Trust Models in Wireless Sensor Networks for Defending Against Denial-of-Service Attacks: A Literature Review

1. Introduction

Wireless sensor networks (WSNs) are used widely as a means of monitoring and collecting data from the environment they are deployed in. The small, batter-powered network nodes are capable of sensing, processing and transmitting data using wireless communication protocols [1]. Normally, the data collected by induvial nodes are sent to a sink node or a base station connected to the WSN. From there, the data are transmitted to an Internet-based server for further processing and analysis. WSNs are commonly deployed to support Internet of Things (IoT) services and capabilities. However, WSNs are vulnerable to denial-of-service (DoS) attacks which poses a risk to systems relying on data collected by WSNs.

According to Wood et al. [2], a DoS attack is an event that diminishes or eliminates a network’s capacity to perform its expected function. This is especially important in critical applications, for example a WSN that gathers and transmits signals from medical implants. In this case, a DoS attack can compromise the availability of the data and threaten the wellbeing of a human patient [3].

Typical DoS attacks on sensor networks are described in [3]. While most of them are similar to DoS attacks affecting the Internet, the security solutions for detecting preventing Internet-based DoS attacks are not always applicable to DoS attacks threatening WSNs. This is due reasons such as resource and energy constraints, the open nature of wireless communications, and the dynamic topology of WSNs [1,4,5]. In addition, attackers continue to create new DoS attacks that exploit the structural and protocol vulnerabilities of evolving WSNs.

1.1. Trust Models and DoS Attack

Ganeriwal et al. [6] recognized the limitations of methods such as encryption in dealing with faulty nodes and internal attacks in WSNs and suggested that establishing a reputation-based system within WSNs similar to reputation-based communication systems in human societies can be used as an effective protection mechanism. The reputation-based framework proposed in their study provides security controls to counter the impact of malicious and faulty nodes.

A trust model establishes reputation-based trust relationships among the entities (nodes) of a network. This enables an entity to predict the future behavior of other entities based on knowledge about their reputation and supports decision making in otherwise uncertain situations. Trust models are inspired by human society, where a person develops perceptions about the reputation of every other person they interact with. A reputation is built gradually, through continuous observation and interaction [6].

Govindan et al. [7] defined trust in WSNs as the subjective assessment by one node of another node for the reliability and the accuracy in receiving or transmitting information under specific circumstances. In this study, we define trust as the subjective assessment of whether one node’s behavior is normal (and therefore can be trusted) or not by another node, based on previous behavioral observations.

Trust evaluation in WSNs, also known as trust computation, involves calculating a truth value for each network node, based on trust evidence. The trust value of a node provides a measure of its trustworthiness. A node evaluates the trustworthiness of other nodes using trust evidence gathered through one or more of the following methods: (i) direct evaluation, which is based on the observed behavior of the evaluated node; (ii) indirect evaluation , which is based on recommendations for the evaluated node made by other network nodes, and (iii) iterative updates of historical and current evaluation values [7,8].

The numerical measurement of a piece of trust evidence is known as ‘trust metric’. A number of trust evidence collection and evaluation methods have been explored including for example Pearson’s correlation coefficient [9], link quality indicator (LQI) analysis [10], threshold-limiting methods [11,12,13], and Bayesian beta methods [10,14,15].

1.2. Research Problem and Questions

A number of studies have surveyed the application of trust models in WSNs. For instance, Muzammal et al. [16] explored IoT and RPL (routing protocol for low-power lossy networks) security. The authors analyzed the plausible attacks suggested use of trust models for routing protocol security. Alhandi et al. [17] conducted a review of trust assessment models for WSNs as part of an IoT security framework. Trust management techniques were examined by Tyagi et al. [18] who emphasized the potential of incorporating modern technologies like blockchain and machine learning (ML). Zhu et al. [19] focused on underwater WSN (UWSN) security and provided a classification of the security methods used.

In empirical research, studies have focused on specific DoS attack scenarios. For example, Rahamathullah et al. [20] proposed a lightweight trust-based security system for preventing distributed DoS (DDoS) attacks affecting RPL. The energy-efficient trust management and routing system developed by Wang et al. [21] mitigates selective forwarding and new flow attacks in software-defined WSNs (SDWSNs).

Additionally, most trust models are only evaluated through simulations, and their application and feasibility in real-world scenarios are unknown. Therefore, there is a need to develop trust models that can effectively address abroad spectrum of DoS attacks and be widely applicable in the real world.

This study seeks to establish a foundation for creating robust trust models that can identify and protect WSNs from a range of different types of DoS attacks by identifying the requirements for trust evidence gathering and the feasible trust evaluation approaches. In particular, this study examines the literature on trust models in WSNs to address the following main research question: What are the challenges for developing effective trust models for defending WSNs against DoS attacks?

The following specific research questions were formulated.

RQ1: What types of DoS attacks in WSNs can be addressed using trust models?

RQ2: What trust evidence is required to identify effectively DoS attacks?

RQ3: What approaches can be used to extract the required trust evidence?

RQ4: What methods for trust evaluation can be used?

1.3. Study Contributions

The study makes the following contributions:

• The study developed a comprehensive classification of the types of DoS attacks in WSNs that can be addressed using trust models including their key attack features and impact mechanisms. By analyzing the key features of these DoS attacks we identified the trust evidence that trust models required to recognize effectively DoS attacks.
• The study identified the optimal methods for extracting trust evidence and provided a comprehensive summary of trust evaluation methods
• The study identified the key challenges in applying trust models for the defense of WSNs against DoS attacks.

The remainder of this paper is organized as follows: The next section presents the methods used to identify the relevant research work used in this study. The Results section classifies the types of DoS attacks in WSNs that can be addressed using trust models. It identifies the requirements for trust evidence, compares and analyzes various methods for extracting trust evidence, and summarizes trust evaluation methods. The Analysis and Discussion section elaborates on the challenges to the deployment of trust models to counter DoS attacks in WSNs. The Conclusion section summarizes the work, outlines its limitations and suggests avenues for further research.

2. Methodology

We conducted a comprehensive literature review to identify, select and appraise critically the extant research relevant to the research questions. We adapted the literature review methodology proposed in [22] as it offers a structured method for the identification and analysis of the extant research in a specific area.

