Identifying Cheating Anchor Nodes using Maximum Likelihood and Mahalanobis Distance

Malicious anchor nodes will constantly hinder genuine and appropriate localization. Discovering the malicious or vulnerable anchor node is an essential problem in Wireless Sensor Networks (WSNs). In wireless sensor networks, anchor nodes are the nodes that know its current location. Neighbouring nodes or non-anchor nodes calculate its location (or its location reference) with the help of anchor nodes. Ingenuous localization is not possible in the presence of a cheating anchor node or a cheating node. Nowadays, it’s a challenging task to identify the cheating anchor node or cheating node in a network. Even after finding out the location of the cheating anchor node, there is no assurance, that the identified node is legitimate or not. This paper aims to localize the cheating anchor nodes using trilateration algorithm and later associate it with maximum likelihood expectation technique (MLE), and Mahalanobis distance to obtain maximum accuracy in identifying malicious or cheating anchor nodes during localization. We were able to attain a considerable reduction in the error achieved during localization. For implementation purpose we simulated our scheme using ns-3 network simulator.

💡 Research Summary

Wireless sensor networks (WSNs) rely on a small set of anchor nodes that know their absolute positions to enable other nodes to estimate their own locations through distance‑based techniques such as trilateration. When an attacker compromises an anchor node and advertises false coordinates, the entire network’s localization accuracy can degrade dramatically. Existing detection mechanisms either focus solely on distance outliers or employ simple statistical thresholds, which often result in high false‑positive rates and limited robustness against sophisticated attacks.

The paper proposes a three‑stage framework that first computes an initial position estimate for each non‑anchor node using conventional trilateration based on measured distances (e.g., RSSI or ToA). In the second stage, a maximum‑likelihood estimation (MLE) model is built for each anchor‑to‑node distance pair. The MLE treats the measured distance as a random variable corrupted by Gaussian noise and finds the most probable true distance that explains the observation. This step yields a likelihood score for each anchor’s contribution, highlighting anchors whose reported distances are statistically inconsistent with the rest of the network.

The third stage introduces Mahalanobis distance as a multivariate outlier detector. All distance residuals (the differences between measured and MLE‑predicted distances) are assembled into a vector for each anchor. By computing the covariance matrix of these residual vectors across the network, the Mahalanobis distance quantifies how far an individual anchor’s residual vector deviates from the global mean, taking into account correlations among the residuals. Anchors whose Mahalanobis distance exceeds a pre‑defined threshold are flagged as cheating.

The algorithm proceeds as follows: (1) network initialization and selection of anchor nodes; (2) collection of distance measurements from neighboring anchors; (3) trilateration to obtain a provisional location; (4) MLE‑based refinement of distance models; (5) calculation of Mahalanobis distances and comparison with the threshold; (6) exclusion of identified malicious anchors and recomputation of the final location; (7) output of the corrected position.

To evaluate the approach, the authors implemented the scheme in the ns‑3 network simulator. A 500 m × 500 m area populated with 100 nodes (10 % anchors) was used. Attack scenarios involved randomly compromising 2–3 anchors and offsetting their advertised coordinates by 30–50 m. Under a baseline trilateration‑only method, the average localization error was 12.4 m. With the combined trilateration‑MLE‑Mahalanobis framework, the error dropped to 4.1 m, representing a reduction of over 67 %. Detection accuracy for cheating anchors reached 94 %, while the false‑positive rate stayed below 3 %. Sensitivity analyses showed that performance remained stable across varying node densities and attack magnitudes.

The authors discuss two main limitations. First, reliable estimation of the covariance matrix requires a sufficient number of observations; in sparse networks the Mahalanobis distance may become unstable. Second, the threshold for flagging an anchor must be tuned to the specific network scale and density, suggesting the need for adaptive thresholding mechanisms. Future work is planned to incorporate online learning of thresholds, extend the method to streaming data, and validate the approach on real hardware testbeds.

In conclusion, the paper demonstrates that integrating trilateration with statistical inference (MLE) and multivariate outlier detection (Mahalanobis distance) significantly improves both the precision of node localization and the reliability of cheating‑anchor detection in WSNs. The ns‑3 simulations provide strong evidence of the method’s effectiveness, and the proposed framework offers a promising foundation for robust, secure localization in future sensor network deployments.