International Journal of Electrical and Computer Engineering (IJECE) Vol.
No.
October 2025, pp.
ISSN: 2088-8708.
DOI: 10.
11591/ijece.
Energy evaluation of dependent malicious nodes detection in Arduino-based internet of things networks Moath Alsafasfeh1,2.
Abdullah Alhasanat1.
Samiha Alfalahat1 Department of Computer Engineering.
College of Engineering.
Al-Hussein Bin Talal University.
MaAoan.
Jordan Department of Electrical and Computer Engineering.
College of Engineering.
Tuskegee University.
Alabama.
United States Article Info
ABSTRACT
Article history:
Detection of malicious nodes in the internet of things (IoT) network consumes power, which is one of the main constraints of the IoT network To evaluate the energy-security trade-off for malicious node detection, this paper proposes an Arduino-based system for dependent malicious nodes (DMN) detection.
The experimental work using Arduino and radio frequency (RF) modules was implemented to detect dependent malicious nodes in an IoT network.
The detection algorithms were evaluated in terms of energy efficiency.
The experiment comprises a coordinator node with five sensor nodes and varying malicious nodes.
The results assess the detection algorithms in terms of distinguishing between normal and malicious behaviors and their impact on energy efficiency.
The experiment demonstrated that the detection system could identify the malicious nodes.
Additionally, the effect of increasing the number of sensors or malicious nodes on the suggested detection algorithmAos energy usage is evaluated.
Received Nov 26, 2024 Revised Jun 23, 2025 Accepted Jul 12, 2025 Keywords:
Arduino Energy efficiency Internet of things Malicious detection Wireless sensor network This is an open access article under the CC BY-SA license.
Corresponding Author:
Samiha Alfalahat Department of Computer Engineering.
College of Engineering.
Al-Hussein Bin Talal University Mohammad Alkhattab St.
MaAoan.
Jordan Email: samiha mosa@ahu.
INTRODUCTION
The internet of things (IoT) emerges as a prominent technology reshaping the digital landscape, facilitating seamless communication among myriad interconnected nodes via a shared network .
, .
With its versatility.
IoT finds applications across various domains, notably in enhancing target detection within military and security domains .
Specifically, wireless sensor networks (WSN.
are deployed to monitor potential targets, known as target-detection WSNS (TD-WSN.
, wherein sensor nodes collect data on target activities .
Ae.
The gathered data is centralized at a central entity (CE) responsible for determining the targetAos status.
However, the presence of malicious nodes can compromise detection accuracy by injecting false data .
As is often known.
IoT devices are powered by batteries.
changing and recharging them may be costly and tedious .
Thus, power consumption is a crucial factor that affects IoT system performance .
, .
The presence of a malicious entity may impact both the performance of the IoT network and the power consumption of all participating nodes.
Identifying malicious nodes is critical for system and network operation .
thus, it is vital to discover unusual behavior in IoT devices and develop adaptive and creative anomaly detection algorithms or methods for detecting hazardous nodes .
Our proposed architecture includes several distributed nodes that broadcast their decisions depending on the target status to the central authority via time division multiple access (TDMA) scheduling.
The central authority collects these decisions and applies the K-of-N rule to determine the global state of the target .
Journal homepage: http://ijece.
ISSN: 2088-8708
A sophisticated form of malicious nodes, termed dependent malicious nodes (DMN.
, has garnered recent attention .
, .
Ae.
DMNs adjust their attack strategy based on othersAo performance, making detection challenging.
These nodes listen to sensing results from other nodes, altering their own data to influence global decisions only when necessary .
, .
A study in .
emphasizes the importance of the number of nodes a DMN can hear.
To detect DMNs in TD-WSNs utilizing a TDMA reporting style, a scheme is proposed to change reporting orders and monitor node performance.
Nodes showing divergent performance when reporting order changes are identified as DMNs.
While this scheme shows promise, it primarily addresses binary target states, whereas practical applications often involve multiple states.
Another study extends this scheme to multistate TD-WSNs .
