WOMN: WOrMhole Attack DetectioN and Mitigation Using Lightweight Distributed IDS in IoT Network

Nowadays, the Internet of Things (IoT) is an emerging technology with a wide range of IoT devices. However, the diverse, energy-dependent, and resource-limited nature of IoT devices poses significant challenges to implementing security measures, making them susceptible to cyber threats. A particularly debilitating attack at the network layer of the IoT protocol stack is the WormHole Attack (WHA), which disrupts routing algorithms by feeding the network incorrect route information and compromising location-dependent protocols. This paper presents the development and application of a novel intrusion detection system (IDS) agent designed specifically for IoT environments, aimed at detecting and identifying both the occurrence of a WHA and the attacker nodes. The system uses the path of the data packet, time delay, and hop count to detect the presence of a WHA. Given that distributed IDS agents tend to generate substantial network traffic in an IoT context, this study introduces the utilization of the MapReduce technique to enhance the efficacy of the approach. The map and reduce functions work in tandem to scrutinize traffic and establish thresholds for detecting wormhole attacks in the IoT network. This proposed security solution is not only energy-efficient and scalable, making it ideal for IoT environments with limited resources, but it also boasts a rapid attack detection time (18-26.2 Sec.), high accuracy, and enhanced network performance.