1 Introduction

In general, Adhoc Wireless Sensor Networks (AWSNs) are environment and application specific distributed networks. The aim is to monitor all the real-time activities and also the environmental behavioral elements that exist in several of the other situations.

It covers a wide geographical area with less installation and administration costs. With the rapid development of AWSNs, it plays vital role in remote monitoring applications such as, weather forecasting, disaster management, industrial automations, process monitoring, smart city organization systems, healthcare management systems, traffic control systems, asset tracking systems, military operations, wildlife monitoring systems, and etc. AWSN is vulnerable because of constraint in resources including memory, bandwidth, communication rage, energy, and computing power [1].

Effective utilization of energy and reliable transportation of packets in ASWNs are key concerns to attain highly efficiency in monitoring and controlling systems [2].

The prime task of a sensor node is to gather data from neighboring within its radio range and communicate and update rest of the sensor nodes about their latest environmental information. If any sensor node in AWSN is compromised, it may leads to various attacks. Such as Sybil attacks [3], Distributed Denial of service (DDoS) attacks [4], flooding attacks [5], node replication attacks [6], wormhole attacks [7], selfish node attacks [8], and sinkhole attacks [9]. In a distributed network, it is challenging to detect intrusion or malicious nodes.

Although there are some enormous mechanisms of security attack detection that have been organized for the AWSNs, most such standing solutions can manage only a very limited number of such security attacks [10].

Key features which are affecting security and control mechanism in AWSNs are:

  1. i)

    AWSNs capable to have huge heterogeneity of network elements.

  2. ii)

    AWSNs communication media is non-isolated and vulnerable in nature.

  3. iii)

    AWSNs having high mobility nodes and communication links are dynamic.

Rest of this paper is organized as follows: Sect. 2, discusses related work in control and monitoring operations of AWSNs. Section 3, defines background concepts. Section 4, discusses proposed Distributed Automaton System (DAS) architecture briefly. Section 5, focuses on dynamic descriptions to collect malicious behaviour information from the AWSNs. Finally in Sect. 6, we concludes the paper.

2 Related work

The actual development of the AWSN attacks has been based upon some or all of the key parameters that belong to the WSNs like the accuracy of attack detection, the scalability, resilience, self-configuration, privacy, interoperability and minimal overheads [11].

In general, AWSNs covers sensor nodes randomly, which have no prior information about the architecture of the networks. Sensor nodes location and arrangement of nodes in network changes regularly. For example, in traffic monitoring system, a vehicle can move its location according with driver’s acceleration and time. This type of random coverage issues in AWSNs handled using geometric methods [12].

In [13], reliable and secure communications in WSNs is achieved through modeling networks by integrating Erdos–Renyi graph and random K-out graph with K-connectivity method. In [14], anomaly detection method in WSNs based on support vector machines (SVM) and sliding window protocols. It deployed in large scale AWSNs that achieves high accuracy in detection of black hole attacks and selective forwarding attacks without draining the sensor nodes energy. But spoofing and DoS attacks detection accuracies are significantly very low in SVM approach.

According to [15], detection of malicious behaviour in hostile environment is achieved through spontaneous watchdog nodes. Normally watchdog nodes monitor the neighboring nodes which comes under its radio region in AWSNs. This malicious behaviour detection approach is not suitable if the network is dynamic in nature.

Learning based intrusion detection method used in [16], to utilize correlation between identified finite number of features to capture various acceptable behaviour of the WSNs. Every feature represent unique parameter of the WSNs. For example, feature F1 denotes spatial attribute of a node, feature F2 denotes mobility of a node, and similarly feature F3 denotes temporal attribute value. Based on instantaneous value of these features detection algorithm will classify legitimate and abnormal behaviour of AWSNs.

In a recent survey [17], identifies relatively very limited research work has been proposed to detect malicious behaviour in hostile environments. Article [18] forecast the growth of WSNs market investment from $0.45 billion in 2012 to $2 billion in 2022. Survey [19], discusses recent developments and potential synergies of AWSNs with various real world application domains. It addressed various open issues and challenges remains in integrated WSN environments.

Deployment of AWSNs in electrical power system environment and the enhancement of three subsystems in diverse smart gird applications such as power generation, delivery, and utilization is discussed in [20]. It represents that harsh environment conditions, variable link capacity and packet errors, reliability and latency are the performance metrics for AWSN enabled smart grid applications.

In [21], implementation of AWSNs based on open source hardware devices such as, Arduino and Raspberry Pi to monitor environmental related applications are discussed. The experimental results, reflects the enhanced utility of that new design.