2.1. Inclusion and Exclusion criteria

As shown in Table 1, we chose studies published in English that concentrated on trust models targeting DoS attacks in WSNs. Topic in the field of SDWSNs were also included since SDWSNs are an evolving trend in developing optimized WSN architectures [23]. We excluded articles related to proposed AI and blockchain solutions since such solutions are not yet feasible to be implemented in resource-constrained sensor nodes. As we were interested in the specific technical details and characteristics of the trust models proposed in prior research, literature reviews were also excluded.

2.2. Search Strategy

The search repositories included SpringerLink, ACM Digital Library, IEEE Xplore, ScienceDirect; we also explored Google Scholar. We used the following search term: ("trust model*" OR "trust manag*") AND ("wireless sensor network*" OR "WSN*" OR "sensor network*") AND ("Denial of Service attack*" OR "DoS attack*").

2.3. Screening and Selection Process

The flowchart of the screening process and selection process is shown in Figure 1. We retrieved a total of 639 relevant documents from the five repositories.

Due to the advantages of RAYYAN [24], such as deleting duplication data automatically, keyword filtering, and the ability to use the mobile application offline, we chose RAYYAN as our screening tool. After excluding duplicates, the remaining 617 studies were screened based on title and abstract. For title- and abstract-based filtering, we applied several filters in RAYYAN. Keywords for inclusion were “dos”, “denial of service”, and “trust”, while exclusion keywords included “machine learning”, “artificial intelligence”, “blockchain”, “survey”, and “review”.

After applying the filters, the number of relevant studies was reduced to 75. During the full-text-based filtering, we excluded articles based on the criteria in Table 1. The full text screening resulted in a selection of 22 studies (15 journal articles and 7 conference papers) which were included in the review. These were published between 2004 and 2024, with 10 published in 2020-2024 (two published in 2023-2024).

2.4. Data Extraction and Synthesis Methods

From each study reviewed, we extracted information about authors, year published, type of trust evidence used by the trust evaluation model, the use of direct or indirect trust evidence, the method for calculating trust value, the representation and the range of trust values, the structure of the trust model (distributed or centralized), the model’s capability to detect and/or defend against DoS attacks, the types of DoS attacks addressed, the simulation tools used, and the intended application area of the trust model. The information is collated in (Appendix, Table A1).

3. Results

We conducted a detailed analysis of each study in the literature reviewed and applied a comparative analysis approach to investigate the specific research questions formulated in section 1.2. As seen in Appendix, Table A1, the majority of the reviewed models focus on traditional WSNs, as seen in studies such as [3,6,9,10,12,13,14,15,20,25,26,27,28,29,30,31,32,33,34]. While SDWSNs enhance the flexibility of the WSN and its management by separating network control from data forwarding and allowing the network to be dynamically adjusted and optimized according to actual needs [23,35], only four studies considered the use of trust models ([11,21,36,37]).

3.1. DoS attacks in WSNs

Other types of DoS attacks in WSNs identified in prior research include DDoS attacks (where several compromised nodes launch a DoS attack) [20], and the hard to detect low-rate DoS (LDoS) attack [34], which occupy network resources with processing intermittently sent, low-rate traffic. The new-flow attack aims to overload the SDWSN by sending messages that do not match the rules in the nodes’ flow tables [11,21]. When node receives such a message, it sends a new-flow control message to the network controller to request a new routing rule. The high volume of new-flow packets affects negatively the performance of the network. In a Sybil attack, a malicious node creates numerous fake identities to disrupt the network [6]. Vampire attacks drain the energy of sensor nodes, depleting their limited power supply [13]. Flooding attacks overwhelm nodes with excessive requests or data, exploiting network bandwidth and resources [15]. Hybrid attacks combine various attack strategies, increasing their complexity and effectiveness [9]. On-Off attacks manipulate trust evaluation mechanisms by switching between legitimate and malicious behaviors [26].

Bad mouthing and good mouthing attacks use the trust model itself to disrupt WSN operations. The target nodes of a bad mouthing attack become isolated and cannot participate in the network activities. In the good mouthing attack, the attacker attempts to camouflage other malicious node by deliberately manipulating their reputation [6,11,12,26]. Finally, we added to the table grey hole attacks and sinkhole attacks in WSNs as discussed by Webber et al. [38] as their key impact features are similar to the ones of black hole attacks.

Table 2. Types of DoS attacks in WSNs can be addressed by using trust models, impact mechanisms and key impact features.

Types of DoS attacks	Impact Mechanisms	Key Impact Features
1. Selective Forwarding Attack [21]	MLNs affect the availability of the network services by dropping to a targeted destination node.	Decreased PFR at the MLN Decreased ECR at the MLN
2. Black Hole Attack [11]	The MLN claims to have the best route causing all packets to be forwarded to it. It drops all forwarded packets.	Increased PRR at the MLN Zero PFR at the MLN
3. Grey Hole Attack [38]	A variant of the black hole attack. The MLN drops packets intermittently or selectively. The degradation of network performance is less detectable.	Increased PRR at the MLN Decreased PFR at the MLN
4. Flooding Attack [15]	The MLN sends a large number of connection requests or packets and forces the attacked nodes to exhaust their resources by processing an excessive number of invalid requests.	Increased PSR at the MLN Increased ECR the MLN
5. Sinkhole Attack [38]	The MLN falsifies routing information and causes network congestion by attracting a large amount of network traffic.	Increased PRR at the MLN
6. Sybil Attack [6]	The attacker disrupts the topology of the network by adding multiple fake nodes which reduces the efficiency of the routing and data transmission.	The appearance of multiple new nodes
7. Vampire Attack [13]	The MLN manipulates network routing protocols to direct packets along longer or circular paths; legitimate nodes consume more energy and fail prematurely	Increased ECR at legitimate nodes
8. DDoS Attack [20]	An enhanced version of the DoS attacks above; launched by multiple MLNs at the same time	As above; the attack originates from multiple MLNs
9. LDoS Attack [34]	The quality of service of the network is eroded slowly by sending intermittent, low-rate malicious traffic. It’s harder to detect	Slightly increased PSR at the MLN Slightly increased ECR at the MLN
10. Hybrid DoS attack [9]	Combines multiple attacks at the same time, such as sending malicious traffic while selectively dropping some legitimate packets.	It depends on the type of attacks in the mix
11. ON–OFF Attack [26]	The MLN switches randomly from attack to normal operation to prevent detection.	Switching behavior at the MLN
12. New-Flow Attack [21]	A flooding attack targeting the control plane of SDWSNs. The large number of new-flow control messages degrade network performance.	Increased PSR at the MLN Increased ECR at the MLN
13. Bad Mouthing Attack [6]	The MLN spreads false negative information about legitimate nodes, causing their trust value to degrade.	False trust information generated at the malicious node and propagated across the network
14. Good Mouthing Attack [6]	The MLN spreads false positive information about other MLNs.	False trust information generated at the malicious node and propagated across the network

Note: PFR- data or control packet forwarding rate; PSR-data or control packet sending rate; PRR- data or control packet receiving rate; ECR- energy consumption rate; MLN- malicious node.

