameworks were introduced and compared to develop a novel algorithm. Second, secure routing methods were explained and compared in two categories, namely protocol and routing layer, by Ram et al. [9]. In this study, secure group management for grouping and clustering was described. Moreover, reputation and trust systems for mutual trust scores were introduced and explained. Third, Oztoprak et al. [10] conducted survey research to categorize attacks and identify vulnerabilities and corresponding mitigation strategies. Ten attacks, including wormhole, sinkhole, and routing attacks, were identified and explained. Furthermore, several countermeasures for these attacks were described and compared.

2.2. Literature Review for Specific Attacks

As indicated in Table 2, numerous studies focused on specific attacks and countermeasures in WSNs. In this section, we review outstanding survey papers for one security topic.
Yousefpoor et al. [12] analyzed secure data aggregation in WSNs in terms of their strengths and weaknesses. Subsequently, the authors categorize secure data aggregation methods based on several network environments, such as the network model and network topology. Furthermore, they evaluate the security requirements covered by the schemes. Each scheme is explained briefly in terms of their contribution. Strength and weakness, evaluation in terms of security requirements, and countermeasures against various attacks are given. For each scheme, they describe their network model, network topology, key cryptography method, and other features. Well-known 15 secure data aggregations, including secure data aggregation watermarking-based scheme in homogeneous WSNs (SDAW) in 2016 to lightweight structure-based data aggregation routing protocol with secure Internet of Things (IoT)-integrated next-generation sensor networks (LSDAR) in 2020 are compared.
A sinkhole attack is a routing attack achieved by attracting surrounding nodes with misleading routing path information and performing data forging or selective forwarding of data passing through it. Rehman et al. [13] reviewed related countermeasures to detect and prevent this attack. After presenting well-known routing protocols in WSNs, approaches to detect sinkhole attacks, such as distributed and collaborative agents and cooperative clustering, were described. Several countermeasures for sinkhole attacks were explained. The authors categorized sinkhole attacks based on authorization, probing, redundancy, and limited broadcast using one-way hash chains, limited routing updates, and multi-path, multi-base station routing.
The next security issue is key management, authentication, and trust management in WSNs. A survey paper was published by Gautam and Kumar [11] in 2021. The authors presented the methodologies, advantages, and limitations of previous work on WSNs. Figure 2 illustrates feasible security solutions and approaches in three topics. Furthermore, survey papers for three categories were compared to determine security requirements. Finally, open research challenges such as lightweight security were discussed. Similarly, S. Szymoniak [14] reviewed key distribution and authentication protocols in WSNs. For key distribution, three major topics, namely secure session key agreement, session key negotiation, and session key security, were considered. Because the most dangerous attack on WSNs turned out to be the replay and impersonation attack, the authors suggested using one-time keys and timestamps. For authentication protocol, existing protocols were categorized as one-factor, two-factor, three-, and four-factor, mutual authentication protocols. Among them, mutual authentication is the most desirable property as it satisfies security requirements.
Unlike previous survey papers that focused on effectively detecting various attacks in WSNs, Xie et al. [15] studied security data collection. After presenting general attacks in each layer and security requirements, the authors in [15] reviewed and analyzed attack detection and data analytics schemes for eleven mainstream attacks. They focused on attacks and their corresponding detection methods in the network layer and evaluation criteria to analyze existing methods. A list of evaluation criteria for the performance of security data collection consists of data quality, data trustworthiness, effectiveness and efficiency, privacy, and security requirements. Moreover, traceability, accuracy, false tolerance, applicability, and scalability were provided as criteria for attack detection in WSNs.
We studied dealing with the different types of active and passive security attacks and countermeasures in WSNs [16]. Active security attacks search and destroy information, whereas passive security data involve stealing information. Active attacks include jamming, tempering, routing, and node outage attacks. In particular, some of the routing protocol attacks in WSNs can be classified as selective forwarding, sinkhole attacks, and Sybil attacks, among others. The authors categorized monitoring and eavesdropping, traffic analysis, camouflage adversaries, homing attacks, and passive attacks.

3. Energy Drain Attacks in WSNs

In the previous section, we reviewed existing schemes for possible attacks and countermeasures along with security requirements in WSNs. In this section, we categorize the previous work in terms of energy issues. Because a comprehensive survey paper from the perspective of energy drain attack is yet to be devised, we highlight security issues for energy drain in WSNs.

3.1. Motivation and Methodology

It is very obvious that energy attacks damage networks by quickly draining the node’s battery power. In this paper, we review the state-of-the-art research in this domain. To achieve this, we follow the following process:
  • Step 1: Search the literature for “energy drain attack WSNs”;
  • Step 2: Extract lists from Step 1 by related titles as well as related abstracts;
  • Step 3: Conduct a detailed analysis of the research content.
To organize a comprehensive review, we selected the IEEE, ACM, Scopus, and Google scholar databases. Papers were examined with the following keywords: “energy drain attack WSNs”, “EDA WSNs”, “energy attack WSNs”, “battery attack WSNs”, and “energy security and attack-type WSNs”. We searched pure WSNs by excluding the “IoT” and selected only highly credible papers published in good venues. We limited the period of publication to between 2019 and 2024. After this process, we chose sixty-five papers in the research areas. Figure 3 illustrates the number of articles from each year, while Figure 4 shows the aspect of layering. As illustrated in these figures, research papers in the network layer published in 2021 are the most valuable sources for this paper.

3.2. Background of Energy Consumption and Drain

Before reviewing energy drain attacks, investigating the energy consumption model for the sensor node is crucial. As described before, for components in a node, energy is consumed for the node’s activity. Although an energy consumption model is mostly dependent on characteristics of the sensor node, such as the type of transceiver RF, we consider a general model in which the total energy consumption is equal to the summation of the consumed sensor, computing, and communication energy. Based on previous measurements and analyses [17,18], we can estimate a portion of the energy consumption on each component in Table 3 and Table 4, respectively. Although slight gaps exist between detailed values in the two tables, energy for communications is a larger source of the total energy expenditure than processing and sensing cases.
Based on the analysis, considerable research on energy is focused on reducing unnecessary energy. Detailed sensing energy can be reduced by deleting unnecessary sensing. Energy efficiency is achieved by either dynamic voltage scaling or system partitioning. Finally, reducing the number of communications as well as the distance of communications is applicable to energy consumption in communications. In [19], as an alternative approach, a WSN-based energy harvesting system was proposed to provide energy for recharging. A new approach to facilitate battery-less energy harvesting techniques in industrial WSNs was presented in [20]. In addition, Y. Wang et al. [21] addressed imbalanced energy issues for topology control and proposed a scale-free topology evolution model by employing a new factor, route-oriented path load. Its main objective is to improve the network load balancing and robustness. To defeat this problem, two approaches, increasing the average path length of the network or sink node near the network center, were suggested. Energy drain can lead to creating a hole in the network. In [22], a hole in a WSN is a region in which several adjacent nodes have failed. When a hole is created, transmitting or sensing data becomes difficult. Holes can be caused by factors such as random node deployment, electronics failure, software errors, and energy depletion.

3.3. Literature Review for Energy Drain Attacks

In 2019, Nguyen et al. [23] presented an overview of security issues for energy depletion in low-power wireless networks, including WSNs and the IoT. They defined these attacks as energy depletion attacks (EDAs) and analyzed the effects of these attacks. Consequently, countermeasures for EDAs were described and compared. The authors categorized existing methods according to the attack target under layered architecture, the purpose of attacks, and the target network type. Figure 5 illustrates the categorization of EDA methods. Furthermore, the advantages and disadvantages of each method were compared. Open issues and analysis for further research trends were provided, and conclusions were drawn that existing solutions cannot satisfy all requirements. This result implies that specific requirements should be prioritized and defined depending on the application requirements. In this survey, the authors discuss the representative attacks in each layer. First, in the physical layer, jamming and communications in hidden channels were given. Garage data verification and duty-cycle manipulation were used for the medium access control layer. Loop and stretch forwarding attacks are described in the network layer. Finally, duty-cycle manipulation and malformed applications can affect security. As for these attacks, defense or countermeasures in each layer were described in a layered architecture. Among mentioned methods, statistical techniques, intrusion detection, and end-to-end security can be applied to prevent attacks in all layers. Most schemes were simulated using NS2, NS3, and C++. By contrast, multiple channel hopping and enhancing security schemes were implemented on the real sensor device.
Similar to [23], Kundu et al. addressed energy attacks by including diverse mobile devices in [24]. In this study, the authors addressed that energy attacks on mobile devices can be of the DoS type. In approaching a systematic study on smartphones, they extended it to cover hardware components, software resources, network communications, and malicious applications on smartphones. A notable contribution is to present malicious motivation and use cases for energy attacks on the smartphone as well as classifying the existing methods based on the goals, targets, control, locations of launch, elements of the attack, and process of the attack. The authors concluded that attacking network elements is a more efficient attack than software elements.

4. Recent Review Based on State-of-the-Art Works for Energy Drain Attack

In this section, we review state-of-the-art countermeasures for energy draining following well-known attacks on each layer.