In [22], presents the major needs and challenges of AWSNs in enhanced building automation systems. Article [23], reviews recent research proposals on smart agriculture and points out the need of AWSNs in agricultural services. Such as, green house, pest control, irrigation, fertilization, animal and postures monitoring, viticulture, and horticulture.

From the study of related work, we can predict AWSNs has produced high impact in real time applications. Due to remote accessing, remote administration, less maintenance costs, monitors large scale environments, supports heterogeneous technology and embedded with huge variety of real world domains. But AWSNs are vulnerable to various attacks and attack prevention and detection methods are incomprehensive, not efficient to detect new anomaly behaviors in the environment because of heterogeneity in technology. To address these challenges, we propose a distributed automaton based framework to protect and control AWSNs from various attacks.

3 Background

Formally a Distributed Automaton (DA) is a mathematical representation of low power constraint - computing device with 7-tuples.

$$ {\text{DA }} = \, \left( {{\text{S}}, \, \pi ,{\text{ C}}, \, \Delta ,{\text{ S}}0,{\text{ I}},{\text{ L}}} \right) $$

Where:

  • S is a set of State where S0 is a proper subset of S and is a set of initial State

  • π is a set of actions (Classified as input, output or internal actions)

  • C is a set of clocks

  • Δ is proper subset of S x £(C) x π x S is the transition relation

  • I is time invariant attribute.

  • L is a location specificity attribute with prior propositions

£(C) represents real time clock values. If a node location is invariant with certain circumstances then clock time will start. In a DA transitions are allowed if it satisfies predefine time constraints (guard). For example, instantaneous description of a DA’s is represented as follows: A structure of a DA instant state description is [Si,j, Ci] where Si,j ϵ S is a ith State of jth distributed automaton and Cj ϵ V(X) is a real time clock X’s value of jth distributed automaton.

A Network of DA (DAS) is the collaborative arrangement of DAi, where 1 ≤ i ≤ M, and DAi = (Si, πi, Ci, Δi, S0,i, Ii, Li) for 1 ≤ i ≤ M (M is total number of DA in a DAS network). An instantaneous description of a DAS is an instant state description (Si,j, Ci) where Si,j ϵ S1 × S2 × S3….× SM is a location vector where M is finite and Ci ϵ V(X) is a real time clock X’s value. For efficient state space representation we introduced clustering approach, each cluster consists of its own and unique real time clock ‘r’. From this clustering approach we can define instantaneous description of a DAS become as [Si,j, r] where Si,j ϵ S1 × S2 × S3….× SM is a position vector and r ϵ R is an identification real time constraint of local cluster, the rest of this paper we will use this definition as DAS’s instant configuration.

We prefer to use model checking tool to simulate our proposed distributed automaton architecture. Uppaal [24] is an integrated modelling tool, which is used to design, specify, validate and verify proposed network models of real time system.

4 Proposed system model

The Network of DAS models a collection of identical reactive entities (DA’s) evolving concurrently and synchronously in response to a sequence of external stimuli generated by its environment and broadcast to all of them by means of a communication system. Concurrence is meant as a co-operation between DA’s for the accomplishment of a given computational task, which is behavior of a DA, is affected by the DA’s that are logically related to it. In general this behavior is also affected by the input data coming from the external environment.

DA’s co-operation is based on the ability of each DA to observe other DA’s. In the more general case, this visibility is global, that is information is broadcast to all DA’s in the proposed system. The synchronizer unit provides the system timing, ensuring the simultaneous activation of all DA’s, while control and computing activities of the entire system are spread over DA’s.

The injector automaton represents the DA’s in interface to the external environment. It distributes the information received from the environment to all DA’s shown in Fig. 1. Data injection can be performed according to different modalities and protocols, depending on the specific application requirements.

Fig. 1
figure 1

Proposed system architecture of DAS

Full size image

5 Dynamic description

The behavior of the DAS in correspondence with a given sequence of external data consists of series of global states of the N/W system’s situation. Each global state consist of every mobile agent’s instantaneous state information. The sequence normally start with its initial global state, and each successive global states are attained from its antecedent by executing a transition step. This global state actually gathers the situations (State) of all DAs present in the system.

The functioning of the DAS is determined by the functioning of DAs. At each step all DAs undergo three phases:

  1. (i)

    Prelude: each DA perceives the instance information of other DAs. In this is way every DA able to share information, and can be prepared in the prelude. The successive operation works on a dependable global state of the system state. As the state information is received through the communication system (the minimum requisite of which is the gossiping capability), it is stored in a local buffer.