Table 2. Types of DoS attacks in WSNs can be addressed by using trust models, impact mechanisms and key impact features.

Types of DoS attacks	Impact Mechanisms	Key Impact Features
1. Selective Forwarding Attack [21]	MLNs affect the availability of the network services by dropping to a targeted destination node.	Decreased PFR at the MLN Decreased ECR at the MLN
2. Black Hole Attack [11]	The MLN claims to have the best route causing all packets to be forwarded to it. It drops all forwarded packets.	Increased PRR at the MLN Zero PFR at the MLN
3. Grey Hole Attack [38]	A variant of the black hole attack. The MLN drops packets intermittently or selectively. The degradation of network performance is less detectable.	Increased PRR at the MLN Decreased PFR at the MLN
4. Flooding Attack [15]	The MLN sends a large number of connection requests or packets and forces the attacked nodes to exhaust their resources by processing an excessive number of invalid requests.	Increased PSR at the MLN Increased ECR the MLN
5. Sinkhole Attack [38]	The MLN falsifies routing information and causes network congestion by attracting a large amount of network traffic.	Increased PRR at the MLN
6. Sybil Attack [6]	The attacker disrupts the topology of the network by adding multiple fake nodes which reduces the efficiency of the routing and data transmission.	The appearance of multiple new nodes
7. Vampire Attack [13]	The MLN manipulates network routing protocols to direct packets along longer or circular paths; legitimate nodes consume more energy and fail prematurely	Increased ECR at legitimate nodes
8. DDoS Attack [20]	An enhanced version of the DoS attacks above; launched by multiple MLNs at the same time	As above; the attack originates from multiple MLNs
9. LDoS Attack [34]	The quality of service of the network is eroded slowly by sending intermittent, low-rate malicious traffic. It’s harder to detect	Slightly increased PSR at the MLN Slightly increased ECR at the MLN
10. Hybrid DoS attack [9]	Combines multiple attacks at the same time, such as sending malicious traffic while selectively dropping some legitimate packets.	It depends on the type of attacks in the mix
11. ON–OFF Attack [26]	The MLN switches randomly from attack to normal operation to prevent detection.	Switching behavior at the MLN
12. New-Flow Attack [21]	A flooding attack targeting the control plane of SDWSNs. The large number of new-flow control messages degrade network performance.	Increased PSR at the MLN Increased ECR at the MLN
13. Bad Mouthing Attack [6]	The MLN spreads false negative information about legitimate nodes, causing their trust value to degrade.	False trust information generated at the malicious node and propagated across the network
14. Good Mouthing Attack [6]	The MLN spreads false positive information about other MLNs.	False trust information generated at the malicious node and propagated across the network

Note: PFR- data or control packet forwarding rate; PSR-data or control packet sending rate; PRR- data or control packet receiving rate; ECR- energy consumption rate; MLN- malicious node.

3.2. Trust Evidence

In this section, we answer RQ2: What trust evidence is required to identify effectively DoS attacks? In resource-constrained WSNs, collecting large amounts of trust evidence leads to increased computational load, storage and communication overheads and higher network latency [21]. To identify the trust evidence sufficient for DoS identification, we analyzed the trust evidence used by each of the trust models in Appendix, Table A1.

As shown in Table 3, the trust evidence used in the majority of trust models reviewed belongs to two categories: communication trust evidence and energy trust evidence. Communication trust evidence includes the sending and the receiving rates of data and control packets and the forwarding rates of data and control packets. Energy trust evidence is the energy consumption rate.

Notably, some trust models used as evidence of additional trust features, such as packet loss rate or the packet delivery success rate between two nodes [12,30,31]. For the purposes of this study, we consider these metrics as link quality indicators rather than as trust metrics (see section 4 for a further discussion).

A comparing between Table 2 and Table 3 indicates that the trust evidence in Table 3 would be sufficient to identify ten of the attack types in Table 2. The exceptions (the Sybil attack, the on-off attack, and the bad/ good mouthing attacks) are not manifested explicitly in higher energy consumption or noticeable changes in packet transmission rates. However, these attacks can be countered through adjustments of the trust value, as shown in section 3.4).

As the main purpose of a WSN is to collect real-time data for further analysis [4], the accuracy of the data is critical: even if the network traffic characteristics and the energy consumption indicators at the WSN nodes are normal, the network is still unreliable or practically unavailable if the collected data are incorrect or not real-time. To include this quality requirement, we added ‘data trust evidence’ as a third category in Table 3.

3.3. Approaches to Extracting Trust Evidence

In this section, we address RQ3: What approaches can be used to extract the required trust evidence? We examined the trust evidence extraction methods in the reviewed models, performed a comparative analysis of these methods, and identified the optimal approach for extracting evidence for each of the trust evidence types in Table 3.

3.3.1. Extracting Packet Sending Rate

Most models use the observing node’s promiscuous mode ‘listening’ to extract this type of evidence. When the observing node detects a data or a control packet originating from a particular node, the respective sent packet counter adds one to the count. In promiscuous receiving mode, any packet that arrives within its receiving range (sent either to itself or to another node) is ither processed or discarded based on its destination address. The statistical information in node’s flow table is also updated. In addition to listening, Bin-Yahya et al. [11] employed as well a direct interaction approach in which the number of packets sent by a node is determined on the basis the direct interactions between the two nodes. This approach also involves retrieving interaction statistics from the flow table's statistical section.

Based on the above, we summarize the approach for collecting the packet sending rate (data and control packets) as follows. All sensor nodes enable promiscuous receiving mode. During an evaluation period, once a packet is received, the source address and packet type are used to identify the sending node, and the corresponding count is incremented accordingly.