4.1. Physical Layer

Jamming and its variants attack and exploit the shared nature of the wireless medium as well as interrupt receiving by reducing the receiver’s signal-to-noise ratio. Jamming attacks can rapidly lead to energy depletion in WSNs. Therefore, the implementation of countermeasures against jamming is crucial in WSNs. In this section, we review state-of-the-art measures to counter jamming attacks in the physical layer. Al-Husseini et al. [25] investigated jamming attacks in WSNs in the aspects of technologies, impact, and available countermeasures. They analyzed current approaches and discussed unsolved research challenges and issues.
To address jamming attacks on physical-layer authentication (PLA) [26], Tan et al. suggested a jamming attack detection (JAD) and composite jamming attack detection (CJAD) scheme. JAD identifies the difference in noise variances between the handshaking and communication phases, whereas the CJAD exploits one variance between the source and destination. Moreover, a theoretical analysis of the proposed scheme for wireless fading channels was presented. Finally, real implementation for the proposed scheme rather than simulation was explained for conducting extensive performance comparisons. The proposed scheme can counter both jamming and spoofing attacks simultaneously.
S. Misra et al. [27] presented a new scheme to utilize the Stackelberg game theory to avoid jamming areas. A centralized unit identified the jamming area using the locations of the affected nodes and functions as the leader. Similar to the clustering scheme, it uses nodes around the leader function as followers and determines the mobility pattern to minimize unnecessary energy consumption. The proposed scheme, mobility-based jamming avoidance in WSNs (M-JAW), focused on the mobility model. Furthermore, a novel mobility model called the rational mobility model was proposed to remove the effects of jamming on affected nodes. Another research study using a novel location pinpointed anti-jammer with knowledge estimated localizer (KNOWEL) was proposed in [28]. In the proposed scheme, an energy detector sets the decision threshold, and an adaptive filter recognizes the signal variance between normal and reactive jammer traffic. Next, the jammer and its exact location with the profile of the external attacker were computed using the KNOWEL method. The KNOWL scheme consists of three major components, namely feature extraction, cluster partition, and locational process for the learning phase. The M-cluster algorithm, nonparametric CUSUM algorithm, and centroid location algorithm were used for each stage. Well-known node parameters such as the received signal strength indicator (RSSI), packet delivery ratio, and packet loss ratio were used to detect the percentage of jamming. Yang et al. [29] proposed a jammer location-aware method based on a Fibonacci branch search. They extended the Fibonacci optimization method to multidimensional space search optimization problems. A novel jammer location based on FDB consists of three stages, namely selecting initial search points, the classification of the fitness function, and updating the search point iteratively. Thus, interactive global search and local optimization rules are applied alternately and iteratively to obtain the accurate location of the jammer. They demonstrated that the proposed scheme outperformed the existing scheme in many complex scenes with distinct parameter values.
M. Hasana and H. Mustafa [30] presented a new effective jamming localizing scheme to identify jammed regions through convex hulls using detected jammed nodes. They took several parameters, such as the jamming signal strength (JSS), the packet delivery ratio, and others, to detect jamming. In addition, a cluster-based multi-channel assignment technique was employed to avoid channels. Another work [31] for jamming countermeasures was related to channel avoidance for jamming in WirelessHART. The authors presented a jamming-resilient channel-hopping mechanism to meet the requirements of WirelessHART. In the proposed approach, multi-level randomness was investigated to reduce repetitive channel hopping patterns and improve resistance to jamming attacks. Recently, C. Del-Valle-Soto et al. [32] presented a simple jamming detection algorithm that is based on an investigation of performance metrics. The authors aimed at detecting areas of affected nodes with minimal energy expenditure through a predictive model of a jammer node attacking a network.
ML has been introduced to detect jamming. Zhou et al. [33] first proposed the stochastic game framework for the anti-jamming problem with multiple users. Based on this model, a joint multi-agent anti-jamming algorithm (JMAA) was presented to obtain the optimal anti-jamming strategy by multi-agent reinforcement learning to select a channel. The proposed scheme can prevent external jamming attacks and avoid internal mutual interference among sensor nodes. The authors mentioned that JMAA does not cause additional overhead without estimating the jamming patterns or any specific parameter. Simulations demonstrated that the JMAA outperformed the frequency-hopping method. In addition to an anti-jamming algorithm with reinforcement learning, a novel approach using a neural network was proposed in [34]. The authors incorporated ZigBee technology based on multiple inputs and multiple outputs in which the decoding signal in the presence of a constant jamming attack is achieved. The optimized neural network can mitigate the unknown inferences for learning. Using this ML algorithm, a receiver can decode its data packet without the jamming attack. The enhanced ZigBee module consists of synchronization and learning-based jamming mitigation modules that are installed on a device by two antennas. Under this architecture, a novel baseband signal processing pipeline module was designed to mitigate the jamming signal and recover the ZigBee signal. For data training, a simple neural network by each individual packet was assumed. The preamble in the ZigBee frame was trained. Rao et al. [35] addressed countermeasures against the frequency-hopping spread spectrum in WSNs by combining deep reinforcement learning (DRL) and a meta-trust region policy optimization (TRPO)-based method. The DRL is for the optimization of the jamming resource allocation problem, whereas the TRPO is used for the improvement of policy networks. Using these two schemes, jamming frequencies and bandwidths for multiple frequency-hopping sets were solved through the Markov decision process and the policy and value network were maximized with accumulated jamming reward within the trust region. In addition to these models, a novel meta-DRL-based method was proposed to address the jamming resource allocation problem for emerging new tasks. The DRL model was composed of two optimization steps, namely meta-training and fine-tuning.
We also reviewed recent anti-jamming methods. Research can be classified into two categories based on target purposes, that is, detection and countermeasures for jamming and identifying jammers. Moreover, various ML algorithms have been proposed and used for the two purposes. Table 5 depicts a comparison of recent work in the aspects of advantages and disadvantages consequently. In addition to Table 5, Cortés-Leal et al. [36] provided performance metrics for the impact on energy consumption in industrial WSNs environments to detect jamming in real-time. Two simulations were accomplished to demonstrate that the types of jamming made a distinct impact according to application requirements.
In summary, the anti-jamming method is likely to employ a data-driven approach, such as ML, if jamming nodes exist. However, since these approaches incur high complexity for computation and take a long time to train, these issues should be a concern.

4.2. Data Link Layer

Hasan et al. [37] published a comprehensive survey concerning security issues in the data link layer. They explained security issues and described diverse attacks, such as energy exhaustion, as the specific attack for the data link layer. Abnormal energy depletion attacks in the data link layer can be accomplished by accepting and processing bogus messages as well as prohibiting the sensor node from turning to sleep mode. The second case is the denial-of-sleep attack, which is a specific type of DoS attack. Several countermeasures have been devised to address these attacks in the data link layer. Continuous bogus traffic forces the node awake. Thus, these two attacks are closely related to energy drain in WSNs. Hasan and Hanapi [38] reviewed papers related to security protocols at the data link layer for WSNs and highlighted the security research issues and limitations of existing schemes. Using two papers, we found that most of the research work for energy drain attacks is focused on the DoS and denial of sleep at the data link layer.
First, a bogus message for DoS can be prevented by the encryption scheme. However, because of a computing constraint on a node, lightweight encryption is desirable. To address this problem, Khashan et al. [39] proposed a novel scheme named FlexCrypt, which was an automated lightweight cryptographic method. Lightweight features were accomplished by selecting encryption parameters based on the available resources on a node with a novel lightweight dynamic key management and authentication method. Through the simulation results, the authors demonstrated that the proposed scheme, FlexCrpyt, can save energy by more than 66%. Tropea et al. [40] analyzed the trade-off between received packets and energy consumption by comparing two well-known MAC protocols, Berkeley MAC (BMAC) and lightweight MAC (LMAC). For comparison, various cryptographic techniques such as AES, RSA, and ECC were applied for the energy drain attack and the impersonation attack. Thus, the relationship between encryption and energy drain was identified. Aloufi and Alhakami [41] presented a novel lightweight authentication medium access control (MAC) protocol for CR-WSNs to discard unauthenticated packets. The proposed scheme was used by adopting hash algorithms (SHA-1) and XOR operations. The proposed scheme can lower computational costs.
Second, most existing energy drain attacks target the data link layer. The most well-known attack is called denial of sleep, a specific case of DoS attacks in WSNs. This attack prevents the node from going into the sleep phase. This attack rapidly drains its energy supply. During actual measurement, a sensor node lasts for months with general energy consumption, whereas the denial-of-sleep attack reduces the lifetime in a few days by keeping the radio transmitter system on. Therefore, we reviewed the mitigation of the energy drain attack to make the whole network work as normal. Table 6 shows a comparison of existing methods in terms of their advantages and disadvantages.
In [42], Fotohi et al. proposed a novel countermeasure named abnormal sensor detection accuracy (ASDA)-RSA to reduce the amount of consumed energy by introducing clustering and authentication through the RSA cryptography algorithm and interlock protocol. Each node measured the energy and distance of each node from the cluster to determine the cluster header. Each cluster member was authenticated by a cluster header. If a node was verified as valid, then RSA key generation and key distribution by interlock protocol were accomplished. Park [43] specified a novel algorithm to detect malicious attacks for the wake-up radio protocol (WUR). If an attack was detected by the anti-malicious attack WUR (AMA-WUR), then further operation procedures responded to malicious attacks and notified other nodes for them. To detect malicious attacks, the load capacity of the network in the normal state was set. If the measured value was greater than one in normal value, then it was considered an attack. For example, the average utilization rate and instantaneous utilization rate can be used for comparative parameters. The author obtained two main characteristics for attacks. One characteristic was for the destination address such that numerous packets can be directed to a specific target device, whereas the other was for network traffic to be focused on a certain host. Another paper [44] mentioning WUR was presented by Kardi and Zagrouba. They combined and distributed the cooperation model and dynamic elliptic curves-RSA (DECRSA) by selecting a novel supervisor node with traffic parameters. Fotohi and Bari [45] introduced firefly and Hopfield neural network (HNN) algorithm RSA optimization against denial-of-sleep attacks. In this study, the firefly algorithm was used for clustering, and the RSA algorithm and interlock protocol were used for authentication. Furthermore, to track sink movement, HNN detected the sink movement to send data of the cluster header. The proposed scheme prevents the denial-of-sleep attack by validating all nodes that transmit synchronization messages. If validation fails, the message is rejected.
Battery-draining attacks in Wi-Fi-enabled sensor networks were addressed and studied in [46]. Wi-Fi-enabled sensor networks are easily attacked by triggering frames. Because of this fake frame, a node cannot turn into a sleep mode, which results in continuously replying to a signal and consuming a large amount of energy. To prevent this problem, the authors proposed a novel scheme named the secure triggering frame-based dynamic power-saving mechanism (STF-DPSM) for multi-link environments to simultaneously transmit and receive across multiple links. However, this approach is typically more susceptible to battery-draining attacks than the conventional single-link case. Battery-draining attacks can be incorporated into a masquerading attack by forcing a legitimate access point to deceive wireless terminals. If an access point sends a forged trigger frame continuously, then a station cannot go to the sleep mode because it should send back the replay packet accordingly and persistently.
Because previous approaches based on encryption/decryption schemes for denial of sleep can cause overheads in normal scenarios without attacks, a novel scheme with a low overhead is desirable. The proposed scheme adjusts the power-saving time appropriately and applies STF. When an AP detects a denial-of-sleep attack and the situation goes further, the target window time period for the victim device decreases. Throughout this procedure, the STF algorithm is implemented to verify the integrity of the trigger frames. For energy drain attacks, in [47], the authors focus on wireless body area networks, specifically, the network of WSNs that forms around the human body. The proposed framework increases energy utilization, detecting repetitive events, and controlling transmissions to finally increase network lifetime. To achieve them, a backoff factor based on the amount of current residual energy was selected. To detect unauthorized events, reward and penalty values were introduced. For example, if a received packet is repetitive, then the penalty increases. A transmission counter was used to control transmission. Every sensor node checks the counter prior to transmitting any packet. If this counter is less than the value, then the packet is sent. If that counter becomes the predetermined limit, the packet cannot be sent until the counter value reaches zero.
In summary, energy drain attacks at the data link layer focus on denial-of-sleep attacks. Different from jamming attacks in the physical layer, there is no ML approach in this research area. Based on data processing, it will be feasible to identify attack patterns and classify them as normal or attack.

4.3. Network Layer

DoS attacks can exhaust the energy on the victim node by sending additional unnecessary packets at the network layer to establish a link between the source and the sink. Thus, this attack can delete or change routing information by injecting false information into networks. Thus, most energy drain attacks belong to approaches at network layers.
In this section, we review recent approaches in terms of attack types, that is, selective forwarding, sinkholes, wormholes, Sybil attacks, and floods. Prior to the details of each approach, we reviewed a previous survey paper [48] for DoS attacks in WSNs. In this study, the effect of the DoS attack and its countermeasures at each layer is analyzed. However, a survey paper for DoS attacks is yet to be presented. Therefore, summarizing recent approaches in this section is crucial. As for the DoS attack, Premkumar and Sundararajan [49] presented how to detect DoS attacks efficiently. Their lightweight approach, the deep learning-based defense mechanism, was designed to detect attacks in the data forwarding phase. In the training phase, the input to detect the attack behavior consists of the received signal strength, the number of packets received per second, the packet receiving delay, the status of data changed, the data dropping ratio, and the data forward ratio. After creating the deep learning prediction model, the query processor interacts with this model to identify the types of DoS attacks.