  2. (ii)

    Behavior: the current state, the observed state of other DAs, and the external datum (if any) trigger the state transition. As a result, the DA moves to new state. Values of data-items and affinities may be modified.

  3. (iii)

    Postlude: the new state is assigned and made visible, that is, it is sent to the communication system.

The state transition sequences are loop-free and congregate to one of the possible acceptable states in a predefined finite number of times steps. Based on this we should formulate rules and state definition in order to avoid loops and also to contribute deterministic behavior. The general form of a state transition is c (e) → a where e is (are) the event(s) that prompts the transition, c is a condition that safeguards the transition from being taken unless it is true when e occurs, after successful transition c (e) system will perform an action a.

Fundamental for understanding the DAS is also the concept of stability. Indeed, it serves to characterize the correctness property of the system. Similarly with dynamic systems, the progress of the entire system can be viewed as passing from a highly unsteady state to more steady state, until a highly steady state, the acceptance state, is reached. This state might agree to an authorized termination of the computation (the highest steadiness) or to a malicious behavioral functioning condition.

Definition 1::

A DAS is said to be in a stable state (or similarly to be stable), if and only if all DAs are in a stable state (or similarly are stable)

Definition 2::

A DAS is said to be in a stable (or similarly to be stable), if there are no external stimuli from the environment and no transition rules can be applied

Definition 3::

A DAS is said to be in an unstable state (or similarly to be unstable), if transitions occur from this state, that are unconditional to the external stimuli from the environment

Definition 4::

A DAS is said to be in an unstable condition (or similarly to be unstable), if at least one DA is in an unstable state (or similarly is unstable)

There are two kinds of stable conditions: those corresponding to final states and those corresponding to error conditions. Let us define the former as successfully stable conditions, while the latter as unsuccessful ones

Definition 5::

A DAS is said to be in a successful condition (more briefly, it is successful) if all DAs are in a successfully stable state, or they are in the reset state

Definition 6::

A DAS is said to be in an unsuccessful condition (more briefly, it is unsuccessful) if at least one DA is not in successfully stable state, nor it is in the reset state

Definition 7::

A DAS system is said to be correct if and only if (1) for every legal sequence of external stimuli the system is successful and (2) for any illegal sequence of external stimuli some DA does not reach a successful stability condition nor it has left the reset state, that is the system is unsuccessful

The assumptions we have agreed in defining the DAS are the following:

  1. 1.

    A DA in an unstable state will always reach a stable state.

  2. 2.

    Changes occurring in a DA during a transition step sensed only after the end of the transition (in the prelude phase).

  3. 3.

    Changes occurring locally to a DA cannot be observed.

  4. 4.

    At each step DA’s behavior is determined on the basis of the situation at the beginning of the step.

  5. 5.

    At each step, at most one transition per DA is taken.

5.1 Description of supervisor node

In this section we define Supervisor node as a distributed PDA and the detection of unexpected event in different modes.

Definition: An supervisor node is a 9—tuple \( {\text{DA }} = \, \left( {{\text{Q}}, \, \pi , \, \varGamma ,{\text{ C}}, \, \Delta ,{\text{ q}}0,{\text{ F}},{\text{ I}},{\text{ L}}} \right) \) where,

  1. 1.

    Q is an n-tuple (Q1, Q2 … Qn) where each Qi are the set of states for Mobile agent i.

  2. 2.

    π is the finite set of legal actions.

  3. 3.

    Γ is an n-tuple (Γ1, Γ2…Γn) memory attribute.

  4. 4.

    C is a set of clocks

  5. 5.

    Δ is an n-tuple (Δ 1; Δ2… Δn) of state transition functions. Where each \( \Delta {\text{i}}: \, \left( {{\text{Qi x }}\left( {\pi {\text{ U }}\{ \varepsilon \} } \right){\text{ x }}\pounds\left( {\text{C}} \right){\text{ x }}\varGamma_{\text{i}} } \right)\rightarrow \,{\text{Qi}},{ 1} \le {\text{ i }} \le {\text{ n}} \)

  6. 6.

    q0 ϵ U Qi is the initial state.

  7. 7.

    F ϵ U Qi is the set of final accepting states.

  8. 8.

    I is time invariant attribute.

  9. 9.

    L is a location specificity attribute with prior propositions.

Each of the component DA’s of the Supervisor node is of the form

\( {\text{Ai }} = \, \left( {{\text{S}}_{\text{i}} , \, \pi ,{\text{ C}}, \, \Delta_{\text{i}} ,{\text{ S}}_{{0,{\text{i}}}} ,{\text{ I}},{\text{ L}}} \right);{ 1 } \le {\text{ i }} \le {\text{ n}}. \) Here Si’s needs not be disjoint. As in the case of DAS, we can have several modes of acceptance.