Balbudhe et al.
proposed a project that intends to reduce industrial energy consumption by increasing IoT for remote energy parameter monitoring systems.
The system includes a microcontroller, global positioning system (GPS) and global system for mobile communications (GSM) system, smart meter, internet of things device, and current transformer (CT).
The projectAos purpose is to remove excessive human labor required for energy audits while also providing a complete energy monitoring solution.
The study .
aims to develop an industrial internet of things (IIoT) and edge computing based system for monitoring energy use in a manufacturing floor using wireless and wired energy meters.
The system uses the message queuing telemetry transport (MQTT) protocol to deliver data at a one-minute interval, which is saved on a database server and analyzed by an edge instance to extract analytical metrics, focusing on kilowatt-hour .
for comparison analysis.
The study found that deactivating data processing reduced central processing unit (CPU) utilization but maintained constant memory usage, suggesting the system could improve corporate edgeAefog computing technologies for remote applications.
The study in .
used energy monitoring (EnerMo.
, an internet of things long range (LoR.
system, to track power use and waste in multiple places.
The investigation discovered wasteful power use in auditoriums, pool heaters, water pumps, and electric boilers, stressing the need for more effective and efficient energy management Abba et al.
have developed a low-cost autonomous sensor interface for a smart IoT-based irrigation monitoring and control system.
The system senses the environment and reacts based on sensed data, allowing for dynamic system management without human intervention.
A microcontroller receives signals from soil sensors, turning off relay circuits controlling the water pump.
The data is sent to a cloud for user viewing.
Maintaining moisture levels between 100% and 400% is crucial for efficient irrigation.
Kanakaris et al.
presents an IoT system that monitors temperature and luminosity in a data center using MQTT.
It analyzes power consumption by Wemos, a firmware application in C, and uploads data to the NodeRed MQTT Broker.
The NodeMCU serves as a station between routers and nodes, receiving data from Wemos and loaded onto Raspberry Pi 2.
The system displays real-time data, including power usage and missed packets, and prevents retransmissions to extend battery life.
The system demonstrated comparable power consumption performance over 21 iterations.
The platform designed in .
manages solar-powered wireless sensor nodes in industrial IoT applications, focusing on low-cost voltage sensor It checks and analyzes Arduino prototypes.
The experiment focuses on sensor accuracy and voltage-related metrics.
The solution improves the efficiency of solar power generation and offers optimal IIoT operation settings.
The results indicate that it can properly estimate solar panel production.
This paper elaborates on the previous studies .
, .
by conducting a practical testbed using Arduino nodes and radio frequency (RF) modules.
The main objectives of the experiment are to assess various dependent malicious nodesAo impact on target-detection wireless sensor networks, explore effective parameters influencing TD-WSN performance, and evaluate the energy efficiency of a malicious detection algorithm proposed in the work conducted in .
Abedin et al.
offer an energy-efficient technique for scheduling the duty cycles of various sensors in green internet of things (Green-IoT) systems.
The algorithm operates in three phases: on-duty, pre-off duty, and off-duty.
On-duty devices have full functionality, whereas pre-off devices have reduced computational capabilities.
Off-duty states conserve energy in a variety of ways, including hibernation, sleep, and power-down.
The suggested energy-efficient algorithm successfully schedules the duty cycle of numerous sensors and appliances, resulting in fewer devices and higher service quality.
Another study in .
demonstrates long range wide area network (LoRaWAN)Aos appropriateness for low-power, long-range networks, establishing it as a feasible protocol for Internet of Things applications.
It minimizes transmission time, data rate, and bit error rate while optimizing battery life, spreading factor (SF), and bandwidth (BW).
METHOD
The proposed system architecture comprises three primary parts: sensor nodes.
RF communication links, and a coordinator, as shown in Figure 1.
In this experimental setup, the system consists of Int J Elec & Comp Eng.
Vol.
No.
October 2025: 4983-4992
Int J Elec & Comp Eng
ISSN: 2088-8708
five nodes in total: four normal and one malicious node.
Each node makes its decision based on the sensed data and communicates it to the coordinator node via RF wireless communication.
