Real-Time Detection and Response to Wormhole and Sinkhole Attacks in Wireless Sensor Networks
Zhukabayeva T. Zholshiyeva L. Mardenov Y. Buja A. Khan S. Alnazzawi N.
August 2025Multidisciplinary Digital Publishing Institute (MDPI)
Technologies
2025#13Issue 8
Wireless sensor networks have become a vital technology that is extensively applied across multiple industries, including agriculture, industrial operations, and smart cities, as well as residential smart homes and environmental monitoring systems. Security threats emerge in these systems through hidden routing-level attacks such as Wormhole and Sinkhole attacks. The aim of this research was to develop a methodology for detecting security incidents in WSNs by conducting real-time analysis of Wormhole and Sinkhole attacks. Furthermore, the paper proposes a novel detection methodology combined with architectural enhancements to improve network robustness, measured by hop counts, delays, false data ratios, and route integrity. A real-time WSN infrastructure was developed using ZigBee and Global System for Mobile Communications/General Packet Radio Service (GSM/GPRS) technologies. To realistically simulate Wormhole and Sinkhole attack scenarios and conduct evaluations, we developed a modular cyber–physical architecture that supports real-time monitoring, repeatability, and integration of ZigBee- and GSM/GPRS-based attacker nodes. During the experimentation, Wormhole attacks caused the hop count to decrease from 4 to 3, while the average delay increased by 40%, and false sensor readings were introduced in over 30% of cases. Additionally, Sinkhole attacks led to a 27% increase in traffic concentration at the malicious node, disrupting load balancing and route integrity. The proposed multi-stage methodology includes data collection, preprocessing, anomaly detection using the 3-sigma rule, and risk-based decision making. Simulation results demonstrated that the methodology successfully detected route shortening, packet loss, and data manipulation in real time. Thus, the integration of anomaly-based detection with ZigBee and GSM/GPRS enables a timely response to security threats in critical WSN deployments.
GSM/GPRS , security incident detection , sinkhole , wormhole , WSNs , ZigBee
Text of the article Перейти на текст статьи
International Science Complex Astana, Astana, 010000, Kazakhstan
Department of Information Systems, L.N. Gumilyov, Eurasian National University, Astana, 010000, Kazakhstan
Department of Mathematics, Computer Science, and Digital Forensics, Commonwealth University of Pennsylvania, Bloomsburg, 17815, PA, United States
College of Computer and Systems Engineering, Abdullah Al Salem University, Khaldiya, 72303, Kuwait
Department of Computer Science and Engineering, Yanbu Industrial College, Royal Commission for Jubail and Yanbu, Yanbu Industrial City, 41912, Saudi Arabia
International Science Complex Astana
Department of Information Systems
Department of Mathematics
College of Computer and Systems Engineering
Department of Computer Science and Engineering
10 лет помогаем публиковать статьи Международный издатель
Книга Публикация научной статьи Волощук 2026 Book Publication of a scientific article 2026