3.3.2. Extracting Packet Receiving Rate

Among the models we reviewed, only two models used the receiving rate of data packets or control packets [12,26]. Both models used the packet receiving rate to calculate the packet loss rate. The extraction of the packet receiving rate was performed by tracking the packets received by the node during direct interactions.

We propose that the packet receiving rate can be used to detect attacks that attract traffic, such as blackhole and sinkhole attacks. The approach can be summarized as follows. The sensor node works in promiscuous receiving mode. By analyzing the destination address and type of each received packet, the node to which the data or control packet was sent can be identified, and the corresponding count can be increased accordingly.

3.3.3. Extracting Packet Forwarding Rate

Most models used listening and watchdog mechanisms to extract the packet forwarding rate. Bin-Yahya et al. [11] employed two variations of the listening and watchdog methods: one where the sender listens to the receiver, and another where a third party simultaneously listens to both the sender and receiver to gather evidence of the forwarding rate. They also used a method to determine the forwarding rate of control packets via ACK messages in SDWSNs. We believe the third-party method, which monitors both the sender and receiver simultaneously, is redundant with the sender-listening method and adds unnecessary complexity. For instance, a sensor node would need to initiate a watchdog for both the data packets it sends, and the source data packets it overhears. Additionally, the issue of duplicate records must be addressed.

Anwar et al. [26] mentioned extracting the forwarding rate by querying the statistical information from the traffic profiles of neighboring nodes. However, this method depends on interactions involving request and response messages related to traffic profiles, resulting in increased communication overhead.

On the basis of these observations, we summarize the approach for extracting the forwarding rate of data or control packets as follows. Sensor nodes enable promiscuous receiving mode and start a watchdog timer after sending a packet. If the destination node successfully forwards the packet before the watchdog expires, the successful forwarding count of the destination node is incremented by one; otherwise, the failed forwarding count of it is incremented by one.

The ACK-based method for extracting the control packet forwarding rate can serve as a supplement to the listening method. If either the forwarded packet or the ACK message is received by e sender during the monitoring period, it can be considered as a successful forwarding.

3.3.4. Extracting Energy Consumption Rate

We identified two methods for extracting the energy consumption rate. Wu et al. [10] calculated a node's energy consumption rate based on the residual energy parameter in the beacon message. Jinhui et al. [9] converted the energy consumption sequence of a sensor node during an operation cycle into a power consumption sequence. However, the second method relies on sensor nodes monitoring their own energy consumption with high precision. Given the large number and low cost of sensor nodes, achieving such high precision is not very realistic. Therefore, we propose that the optimal approach to extracting energy consumption trust evidence is to calculate a node's energy consumption rate using the residual energy parameter in the beacon information.

3.3.5. Extracting Data Accuracy

We examined how the data accuracy was extracted in the reviewed models. There are two main-stream approaches: the first approach involves extracting the data sequences collected by the evaluating node and the evaluated node separately and using a probability distribution method to assess the differences in the data sequences [10]. The second approach involves collecting all the data from neighboring nodes through the sensor node’s promiscuous receiving mode and using an outlier detection algorithm to verify the accuracy of the data [6].

We believe that an assessment using all neighboring data as a reference is more accurate than one based solely on the difference in data between two nodes. Therefore, we recommend the data accuracy extracting method, where the sensor node gathers data from all its neighboring nodes using promiscuous receiving mode and extracting the accuracy of this data using an outlier detection algorithm.

The points made above are summarized in Table 4. The table lists the methods identified in the literature and shows the approach considered as the most efficient.

3.4. Trust Evaluation Methods

In this section, we will seek the answer to RQ4: What are the methods for trust evaluation? As stated earlier, trust evaluation includes direct trust evaluations, indirect trust evaluation, and updating the trust value. On the basis of the characteristics of trust evidence, direct trust evaluation methods can divided into two categories: threshold-limiting methods and success-failure methods [11]. The threshold-limiting method can be used for evaluating packet sending and receiving rates and the energy consumption rate while the success-failure method can be used for evaluating the packer forwarding rate and the data accuracy.

3.4.1. Direct trust evaluation

• Threshold-limiting methods

In the models we reviewed, all evaluations of the packet sending rate and some evaluations of the energy consumption rate used the threshold-limiting method. However, the methods for setting thresholds and calculation varied. One of the simplest methods, and the one used by most models, is to set an upper limit threshold value. Once the evaluated metric exceeds this upper limit, the node is considered untrustworthy. For example ; in the trust-based technique for monitoring medical implants [3], the calculated trust value is binary, either 0 (untrustworthy) or 1 (trustworthy). The calculation method is shown in Equation 1

$$T=\left\{\begin{array}{c}0,D_{rate}\ge th\\ 1,D_{rate}<th\end{array}\right.$$

(1)

where $T$ represents the trust value, $D_{rate}$ represents the data packet sending rate, and $th$ represents the upper limit of the data packet sending rate. The threshold is set based on the patient’s environment (home, workplace, public places) and the specific metrics of different implants (heart rate, body temperature, blood pressure, etc.).

In ETMRM [21], the evaluation of new flows sending rate still uses an upper limit threshold. However, the trust value is not binary; instead, it decreases as the packet sending rate increases. The calculation method is shown in Equation 2:

$${PT}_{ij}\left(t\right)={\displaystyle \frac{1}{⌈\frac{{invl}_j}{F_{\tau }}⌉}}$$

(2)

where $F_{\tau }$is the maximum number of new flows a node can receive from one of its neighbors during a period $t$. It adapts to the actual network environment. ${invl}_j$ is the number of new flows node $j$ sends during period $t$.

In the TSW model [11], the upper limit threshold is divided into three levels, causing the trust value to decrease at different rates within different threshold intervals. The calculation method is shown in Equation 3:

$$T_{x,y}^{Metric}=\left\{\begin{array}{c}1,N_y\le \eta 1\\ 1-{\displaystyle \frac{\eta 1-N_y}{2\left(\eta 1-\eta \right)}},\eta 1<N_y\le \eta \\ {\displaystyle \frac{N_y-\eta 0}{2\left(\eta -\eta 0\right)}},\eta <N_y\le \eta 0\\ 0,othwise.\end{array}\right.$$

(3)

where $N_y$ represents the number of new flows send by node $y$ and $\eta$ represents the maximum number of expected data and packet-in messages from the sending node. The threshold points $\eta 1$ and $\eta 0$ are calculated as follows: $\eta 1=\eta /2$ and $\eta 0=\eta +\eta /4$.