The coordinator is responsible for aggregating and analyzing these decisions and identifying potential malicious behavior.
In the following sections, the structure of the main types of nodes, sensor nodes, malicious nodes, and the coordinator, is explained in detail.
Figure 1.
The proposed system architecture .
system model .
implemented model Sensor nodes The normal sensor node consists of Arduino Uno, a pushbutton, and an RF transceiver as shown in Figure 2.
Arduino Uno is used as the main microcontroller for the sensor node.
Instead of using a sensor to sense the target, we have used push buttons and LEDs to indicate the target status as present or The red color indicates the target is present while the green color indicates that the target is absent.
The RF transceiver is used to send a nodeAos local decision every communication round to the coordinator.
have used RF24Ln as an RF transceiver model in this experiment.
Figure 2.
Sensor nodes .
normal sensor node .
malicious node Energy evaluation of dependent malicious nodes detection in A (Moath Alsafasfe.
A ISSN: 2088-8708 Malicious nodes The malicious node consists of Arduino Uno.
LEDs, and RF transceivers.
Arduino Uno is used as the main microcontroller of the malicious node.
The LED is used to indicate the output of the target status as present or absent.
The red color indicates the target is present, while the green color indicates that the target is absent.
The RF transceiver is used to send a malicious decision to the coordinator during every communication round.
The malicious node could be either static .
or dynamic .
The static malicious nodes could further appear as independent always-one (IAO), independent always-zero (IAZ), or independent always-false (IAF).
Pseudo-codes of Algorithm 1 show these malicious typesAo of functions, respectively.
Algorithm 1 yields the behavior of an independent malicious sensing node.
The IAO node sends a state of the present target regarding the actual sensing, yielding a high false alarm probability but a high detection probability when the target is present.
In contrast, the IAZ node sends an absent target where the system generates no false alarms.
Yet, it has poor detection since the target is continually ignored.
In Algorithm 1, the node tries to flip the true target status by IAF node sending an incorrect state, and this is the most disruptive Algorithm 1.
Independent malicious node types 1: if Mtype == lo then Decision Ia 1 3: else if Mtype == lz then Decision Ia 0 5: else if Mtype == lf then Decision Ia False Decision 7: end if n Always-One type n Always-Zero Type n Always-False Type Similarly, the dynamic malicious nodes may act as dependent always-one (DAO), dependent alwayszero (DAZ), or dependent always-false (DAF).
Pseudo-codes 4 to 6 show the function of these malicious types.
The Algorithms 2, 3, and 4 demonstrate the behavior of a dependent malicious node based on always-one, always-zero, and always-false, in which this node decides to send one or zero only when its decision can influence the global decision taken by the coordinator, and send the wrong decision only when it can impact the outcome.
By adopting this behavior, the node acts maliciously selectively to avoid detection.
In our experimental scenarios, various numbers and types of malicious nodes have been used.
For the previous algorithms, initialization should be started by defining: the number of nodes ycA, ycNycaycyciyceycycycycaycycyc , ycNycycyceyccyceycaycnycycnycuycu , yaycaycoycyceyccyceycaycnycycnycuycu , ycAycuycyccyceyc , ycAycycycyyce , and ycIyccyceycaycnycycnycuycu .
Algorithm 2.
DAO malicious node types 1: if Mtype == DAO then ycA if Morder O Decision Ia 1 s Ia 0 for i = 1 to Modrder Oe 1 do if Rx-Decision.
Oe .
== TRUE-Decision then s Ia s 1 end if end for if True-Decision == 0 and s > Decision Ia True-decision ycA Decision Ia 1 end if end if 17: end if Coordinator The coordinator node consists of an Arduino Mega and an RF transceiver.
Arduino Mega is used as the main microcontroller of the coordinator node.
The coordinator nodeAos main task is to receive the nodesAo local decisions to make global decisions.
In addition, the coordinator node is responsible for detecting and identifying malicious nodes.
As shown in Algorithm 5, after initialization, the coordinator sends a beacon message to the selected node, including the node identifier.
