Holdwnet s a p forgedpacket empower wnet s wforwarder

Hold(wnet, s, a, p, forged_packet) ← empower (wnet, s, wForwarder ) ∧ consider (wnet, a, sending) ∧ use (wnet, p, packets ) ∧  hold(s, a, p, forwardPacket) (32) (3) Delaying a packet detection : In this attack, the subject s forwards a received packet p after that the maximum forwarding time has expired. Hold(wnet, s, a, p, delayed_packet) ← empower (wnet, s, wForwarder) ∧ consider (wnet, a, sending) ∧ use (wnet, p, packets) ∧ packet_received(s, p, t) ∧ packet_sent (s, p′, t′) ∧ is_forwardedVersion(p, p′) ∧ hold(wnet, s, a, p, ForwardPacker) ∧ (t + δ ) < t′ (33) where : • packet_received and packet_sent are predicates indicating respectively that s received or sent p at time t , • is_forwardedVersion indicates if p′ is the forwarded version of p , • and δ represents the maximal time a packet must be forwarded within since it is received. (4) Deleting a packet detection : In this attack, the subject s does not forward a received packet p within the defined time δ′ . Hold(wnet, s, a, p, deleting_packet) ← empower (wnet, s, wForwarder) ∧ consider (wnet, a, sending) ∧ use (wnet, p, packets) ∧ packet_received(s, p, t) ∧  packet_sent (s, p, t ′) ∧ is_f orwardedVersion(p,p′) ∧ hold(s, a, p, ForwardPacket ) ∧ (t ′ < t + δ ′) (34) Thus, a packet is considered as deleted if it has not been forwarded within the time δ′ (with δ < δ′). Between δ and δ′ a packet that is not forwarded is considered as delayed. (5) Modifying a packet detection : In this attack, the subject s forwards a modified version of a received packet p that does not complain with the used communication protocol.

Hold(wnet, s, a, p, modified_packet) ← empower (wnet, s, forwarder) ∧ consider(wnet, a, sending) ∧ use(wnet, p, packets) ∧ packet_received(s, p, t) ∧ packet_sent(s, p′, t′) ∧ is_forwardedVersion(p, p′) ∧ is_ValidPacket (p′) ∧ hold(wnet, s, a, p, forwardPacket) (35) 7.3 Discussion As the proposed wirelessOrBAC focus on the detection of basic malicious actions, it is able to detect the above cited well-known attacks on WSN. Thus, as indicated in Table 1, security rules defined in Section 7.2, allow the coverage of almost all important WSN attacks. This is the result of an efficient deployment scheme that ensures the monitoring of all exchanged packets and the definition of security rules that model the expected node’s normal behavior. Furthermore, wirelessOrBAC is also able to detect unknown attacks as these latter are a combination of previously described basic malicious actions. Table 1. Well-known WSN attacks detection Detection Rules Fields Spec Forging Delaying Deleting Modifying Jamming X DoS X Sinkhole – Blackhole X X Hello Flood X Selective Forwarding X Forced Delayed X 8. APPLICATION EXAMPLE: ZIGBEE NETWORK To illustrate our approach, we consider the WSN indicated in Figure 1. It uses the protocol ZigBee that is intended for sensor nodes requiring low power consumption and low data rates [17].