4.3.1. Selective Forwarding Attacks

A selective forwarding attack involves selecting particular nodes or packets for forwarding so that malicious intermediate nodes can selectively discard some packets in WSNs. This attack can result in retransmission and affect the application of the report system. Furthermore, if the network is constructed in a hierarchical system, and a dropped packet is from the header node, then the impact of these attacks becomes severe. To prevent this attack, general countermeasures include probing or redundancy through multiple paths. In the case of multipath routing, a different path is established against this attack. Recent studies on this type of attack are discussed as follows.
Fu et al. [50] suggested the data clustering algorithm (DCA) for detecting a selective forwarding attack (DCA-SFA). Through the proposed scheme, a malicious cluster header was detected and identified. Unlike the previous approach, the proposed scheme considers link quality. To accomplish this, the detection is dependent on clustering cumulative forwarding rates and adaptive DCA parameters. Through these two approaches, malicious nodes can be distinguished from normal nodes under the same channel. Therefore, this prevents misjudgment for the normal node under poor channel conditions. Li and Wu [51] presented another countermeasure for SFA under clustering architecture and unreliable channels. Based on cumulative forwarding rates (CFRs) for cluster header and cumulative transmission rates for the member node, three types of nodes, namely malicious, suspicious, and regular nodes, are defined. To distinguish nodes, a non-cooperative game method with reward and punishment is applied according to the node type. The Nash equilibrium was introduced for reward between regular nodes and suspicious nodes. This equilibrium forces the suspicious nodes to increase their forwarding rates. Related to CFR in [51], Zhang et al. [52] considered highly dense deployment. In this case, inevitable interference among nodes results in the inaccurate detection of misbehavior. To solve this problem, the authors proposed a novel E-watchdog in which detection agents prevent collaborative selective forwarding attachment as well as filter fake reports from attackers. The agent that is close to the forwarding node is in charge of SFA by monitoring data transmitted by the forwarding node and the receiving node. Figure 6 illustrates an example of SFA detection in E-watchdog. In this figure, if node A recognizes that B forwards the packet to C, and B is regarded as the normal node; otherwise, B is the SFA node. At node B, the (1) forward and (2) normal nodes represent the normal node, whereas (3) drop and (4) SFA detect the SFA node in the E-watchdog scheme. Ding et al. [53] proposed the noise-based density peaks clustering (NB-DPC) algorithm with CFR of all nodes. The new algorithm defines noise points to detect malicious behavior and speeds up the detection step by removing unnecessary steps. The noise point is chosen based on local density.
A reinforcement learning-based scheme [54] to detect SFA to extend the previous work in [55] was proposed. They presented a double-threshold density peaks clustering (DT-DPC) algorithm to detect abnormal and suspicious nodes. Abnormal nodes are identified by continuous abnormalities, whereas suspicious nodes are identified by the neighbor voting method. In addition to the previous node’s type, the DT-DPC algorithm is applied to divide nodes into three categories. Depending on the node type, the role of each node is set. Abnormal nodes are confirmed as malicious nodes if they are classified as abnormal in the successive five rounds, whereas suspicious nodes are further confirmed by the neighbor voting method. Normal nodes are nodes that are not abnormal or suspicious. X. Huang and Y. Wu [56] proposed an artificial immune system based on the danger model to address the problem of existing schemes, that is, low accuracy or high algorithm complexity. The proposed scheme consists of a collection of danger signals and the selection of an optimal danger threshold. During the screening stage, a support vector machine (SVM) screens suspected selective forwarding attacks through the nodes’ remaining energy, forwarding rate, connection duration, transmission frequency, and transmission time. During the confirmation stage, the optimal danger threshold is set. Using this threshold, a novel suspected node is confirmed. The authors proved that the combination of the danger model and SVM renders detection against selective forwarding attacks more effective than those of previous studies. Huang et al. [57] proposed a long short-term memory (LSTM) ML algorithm to detect SFA using training and detecting stages. Through LSTM, a node’s forwarding behavior is trained, and the error is predicted. Based on this model, dynamic thresholds are set to identify misbehavior during the detecting stage. An extended neighbor voting method in [55] was proposed to differentiate between malicious and normal nodes. In addition to the voting system, one more similarity exists with [55,56]. The authors assumed SFA under time-variant harsh environments in WSNs. During the training stage, normal nodes’ forwarding rate and variational mode decomposition method were used for training. Following this model, a rational threshold selection rule and neighbor voting method were used to identify the abnormality. Li et al. [58] proposed a novel detection scheme for SFA with a deep belief network (DBN) and density-based spatial clustering of applications with noise (DBSCAN) under harsh environments. The DBN is used to extract the features of the node, whereas the DBSCAN induces clustering to distinguish malicious nodes. A DBN is a probability-generating deep neural network that extracts data features through the underlying network quickly. DBSCAN is used to separate noise points from clusters more efficiently than other clustering methods. After identifying the behavior of the node, the normal node can be screened through DBSCAN. Unlike the previous work from the same research group, this research targets mobile and immobile harsh environments. The feasibility of combining DBSCAN with DBN was proven through simulations.

4.3.2. Black Hole Attacks

Selective forwarding attacks can be categorized as black hole and gray hole attacks. In black hole attacks, a malicious intermediate node drops all received packets. Therefore, it is regarded as the worst SFA. Compared to general SFAs, limited studies have focused on black hole attacks.
Sharma et al. [59] proposed a countermeasure for black hole attacks through the ripple routing protocol (RPL), which is used for the IPv6 protocol over 6LoWPAN. The authors insisted that existing schemes based on intrusion detection were too heavy or required working in the promiscuous mode. To overcome these shortages, the proposed scheme was designed to incorporate a novel distributed timer-based mechanism to perform malicious node detection through a two-step verification model. During the first step, a node set its parent as a potential black hole node. Next, a malicious node was verified using neighboring nodes in the second step. Each node is responsible for ensuring that its parent is not a black hole. A distributed timer is reset whenever a data packet is received. When no packet is received and the timer expires, the parent node is marked as a suspect and verified by all neighboring nodes.
Suma and Harsoor [60] analyzed the effect of packet drop because of the black hole in WSNs. Because packet drops can be caused by either congestion or SFAs, their contribution is to design an on-demand link and energy-aware dynamic multipath (O-LEADM) routing scheme by combining bait methods and reply sequences. By matching two control messages, destination-sequence (des-Seq) and reply-sequence (rep-Seq), a malicious node can be detected using the bait method. In the bait method, a bit request with randomly generated false id is broadcasted. If an attacker replies to the source node by misunderstanding this as a route request message, then a source node confirms the corresponding node as the black hole and adds it to the lists. During path selection, they take into account link stability, bandwidth, and residual energy parameters.
For black hole attacks in WSNs, Hasan et al. [61] investigated the effect of black hole attacks on network performance through an ad hoc on-demand distance vector (AODV) routing protocol. Following the digital forensic investigation process, attack simulation was conducted using an NS3 simulator. During the digital evidence identification and collection phase, literature review and commercial tools such as Wireshark and flow monitor were used. Next, isolation and forensic examination of the digital evidence were performed through traffic and node analysis. Based on these procedures, the networks consisting of normal and black hole nodes were reconstructed to verify damage analysis through forensic analysis. Binthiya and Ravindran [62] proposed to detect black hole attacks by the intrusion detection technique. They introduced a novel fuzzy logic-based intrusion detection system with a hidden Markov model (FIDS-HMM). A HMM was implemented to monitor the energy levels of nodes and analyze energy consumption patterns. Furthermore, malicious nodes were detected using a novel intrusion detection system with fuzzy logic.

4.3.3. Gray Hole Attacks

Unlike black hole attacks, a malicious node in the gray hole attack (GHA) randomly drops packets. Thus, detecting GHAs is more difficult than SFAs because a malicious node can appear to be working properly before it selectively discards packets.
Ye et al. [63] addressed the impact of GHAs on the sink node in WSNs. To prevent this attack, the authors designed a fuzzy logic model to identify suspicious activity through the rule. This fuzzy logic model can be used to distinguish GHAs with differing drop probabilities. In fuzzy logic, the first task is to determine whether incoming and outgoing packets are traveling at the same rate. If a GHA occurs, some data cannot reach their destination.
Chinnaraju and Nithyanandam [64] presented a simple GHA detection method, namely the prevention and reduction approach, by examining the storage table. The proposed scheme consists of four functionalities, namely network data collection, gray hole detection, gray hole prevention, and gray hole reduction. If the traffic limit is exceeded, an analysis of the flow at the higher level is conducted to validate flooding. If the attack is ongoing, the corresponding node is identified as a malicious user and blocked. Shahid et al. [65] proposed a trust-based cellular automata energy drainage detection and prevention scheme (CAT-EDP) to detect GHAs and scheduling attacks over a low-energy adaptive clustering hierarchy (LEACH) routing protocol. In the proposed scheme, a direct and indirect trust protocol to designate the CH with a trust value and received signal strength index (RSSI) is used to prevent malicious nodes from being the cluster header. To achieve this objective, every node measures its energy value and shares it with its neighbors. When an energy drain attack occurs, a node notices that energy draining is faster than in the normal case. Because the cluster header is set by the remaining energy, distance, and trust values, the attacker node is blocked from being the cluster header. Another paper that addresses gray holes and scheduling attacks under LEACH was presented in 2024. Bhatti et al. [66] proposed space–time-efficient probabilistic data structures to overcome the resource limitations of sensor nodes. The data structure is crucial for selecting trust metrics, designing cellular automata (CA) rules, updating trust rates, and propagating them to the whole network. The Bloom filter, CM sketch, and CA structure are used to address energy drainage attacks are presented. This method is used to prevent a malicious node from being a cluster header. If a node detects an energy drainage attack, then it is inserted into the Bloom filter. In the next round, when no frame is received from the CH listed in the Bloom filter, it is excluded from the nominated cluster header. Sihomnou et al. [67] incorporated game theory to detect GHAS. The interaction between THE attack and its victim is modeled as an incomplete information game with three main actors: normal, gray hole, and destination node attacks. Optimal strategies through a mathematical model are dependent on various scenarios. The proposed scheme aims to reach the optimal Nash equilibrium by determining and evaluating action profiles of gray hole nodes.

4.3.4. Wormhole Attacks

A wormhole attack is implemented such that an attacker implants malicious nodes without compromising any legitimate nodes. Thus, detecting this attack is difficult without prior knowledge of the network. Typically, a malicious node creates a secret route called a tunnel to establish a connection between them. Using this tunnel, if any packet comes to either of the attacker nodes, then it is tunneled to the other attacker node. Even though intermediate nodes along the tunnel are not a part of the connection, they become involved in transmission and drain their battery power. For example, Figure 7 illustrates an example of a wormhole tunnel. After the wormhole attack succeeds, two communication paths, upper and lower, have a hop count of more than six. However, because the wormhole tunnel between sending node A and receiving node B has only two hops, the packet is forwarded along the wormhole tunnel. After studying each method, we compare them, as presented in Table 7, in terms of advantages and disadvantages.
Luo et al. [68] proposed a protocol for creating a credible neighbor discovery against wormholes (CREDND) to defeat the problem of existing methods, such as the requirement of additional hardware and high communication overheads. Through CREDND, both external and internal wormholes are detected through the hop distance and monitoring of authentication packets. To improve the efficiency of detection, a novel scheme named the neighbor ratio threshold is introduced to compare the neighbor number of a node with all its neighbors to launch CREDND on specific nodes rather than all of them. If the neighbor ratio is higher than the threshold, it is classified as a suspected node. Next, the detection scheme for external wormholes is performed by comparing real links and thresholds. For the rest of the pairs who have common neighbors in the listed suspected nodes, the internal wormhole detection method is followed in a principle that suspected node pairs’ common neighbors monitor whether the packets between them are forwarded.
Ahutu and El-ocla [69] proposed a novel lightweight multi-hop routing protocol specialized for the 802.15.4 protocol to minimize energy consumption. A novel centralized routing protocol method called the medium-access control centralized routing protocol (MCRP) incorporated a high-energy base station, unlike the previous distributed approach, to save energy. In the MCRP, a base station is used to determine the routing path, monitor the topology, and perform tasks. Thus, the end-to-end time delay between the base station and sink contributes to detecting the wormhole node working as the pinpoint link. To detect the wormhole node, the time ratio threshold is defined as the ratio of expected delivery time along the normal and wormhole link between the source and the destination. If the wormhole link exists, the ratio is less than average. Thus, a wormhole node is detected. Tamilarasi and Santhi [70] proposed a novel method to detect wormhole paths over an ad hoc on-demand multipath distance vector routing protocol in which K paths were assumed. Two messages, a detection packet (DP) and a feedback packet (FP) from the destination, were used to verify the wormhole nodes along the path. By identifying the wormhole path, a secure path without wormhole nodes was established through the particle swarm optimization (PSO) algorithm. To detect a wormhole node, a source node sends the DP message toward a destination. Like the original AODV, a destination node replies to the FP message to the source. After receiving the FP, the round-trip time is measured. If this RTT is less than the threshold value or the hop count is equal to 2, then this path is the wormhole path. After identifying the wormhole-attacked path among all the multipaths, the source node selects one of the wormhole-free paths through the PSO algorithm by considering the energy level of all intermediate nodes. The energy efficiency of detecting wormhole nodes was addressed in [71]. In this study, the ESWI was proposed to satisfy the requirement needed to reduce overheads and energy draining during the operation. Similar to a previous study, they measured the round-trip time and compared it with the predefined distance threshold. If this round-trip time exceeded the threshold, this path was marked as containing a suspicious node. After completing the marking, a detection algorithm with two steps was performed. First, whether the hop interval duration exceeded the threshold was checked. Second, a high-power transmission channel was identified. If the path was not confirmed by the two methods, this path was considered to have wormhole nodes.
Teng et al. [72] proposed a novel wormhole detection algorithm to be combined with the node trust optimization model against wormholes. The number of neighbors exceeding the threshold is added to the list of suspicious nodes. Moreover, the path exceeding the wormhole threshold is tested by establishing a trust model for both the node and path. The threshold is set with analysis and practical simulation and used for path trust evaluation by performing node trust with the path hops and path trust detection on paths with hops exceeding the wormhole threshold. If the number of neighbors of a node exceeds the threshold, then it can be attacked by the wormhole. By including a node in the list of suspicious nodes, a subsequent detection stage is performed. The path’s trust evaluation is measured by group calculation, indicating that every two hops belong to the same group with the comprehensive trust of intermediate nodes. By using this trust model, if wormholes occur, then attacked nodes force wormhole nodes into the go-to-sleep state and they do not participate in network communication.
Alajlan [73] proposed a novel multi-step detection (MSD) scheme. The MSD method consists of five detection modules for simplex and duplex wormhole attacks. Neighbor node validation, prolonged node validation, secret key, and signature generation processes are the primary components. For the detection process, duplex and simplex wormhole attack scenarios are considered and explained. For both cases, the sensor node recognizes all its valid locators for the first time. Because an attacker node tries to change the location of the legitimate node, the estimated location is based on the exact distance that is smaller than a minimum threshold. This property is applied to detect the wormhole node. In terms of using location information, Garg et al. [74] proposed novel secure, optimized localization in a large-scale WSN (SOLLW) using a one-class SVM. The SOLLW detects wormhole-infected anchor nodes by identifying the hop count and distance among the anchor pairs through an SVM. This procedure is accomplished by a random distance error factor with the distance estimated by hop parameters. If a wormhole is infected on a specific anchor node, then the estimation of location is not correct because the hop count is not the same as the actual count. This difference is captured by an unsupervised SVM and recovered through linear optimization.
In summary, most of the research work is involved in this network layer. Even though some ML approaches have been proposed, they can be improved by optimizing the parameters in their models or employing new ML approaches with new objective functions. Recently, deep reinforcement learning with multi-agents has gained researchers’ interests’ to support multi-objective functions and good performance for routing.

