Figure 1 shows example scenarios of one attacker trying to insert data to active sensing/forwarding nodes while pretending to be a set of other valid nodes (especially inactive/destroyed nodes)

Architecture
We propose the Abnormal Relationships Test (ART), misbehavior detection mechanism, to alleviate malicious data insertion problem. The ART distributively analyzes integrity of data set relationships as well as verifies data ownership among neighbors in WSN. It immunes to spread blame from sybil nodes and not suffer from high false positive. Furthermore, it is able to examine small data set with minimal bias.
The ART has 2 main modules

1. Statistical Analysis Module
2. Authentication Module

Figure 2 Abnormal Relation Test Modules in each sensor node

ART Protocol

1. Obtain the sensor readings of all neighbors of node i
2. Verify data timestamp if schedule is known
3. Calculate the correlation coefficient and t*-value for each neighbor.
4. Request additional data if number of data is insufficient.
5. If either test result drop below predefined threshold, authenticate the suspected node(s). Otherwise, forward data to next hop.
6. If suspected node(s) can verify their identity, increment the associated counter by one and forward the packet to next hop. If counter exceeds threshold, drop packet and report to sink.
7. If suspected node(s) fails to verify its identity, drop packets and report to sink.
8. Adjusting window size based on observed outlier percentage and correlation level until reaching min/max window size
9. Randomly authenticate good neighbors with probability p.

• Greatduck island project (Access via PostgreSQL:webbie.berkeley.intel-research.net )
• SensorScope (Access via RSS/Web)
• Enalab

• NIST Fire model

• List of simulations