We set the upper limit threshold value of the above three calculation methods to 50 and plotted the function curves of the three algorithms for comparison, as shown in Figure 3.

From the above figure, we can see that the methods corresponding to Equation 1 and Equation 2 maintain a state of trust until the evaluated metric reaches the threshold. After exceeding the threshold, the method corresponding to Equation 1 sets the trust value directly to 0, while the method corresponding to Equation 2 decreases the trust value gradually in a stepwise manner. In contrast, the method corresponding to Equation 3 starts to decrease the trust value linearly as the evaluated metric approaches the threshold, and after exceeding the threshold, it decreases linearly at a faster rate until it reaches 0. Based on the comparison the third method responds more promptly and sensitively to changes in trust metrics.

2.

Success-failure methods

The two most common approaches in success-failure methods are Bayesian beta methods and entropy-based methods. Ganeriwal et al. [6] analyzed in detail the applicability of Bayesian formulations and beta distributions to WSN trust systems. Calculating trust values using the Bayesian beta method is shown in Equation 4:

$$T_{ij}=E\left(R_{ij}\right)=E\left(Beta\left\{{\alpha }_j+1,{\beta }_j+1\right\}\right)={\displaystyle \frac{{\alpha }_j+1}{{\alpha }_j+{\beta }_j+2}}$$

(4)

where${\alpha }_j$ and ${\beta }_j$ represent the cooperative and noncooperative interactions between nodes $i$ and $j$, respectively (from the perspective of node $i$).

Bin-Yahya et al. [11] enhanced the Bayesian formulation by incorporating reward and penalty factors. These factors reward or penalize based on the number of successes or failures, as shown in Equation 5:

$$T_{x,y}^{Metric}={\displaystyle \frac{N_{x,y}^{+}+1}{N_{x,y}^{total}+2}}·{\displaystyle \frac{N_{x,y}^{+}}{N_{x,y}^{+}+1}}·{\displaystyle \frac{1}{\sqrt{N_{x,y}^{-}+1}}}$$

(5)

where $x$ is the evaluating node, which calculates the trust value and counts the number of success and failure hits, and $y$ is the evaluated node by node $x$. $N_{x,y}^{+}$ is the successful count that node $x$ has recorded about node $y$. $N_{x,y}^{-}$ is the number of failure hits that node $x$ experiences with node $y$. $T_{x,y}^{Metric}$ is the trust metric computed by $x$ for $y$. In Equation 2, the first term is the Bayesian factor and then the reward and penalty terms. The rewarding factor ensures a gradual increase in the trust value, whereas the penalty factor ensures a rapid decrease in the trust value after failure.

The entropy trust model uses an entropy function to calculate the trust value based on the Bayesian beta method so that the trust value is not a linear function of probability, as shown in Equation 6:

$$T_{Entr}=\left\{\begin{array}{c}1-H\left(p\right),for0.5\le p\le 1;\\ H\left(p\right)-1,for0\le p<0.5.\end{array}\right.$$

(6)

where $p$ is the trust value calculated using the Bayesian Beta method and where $H\left(p\right)$ is the entropy function defined as shown in Equation 7:

$$H\left(p\right)=-p{log}_{2}p-\left(1-p\right){log}_2\left(1-p\right)$$

(7)

Cho and Qu [28] applied source-level trust assessment on the basis of the Bayesian beta method and the entropy-based method, respectively. They verified through mathematical analysis and simulation experiments that in selective forwarding attack scenarios, it is much more difficult to obtain a high trust value in trust models using the entropy-based method trust model compared to trust models using the Bayesian beta method. This is because with the entropy-based method, nodes need to have a very low packet loss rate to obtain a high trust value. The entropy-based method trust model allows faster identification of attack victims as the increased number lost packets cause the trust value to decrease further. However, the computational complexity of the entropy-based method is higher than that of the Bayesian beta method.

A form of direct trust evaluation can be used to counter the Sybil attack. In Sybil, the attacker forges multiple new identities that appear as new nodes. As WSNs are open by nature and normally have a high node failure rate, the addition of new nodes is a common occurrence. Therefore, it is not easy to determine whether new nodes are fake or legitimate entities. To mitigate the risk, Ganeriwal et al. [6] propose to initialize all new nodes (physical or virtual) as ’untrustworthy’. The trust value of a legitimate new node will increase as the node successfully participates in transactions.

3.4.2. Indirect trust evaluation

Indirect trust evaluation helps improve the accuracy of the trust evaluation and accelerate the convergence time of the trust value calculations. Nodes can quickly obtain trust information about a specific node by leveraging the experiences of other nodes in the network. This allows us to build the trust system of the entire network in a timely manner. Table 5 shows a comparison of the indirect trust evaluation methods used in the trust models reviewed.

• Dempster–Shafer

Each node possesses both direct and indirect trust values for its neighbor nodes. When a node shares its trust value of a specific neighbor with other nodes, the question arises whether it should share the final combined trust value, which includes both direct and indirect trust, or only the direct trust value. In the studies we reviewed, only Ganeriwal et al. [6,29] analyzed this issue and noted that to avoid the same trust information circulating back to its origin point, nodes should broadcast only their direct trust values to their neighbors. They applied Dempster–Shafer belief theory to resolve the integration of direct and indirect trust metrics. The closed-form expression for the new trust metric after trust integration as shown in Equation 8 and Equation 9:

$${\alpha }_j^{new}={\alpha }_j+{\displaystyle \frac{2{\alpha }_k{\alpha }_j^k}{\left[\left({\beta }_k+2\right)\left({\alpha }_j^k+{\beta }_j^k+2\right)\right]+2{\alpha }_k}}$$

(8)

$${\beta }_j^{new}={\beta }_j+{\displaystyle \frac{2{\alpha }_k{\beta }_j^k}{\left[\left({\beta }_k+2\right)\left({\alpha }_j^k+{\beta }_j^k+2\right)\right]+2{\alpha }_k}}$$

(9)

where $({\alpha }_j,{\beta }_j)$ represents the trust metric of node $j$ maintained by node $i$ before integration, $({\alpha }_k,{\beta }_k)$ represents the trust metric of node $k$ maintained by node $i$, $({\alpha }_j^k,{\beta }_j^k)$ represents the trust metric of node $j$ received from node $k$ by node $i$, $({\alpha }_j^{new},{\beta }_j^{new})$ represents the trust metric of node $j$ maintained by node $i$ after integration.