4.3.5. Sinkhole Attacks

In sinkhole attacks, a compromised node can attract all the traffic from neighbor nodes by faking the routing metric in the routing protocol. A malicious node in this attack advertises itself as the closest node to the sink node to capture the network traffic, then drops data packets instead of forwarding them to the base station. This operation can cause an energy drain on surrounding nodes because all traffic is forwarded to them but not the sink node. Rehman [13] published a survey paper with existing schemes before 2019. They reviewed sinkhole attack detection, prevention strategies, and attack techniques. Furthermore, fuzzy logic-based systems are recommended as countermeasures in the intruder detection system. As a similar approach, we will review recent work on sinkhole attacks in the WSN that have been published since 2019.
Babareer and Al-ahmadi [75] proposed a lightweight, secure method that extended existing threshold-sensitive, energy-efficient sensor network protocols for routing, as well as watermarking techniques to ensure data integrity during transmission. Homomorphic encryption was used to detect and prevent sinkhole attacks. The BS generates two keys, namely network and cluster keys. The network key is used to encrypt and decrypt node IDs between clusters. If a node becomes a sinkhole attacker, then it propagates a message to the sensor nodes with its encrypted ID. This node is detected by a cluster header. Teng et al. [76] proposed sinkhole attack detection by integrating set pair analysis (SPA) and Jaya algorithms in WSNs. The trust value of a suspicious node is calculated by the SPA trust model and used to detect the attacker. To avoid the attacked region, the detoured path is constructed using the Jaya algorithm. The proposed scheme is composed of a suspiciousness detection phase, a malicious identification phase, and defense against attack phase. Abnormal changes caused by sinkhole attacks include the hop count, packet forwarding rate, energy consumption, and delay initiating the detection procedure by building a trust evaluation model by combining direct and indirect trust values. Khedr et al. [77] proposed a novel intrusion detection scheme called a time-synchronized multivariate regressive convolution deep neural network model (TSMR-CDNN). In this model, the sinkhole attack is identified by clock characteristics and radio details. As for data packets from the node, each node estimates the clock characteristics and radio information that is analyzed by the regression function. The estimated value is compared with a threshold value to make the decision for the attacker.

4.3.6. Sybil and Vampire Attacks

A Sybil attack is accomplished by a malicious device illegitimately taking on multiple identities. In a vampire attack, two attack models are known. In the first case, the malicious node composes a fake packet repeatedly, and the path between the source node and the destination node is stretched to include all the nodes in the network. This is carried out during the forward process by a malicious node. The vampire attack is one example of an energy-draining attack.
In 2021, Arshad et al. [78] published a survey of the most up-to-date methods to detect Sybil attacks and countermeasures, including encryption, trust, received signal indicator (RSSI), and artificial intelligence. Khan and Singh [79] proposed a dual trust-based multi-level Sybil (DTMS) to detect Sybil attacks using a multi-level detection system to verify the identity and location of each node under a clustering architecture. A trust value based on the node’s behavior and dynamic reward and penalty was performed in DTMS. To reduce communication, data aggregation was introduced.
We reviewed two research works for vampire attacks in WSNs. First, Gong et al. [80] proposed resource-conserving protection against the energy-draining protocol to detect vampire attacks by selecting routes with the maximum priority. It was represented as the highest value with energy efficiency and security performance through an analytic hierarchy process. In 2024, Arunachalam and Kanmani [81] proposed a novel deep learning-based vampire attack detection model involving the following steps: data collection, attack detection, mitigation, and optimal path selection. After isolating vampire nodes, the routing path was established with the rest of the nodes.

4.4. Transport Layer

Two types of attacks, namely, synchronization floods and desynchronization attacks, cause energy draining by sending unnecessary connection establishment requests or disrupting the already established connection. Compared with other layers, few studies have been published on this topic since 2019.
First, Al-naeem [82] presented DDoS-PSH-ACK (ACK & PUSH ACK Flood) in WSNs. Through the experimental results and analysis for the DDoS attack in the transport layer, the transmission-session WSN and factor through the DDoS attack were highlighted. The author indicated that the proposed scheme could predict DDoS attacks by monitoring transmission behavior.
TCP SYN-based DDoS attacks on EKG signals are monitored through WSNs. In 2022, Kumar and Gowda [83] focused on syn flooding attacks in WSNs. They proposed the detection of syn flooding attacks using power generated while establishing a connection. The efficiency of the mitigation of the syn flooding scheme when identifying an attacker node was demonstrated through simulations. Detection was accomplished by comparing the waiting time for receiving the ACK and the threshold.

4.5. Application Layer

As a representative application of WSNs, a target tracking and monitoring system requires location information that is acquired by localization algorithms. During localization procedures based on relationships with neighbors, the node is highly vulnerable to localization attacks. This phenomenon implies that the DoS attack on this localization system can be severe and energy-consuming. In this section, we will review the localization attack and its countermeasures in WSNs.
Shi et al. [84] addressed the problem of node localization in the presence of DoS attacks and proposed the distributed iterative localization (DILOC) algorithm while assuming a general attack model. Because the existing DILOC algorithm is assumed to work in a perfect communication environment, it cannot achieve localization under attack. To work correctly in the DoS attack, a novel extended abandonment strategy (AS)-DILOC algorithm is proposed. This model is based on the barycentric coordinates, which are based on relative distance measurement. If a packet is lost due to a DoS attack, a sensor node abandons the location estimation to prevent inaccurate computation. Based on this AS-DILOC algorithm, extended research work in mobile sensor networks was presented in [85]. In mobile sensor networks, communication between sensor nodes is intermittent. Therefore, it poses time-varying characteristics for communication networks. To support the technical challenges posed by time-varying network topology in mobile sensor networks, their extended version involved graph composition and a substochastic matrix. Nguyen et al. [86] proposed a localization scheme to overcome attacks, specifically independent and collusion attacks, using two algorithms, namely the improved randomized consistency position algorithm (IRCPA) and the enhanced attack-resistant secure localization algorithm by combining the voting method, location optimization, and the PSO algorithm paradigm. The model focuses on mitigating the impacts of localization attacks on the anchor nodes, as well as calculating the fitness value for anchor nodes. In an IRCPA operation, the unknown node under collusion attack is localized using three random anchor nodes and PSO optimization. Prior to measuring the distance between the anchor node, the attack is detected using the trilateral detection method. If the anchor node is attacked, then the anchor nodes violate the trilateral detection conditions. In this case, localization is performed without affecting anchor nodes by excluding malicious nodes.
Unlike the two studies mentioned previously, Yu et al. [87] proposed the localization method against wormhole attacks with the distance vector hop (DV-HOP) algorithm. The original DV-HOP positioning process involves (1) determining the minimum hop value between beacon nodes, (2) calculating the average hop distance between beacon nodes, and (3) determining the distance between it and each beacon node. To extend the DV-HOP for the wormhole attack, changing the hop count between the beacon nodes is critical to remove ties between them. If the wormhole node is detected, then the hop count is adjusted. After computing a node’s location, this information is sent using a broadcast method and compared with one in each node. If the distance between the two nodes is sufficiently large, then the location of the wormhole link can be determined.

4.6. Framework for Energy Drainage Attacks in WSNs

We reviewed studies to address the problem and present a new method to resolve it. Some studies have integrated several methods into a framework. In this section, we will introduce such examples.
John et al. [88] proposed a novel DoS attack detection framework called cluster-based WSNs and variable selection ensemble machine learning algorithms (CBWSN_VSEMLA). The model is dependent on the fuzzy C-means (FCM) clustering technique, ensemble ML algorithms, and principal component analysis (PCA) for feature selection algorithms. After completing five steps for the fuzzy C-means (FCM) clustering technique, a variable selection ensemble machine learning algorithm (VSEMLA) was devised to detect four DoS attacks: black hole, grey hole, flooding, and scheduling attacks. Clustering was optimized through the fuzzy coefficient partition (FCP) by computing the optimal number of clusters. Novel WSN-DS data involves four types of attacks, and normal traffic was given to PCA and the ensemble ML algorithm. Next, model prediction for DoS attacks was developed. For the classifiers in ensemble ML algorithms, bagging, LogitBoost, and RandomForest algorithms were used. Khan et al. [89] devised a novel hybrid trust management framework called the multi-layered assessment system for trustworthiness enhancement and reliability (MASTER). Under the clustering architecture, MASTER focuses on detecting and mitigating conventional energy drainage attacks, such as Sybil, black hole, ballot stuffing, and on–off attacks. The architecture builds direct and indirect trust evaluation and combines them. An SVM with an RBF kernel was used to train the model for trust evaluation. The model was trained with 5776 training samples and 1156 cross-validation samples. To develop the trust model and generate the trust value, the co-location relationship, co-work relationship, cooperativeness frequency duration, and reward (R) were obtained from the sensor device. Two types of trust, communication trust and data trust were evaluated at three levels under the clustered architecture.
Hu et al. [90] proposed a novel framework to detect malicious behavior detection caused by false data injection attacks (FDIAs) using the ML algorithm. Through the framework, large-scale sensors are categorized into correlation groups by extracting spatiotemporal correlation information from sensor data. Furthermore, a consistency criterion was also developed to identify abnormal sensor nodes. A real data set was obtained from the U.S. smart grid, and simulated data sets were obtained using both the simple FDIA and the stealthy FDIA strategies. This detection framework consists of correlation grouping, prediction, and testing. For the group, the temporal correlation between time-series signals from sensors was obtained, and subsequent detection methods were performed within each group. Based on the normal and actual temporal correlation of the cross-correlation within each group, consistency was achieved between the pairwise sensor data to detect abnormal nodes.