Hence, all nodes identify the order and return their Int J Elec & Comp Eng.
Vol.
No.
October 2025: 4983-4992
Int J Elec & Comp Eng
ISSN: 2088-8708
decision to the coordinator.
A decision buffer is updated with fresh decision values.
The coordinator then checks if all nodes have been contacted before proceeding to the next round.
After completing the maximum number of rounds, the malicious node detection mechanism is enabled, where there is a shuffle in the nodesAo order for the next turn.
Finally, reporting is resumed.
Algorithm 3.
DAZ malicious node types 1: if Mtype == DAZ then ycA if Morder O Decision Ia 0 s Ia 0 for i = 1 to Morder Oe 1 do if Rx-Decision.
Oe .
== TRUE-Decision then s Ia s 1 end if end for ycA if True-Decision == 1 and s > Decision Ia True-decision Decision Ia 0 end if end if 17: end if Algorithm 4.
DAF malicious node types 1: if Mtype == DAF then ycA if Morder O Decision Ia False-Decision s Ia 0 for i = 1 to Morder Oe 1 do if Rx-Decision.
Oe .
== TRUE-Decision then s Ia s 1 end if end for ycA if True-Decision == 0 and s > Decision Ia True-Decision ycA else if True-Decision == 1 and s > Decision Ia True-Decision Decision Ia False-Decision end if end if 19: end if Algorithm 5.
Coordinator 1: Initialization:
Define Number of Nodes (N ).
Max Iteration (Tma.
Initial Iteration (Tn = .
, index 2: Start Reporting 3: while Tn < Tmax do for index = 0 to N Oe 1 do Send message to node with data.
Receive decision from the node end for if index > (N-.
then Proceed to the next round Reset index Tn Ia Tn 1 end if if Tn Ou Tmax then Perform malicious node detection Shuffle the order of nodes for the next turn Tn Ia 0 Resume Reporting end if 19: end while In Algorithm 6, the malicious node type is identified by calculating the probability of one for each There are three main categories: independent malicious, dependent malicious, and normal node.
The node is classified as a dependent malicious node if the current probability value is greater than the previous Energy evaluation of dependent malicious nodes detection in A (Moath Alsafasfe.
A ISSN: 2088-8708 value plus a threshold value or less than the previous value minus the threshold.
If this condition is met, then the probability magnitude determines the dependent malicious, whether itAos dependent always one, dependent always zero, or dependent always false.
If the condition is not met, then the node is classified as an independent malicious node.
Also, the magnitude of the likelihood defines the Independent malicious node type, which is the same as the dependent malicious.
The node is considered a normal node if the behavior is within an acceptable range around the target probability H0.
Algorithm 6.
Malicious detection 1: Initialization:
Define: E=0.
Threshold (OI).
Max Iterations (Tma.
Target Probability (H.
Independent One (IO).
Independent-Zero (I.
Independent-False (I.
Dependent One (D.
Dependent Zero (D.
Dependent False (D.
Number of Nodes (N.
2: for each node i in N do for each round j up to Tmax do Calculate new value of E E Ia E D buff.
Estimate Pi,n if Pi,n > (Pi,n,temp OI) or Pi,n < (Pi,n,temp Oe OI) then if Pi,n == 0 then Dz Ia Dz Sn else if Pi,n == 1 then Do Ia Do Sn Df Ia Df Sn end if if Pi,n == 0 then lz Ia lz Sn else if Pi,n == 1 then I0 Ia I0 Sn else if (H0 Oe OI) O Pi,n O (H0 OI) then If Ia If Sn Nm Ia Nm Sn end if end if end for 27: end for RESULTS AND DISCUSSION In this section, the performance of the proposed malicious detection algorithm is assessed.
The evaluation process considers the accuracy of dependent malicious node detection and the energy cost associated with the detection process.
The required energy consumption for successful detection is measured to evaluate the energy efficiency (EE) of the system.
The evaluation included experiments conducted with different numbers of sensors and different malicious nodes.
Performance of the detection algorithm The performance of the detection algorithm 6 is evaluated for each node individually.