2.

Arithmetic Mean

In the models we reviewed, except for RFSN, all models that include indirect trust directly propagate the calculated trust values during the indirect trust propagation process, rather than propagating trust metrics. These models generally use the arithmetic mean method to integrate the trust values provided by all recommenders. Then, the direct trust value is weighted and averaged with the integrated indirect trust value [12,13,20,26,33] as shown in Equation 10 and Equation 11:

$$IT={\displaystyle \frac{1}{k}}\sum _{m=1}^{k}DT\left(m\right)$$

(10)

$$FT=\alpha ·DT+\beta ·IT$$

(11)

where $IT$ represents the indirect trust value of evaluated node $j$, $k$ represents the number of recommenders, $DT\left(m\right)$ represents the direct trust of node $j$ evaluated by recommender $m$, $\alpha$ and $\beta$ are the weights for direct trust and recommended trust, respectively, with $\alpha +\beta =1$. The choice of weights depends on the specific application.

3.

Weighted Average

Other models use a weighted average method to integrate the trust values provided by all recommenders. Then, the direct trust value is weighted and averaged with the integrated indirect trust value [10,14,15], as shown in Equation 12, Equation 13 and Equation 14:

$$rec\_Trust=\sum _{x=1}^m{\phi }_x{dir\_Trust}_{rx}^j$$

(12)

$${\phi }_x={\displaystyle \frac{{dir\_Trust}_i^{rx}}{\sum _{x=1}^m{dir\_Trust}_i^{rx}}}$$

(13)

$$int\_Trust=\alpha ·dir\_Trust+\beta ·rec\_Trust$$

(14)

where $m$ denotes the number of recommenders, ${dir\_Trust}_{rx}^j$ represents the direct trust of node $j$ evaluated by recommender $rx$ , and ${\phi }_x$ denotes the weight of direct trust recommended by recommender $rx$. ${dir\_Trust}_i^{rx}$ represents the direct trust of recommender $rx$ evaluated by node $i$, $\alpha$ and $\beta$ are the weights for direct trust and recommended trust, respectively, with $\alpha +\beta =1$.

4.

Outlier detection

Some models [11,25,36] use similar methods as mentioned above but use outlier detection methods to calculate the ${\phi }_x$. They assign weight based on the degree of difference between the trust value given by a particular recommender and the average trust value given by all recommenders, as shown in Equation 15:

$${\phi }_x=1-\left|{dir\_Trust}_{rx}^j-{\displaystyle \frac{\sum _{x=1}^m{dir\_Trust}_{rx}^j}{m}}\right|$$

(15)

5.

Forgetting Curve

Gautam and Kumar [30] uses a forgetting curve to balance the values of direct trust and indirect trust. The calculation methods are shown in Equation 16, Equation 17 and Equation 18:

$$T_{idt}\left(i,j\right)=\sum _{k=1}^n{\displaystyle \frac{P_{k,j}}{P_{k,j}+N_{k,j}}}$$

(16)

$$T_{i,j}=c·T_{dir}\left(i,j\right)+\left(1-c\right)T_{idt}\left(i,j\right)$$

(17)

$$c=e^{-\beta {\displaystyle \frac{∆t}{\gamma }}}$$

(18)

where $T_{dir}(i,j)$ represents the direct trust value, $T_{idt}(i,j)$ represent the indirect trust value, $P_{k,j}$ represents the positive recommendation from node $k$ to node $j$, $N_{k,j}$ represents the negative recommendation from node $k$ to node $j$, $c$ is the forgetting curve function, $∆t$ is time difference between evaluation period, $\beta$ is time decay factor and $\gamma$ is cycle in forgetting curve.

6.

Intrusion Detection System

At the controller level, Isong et al. [37] use an intrusion detection system (IDS) module to analyze network statistics collected from each node to complete indirect trust evaluation. When the IDS detects network anomalies from the statistical data and identifies a node associated with these anomalies, the identified node is considered vulnerable or compromised. Consequently, the untrustworthiness of such a node increases by one, and its packet forwarding activities are temporarily halted.

Indirect trust evaluation methods can be used to defend the network against attacks such as bad/good mouthing. In this type of attack, the attacking node generates and propagates false recommendations across the WSN. While it may be hard to determine whether a recommendation is truthful, recommendations from nodes with ‘good’ trust value should be more reliable. This way, the trust value of the recommending node can be used to assign a weighting to the recommendation [6]. To address the risk of a previously trustworthy node becoming compromised and starting to spread false trust information, receiving nodes compare recommendations their receive. In the case of a significant deviation, a recommendation may be declared untrue [11]; the recommender's trust value will be decreased accordingly.

Indirect trust evaluation requires the sharing of trust information between nodes, which increases communication costs. As it should not affect normal data communication and should ensure that trust values are updated in a timely manner, it is suitable for the early stages of establishing the trust system. During stable operation, propagating trust information when there are significant changes in the trust values is a feasible approach.

3.4.3. Updating the Trust Value

We identified the models that use trust value update methods to address trust value ‘ageing’ (Table 6).

• Weighted Average

Most of the reviewed models [6,10,14,15,29,31,32,36] update the trust value using weighted average method, as shown in Equation 19:

$$T\left(t\right)=\theta ·T\left(t-1\right)+\left(1-\theta \right)·T\left(t\right)$$

(19)

where $\theta$ is the aging factor, $T(t-1)$ is the trust value of a particular node in the ${(t-1)}^{th}$ period, and $T\left(t\right)$ is the trust value of a particular node in the $t^{th}$ period.

2.

Improved Weighted Average

Bin-Yahya et al. [11] used an improved trust update mechanism to give more weight to the historical trust value when the current trust value is greater than the historical trust value, as shown in Equation 20:

$$T\left(t\right)=\left\{\begin{array}{c}\left(1-\alpha \right)T\left(t\right)+\alpha T(t-∆t),ifT\left(t\right)\le T(t-∆t)\\ \left(1-\left(\alpha +\beta \right)\right)T\left(t\right)+\left(\alpha +\beta \right)T(t-∆t),ifT\left(t\right)>T(t-∆t)\end{array}\right.$$

(20)

where $T\left(t\right)$ is the new trust value computed for the current window $∆t$ at time $t$, while $T(t-∆t)$ is the previous trust value calculated in the previous window at time $(t-∆t)$. $\alpha$ is an aging factor, $\beta$ is the newly defined aging factor, with $\alpha +\beta <1$.