5. Open Research Challenges and Discussion

In a previous section, we reviewed state-of-the-art research in energy drain attacks and their countermeasures. Although numerous papers have been studied, some issues and research challenges remain.
  • New network architecture: Most of the previous studies have been conducted in distributed systems, either flat or clustering. However, many schemes exhibit high computational costs and communication overheads when detecting several attacks. To address this problem, a centralized approach was proposed using software-defined WSNs (SDWSNs) supported by cloud computing. For example, Alturki et al. [91] proposed security issues for the sensor-cloud architecture from various security attacks to preserve its integrity. Miranda et al. [92] proposed a software-defined security framework to combine intrusion prevention and anomaly detection systems. Moreover, Luo et al. [93] discussed the security problem under SDWSNs. The authors proved that the edge gateway isolates the abnormal nodes and generates control messages to rapidly recover the network. However, challenges related to the failure of the controller in SDWSNs and communication overhead remain. Related to SDWSNs, as addressed in [94], centralized and resource-aware properties in SDWSNs can accommodate complex ML algorithms properly. The new ML-SDWSN architecture comprises the three SDN planes and a machine learning module. Usually, the ML module is installed in two locations: the control plane and the application plane. However, this SDN architecture is also vulnerable to security attacks. So, countermeasures for attacks are as follows [95]: forged traffic flows, attacks on the control plane, vulnerabilities in controllers, administrative station attacks, and a lack of trusted resources. Furthermore, SDN-Edge architecture [96] is also recently proposed for WSN-enabled IoT. Since the centralized controller becomes a prime target for attacks, resource-rich edge computing for SDN can contribute to improving the mitigation technique and reduce complexity. This approach can be extended to SDWSNs to improve their performance.
  • Cross-layered approach: Even though there has been no recent cross-layered approach for energy drain attacks in WSN since 2019, we can estimate the impact of the cross-layered approach by referring to other work. R. Mustafa et al. [97] discussed multi-layered security approaches and suggested how to enhance the energy efficiency of resource-constrained devices in IoT networks. As an example of secure routing, it has been proven that network performance can be preserved while energy consumption is decreased across all these layers. As an instance for energy drain attacks, jamming detection at the physical layer can be delivered to the network layer so it can be used to avoid this node to be included in the routing path in the network layer.
  • Integrating with the IoT: The IoT can be incorporated into WSNs to extend their communication capabilities. This result implies that most WSN technologies can be applied to the IoT. However, severe constraints in the IoT require existing schemes for WSNs to be lightweight. For example, Borgiani et al. [98] demonstrated the feasibility of the mitigation scheme for the DoS attack in time-limited critical scenarios and large-scale IoT-based WSNs. Furthermore, Chandnani and Khairnar [99] proposed secure data aggregation by detecting node behavior in the network, calculating the nodes’ trust value, and using a data gathering method. The proposed protocol provides a lightweight XOR-based encryption solution for securing data in a multi-hop environment and forwarding data for IoT WSNs. Practical applications and attack scenarios that involve the integration of the IoT in WSNs remain research challenges.
  • Using a blockchain: Conventional identity authentication protocols that depend on trusted third parties to prevent several attacks face problems in terms of additional overhead and single-point failure. Therefore, blockchain technology with decentralization characteristics provides a novel perspective for WSNs. Ramasamy et al. [100] reviewed the in-depth survey of a blockchain-based approach for malicious node detection and energy drain prevention by integrating a blockchain technique with WSNs named BWSN. Arachchige et al. [101] investigated whether blockchains on IoT sensor network platforms are vulnerable to DDoS attacks through experiments over a blockchain testbed. However, the energy efficiency of blockchains remains unresolved.
  • Introducing ML: ML technology can improve the attack detection performance by optimizing the model. Furthermore, ML techniques that can address dynamic situations with a successful learning process have been applied in WSNs. ML technology can be used to identify attacks, risks, and malicious nodes [101]. Evaluations based on both supervised and unsupervised ML for flooding, gray hole, and black hole DoS attacks [102] have been presented. Deep learning models for DoS attack detection in WSNs [103] have also been discussed. Integration between HMMs and Gaussian mixture models for routing security [104] can identify abnormal nodes and pinpoint malicious network behaviors from their origins. Lightweight ML algorithms specialized for ML and privacy in collecting data are promising research challenges. In addition, ML algorithm requires high costs for deployment, such as computing resources, data collection, and long training times. Thus, a lightweight ML algorithm and data collection should the main focus of further research. On the other hand, it is also considerable to create a hybrid ML approach that is suitable for working on such types of embedded devices. Similarly, it is very important to decide the location of the ML training process, such as the edge and controller in SDWSNs mentioned in the network architecture above.
  • Preparing data set: The data set for attacks is difficult to obtain. Aside from a public WSNs-based dataset, Dener et al. [105] examined a WSNs-BFSF data set using learning models after necessary preprocessing. The WSN-BFSF data set consists of attack traffic data, including black holes, flooding, selective forwarding, and normal traffic data through ns-2 simulation. Specialized in IoT, the SimpleHome_XCS7_1003_WHT_Security_Camera dataset among N-BaIoT data sets [106] was examined. This data set was used to categorize the data set containing attack and normal traffic data with high accuracy using twenty-three supervised and unsupervised ML models. These included naive Bayes, naive Bayes updateable, random forest, and random tree. Table 8 lists the available data sets for security attacks and their properties. In addition to including these data sets, the development of data sets for energy drainage attacks is crucial.
  • Validation by implementation: Most of the proposed approaches, except for ML-based methods analyzed in this review, were validated by simulation. Thus, it is also required to validate the proposed scheme through empirical experiments in the real world with scenarios that are equivalent to the collected and represented by data set for ML approaches. The data set can be transformed into a feasible format and used in mentioned frameworks such as [88,89,90]. The instances of EDA attacks through real implementation on sensor nodes were explained in [107,108,109,110,111]. Even though these implementations provide us with guidance for implementation, the most recent case was reported in 2016. So, it is required to implement the proposed algorithms on recent commercial products.

6. Conclusions

We reviewed state-of-the-art research in energy drainage attacks in WSNs since 2019. First, the constraints of WSNs and security requirements were analyzed. Through in-depth existing survey papers, previous research works were identified. Next, we presented their studies on the detection of energy drainage attacks and their countermeasures in a layered approach. We focused on jamming at the physical layer, denial of sleep at the data link layer, DoS at the network layer, flooding at the transport layer, and localization at the application layer. As open research challenges, five research topics were discussed.
This survey paper will be extended to include more research papers related to this topic that are not mentioned, such as node tempering and trust-based routing. Furthermore, new research challenges, such as anomaly detection and privacy preservation, will be studied and investigated.

Author Contributions

Conceptualization, J.-K.L. and Y.-R.C.; Formal analysis, B.-K.S. and S.-W.J.; Project administration, K.-I.K. All authors read and agreed to the published version of the manuscript.