The performance is measured in terms of the P1 value, which according to .
calculated using 1.
ycE1 = OcycN ycn=1 ycoycn where l denotes the local decision of a node at round i, and T is the maximum number of rounds.
Two scenarios are considered.
In the first scenario, we consider three normal sensor nodes and two malicious nodes with one IAF and IAZ.
Note that the target status is set to 0, false-alarm probability of the target is 0.
The performance of each node is plotted in Figure 3.
Since the target is assumed absent and the false-alarm is 0.
2, it is expected that the value of P1 of normal nodes will be nearly 0.
otherwise, the node will be identified as malicious.
It is clear from this figure that Node 1, 2, and 3 are behaving normally, however.
Nodes 4 and 5 demonstrated malicious behavior.
Specifically, the P1 value due to Node 5 is 0, indicating that the node is IAZ, while the P1 value due to Node 4 is nearly 0.
8, indicating that this node is malicious or IAF.
In the second scenario, nodes 3 and 4 act as DAZ and DAF.
respectively, while other nodes are kept Then the performance of all nodes is plotted in Figure 4.
It is clear from this figure that Nodes 1, 2, and 5 have almost identical performance.
On the other hand.
Nodes 3 and 4 have abnormal behavior.
Int J Elec & Comp Eng.
Vol.
No.
October 2025: 4983-4992
Int J Elec & Comp Eng
ISSN: 2088-8708
Figure 3.
Performance of nodes in terms of P1 at every 100 rounds .
normal nodes and two malicious with IAZ and IAF) Figure 4.
Performance of nodes regarding P1 at every 100 rounds .
normal nodes and two malicious with DAZ and DAF) Impact of the number of nodes on EE In the first measurement set, we study the impact of increasing the number of nodes on the energy consumption of the coordinator.
As shown in Figure 5, the energy consumption increased from about 75 Wh at three nodes to 2 Wh at five nodes.
On the other hand, it seems that the number of malicious nodes has no significant impact on energy consumption.
This is clear for both three and five-node scenarios.
Figure 5.
Number of malicious nodes versus energy consumption at three and five nodes scenarios Energy evaluation of dependent malicious nodes detection in A (Moath Alsafasfe.
A ISSN: 2088-8708 Impact of using malicious detection on EE Next, we study the impact of using a malicious detection algorithm on the EE.
Figure 6 shows the energy consumption of the three and five-node scenarios: one with the malicious detection algorithm and the other without.
It is clear that when there is a small number of nodes .
, three nodes scenari.
there is a negligible difference in energy consumption with and without the presence of a malicious detection algorithm.
However, when the number of nodes increased to five nodes, the malicious detection algorithm increased energy consumption from 1 to 1.
3 Wh, which is about 30%.
Figure 6.
Number of sensor nodes versus energy consumption with and without malicious detection CONCLUSION In this paper, an experimental study was conducted to evaluate the performance of the malicious node detection and identification algorithms proposed in previous research.
The primary objective was to assess both the accuracy and energy efficiency of these algorithms within an IoT Network.
The experimental setup included one coordinator and five sensor nodes, with various numbers and types of malicious nodes introduced to simulate realistic attack scenarios.
The results demonstrated that the detection algorithm was effective in distinguishing between normal and malicious nodes, successfully identifying both the presence and type of malicious behavior.
Additionally, the energy efficiency of the algorithm was evaluated, with the analysis revealing how its energy consumption varied with changes in network configurations specifically when increasing the number of malicious nodes or the total number of sensor nodes.
These findings offer valuable insights into the scalability and practical deployment of the proposed method in larger or more dynamic WSN environments.
The results validate the algorithmAos effectiveness in terms of both accuracy and energy Future enhancements could focus on improving detection speed and testing the algorithm under a broader range of operational and environmental conditions.
ACKNOWLEDGEMENTS
The authors would like to thank the NATO/Science for Peace and Security Program for co-funding the project.
Developing Physical Layer Security Schemes for Internet of Things Networks, under grant number SPS G5979.
REFERENCES