3.

Time Lapses Function

Gautam et al. [30] use a time lapses function to dynamically balance historical trust values and current trust values. The calculation methods are shown in Equation 21 and Equation 22:

$$T^n=k·ST+\left(1-k\right)·T^{n-1}$$

(21)

$$k=\left\{\begin{array}{c}1-{\left({\displaystyle \frac{t_{n-1}-t_1}{t_n-t_1}}\right)}^2,If{t}_n>t_1\\ 1,otherwise\end{array}\right.$$

(22)

where $ST$ represents the current trust value, $T^{n-1}$ represents the previous trust value calculated in the previous window at time $t_{n-1}$, $k$ is the time lapses function.

Among the three methods, only the second method considers the impact of lower historical trust values. This means that nodes with poor past performance should be penalized by limiting the growth rate of their trust values. Therefore, the second method is the most effective one. For example, it can be used to defend against the On-OFF attack where the attacking node or nodes evade detection by stopping the attack for a period of time and then resuming it. The punishment for past bad behavior will lead to a very rapid decrease of trust value, making the malicious node untrustworthy and thus limiting the impact of the attack. As good past behavior is rewarded at a much slower rate, the malicious node will need more time before its trust value is sufficiently increased to be considered trustworthy.

4. Analysis and Discussion

The analysis of the findings described in the previous section to addresses the main research question of the study: to identify the challenges in developing trust models for the protection of WSNs from DoS attacks and provide directions for further research (sections 4.1- 4.4). Further analysis of the models reviewed highlighted trust routing and trust models for SDWSNs as well.

4.1. Threshold Limits

Threshold-limiting methods require thresholds limits to be set by the user in advance, usually based on expectations about network traffic such as the maximum number of data and control packet transmitted during a given time period [11]. As WSNs are application-driven, their performance requirements vary with the application context. Without significant practical experience, identifying the threshold appropriate for each particular context is a challenge to the development of feasible trust models for WSNs.

Closely integrating the trust model in the fabric of the WSN may help address the issue. For example, rather than comparing a node's trust metric to the corresponding threshold, the tuts model can include a comparison of the trust metrics of a suitable reference set of nodes, search for outliers. The detection of a flood attack provides an illustration: the evaluating node deploys promiscuous mode to monitor all nodes within its neighborhood and record their packet sending rate. The resulting datasets are forwarded to an outlier detection algorithm which identifies as malicious nodes with abnormal packet sending behavior.

4.2. Weighting Trust Evidence Metrics

Trust assessment involves allocating specific weights to the various evaluation metrics used. Most trust models rely on the WSN user to determining the correct weights [11,15,26]. However, this approach is not practical as it requires advanced understanding of the specific method used for trust evaluation.

To meet the challenge, Wu et al. [10] proposed the following method for assigning weights: First, a trust threshold is predefined. If the trust values of three trust metrics (communication trust metric, energy trust metric and data trust metric) are either above or below this threshold, the weights are evenly distributed among the three metrics. If some of the trust values are above the threshold and some are below, the metrics below the threshold are evenly redistributed with weights, while the metrics above the threshold are ignored to prevent the masking of malicious activity. This approach prevents attacks manifested in one trust evidence aspect from being masked by good performance in other aspects. However, the proposed trust model includes only three trust evidence metrics and therefore addresses only some DoS attacks. Second, assigning equal weights to trust metrics is not very accurate as the functionalities and the performance expectations of WSNs may differ significantly (e.g., some networks require higher data accuracy, whereas others require high volumes of network traffic). The lack of a reliable approach for weight allocation that does not require human intervention is an impediment to the development of trust models for the protection of WSNs.

4.3. Loss of Trust Information

Managing information loss refers to the problem of storing and distributing trust information effectively and efficiently. Trust models in WSNs can be distributed [6], or centralized [3]. In a distributed trust model, each node computes and stores its own trust value. If a node fails, the impact of subsequent loss of trust information will be limited to the neighbor not being able to evaluate the failed node. A typical method for managing trust information in a distributed trust model is storing a local copy of the network at each node along with a node backlist [20]. When a node broadcasts a DIO message to its neighbors, the node appends to it its own trust value and the blacklist. A somewhat similar approach was proposed by Anwar et al. [26] is also suitable for a distributed trust model: ne WSN nodes record trust evidence in their traffic profiles and share them with each other.

In a centralized trust model, trust value computation occurs at the nodes acting as heads of node clusters, or at the base station. Trust information is stored both at the cluster head (base station) and at the nodes. The trust evidence collected by nodes and/or preliminary trust evaluation results are sent to the respective cluster heads (base station). The cluster head (base station) stores these records and uses them to calculate, aggregate, and maintain the trust values of each member of the cluster, detects malicious nodes based on trust values, and takes countermeasures.

Several methods for recording and propagating trust information in centralized trust systems were proposed in the reviewed literature. In [13], the cluster head is responsible for gathering trust evidence from cluster members and forwarding it to the base station which maintains a comprehensive trust table. A similar table is proposed in [9], created and updates at the cluster head. For SDWSNs, Wang et al. [21] proposed to use the number of successfully forwarded/ failed to forward data and control packets and the number of new flow packets as metrics to calculate locally the node’s trust value, and to forward it to an aggregator node.

While the reviewed studies discuss the advantages and the applicability of the proposed methods for storing and managing trust information, they do not discuss specifics such as for how long should the trust information be stored? Are there any options for retrieving centrally stored trust information that has been lost? The second question is particularly challenging: in the case of irrevocable trust information loss in a centralized trust model the trust system of the entire WSN will need to be re-built.

4.4. Link Quality

WSNs often operate in unattended and open environments, where the quality of the radio transmission can be affected by factors such as the weather conditions. If the quality of the link between the evaluating node and the evaluated node is poor or unstable, packet loss may occur. This can result in calculating a low trust value for a non-malicious node. Assessing link quality ahead of trust value calculations may address the issue as the trust evaluation can be put on hold if the link quality is compromised, and reattempted later when the link becomes stable and reliable again [10] [15].