Funding

This study was conducted with the support of the National Research Foundation of Korea and funding from the government (Ministry of Science and ICT) under Grant No. RS-2023-00258052.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Data are contained within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Tabella, G.; Ciuonzo, D.; Paltrinieri, N.; Rossi, P. Bayesian Fault Detection and Localization Through Wireless Sensor Networks in Industrial Plants. IEEE Internet Things 2024, 11, 13231–13246. [Google Scholar] [CrossRef]
  2. Wang, Y.; Attebury, G.; Ramaurthy, B. A Survey of Security Issues in Wireless Sensor Networks. IEEE Commun. Surv. Tutorials 2006, 8, 2–23. [Google Scholar] [CrossRef]
  3. Chen, X.; Makki, K.; Yen, K.; Pissinou, N. Sensor Network Security: A Survey. IEEE Commun. Surv. Tutorials 2009, 11, 52–73. [Google Scholar] [CrossRef]
  4. Sen, J. Security in Wireless Sensor Networks. In Wireless Sensor Networks: Current Status and Future Trends; CRC Press: Boca Raton, FL, USA, 2012; pp. 407–460. [Google Scholar]
  5. Yang, Q.; Zhu, X.; Fu, H.; Che, X. Survey of Security Technologies on Wireless Sensor Networks. J. Sensors 2015, 2015, 10585–10596. [Google Scholar] [CrossRef]
  6. Tomic, I.; McCann, J. A Survey of Potential Security Issues in Existing Wireless Sensor Network Protocols. IEEE Internet Things J. 2017, 4, 1910–1923. [Google Scholar] [CrossRef]
  7. Yu, J.; Lee, E.; Oh, S.; Seo, Y.; Kim, Y. A Survey on Security Requirements for WSNs: Focusing on the Characteristics Related to Security. IEEE Access 2020, 8, 45304–45324. [Google Scholar] [CrossRef]
  8. Faris, M.; Mahmud, M.; Fadzli, M.; Salleh, M.; Alnoor, A. Wireless Sensor Network Security: A Recent Review Based on State-of-the-art Works. Int. J. Eng. Bus. Manag. 2023, 15, 1–29. [Google Scholar] [CrossRef]
  9. Ram, G.; Ilavarasan, E. Security Challenges in Wireless Sensor Network: Current Status and Future Trends. In Wireless Personal Communications; Springer: New York, NY, USA, 2024; pp. 1173–1202. [Google Scholar]
  10. Oztoprak, A.; Hassanpour, R.; Ozkan, A.; Oztopark, K. Security Challenges, Mitigation Strategies, and Future Trends in Wireless Sensor Networks: A Review. ACM Comput. Surv. 2024; in press. [Google Scholar] [CrossRef]
  11. Gautam, A.; Kumar, R. A Comprehensive Study on Key Management, Authentication and Trust Management Techniques in Wireless Sensor Networks. SN Appl. Sci. 2021, 3, 1–27. [Google Scholar] [CrossRef]
  12. Yousefpoor, M.; Yousefpoor, E.; Barati, H.; Barati, A.; Movaghar, A.; Hosseinzadeh, M. Secure Data Aggregation Methods and Countermeasures against Various Attacks in Wireless Sensor Networks: A Comprehensive Review. J. Netw. Comput. Appl. 2021, 190, 1–42. [Google Scholar] [CrossRef]
  13. Rehman, A.; Rehman, S.; Raheem, H. Sinkhole Attacks in Wireless Sensor Networks: A Survey. Wirel. Pers. Commun. 2019, 106, 2291–2313. [Google Scholar] [CrossRef]
  14. Szymoniak, S. Key Distribution and Authentication Protocols in Wireless Sensor Networks: A Survey. ACM Comput. Surv. 2024, 56, 1–31. [Google Scholar] [CrossRef]
  15. Xie, H.; Yan, Z.; Yao, Z.; Atiquzzaman, M. Data Collection for Security Measurement in Wireless Sensor Networks: A Survey. IEEE Internet Things J. 2019, 6, 2205–2224. [Google Scholar] [CrossRef]
  16. Keerthikaa, M.; Shanmugapriya, D. Wireless Sensor Networks: Active and Passive attacks—Vulnerabilities and Countermeasures. Glob. Transitions Proc. 2021, 2, 362–367. [Google Scholar] [CrossRef]
  17. Engmann, F.; Katsriku, F.; Abdulai, J.; Adu-Manu, K.; Banaseka, F. Prolonging the Lifetime of Wireless Sensor Networks: A Review of Current Techniques. Wirel. Commun. Mob. Comput. 2018, 2018, 1–23. [Google Scholar] [CrossRef]
  18. Choudhary, A.; Barwar, N. Sensor Node Design Optimization Methods for Enhanced Energy Efficiency in Wireless Sensor Networks. In Proceedings of the International Conference on Cryptology & Network Security with Machine Learning; Springer: New York, NY, USA, 2024. [Google Scholar]
  19. Williams, A.; Torquato, M.; Cameron, I.; Fahmy, A.; Sienz, J. Survey of Energy Harvesting Technologies for Wireless Sensor Networks. IEEE Access 2021, 8, 77493–77510. [Google Scholar] [CrossRef]
  20. Leemput, D.; Hoebeke, J.; Poorter, E. Integrating Battery-Less Energy Harvesting Devices in Multi-Hop Industrial Wireless Sensor Networks. IEEE Commun. Mag. 2024, 62, 66–73. [Google Scholar] [CrossRef]
  21. Wang, Y.; Fu, X.; Yang, Y.; Postolache, O. Analysis on cascading robustness of energy-balanced scale-free wireless sensor networks. AEU—Int. J. Electron. Commun. 2021, 141, 1–15. [Google Scholar] [CrossRef]
  22. Antil, P.; Malik, A. Hole Detection for Quantifying Connectivity in Wireless Sensor Networks: A Survey. J. Comput. Netw. Commun. 2014, 2014, 1–11. [Google Scholar] [CrossRef]
  23. Nguyen, V.; Lin, P.; Hwang, R. Energy Depletion Attacks in Low Power Wireless Networks. IEEE Access 2019, 7, 51915–51932. [Google Scholar] [CrossRef]
  24. Kundu, A.; Lin, Z.; Hammond, J. Energy Attacks on Mobile Devices. In Proceedings of the IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), Atlanta, GA, USA, 28–31 October 2020. [Google Scholar]
  25. Al-Husseini, Z.; Chaiel, H.; Meddeb, A.; Fakhfakh, A. A Detailed Review of Wireless Sensor Network, Jammer, the Types, Location, Detection and Countermeasures of Jammers. Serv. Oriented Comput. Appl. 2024, 14, 225–247. [Google Scholar] [CrossRef]
  26. Tan, H.; Li, Z.; Xie, N.; Lu, J.; Niyato, D. Detection of Jamming Attacks for the Physical-Layer Authentication. IEEE Trans. Wirel. Commun. 2023, 22, 9579–9594. [Google Scholar] [CrossRef]
  27. Misra, S.; Mondal, A.; Bhavathankar, P.; Alouini, M. M-JAW: Mobility-Based Jamming Avoidance in Wireless Sensor Networks. IEEE Trans. Veh. Technol. 2019, 69, 5381–5390. [Google Scholar] [CrossRef]
  28. Mariappan, S.; Selvakumar, S. A Novel Location Pinpointed Anti-Jammer with Knowledged Estimated Localizer for secured Data Transmission in Mobile Wireless Sensor Network. Wirel. Pers. Commun. 2021, 118, 2073–2094. [Google Scholar] [CrossRef]
  29. Yang, F.; Shu, N.; Hu, C.; Huang, J.; Niur, Z. Jammer Location-Aware Method in Wireless Sensor Networks Based on Fibonacci Branch Search. J. Sensors 2023, 2023, 2261730. [Google Scholar] [CrossRef]
  30. Hasana, M.; Mustafa, H. An Anti-jamming Technique by Jammer Localization for Multi-channel Wireless Sensor Networks. Int. J. Comput. Netw. Commun. 2024, 16, 87–107. [Google Scholar]
  31. Permatasari, E.; Saifullah, A.; Zhang, H. Jamming-Resilient Channel Hopping for WirelessHART Networks. In Proceedings of the International Conference on Distributed Computing and Networking (ICDCN), Hyderabad, India, 4–7 January 2025. [Google Scholar]
  32. Del-Valle-Soto, C.; Mex-Perera, C.; Nolazco-Flores, J.; Rodríguez, A.; Rosas-Caro, J.; Martínez-Herrera, A. A Low-Cost Jamming Detection Approach Using Performance Metrics in Cluster-Based Wireless Sensor Networks. Sensors 2021, 21, 1179. [Google Scholar] [CrossRef]
  33. Zhou, Q.; Li, Y.; Niu, Y. Intelligent Anti-Jamming Communication for Wireless Sensor Networks: A Multi-Agent Reinforcement Learning Approach. IEEE Open J. Commun. Soc. 2021, 2, 775–784. [Google Scholar] [CrossRef]
  34. Pirayesh, H.; Sangdeh, P.; Zeng, H. Securing ZigBee Communications Against Constant Jamming Attack Using Neural Network. IEEE Internet Things J. 2021, 8, 4957–4968. [Google Scholar] [CrossRef]
  35. Rao, N.; Xu, H.; Qi, Z.; Wang, D.; Zhang, Y. Fast Adaptive Jamming Resource Allocation Against Frequency-Hopping Spread Spectrum in Wireless Sensor Networks via Meta-Deep Reinforcement-Learning. IEEE Trans. Aerospeace Electron. Syst. 2024, 60, 7676–7693. [Google Scholar] [CrossRef]
  36. Cortés-Leal, A.; Del-Valle-Soto, C.; Cardenas, C.; Valdivia, L.; Puerto-Flores, J. Performance Metric Analysis for a Jamming Detection Mechanism under Collaborative and Cooperative Schemes in Industrial Wireless Sensor Networks. Sensors 2021, 22, 178. [Google Scholar] [CrossRef]
  37. Hasan, M.; Hanapi, Z.; Hussain, M. Wireless Sensor Security Issues on Data Link Layer: A Survey. Comput. Mater. Contin. 2023, 75, 4065–4084. [Google Scholar]
  38. Khashan, O.; Ahmad, R.; Khafajah, N. An Automated Lightweight Encryption Scheme for Secure and Energy-efficient Communication in Wireless Sensor Networks. Ad Hoc Netw. 2021, 115, 102448. [Google Scholar] [CrossRef]
  39. Hasan, M.; Hanapi, Z. Efficient and Secured Mechanisms for Data Link in IoT WSNs: A Literature Review. Electronics 2023, 12, 458. [Google Scholar] [CrossRef]
  40. Tropea, M.; Spina, M.; Rango, F.; Gentile, A. Security in Wireless Sensor Networks: A Cryptography Performance Analysis at MAC Layer. Future Internet 2022, 14, 145. [Google Scholar] [CrossRef]
  41. Aloufi, B.; Alhakami, W. A Lightweight Authentication MAC Protocol for CR-WSNs. Sensors 2023, 23, 2015. [Google Scholar] [CrossRef]
  42. Fotohi, R.; Bari, S.; Yusefi, M. Securing Wireless Sensor Networks Against Denial-of-Sleep Attacks Using RSA Cryptography Algorithm and Interlock Protocol. Int. J. Commun. Syst. 2020, 33, 1–25. [Google Scholar] [CrossRef]
  43. Park, H. Anti-Malicious Attack Algorithm for Low-Power Wake-Up Radio Protocol. IEEE Access 2020, 8, 127581–127592. [Google Scholar] [CrossRef]
  44. Kardi, A.; Zagrouba, R. Securing Wake Up Radio for Green Wireless Sensor Networks against Denial of Sleep Attacks. Int. J. Sens. Netw. 2021, 36, 115–124. [Google Scholar] [CrossRef]
  45. Fotohi, R.; Bari, S. A Novel Countermeasure Technique to Protect WSN against Denial-of Sleep Attacks Using Firefly and Hopfield Neural Networks (HNN) Algorithms. J. Supercomput. 2020, 76, 6860–6886. [Google Scholar] [CrossRef]
  46. Kim, S.; Park, S.; Lee, J.; Lee, I. Secure Triggering Frame-Based Dynamic Power Saving Mechanism against Battery Draining Attack in Wi-Fi-Enabled Sensor Networks. Sensors 2024, 24, 5131. [Google Scholar] [CrossRef] [PubMed]
  47. Mujhtar, M.; Lashari, M.; Alhussein, M.; Karim, S.; Aurangzeb, K. Energy-Efficient Framework to Mitigate Denial of Sleep Attacks in Wireless Body Area Networks. IEEE Access 2024, 12, 122918–122928. [Google Scholar] [CrossRef]
  48. Islam, M.; Fahmin, A.; Hossain, M.; Atiquzzaman, M. Denial-of-Service Attacks on Wireless Sensor Network and Defense Techniques. Wirel. Pers. Commun. 2020, 79, 1993–2021. [Google Scholar] [CrossRef]
  49. Premkumar, M.; Sundararajan, T. DLDM: Deep learning-based defense mechanism for denial of service attacks in wireless sensor networks. Microprocess. Microsystems 2021, 116, 103278. [Google Scholar] [CrossRef]
  50. Fu, H.; Liu, Y.; Dong, Z.; Wu, Y. A Data Clustering Algorithm for Detecting Selective Forwarding Attack in Cluster-Based Wireless Sensor Networks. Sensors 2019, 20, 23. [Google Scholar] [CrossRef] [PubMed]
  51. Li, Y.; Wu, Y. Combine Clustering with Game to Resist Selective Forwarding in Wireless Sensor Networks. IEEE Access 2020, 8, 138382–138395. [Google Scholar] [CrossRef]
  52. Zhang, Q.; Zhang, W. Accurate Detection of Selective Forwarding Attack in Wireless Sensor Networks. Int. J. Distrib. Sens. Netw. 2019, 15, 1–8. [Google Scholar] [CrossRef]