5.1.1 Broadcast-mode acceptance

Initially, the DA which has the starting state begins the processing of the input actions. For example the mobile agent i has the initial state. The processing precedes in mobile agent i as in a standalone DA. Assume in the mobile agent i the system arrives at a state q where q ϵ Qi. The ith mobile agent starts the processing to send percept message to supervisor node. The system goes to broadcast the message. The jth mobile agent (1 ≤ j ≤ n) provided q ϵ Qj. When j have a range of value from 1 to n, we can choose any one of them randomly. After choosing a certain jth component the DA remains in that cluster domain until it reaches a state outside the domain of its transition function and the above procedure is repeated. If there is an expected event then the automaton will reach any one of the accepting states. It does not matter which mobile agent the system is in or the stacks of the components are empty or not in supervisor node. The existence of stack rises the reproductive capacity of the complete system.

Definition: The instantaneous description (ID) of the supervisor node is given by a n + 3-tuple

(q, π, q1, q2,..qn, Ci) where q ϵ Q, π ϵ set of actions, qi ϵ Qi, 1 ≤ i, k ≤ n.

In this ID of the DAS, q denotes the current state of the whole system, π the portion of the input action yet to be read and i the index of the mobile agent in which the system is currently in and Ci clock time instant.

The transition between the dependable ID’s is represented as follows:

$$ \left( {{\text{q}}, \, \pi_{\text{i}} ,{\text{ q}}_{ 1} ,{\text{ Xq}}_{ 2} \ldots {\text{ q}}_{{{\text{n}},}} {\text{C}}_{\text{i}} } \right) \, { \vdash } \, \left( {\text{ q}^{\prime}, \, \pi {\text{j}},{\text{ q}}_{ 1} ,{\text{Yq}}_{ 2} \ldots {\text{q}}_{{{\text{n}},}} {\text{C}}_{\text{i}} } \right){\text{ iff }}\delta \, \left( {{\text{q}}, \, \pi_{{{\text{i}},}} {\text{X}}} \right)\rightarrow \left( {\text{q}^{\prime},{\text{Y}}} \right) $$

Where(q, π, q1, q2…qn, Ci) \( { \vdash } \) (q, π, q1, q2…qn, Cj) iff q ϵ Qj–Qi and 1 ≤ i, j ≤ n

Let \( { \vdash }* \) be the transitive and reflexive closure of \( { \vdash } \). Where X is percepts through sensor of specific mobile agent and Y represent the actions taken by the supervisor node in the DAS Model. An asymptotic analysis of time and state complexity of our proposed model compare with centralized nondeterministic finite state automata is given below in Table 1. Where m represents all possible states (instantaneous configurations) of an environment. Therefore number of states of the centralized finite control automaton should be big O (m). In DAS model the numbers of all possible states are partitioned by H different clusters and h denotes cluster selection time. So each cluster handled only subset of m possible states and its transactions are manageable easily. Therefore DAS State Space Complexity is big O (|Q||m|). Where N and S are denote as maximum number of states in NFA and DAS respectively.

Table 1 Comparison of computational time and state space size with centralized automaton
Full size table

Figure 2 shows that, the number of instantaneous states representing DAS are decreasing when number of clusters increased at N = 100. In Non-Deterministic Finite Automata (NFA) system representation the number of instantaneous states are not reduces, it may cause more time and space complexity in large real time environments

Fig. 2
figure 2

Tradeoff between number of clusters and number of instantaneous states

Full size image

Figure 3 shows the relationship between instantaneous states of DAS system with processing time in secs when h = 1 s, N = 200, and H = 6. It clearly indicates proposed DAS system requires lesser processing time compared to NFA system.

Fig. 3
figure 3

Tradeoff between number of instantaneous states and processing time

Full size image

6 Conclusion

In this paper, we proposed DAS model to build intelligent control system for AWSNs with the use of distributed automaton. Proposed model is capable to detect various attacks. Such as, DoS, replay, control hijacking, selfish node, sinkhole, wormhole, and hello flooding attacks with low computational overheads. Because of considering time and location constraints are an attribute to define distributed automaton and DAS. Every successful transition in DAS is performed by verifying time and location information, it makes every intrusion activity difficult to proliferate in DAS architecture. Through asymptotic analysis, we proved that our DAS model utilizes less state space to accommodate entire behaviour of the network.