In wireless networks, the link quality indicator (LQI) is used as a measure of communication link quality. In the case of the most widely used radiofrequency CC2420, the LQI value is embedded in the received data packet; it varies from 0 to 255. An active node assesses the quality of a link between itself and a target node gathering LQI for a period of time and calculating the average. The average is compared to the threshold, e.g. 220 to determine of the link is stable or not [10].

However, using LQI in trust evaluation models may not be reliable due to the assumption of uniform network conditions. In environments where natural conditions may weaken the radio signal, this may lead to assigning low trust value to affected nodes which are otherwise trustworthy. Second, continuous monitoring of link quality indicators is a significant energy overhead. For example, Su et al. [15] developed a model for link quality assessment based on the packet received rate (PRR), the signal-to-noise ratio (SNR) and the LQI for assessing the quality of the link between two nodes A and B. As the model was designed for underwater environments in which signal attenuation is high, it may not be generalizable to terrestrial WSNs. Second, the SNR and PRR calculations rely on real-time measurements, which may be delayed or may be prone to errors in noisy environments.

Further research may consider incorporating adaptive thresholds for LQI or SNR based on historical data or on environmental factors to reduce reliance on static thresholds and to enhance model adaptability. Continuous monitoring of links could be replaced with periodic sampling to improve energy efficiency.

4.5. Authentication Delay

Most of the reviewed trust models imply the use of cryptography-based node authentication. However, the lengthy signature verification process may affect the calculation of the trust value [32]. To mitigate the risk, Lyu et al. [32] proposes the sharing of authentication information between neighbors rather than authenticating every received message. The approach aims to achieve a balance between the security and efficiency needs of the WSN. However, this approach assumes that neighboring nodes can be trusted to share accurate authentication data, which introduces potential vulnerabilities. For example, malicious nodes could manipulate this process by providing false authentication data to undermine trust evaluation or prioritize their own messages.

Future models could dynamically adjust authentication probabilities based on real-time network conditions. For instance, historical trust scores, packet loss rates, and environmental data could be used to predict high-risk nodes or events, enabling a smarter and more adaptive selective authentication approach.

4.6. Trust-based Routing

While trust models can defend WSNs against DoS attacks that cause observable changes in node behavior, they are less effective in stopping attacks that lead to network resource overuse or communication breakdown. Several of the reviewed studies explored the use of trust information by routing protocols as a means of strengthening the defense of the WSNs. For example, the trust model proposed by Rani et al. [33] works within a routing protocol. The cluster head that controls intra-cluster communication uses trust information to prevent communication with untrustworthy nodes. The trust evidence includes the number of successful or failed data transmissions between the cluster head and the sensors in the cluster or between the cluster head and other cluster heads. However, the model does not consider node authentication and does not take into account data/control packet forwarding metric which limits the range of DoS attacks it can counter. Somewhat similarly, the routing protocol proposed in [32] uses trust information to select forwarding nodes and achieve better transmission efficiency. In addition, each node is assigned a verification probability that is dynamically adjusted which makes the network more resistant to DoS attacks. However, the trust model focuses mainly on packet forwarding trust evidence. It ignores other direct trust evaluation metrics and also, does not consider indirect trust evaluation. Finally, the SDWSNs trust routing protocol proposed in [21] considers the trust values and the remaining energy of the nodes when selecting a data transmission path. However, the model is rather complex as it operates both in the control and the data planes of the network and involves multiple network layers (base stations, controllers, cluster heads, and other sensor nodes) and the network’s functional layers (control plane and data plane). The trust model also needs further refinement.

The models reviewed show that trust-based routing in WSNs is a promising approach to mitigating the impact of DoS attacks in WSNs. However, the reviewed models do not are neither limited, or too complex to be implemented. In addition, they do not consider the critically important data accuracy trust evidence. Further research is needed to develop effective and feasible trust-based routing protocols for WSNs.

5. Conclusion

This literature review comprehensively summarizes the DoS attacks in WSNs that can be addressed through trust models, based on the definition of DoS attacks and the new types of DoS attacks that have emerged with the development of WSNs.

5.1. Comparison with Prior Work

There have been numerous survey articles on trust models that include WSNs. For example, Muzammal et al. [16] reviewed research work from 2011 to 2020 related to IoT and WSN security and summarized routing-related attacks. More recently, Tyagi et al. [18] examined trust management research in IoT from 2008 to 2022 and identified trust-based internal attacks. Alhandi et al. [17] also considered research on attacks in IoT contexts but equated DoS attacks with flooding attacks, and their summary did not include black hole attacks, gray hole attacks, sinkhole attacks, LDoS, vampire attacks, and new-flow attack. Zhu et al. [19] summarized the range of attacks from the physical to the application layer in UWSNs but also have the limited range of attacks considered in the research work reviewed. The most recent review of trust models and approaches in IoT provides a managerial perspective on IoT security management, including WSN security [39].

Most of these reviews have broadly categorized trust models, architectures, and trust evaluation methods. This study examines the entire trust evaluation process and classifies and compares specific trust evaluation methods based on direct and indirect trust evaluation and trust value updates. Furthermore, the literature review summarizes trust evidence extraction methods which are critical for in trust model design but are not covered in other reviews. In summary, the findings of the literature review and the recommendations provided can be used as a practical reference by trust model designers.

5.2. Summary and Directions for Further Research

This study identified the trust evidence needed to develop effective trust models for the detection of DoS attacks in WSNs and for the mitigation of their impact, the optimal trust evidence extraction methods and the appropriate trust evaluation methods. Further research needs to consider the three significant challenges that emerged: determining the threshold limits in trust evaluation, assigning trust metric weightings, and managing trust information loss. In addition, further research is needed on trust models for countering DoS attacks in the SDWSN domain. It is essential to ensure a high security standard when employing an SDWSN architecture in large-scale and geographically dispersed applications of WSNs.

Design considerations to guide the development of future trust models include the impact of link quality on trust evaluation, the impact of authentication delay on the trust evaluation, and the need to integrate trust models with routing protocols to actively defend against attacks rather than only focusing on detection.

5.3. Study Limitatinos

This study has several limitations. First, the literature review is limited to studies published in English. Second, the review focuses solely on the research of trust models for dealing with DoS attacks in WSNs. It does not cover studies of trust models related to other security issues, such as privacy protection and access control, or other concerns like data aggregation and filtering. Third, to streamline our study, we excluded research involving AI and blockchains. These limitations can be overcome in further studies.