  53. Ding, J.; Zhang, H.; Guo, Z.; Wu, Y. The DPC-Based Scheme for Detecting Selective Forwarding in Clustered Wireless Sensor Networks. IEEE Access 2021, 9, 20954–20967. [Google Scholar] [CrossRef]
  54. Ding, J.; Wang, H.; Wu, Y. The Detection Scheme Against Selective Forwarding of Smart Malicious Nodes With Reinforcement Learning in Wireless Sensor Networks. IEEE Sensors 2022, 22, 13696–13706. [Google Scholar] [CrossRef]
  55. Singh, S.; Saini, H. Learning-Based Security Technique for Selective Forwarding Attack in Clustered WSN. Wirel. Pers. Commun. 2021, 118, 789–814. [Google Scholar] [CrossRef]
  56. Huang, X.; Wu, Y. Identify Selective Forwarding Attacks Using Danger Model: Promote the Detection Accuracy in Wireless Sensor Networks. IEEE Sensors J. 2022, 22, 9997–10008. [Google Scholar] [CrossRef]
  57. Huang, X.; Li, S.; Wu, Y. LSTM-NV: A Combined Scheme against Selective Forwarding Attack in Event-driven Wireless Sensor Networks under Harsh Environments. Eng. Appl. Artif. Intell. 2023, 137, 106441. [Google Scholar] [CrossRef]
  58. Li, Q.; Ma, Y.; Wu, Y. Utilize DBN and DBSCAN to Detect Selective Forwarding Attacks in Event-driven Wireless Sensors Networks. Eng. Appl. Artif. Intell. 2023, 126, 107122. [Google Scholar] [CrossRef]
  59. Sharmaa, D.; Dhurandhera, S.; Kumarama, S.; Guptab, K.; Sharma, P. Mitigation of Black hole Attacks in 6LoWPANRPL-based Wireless Sensor Network for Cyber Physical Systems. Comput. Commun. 2022, 189, 182–192. [Google Scholar] [CrossRef]
  60. Suma, S.; Harsoor, B. An Approach to Detect Black Hole Attack for Congestion Control Utilizing Mobile Nodes in Wireless Sensor Network. Mater. Today Proc. 2022, 56, 2256–2260. [Google Scholar] [CrossRef]
  61. Hasan, A.; Khan, M.; Shabir, B.; Munir, A.; Malik, A.; Anwar, Z.; Ahmad, J. Forensic Analysis of Blackhole Attack in Wireless Sensor Networks/Internet of Things. Appl. Sci. 2022, 12, 11442. [Google Scholar] [CrossRef]
  62. Binthiya, A.; Ravindran, S. Intelligent Fuzzy Logic Based Intrusion Detection System for Effective Detection of Black Hole Attack in WSN. In Peer-to-Peer Networking and Applications; Springer: New York, NY, USA, 2024. [Google Scholar]
  63. Ye, Q.; Wang, Y.; Xi, M.; Tang, Y. Recognition of Grey Hole Attacks in Wireless Sensor Networks Using Fuzzy Logic in IoT. Trans. Emerg. Telecommun. Technol. 2019, 31, e3873. [Google Scholar] [CrossRef]
  64. Chinnaraju, G.; Nithyanandam, S. Grey Hole Attack Detection and Prevention Methods in Wireless Sensor Networks. Comput. Syst. Sci. Eng. 2022, 42, 373–386. [Google Scholar] [CrossRef]
  65. Shahid, J.; Muhammad, Z.; Iqbal, Z.; Almadhor, A.; Javed, A. Cellular Automata Trust-based Energy Drainage Attack Detection and Prevention in Wireless Sensor Networks. Comput. Commun. 2021, 191, 360–367. [Google Scholar] [CrossRef]
  66. Bhatti, D.S.; Saleem, S.; Ali, Z.; Park, T.J.; Suh, B.; Kamran, A.; Buchanan, W.J.; Kim, K.I. Design and Evaluation of Memory Efficient Data Structure Scheme for Energy Drainage Attacks in Wireless Sensor Networks. IEEE Access 2023, 12, 41499–41516. [Google Scholar] [CrossRef]
  67. Sihomnou, I.; Benslimane, A.; Ahmed, H.; Hemida, A.; Deugoue, G.; Kamhoua, C. Game-Theoretic Defense Strategies for Mitigating Gray Hole Attacks on Energy-Limited Sensors in Wireless Sensor Networks. In Proceedings of the International Conference on Computing, Networking and Communications, Big Island, HI, USA, 19–22 February 2024. [Google Scholar]
  68. Luo, X.; Chen, Y.; Li, M.; Luo, Q.; Xue, K.; Liu, S. CREDND: A Novel Secure Neighbor Discovery Algorithm for Wormhole Attacks. IEEE Access 2019, 7, 18194–18205. [Google Scholar] [CrossRef]
  69. Ahutu, O.; El-ocla, H. Centralized Routing Protocol for Detecting Wormhole Attacks in Wireless Sensor Networks. IEEE Access 2020, 80, 63270–63282. [Google Scholar] [CrossRef]
  70. Tamilarasi, N.; Santhi, S. Detection of Wormhole Attack and Secure Path Selection in Wireless Sensor Network. Wirel. Pers. Commun. 2020, 114, 329–345. [Google Scholar] [CrossRef]
  71. Shahid, H.; Ashraf, H.; Javed, H.; Humayun, M.; Jhanjhi, N.; AlZain, M. Energy Optimised Security against Wormhole Attack in IoT-Based Wireless Sensor Networks. Comput. Mater. Contin. 2020, 68, 1967–1981. [Google Scholar] [CrossRef]
  72. Teng, Z.; Du, C.; Li, M.; Zhang, H.; Zhu, W. A Wormhole Attack Detection Algorithm Integrated with the Node Trust Optimization Model in WSNs. IEEE Sensors J. 2022, 22, 7361–7370. [Google Scholar] [CrossRef]
  73. Alajlan, A. Multi-Step Detection of Simplex and Duplex Wormhole Attacks over Wireless Sensor Networks. Comput. Mater. Contin. 2022, 70, 4241–4259. [Google Scholar] [CrossRef]
  74. Garg, R.; Gulati, T.; Kumar, S. Wormhole Attack Detection and Recovery for Secure Range Free Localization in Large-scale Wireless Sensor Networks. Peer-to-Peer Netw. Appl. 2023, 16, 2833–2849. [Google Scholar] [CrossRef]
  75. Babareer, H.; Al-ahmadi, S. Efficient and Secure Data Transmission and Sinkhole Detection in a Multi-Clustering Wireless Sensor Network Based on Homomorphic Encryption and Watermarking. IEEE Access 2020, 8, 92098–92109. [Google Scholar]
  76. Teng, Z.; Li, M.; Yu, L.; Gu, J.; Li, M. Sinkhole Attack Defense Strategy Integrating SPA and Jaya Algorithms in Wireless Sensor Networks. Sensors 2023, 23, 9709. [Google Scholar] [CrossRef] [PubMed]
  77. Khedr, A.; Raj1, P.; Rani, S. Time Synchronized Multivariate Regressive Convolution Deep Neural Network Model for Sinkhole Attack Detection in WSN. Wirel. Pers. Commun. 2024, 134, 361–382. [Google Scholar] [CrossRef]
  78. Arshad, A.; Hanapi, Z.; Subramaniam, S.; Latip, R. A Survey of Sybil Attack Countermeasures in IoT-based Wireless Sensor Networks. PeerJ Comput. Sci. 2021, 7, e673. [Google Scholar] [CrossRef] [PubMed]
  79. Khan, T.; Singh, K. DTMS: A Dual Trust-Based Multi-level Sybil Attack Detection Approach in WSNs. Wirel. Pers. Commun. 2024, 134, 1389–1420. [Google Scholar] [CrossRef]
  80. Gong, P.; Chen, T.; Xu, P. Resource-Conserving Protection against Energy Draining (RCPED) Routing Protocol for Wireless Sensor Networks. Networks 2022, 2, 83–105. [Google Scholar] [CrossRef]
  81. Arunachalam, R.; Kanmani, E. Detection and Mitigation of Vampire Attacks with Secure Routing in WSN Using Weighted RNN and Optimal Path Selection. Comput. Secur. 2024, 145, 103991. [Google Scholar] [CrossRef]
  82. Al-naeem, M. Prediction of Re-Occurrences of Spoofed ACK Packets Sent to Deflate a Target Wireless Sensor Network Node by DDOS. IEEE Access 2021, 9, 87070–87078. [Google Scholar] [CrossRef]
  83. Kumar, B.; Gowda, K. Detection and Prevention of TCP SYN Flooding Attack in WSN Using Protocol Dependent Detection and Classification System. In Proceedings of the IEEE International Conference on Data Science and Information System, Hassan, India, 29–30 July 2022. [Google Scholar]
  84. Shi, L.; Liu, Q.; Shao, J.; Cheng, Y. Distributed Localization in Wireless Sensor Networks Under Denial-of-Service Attacks. IEEE Control. Syst. Lett. 2021, 5, 493–498. [Google Scholar] [CrossRef]
  85. Shi, L.; Shi, H.; Ma, Z.; Yan, S.; Zhou, Y. Barycentric Coordinate-Based Distributed Localization for Mobile Sensor Networks Under Denial-of-Service Attacks. IEEE Trans. Ind. Inform. 2024, 20, 8019–8030. [Google Scholar] [CrossRef]
  86. Nguyen, T.; Le, V.; Chu, S.; Liu, B.; Hsu, Y. Secure Localization Algorithms Against Localization Attacks in Wireless Sensor Networks. Wirel. Pers. Commun. 2022, 127, 767–792. [Google Scholar] [CrossRef]
  87. Yu, X.; Wang, X.; Liu, Y. Secure Positioning of Wireless Sensor Networks against Wormhole Attacks. Telecommun. Syst. 2024, 87, 835–843. [Google Scholar] [CrossRef]
  88. John, A.; Isnin, I.; Madni, S.; Faheem, M. Cluster-based Wireless Sensor Network Framework for Denial-of-service Attack Detection Based on Variable Selection Ensemble Machine Learning Algorithms. Intell. Syst. Appl. 2024, 22, 200381. [Google Scholar] [CrossRef]
  89. Khan, M.; Shalu; Naveed, Q.; Lasisi, A.; Kaushik, S.; Kumar, S. A Multi-Layered Assessment System for Trustworthiness Enhancement and Reliability for Industrial Wireless Sensor Networks. Wirel. Pers. Commun. 2024, 137, 1997–2036. [Google Scholar] [CrossRef]
  90. Hu, J.; Yang, X.; Yang, L. A Framework for Detecting False Data Injection Attacks in Large-Scale Wireless Sensor Networks. Sensors 2024, 24, 1643. [Google Scholar] [CrossRef] [PubMed]
  91. Alturki, R.; Altamain, H.; Ikram, M.; Rrhman, M.; Alshehri, M.; Khan, F.; Haleem, M. Sensor-Cloud Architecture: A Taxonomy of Security Issues in Cloud-Assisted Sensor Networks. IEEE Access 2021, 9, 89344–89359. [Google Scholar] [CrossRef]
  92. Miranda, C.; Kaddoum, G.; Bou-har, E.; Garg, S.; Kaur, K. A Collaborative Security Framework for Software-Defined Wireless Sensor Networks. IEEE Trans. Inf. Forensics Secur. 2020, 15, 2602–2615. [Google Scholar] [CrossRef]
  93. Luo, S.; Lai, Y.; Liu, J. Selective Forwarding Attack Detection and Network Recovery Mechanism Based on Cloud-edge Cooperation in Software-defined Wireless Sensor Network. Comput. Secur. 2023, 126, 103083. [Google Scholar] [CrossRef]
  94. Jurodo-lasso, F.; Marchegiani, L.; Jurado, J.; Abu-mahfouz, A.; Fafoutis, X. A Survey on Machine Learning Software-Defined Wireless Sensor Networks (ML-SDWSNs):Current Status and Major Challenges. IEEE Access 2022, 10, 23560–23592. [Google Scholar] [CrossRef]
  95. Mathebula, I.; Isong, B.; Gasela, N.; Abu-Mahfouz, A. Analysis of SDN-Based Security Challenges and Solution Approaches for SDWSN Usage. In Proceedings of the IEEE 28th International Symposium on Industrial Electronics (ISIE), Vancouver, BC, Canada, 12–14 June 2019. [Google Scholar]
  96. Belachew, H.; Beyene, M.; Desta, A.; Alemu, B.; Musa, S.; Muhammed, A. Design a Robust DDoS Attack Detection and Mitigation Scheme in SDN-Edge-IoT by Leveraging Machine Learning. IEEE Access 2025, 13, 10194–10214. [Google Scholar] [CrossRef]
  97. Mustafa, R.; Sarkar, N.; Mohaghegh, M.; Pervez, S. A Cross-Layer Secure and Energy-Efficient Framework for the Internet of Things: A Comprehensive Survey. Sensors 2024, 24, 7209. [Google Scholar] [CrossRef]
  98. Borgiani, V.; Moratori, P.; Kazienko, J.; Tubino, E.; Quincozes, S. Toward a Distributed Approach for Detection and Mitigation of Denial-of-Service Attacks Within Industrial Internet of Things. IEEE Internet Things J. 2021, 8, 4569–4578. [Google Scholar] [CrossRef]
  99. Chandnani, N.; Khairnar, C. Bio-Inspired Multilevel Security Protocol for Data Aggregation and Routing in IoT WSNs. Mob. Netw. Appl. 2022, 27, 1030–1049. [Google Scholar] [CrossRef]
  100. Ramasamy, L.; Firoz, K.; Imoize, A.; Ogbebor, J.; Kadry, S.; Rho, S. Blockchain-Based Wireless Sensor Networks for Malicious Node Detection: A Survey. IEEE Access 2021, 9, 128765–128785. [Google Scholar] [CrossRef]
  101. Arachchige, K.; Branch, P.; But, J. An Analysis of Blockchain-Based IoT Sensor Network Distributed Denial of Service Attacks. Sensors 2024, 24, 3083. [Google Scholar] [CrossRef] [PubMed]
  102. Ahmad, R.; Wazirali, R.; Abu-ain, T. Machine Learning for Wireless Sensor Networks Security: An Overview of Challenges and Issues. Sensors 2022, 22, 4730. [Google Scholar] [CrossRef] [PubMed]
