Sybil Attacks and Their Defenses in the Internet of Things

CTN Issue: November 2014

Authors: Kuan Zhang (University of Waterloo, Canada), Xiaohui Liang (Dartmouth College, USA), Rongxing Lu (Nanyang Technological University, Singapore), and Xuemin Shen (University of Waterloo, Canada)
Title: “Sybil Attacks and Their Defenses in the Internet of Things”
Publication: IEEE Internet of Things Journal, vol. 1, no. 5, October 2014

A Sybil attack is a security threat where an attacker employs a false/forged identity to gain unauthorized access to a secure system.  A Sybil attack is of particular concern in the IoT because of the extensive personal data envisioned to be made available on the IoT.

The paper proceeds from an understanding that social network users may be classified as honest nodes or as dishonest (Sybil) nodes.  Viewing the social network as a graph with users as nodes and edges indicating an established relationship in a social network, an “attack edge” is one between a Sybil user and an honest user.  The authors distinguish three types of attacks:

  1. SA-1: the Sybil users are themselves tightly interconnected, but are only able to establish a few attack edges.
  2. SA-2: the Sybile users enjoy many attack edges to honest users
  3. SA-3: in a mobile domain the transience of the connections precludes establishing a social graph, as these connections are transient

The defenses to Sybil attacks are divided into three categories:

  1. Social graph-based Sybil detection (SGSD): includes Social network-based Sybil defense (SNSD) and Social community-based Sybil detection (SCSD), both suitable defenses for SA-1.  Six different graph-based Sybil detection schemes available in the literature are summarized in Table II.
  2. Behavior classification-based Sybil detection, suitable for defense against SA-2.   The typical social networking activities for most users include befriending, uploading and tagging photos, browsing user profiles, etc., and analysts have found that the state transition diagram among these activities is quite distinct between honest users and Sybil users (Figure 4).
  3. Mobile Sybil defense (MSD): includes friend relationship-based Sybil detection (FRSD), cryptography-based mobile Sybil detection, and feature-based mobile Sybil detection.  All three defenses suitable for SA-3.

The authors identify three key research challenges in detecting Sybil attacks in the IoT:

  1. Sybil defense in mobile social networks (MSNs): the absence of a social graph and user behavior history reduces the ability of graph and behavior-based techniques to detect Sybils. 
  2. Privacy and Sybil defense: using user behavior history to classify users as honest or dishonest compromises the privacy of those users.
  3. Cooperative Sybil defense: to address the challenge of Sybil identification in mobile scenarios, coordination with centralized social network servers to jointly observe user behavior for improved classification.


[Microsoft IoT]     Microsoft Corporation, “Internet of Things: The Future of Your Business Technology”, (Accessed on October 30, 2014).

[Cisco IoT]     Cisco Systems Corporation, “Internet of Things (IoT)”, (Accessed on October 30, 2014).

[Google IoT]     Google Corporation, “The Physical Web”, (Accessed on October 30, 2014).

[IEEE IoTJ]     IEEE Internet of Things Journal, (Accessed on October 30, 2014).

[Ortiz et al.]     Antonio Ortiz, Dina Hussein, Soochang Park, Son Han, and Noel Crespi, “The Cluster Between Internet of Things and Social Networks: Review and Research Challenges”, IEEE Internet of Things Journal, vol. 1, no. 3, June 2014, pp 206—215.

[Zhang, Sun et al.]     Yuan Zhang, Limin Sun, Houbing Song, and Xiaojun Cao, “Ubiquitous WSN for Healthcare: Recent Advances and Future Prospects”, IEEE Internet of Things Journal, vol. 1, no. 4, August 2014, pp 311—318.

[Zhang, Liang et al.]     Kuan Zhang, Xiaohui Liang, Rongxing Lu, and Xuemin Shen, “Sybil Attacks and Their Defenses in the Internet of Things”,IEEE Internet of Things Journal, vol. 1, no. 5, October 2014, pp 372--383.

[ComSoc ETS     IEEE Communications Society Emerging Technologies Standing Committee, (Accessed on October 30, 2014).

[ComSoc IoT]     IEEE Communications Society Internet of Things Subcommittee, (Accessed on October 30, 2014).

[Globecom 2014 IF]     IEEE Global Communications Conference (GLOBECOM) 2014 Industry Forum Session, (Accessed on October 30, 2014).

[ICC 2015 IoTS]     IEEE International Conference on Communications (ICC) 2015 Internet of Things Symposium, (Accessed on October 30, 2014).

[WF-IoT]     IEEE World Forum on Internet of Things 2014, (Accessed on October 30, 2014).

[IEEE IoT]     IEEE Internet of Things, (Accessed on October 30, 2014).

Leave a comment

Statements and opinions given in a work published by the IEEE or the IEEE Communications Society are the expressions of the author(s). Responsibility for the content of published articles rests upon the authors(s), not IEEE nor the IEEE Communications Society.