  103. Ahmad, R.; Wazirali, R.; Abu-ain, T. An Extended Evaluation on Machine Learning Techniques for Denial-of-Service Detection in Wireless Sensor Networks. Internet Things 2023, 22, 100684. [Google Scholar]
  104. Salmi, S.; Oughdir, L. Performance Evaluation of Deep Learning Techniques for DoS Attacks Detection in Wireless Sensor Network. J. Big Data 2023, 10, 17. [Google Scholar] [CrossRef]
  105. Dener, M.; Okur, C.; Al, S.; Orman, A. WSN-BFSF: A New Data Set for Attacks Detection in Wireless Sensor Networks. IEEE Internet Things 2024, 11, 2109–2125. [Google Scholar] [CrossRef]
  106. Okur, C.; Orman, A.; Dener, M. DDOS Intrusion Detection with Machine Learning Models: N-BaIoT Data Set. In Proceedings of the International Conference on Artificial Intelligence and Applied Mathematics in Engineering; Springer: New York, NY, USA, 2022. [Google Scholar]
  107. Xu, W.; Ma, K.; Trappe, W.; Zhang, Y. Jamming Sensor Networks: Attack and Defense Strategies. IEEE Netw. 2006, 20, 41–47. [Google Scholar]
  108. Cao, X.; Shila, D.; Cheng, Y.; Yang, Z.; Zhou, Y.; Chen, J. Ghostin-ZigBee: Energy Depletion Attack on ZigBee-Based Wireless Networks. IEEE Internet Things 2016, 3, 816–829. [Google Scholar] [CrossRef]
  109. Dong, Q.; Liu, D.; Ning, P. Providing DoS Resistance for Signature Based Broadcast Authentication in Sensor Networks. ACM Trans. Embed. Comput. Syst. 2013, 12, 1–26. [Google Scholar] [CrossRef]
  110. Wood, A.; Stankovic, J.; Zhou, G. DEEJAM: Defeating Energy Efficient Jamming in IEEE 802.15.4-Based Wireless Networks. In Proceedings of the IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, San Diego, CA, USA, 18–21 June 2007. [Google Scholar]
  111. Capossele, A.; Cervo, V.; Petrioli, C.; Spenza, D. Counteracting Denial-of-sleep Attacks in Wake-up-radio-based Sensing Systems. In Proceedings of the Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), London, UK, 27–30 June 2016. [Google Scholar]
Applsci 15 02213 g001
Figure 1. Components on a sensor node.
Figure 1. Components on a sensor node.
Applsci 15 02213 g001
Applsci 15 02213 g002
Figure 2. Research classification in [11].
Figure 2. Research classification in [11].
Applsci 15 02213 g002
Applsci 15 02213 g003
Figure 3. Number of papers in research areas.
Figure 3. Number of papers in research areas.
Applsci 15 02213 g003
Applsci 15 02213 g004
Figure 4. Number of papers in published years.
Figure 4. Number of papers in published years.
Applsci 15 02213 g004
Applsci 15 02213 g005
Figure 5. Categorization of EDAs in [23].
Figure 5. Categorization of EDAs in [23].
Applsci 15 02213 g005
Applsci 15 02213 g006
Figure 6. Example of SFA detection in E-watchdog.
Figure 6. Example of SFA detection in E-watchdog.
Applsci 15 02213 g006
Applsci 15 02213 g007
Figure 7. Example of a wormhole attack.
Figure 7. Example of a wormhole attack.
Applsci 15 02213 g007
Table 1. Comparison of existing survey papers.
Table 1. Comparison of existing survey papers.
AcronymMeaning
WSNsWireless Sensor Networks
EDAEnergy Depletion Attack
IoTInternet of Things
PLAPhysical-Layer Authentication
JADJamming Attack Detection
DRLDeep Reinforcement Learning
MACMedium Access Control
BMACBerkeley MAC
LMACLightweight MAC
DoSDenial of Service
WURWake-Up Radio
DCAData Clustering Algorithm
CHCluster Head
LSTMLong Short-Term Memory
RPLRipple Routing Protocol
AODVAd hoc On-demand Distance Vector
GHAGray Hole Attack
RSSIReceived Signal Strength Index
DPDetection Packet
FPFeedback Packet
PSOParticle Swarm Optimization
FCMFuzzy C-Means
PCAPrincipal Component Analysis
SDNSoftware Defined Networks
Table 2. Comparison of existing survey papers.
Table 2. Comparison of existing survey papers.
ReferenceYearNumber of ArticlesRequirementSurveyed Research AreasResearch Challenges
[2]2006106availability, authorization, authentication, confidentiality, integrity, non-repudiation, freshnesscryptography, key management, secure routing, secure data aggregation, intrusion detectionprivate key operations on sensor nodes, secure routing protocols for mobile sensor networks, Continuous stream security in WSNs, QoS and security
[3]2009152availability, authorization, authentication, confidentiality, integrity, non-repudiation, freshnesscryptography, key management, attack detections and preventions, secure routing, secure location, secure data fusionsecurity–energy evaluation, information assurance, survivability evaluation, trust evaluation, end-to-end security
[4]2012172availability, authorization, authentication, confidentiality, integrity, non-repudiation, freshness, self-organization, secure localization, time synchronizationcryptography, key management, secure routing, secure data aggregation, intrusion detection, traffic analysis, sensor privacy, sybil attack, node replication, trust managementtime synchronization, scalability and efficiency, defending DoS attacks, continuous stream security
[5]201537availability, confidentiality, integrity, freshness, robustness, access controlkey management, authentication, secure routingkey management, certification, security routing
[6]201770availability, confidentiality, integrity, freshness, accessibility, robustness/resiliency, self-Organization, time synchronizationcryptography, key management, encryptionevaluation of the network’s performance
[7]202095availability, authorization, authentication, confidentiality, integrity, non-repudiation, freshness, access control, self-organization, time synchronization, secure location, forward & backward secrecy, quality of servicesecure energy, secure infrastructure, secure mobility, secure deployment, secure connectivity, secure heterogeneityconsistency of proposed argument
[8]2023145availability, confidentiality, integritykey management, secure routing, intrusion detectionmachine learning, privacy, resilience, dataset
[9]202472availability, authentication, confidentiality, integritycryptography, key management, secure routing, intrusion detection, privacy preservation, traffic management, position and path Verificationsecure routing protocols, stream security, QoS and security
[10]2025120availability, authentication, confidentiality, integritycryptography, secure group management, secure data aggregation, intrusion detection, distributed node behavior controlphysical layer key generation, post-quantum security, artificial intelligence, blockchain
Table 3. Energy consumption in the sensor node [17].
Table 3. Energy consumption in the sensor node [17].
ModeSensingProcessingReceptionTransmissionStand byIdle
Percent4.4%6.7%26.7%33.3%24.4%4.4%
Table 4. Energy consumption in sensor node [18].
Table 4. Energy consumption in sensor node [18].
ModeSensingProcessingCommunicationsStand byInit, Actuation, Log
Percent6.0%12.0%51.0%24.4%21.6%
Table 5. Comparison of anti-jamming methods.
Table 5. Comparison of anti-jamming methods.
ReferenceKey FeaturesAdvantageDisadvantage
[26]Physical-layer authenticationHigh applicabilityHigh complexity
[27]Game theoretic mobility schemeLow energy consumption and less network overheadFlow-table updates
[28]Pinpointed anti-jammer localizerLow energy consumptionComparison with relative old standards
[29]Evolutionary Fibonacci Branch SearchHigh reachability and fast convergenceHigh complexity
[33]Multi-agent Q-learningprompt decision for anti-jamming strategySpace complexity for Q-table and joint Q-table
[34]Neural networkHigh adaptabilityMultiple antennas
[35]Deep reinforcement learningQuick adaptability for new environmentsHigh complexity
Table 6. Comparison of recent anti energy drain attack at data link layer.
Table 6. Comparison of recent anti energy drain attack at data link layer.
ReferenceKey FeaturesAdvantageDisadvantage
[42]Cryptography and authenticationHigh adaptabilityMaintenance overhead for clustering
[43]Threshold limitSpecified WUR networksCertain training period
[44]Distributed cooperation modelLoad balancingOverhead for data collection
[45]Cryptography and authenticationLow computational cost consumptionHigh memory usage
[46]Secure trigger frameSupporting multi linksIncreased latency
[47]Event aggregation and controlled transmissionsLow computing overheadLow adaptability
Table 7. Comparison of a recent antiwormhole attack.
Table 7. Comparison of a recent antiwormhole attack.
ReferenceKey FeaturesAdvantageDisadvantage
[68]Hop difference and local monitoringLow computing overheadLow adaptability
[69]Time Ratio ThresholdCentralized routing protocolSingle of failure on base station
[70]Round trip timeMultiple pathsComparison with old method
[71]Round trip timeLow computing overheadComparison with one method
[72]Node trust optimization modelNo additional hardwareNo quantitative evaluation for delivery ratio, delay, throughput
[73]Localization for anchor nodeNo additional hardwareComparison with benchmarks not specialized for WSN
Table 8. Lists of security data sets for WSNs.
Table 8. Lists of security data sets for WSNs.
YearDataset NameSecurity RelevanceAttack TypesSimulation Environment
1999KDD CupYesDenial of Service, Probing Attack, Remote to Local Attack, User to Root AttackYes
2009NSL-KDDYesDenial of Service, Probing Attack, Remote to Local Attack, User to Root AttackNo
2015SWaTYesVarious cyber attack scenariosNo
2015UNSW-NB15YesDenial of Service, Exploitation Attack, General Cyber Attack, Shellcode Injection Attack, Backdoor Attack, Fuzzing Attack, Reconnaissance Attack, Worms, NormalNo
2016WSN-DSYesBlackhole, Grayhole, Flooding, Scheduling (TDMA), NormalYes
2017CIC-IDS2017YesBrute Force Attack, HeartBleed Attacks, Botnet Attack, Distributed Denial of Service, Denial of Service, Web-based Attack, Network Infiltration AttackNo
2022Edge-IIoTsetYesDistributed Denial of Service, Mirai Botnet Attack, Man-in-the-Middle Attack, Malware Injection AttackNo
2023DoS/DDoS-MQTT-IoTYesBrute Force Denial of Service, Delay-based Denial of Service, Invalid Subscription Flooding Denial of Service, Will Payload AttackNo
2024WSN-LeachYesBlackhole, Grayhole, Flooding, TDMA (Scheduling)Yes
2024WSN-BFSFYesBlackhole, Flooding, Selective Forwarding, NormalYes
2024ROS-WSN-DSYesBlackhole, Grayhole, Flooding, SchedulingYes
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Lee, J.-K.; Choi, Y.-R.; Suh, B.-K.; Jung, S.-W.; Kim, K.-I. A Survey on Energy Drainage Attacks and Countermeasures in Wireless Sensor Networks. Appl. Sci. 2025, 15, 2213. https://doi.org/10.3390/app15042213

AMA Style

Lee J-K, Choi Y-R, Suh B-K, Jung S-W, Kim K-I. A Survey on Energy Drainage Attacks and Countermeasures in Wireless Sensor Networks. Applied Sciences. 2025; 15(4):2213. https://doi.org/10.3390/app15042213

Chicago/Turabian Style

Lee, Joon-Ku, You-Rak Choi, Beom-Kyu Suh, Sang-Woo Jung, and Ki-Il Kim. 2025. "A Survey on Energy Drainage Attacks and Countermeasures in Wireless Sensor Networks" Applied Sciences 15, no. 4: 2213. https://doi.org/10.3390/app15042213

APA Style

Lee, J.-K., Choi, Y.-R., Suh, B.-K., Jung, S.-W., & Kim, K.-I. (2025). A Survey on Energy Drainage Attacks and Countermeasures in Wireless Sensor Networks. Applied Sciences, 15(4), 2213. https://doi.org/10.3390/app15042213

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop