Secure and efficient transmission of data based on Caesar Cipher Algorithm for Sybil attack in IoT

The Internet of Things (IoT) is an emerging concept in the field of information technology. IoT can integrate any real-time entity with another, using sensing, computing and communication capabilities to offer enhanced services in everyday life. In this article, IoT-based patient health monitoring is considered for use in IoT sensors deployed in devices. These devices are attached to the body of the patient for timely tracking of his or her health condition. During data transfers from devices connected to the patient’s body to the doctor, the data may be susceptible to security threats. IoT devices are subjected to many routing attacks, like blackhole, greyhole, Sybil, sinkhole and wormhole attacks. Sybil attacks are the most dangerous routing attacks. This type of attack involves stealing the identities of legitimate nodes; this, in turn, leads to information loss, misinterpretation in the network and an increase in routing disturbances. Hence, in this paper, we propose the use of the traditional Caesar Cipher Algorithm (CCA) along with the lightweight encryption algorithm (LEA) and the Received Signal Strength Indicator (RSSI) to detect and prevent Sybil attacks in an IoT environment. The proposed algorithm detects the false node in a particular path by announcing the attack to another node. It also prevents the attack by choosing an alternative path by which to forward data packets to the desired users. To ensure authentication, privacy and data integrity, the lightweight encryption algorithm with a 64-bit key is used with AODV as the routing protocol.


Introduction
habits or lack of physical exercise. Based on a 2016 World Health Organization survey, nearly 2.6 million people are suffering from being overweight, 4.9 million from lung cancer, 4.4 million people from cholesterol problems and so on. By 2026, these diseases could affect 64 million people [6].
Sensors can monitor vital signs, such as heart rate, sugar levels and body temperature. These sensors are directly attached to the body of the patient or embedded in a device. A patient's family members are often very concerned about the health condition of the patient, and there should always be one person present to look after him or her. But with the help of an IoT-based patient health monitoring system, the patient's health condition can be directly monitored by a doctor through an Internet connection. Devices that are connected to the body of the patient will have sensors that will continuously sense the patient's health condition. RFID tags can be implanted under the patient's skin to read their condition [7].
In the past, in order for the patient's sugar levels, blood pressure and glucose levels to be measured, the patient would need to be taken to a hospital or healthcare centre. But today, for example, if there is any sudden increase or decrease in a patient's heart rate, sugar levels, body temperature or blood pressure, then sensors will notify the doctor about the change. This data can be transmitted through the Internet from the patient to the doctor and vice versa. End users can access the information through Web or mobile devices from anywhere in the world through the Internet. When data is being transmitted in a wireless medium, there is a chance that routing attacks [8], such as blackhole attacks, greyhole attacks and Sybil attacks, will take place. In a blackhole attack [9,10], the attacker node publicises as if the destination node has the shortest route and then collects the packets without redirecting them to the target node. A greyhole attack [11] is a variation of a blackhole attack in which selected packets are forwarded to the destination and remaining packets are dropped without being sent to the destination. A Sybil attack [12] is one of the most dangerous types of routing attacks. In a Sybil attack, a malicious or attacker node will create many fake identities to affect the overall network performance. Sybil nodes are capable of generating false reports, spamming users with messages and causing breaches in privacy.
This paper discusses Sybil attacks in an IoT-based patient monitoring system. Figure 1 shows the presence of a Sybil attack in an IoT environment. The small red nodes represent Sybil nodes or malicious nodes, and the green nodes are normal nodes. All the nodes are interconnected with one another. During data transmission from one normal node to another, i.e. from patient to doctor or vice versa via a normal node, data reaches its destination without any loss of integrity. However, if the data is transmitted via a Sybil node [13][14][15], then the data is subjected to incorrect report generation, loss or spam, or it can be misinterpreted.
The paper's key findings are stated as follows: 1. The effective detection of the Sybil nodes that are in the network is made by the received signal strength. 2. The AODV routing protocol is used for electing the optimal route, and this route is optimised by the distance from one node to another and each node's residual energy. AODV is also used for preventing the network from being harmed by the Sybil nodes by broadcasting information about the Sybil nodes to all the legitimate nodes.
3. The confidentiality of shared information is improved with the help of the CCA with the LEA. 4. Furthermore, this type of Sybil detection and secured data transmission is used in applications in the real-time world. For example, here, the network is considered a hospital environment, and each patient comprises one node for transmitting information about the patients.

Sybil attack
Sybil attacks [12] possess several identities and are given to the remaining nodes. But it is a node replication and is essentially a spoofing of the IDs of the nodes. Sybil attack was graded into Sybil attack-I, Sybil attack-II and Sybil attack-III.

Sybil attack-I (SA-I)
SA-I is viewed as creating social links, within the Sybil region. Here, Sybil nodes are connected with other Sybil nodes as shown in Fig. 2. In this attack, Sybil nodes make limited social connections to normal or honest nodes, i.e. attack edges are less. This attack mainly occurs in social and sensing domains. For example in an online voting system, attackers can have fake identities and can manipulate overall rating or votes.

Sybil attack-II (SA-II)
SA-II is different from SA-I. Here, social connections can be established from Sybil nodes to honest nodes or normal nodes as shown in Fig. 3. This attack mainly occurs in the social domain. More attack edges will be present in between Sybil and normal nodes. The main aim of SA-II is to distribute spam messages, malware and ads. For example in OSNs, this attack can manipulate users' reviews, i.e. attackers can change all negative reviews/comments to positive comments or vice versa. SA-III mainly focuses on the mobile domain. This attack is similar to SA-II. Users will be moving from one place to other so the topology of the network changes frequently as shown in Fig. 4. Due to this, the effect of this network lasts for a short amount of time.
The remainder of the paper is structured as follows: Detection and prevention methods for dealing with Sybil attacks are addressed in Section 2. In Section 3, the classification of Sybil attacks is outlined. In Section 4, the system architecture is discussed. Section 5 describes how the Sybil node is avoided while generating the route from the source to the destination. The results are discussed in Section 6. Lastly, the paper is summarised in Section 6.

Related work
Amuthavalli et al. proposed the Random Password Creation (RPC) [16] method, which uses three parameters: node id, time delay and password. Two routing tables, one RPC database and another routing table, are constructed using source and destination nodes. These two tables are compared to determine if the three parameters match. Then, the node is deemed to be a normal node if it is not a Sybil node. RPC controls the position of the node for preventing the Sybil attack. This is because these Sybil nodes are directly detected by checking the ID (identification). Thus, the RPC method prevents the Sybil attack. However, no alternative route selection is required in case of route failure. Bedi and Singh proposed the Bee Colony Optimization (BCO) [17] method to detect and prevent a Sybil attack that occurs over Low-Energy Adaptive Clustering Hierarchy (LEACH)-based Wireless Sensor Networks (WSNs) when this attack has resulted in some concerns while creating the route over the network. This algorithm finds the optimised route during a Sybil attack. Thus, this method detects the Sybil attack efficiently. However, it finds difficult to create a route in the network.
Xiao proposed a scheme to identify Sybil attacks in wireless networks. Channel-based authentication [18] exploits the spatial variability of a radio channel. This authentication method degrades the system's performance when it depends on the spatial information that is associated with channel path loss. Thus, this method can detect Sybil attacks efficiently. However, the system performance will be degrading.
Ng et al. [19] proposed DeeRaI with CuI as a method for detecting DoS attacks using information taken from radial basis functions. CuI was developed using the NSL KDD and UNSW NB15 datasets to aid in the optimization of DeeRaI network weight values. Thus, this method is well suitable for detecting DoS attacks. However, it does not work with Sybil attacks.
Sarigiannidis et al. presented the Rule-Based Anomaly Detection System (RADS) [20] for identifying Sybil nodes and for monitoring and detecting Sybil nodes that are present inside the network. The RADS method relies on ultra-wideband (UWB) ranging detection and does not allow any information sharing between the sensor nodes. The RADS performs distance checks, and if variations occur, it raises the alarm and blacklists the Sybil node. It provides minimum communication overhead, high detection precision and a low false security alarm rate. The minimum communication overhead of this system is maintained by lightweight UWB rangingbased detection. The RADS requires an analysis of its energy usage. Thus, this approach can detect a Sybil attack. Hence, low false alarm rate needs analysis on energy consumption. Singh et al. introduced Trust-Based Sybil Detection (TBSD) [21]. This TBSD scheme depends on the manipulative trust values that are sent by adjacent sensor nodes. Every node in the cluster calculates the adjacent node's trust value and sends it to the cluster head. A node is declared as a Sybil node when the node has a trust value that is less than the threshold value. The distance between the sensor nodes is not considered in this work. Thus, this approach can detect Sybil nodes. However, the distance between the sensor nodes is not considered in this work.
Alsaedi et al. presented the Energy Trust System (ETS) [22] to identify Sybil nodes in a group of nodes. The ETS employs multi-level detection, which is related to the position and identity verification. The trust algorithm is also implemented based on the energy of every node. The data aggregation mechanism and the avoidance of feedback exchange are used for improving the efficiency of the network. The ETS approach requires less energy consumption. The total packet send and throughput are not discussed in this work. Thus, this approach can identify Sybil attacks using ETS. However, some parameters like throughput are not discussed.
Vamsi et al. detected the Sybil attack using sequential analysis [23]. It takes a node-centric approach, which works through two stages: evidence collection and validation. In the first stage, the behaviour of each node is analysed by monitoring the activities of neighbouring nodes, and this evidence (i.e. behaviour) is given as the feedback to the next level. In the second stage, the collected evidence is validated by sequential analysis to detect if the neighbour node is an attacker node or not. Thus, the low processing and communication overhead are the main benefits of this system.
Palak presented the fuzzy membership function [24] (i.e. trapezoidal membership function) for preventing Sybil attacks. In this function, fuzzy membership function values are used for updating the detection and F-MEM values in every iteration. The node is determined to be either a Sybil node or a legitimate node based on the trust factor of the fuzzy system. The backup routing paths are not considered in this work. If it is not considered, the packet loss occurs in the presence of route failure. Thus, the membership function is used to detect Sybil attacks. Hence, no backup routing path is not considered.
Dhamodharan et al. presented a combination of CAM-PVM and MAP [25] to detect and eliminate the attacker node from the network. The CAM-PVM algorithm is used for detecting Sybil activity that is present in the network. The MAP is then used for avoiding the Sybil node. Data loss is avoided by detecting the Sybil nodes. This MAP comprises unicast and multicast communication through the network. The time consumption of the MAP algorithm is high.
Singh et al. [18] detected the Sybil node by using the Trust-Based Identity Detection (TBID) [26] mechanism. Initially, the sensor nodes are divided into clusters, and the TBID assigns trust values for each node. The trust value of a node decreases when the node changes the identification has unlike the adjacent nodes. These trust values are sent to the CH. The node is detected as an attacker node only when the trust value is less than the predefined threshold. Thus, this approach can detect the Sybil node efficiently using the TBID mechanism. However, the energy consumption of this entire system is not discussed in this work.
Jan et al. presented a lightweight detection mechanism for Sybil attack detection, which depends on the obtained signal strength of the packets [27]. This is the implementation of a centralised clustering-based hierarchical network. The sensor nodes of the network are categorised based on their own energy levels. The node with the higher energy level is then aided to detect the Sybil nodes at the base station, and it also prevents the Sybil nodes from selecting the cluster head. The normal nodes of each cluster are identified by their energy levels, geographical location and previous selection history. The optimal number of clusters in each round is identified to preserve the energy consumption and network lifetime. Thus, this method higher energy node is used to detect the attack. Hence, sometimes an unbalanced cluster is occurred inside the network, because the node in the current round may become the cluster head in the next round.

System architecture
In an IoT-based patient monitoring system, the patient is the important entity. Devices that contain sensors are attached to the patient's body. These sensors monitor vital signs, such as blood pressure, body temperature, heart rate and sugar levels, from the patient's body. These values are sent to the doctor via a wireless communication technology, such as Wi-Fi. During data transmission, the data can be subjected to a Sybil attack. Attackers can access the data and inject spam or alter the message, which could lead to harm to or even the death of the patient. For example, the system could be set up such that a doctor is notified when the patient's body temperature reaches 100 degrees. But if attackers drop the packets or send them to the wrong person, then the doctor will not be notified about the patient's health condition, which could lead to severe problems.
In this paper, we are considering SA-II. Figure 5 shows patients P = {P1, P2, P3, P4, P5 & P6} and doctors D = {D1, D2}. Eight patients are connected with sensors, but due to a Sybil attack on the network, there are only six IDs. One patient P6 node is the original, and the other two P6 nodes are duplicates. The RSSI-LEA-AODV method is used to detect and prevent an attack.

Caesar Cipher Method
This method is a variation of the Received Signal Strength Indicator (RSSI) and the lightweight encryption algorithm (LEA) using the AODV routing protocol. By enabling the RSSI, the Sybil attack that is present in the network is detected, and then the information about the Sybil nodes is sent to the remaining nodes in the network. Based on that information, the Sybil nodes are avoided during the creation of a route from one node to another with the AODV routing protocol. AODV is a reactive routing protocol with proactive routing protocol features. It detects the optimal route by focusing on the distance between nodes and the residual energy of each node. The overall process of RSSI-LEA-AODV is illustrated as a flowchart in Fig. 6. The process of RSSI-LEA-AODV is given as follows: 1. A set of sensor nodes is considered and deployed randomly.
2. Initial information about the network is identified, such as the positions of the sensor nodes, the distance between the sensor nodes, the residual energy and the received signal strength of each sensor. 3. Based on the received signal strength, the Sybil nodes are detected, and these nodes are added to the Sybil nodes list. Then, this information is transferred to other legitimate nodes. 4. The confidentiality over the network is made by the Caesar Cipher Algorithm along with the lightweight encryption algorithm. 5. The encrypted data is transferred through the network by AODV routing. The AODV routing is optimised by focusing on distance and energy values. 6. The Sybil nodes are avoided in AODV routing while generating the route from one node to another. 7. The node that has less energy is not considered in the AODV route generation. If it happens, AODV once again creates the route from the source to the destination. 8. The data packets are transferred to the destination. 9. This process is continued until the full iteration count is reached. 10. Finally, the performance is analysed in terms of alive nodes, dead nodes, energy consumption, throughput and total packet send.

Received signal strength-based Sybil node detection
The differences between the normal and attacker nodes are identified by the RSSI [28,29]. The RSS of a node is very low when the node enters into another node's radio range. Whenever an attacker creates a new Sybil node, the signal strength from other nodes will be high. The RSSI is validated by the transmitter's ID. For example, the destination ID first receives the message from the source ID, and then the destination ID receives the message from a different source ID. Based on this, the destination is identified by the data from the source ID. This RSSI is used for better defence against Sybil attacks. The formula for finding the received signal strength is given in Eq. (1).
where R i is the received signal strength of node i, RSSI(d0) is the received signal strength at a reference distance, n is the constant and d is the Euclidean distance.
During data transmission, every node calculates and maintains the signal strength values of the neighbour nodes. The least or smallest RSSI value is considered as the threshold. Whenever a sensor or node joins the network, its RSS value will be calculated, and if that value is more than the threshold, then it is regarded as suspicious. Then, the new and old node IDs and RSS values will be checked. If the RSS value is more than or equal to the threshold, it indicates that the newly joined node is an attacker node. The major advantage of this scheme is its high level of accuracy. The algorithm of the RSSI method is as follows:

Caesar Cipher Algorithm
The Caesar cipher replaces every letter of a message with a letter that is a fixed number of positions down the alphabet. For example, Julius Caesar takes the second letter and repeatedly uses it. In this case, one function is used to replace the character, which is called scrambling. The purpose of scrambling is to substitute a character (or byte) of data for another character (or byte) of data.

CCA encryption
Input: The plain text. Output: The ciphertext, which is encrypted by CCA. 1. The following expression (2) describes the CCA encryption process.
where c is the ciphertext, (m) is the plain text and n is the number of shifts. This ciphertext P is encrypted again using LEA.

Lightweight encryption algorithm
The data that is encrypted by CCA is transferred to lightweight encryption. The SIT [30] is a symmetric key block cipher that uses 64-bit plain-text keys. In the symmetric key algorithm, the encryption process consists of encryption rounds, with each round creating confusion and diffusion. An increase in the number of rounds provides better security, but the use of limited energy inevitably increases. LEA is a key generation process, which must also be reduced to an extent to ensure proper security in the data transmission process from source to destination. The key is the main component in the processes of encryption and decryption, which depend on the complete security of the data from the Sybil attackers. The encryption/decryption of the LEA algorithm is carried out with a 64-bit block cipher. The user's input is a 64-bit cypher key, which serves as an input to the key expansion block. The block performs a series of operations to create confusion and diffusion in the input key, and it generates five unique keys. The five keys can be used in either encryption or decryption and are powerful enough to stay indistinct during an attack. The key expansion block architecture is shown in Fig.  7.
The components of key expansion are described as follows: 1. Initially, the 64-bit cipher key (Kc) is separated into 4-bit segments.
2. The f-function works on 16-bit data. Four f-function blocks are used in this key expansion. Equation (3) shows an initial population of cipher key segments.
where i = 1 to 4 for the first four round keys.
3. The 16 bits of each f-function are achieved by giving a Kb i of 16 bits, which is given in Eq. (4). The four arrays of keys are expressed as follows: From the above four round keys, the fifth key is found by using the XOR operation, which is shown in Eq. (5).

Encryption of LEA
The LEA encryption process starts after the key generation process is performed. The logical operations are performed in the diffusion of the text (i.e. input) to create confusion. The encryption process is shown in Fig. 8. At first, the data from the CCA is given as input (i. e. plain text − P t ) to the LEA encryption process, and then, this plain text is divided into four segments: P x 0−15 ; P x 16−31 , P x 32−47 and P x 48−63 . The original data is altered in each round by the swapping operation, which maximises the confusion of the plain text. The f-function used in this encryption is similar to the key expansion, and this encryption comprises swapping and substitution operations, as shown in Fig. 6. The bitwise XOR function is applied among Efl1 & Px32−47 to obtain Ro12 and Efr1 & Px16 −31 to find Ro13.
After performing the first round, P x 16−31 is in Ro11, P x 0−15 in Ro12, P x 48−63 in Ro13 and P x 32−47 in Ro14, as shown in Fig. 6. Equation (7) is used for the remaining rounds. At the end of all rounds, the concatenated result, which is composed of ciphertext (Ct), is obtained. This ciphertext is given as follows:

AODV routing protocol
To transfer the encrypted message from one node to another, the AODV protocol is used in the RSSI-LEA-AODV method. The routing protocol is meant to create mobility among nodes in the network. AODV [27] is designed to reduce the energy dissemination and control overhead. AODV has two stages: (1) route discovery and (2) route maintenance. In the route discovery stage, fresh or new routes are found. In the route maintenance stage, link breaks of existing routes are found and repaired. AODV is a reactive routing protocol that creates routes on demand but does not establish a fixed route table. The method of moving data in the AODV routing protocol is shown in Fig. 9.

Prevention of Sybil attacks
The Sybil node blindly responds to every routing request (RREQ) with a huge sequence number and least hop count values to convince the SN that it has a new route to the DN. In the RSSI-LEA-AODV method, AODV routing is used for discovering a transmission path between the source and the destination that is free of any Sybil nodes. If any path has a Sybil node, the path has to be discarded, and the new route is to be formed based on the AODV's consideration. The Sybil attack is discovered by relying on the energy levels of every node in the network. At first, the SN delivers the request to the neighbour's node based on the threshold range that is fixed in the network. If the node has adequate energy to transmit the data, that node is used in creating the transmission path; otherwise, the node is discarded from the transmission. By avoiding nodes with less energy, the Sybil is reduced, and the amount of information transmitted in the network is increased.

LEA and CCA decryption
LEA decryption is simply the LEA encryption in reverse. The data from the LEA decryption is again decrypted using CCA decryption. The CCA is used to decrypt the message, which is given at the source side. Input: The ciphertext that is collected from the LEA decryption. Output: The plain text. 1. The CCA decryption is given in Eq. (8).

Results and discussion
The RSSI-LEA-AODV method has been simulated by using MATLAB 2017a. In the RSSI-LEA-AODV method, RSSI-based Sybil detection is used for detecting the Sybil nodes, and the AODV routing approach is adopted to create a route between the source and the destination. Table 1 displays the simulation parameters used in the RSSI-LEA-AODV method. It is compared with the network in the presence of a Sybil attack to understand the results of the RSSI-LEA-AODV method. The performance parameters that are analysed in this system are described as follows.

Alive nodes
Nodes with sufficient energy to move the data are called alive nodes. More alive nodes are needed for sufficient data transmission.  Figure 10a shows the network without a Sybil attack, and Fig. 10b shows the alive nodes of the network with an attack and the RSSI-LEA-AODV method. Based on the figure, it is inferred that the RSSI-LEA-AODV method has more alive nodes compared with the Sybil attack. More alive nodes transmit information (ciphertext) for more time. The alive nodes of the network mainly depend on the distance between the nodes. This is because if there is less distance from one node to another, there is also less utilisation of energy.

Dead nodes
Nodes with no energy to relay information are called dead nodes. Dead nodes are to be minimised in the network to prevent packet loss, and this, in turn, enhances the network performance.
Deadnodes ¼ Total number of nodes−number of alive nodes ð7Þ where Eq. (7) is used for determining the number of dead nodes. Figure 11a shows the dead nodes in the network without a Sybil attack, and Fig.  11b shows the comparison of the dead nodes in the network with an attack and the RSSI-LEA-AODV method. The number of dead nodes in the RSSI-LEA-AODV method is reduced by contrasting the two methods. A smaller number of dead nodes result in lower packet loss and the minimisation of the Sybil attack. These dead nodes are avoided during the creation of the path from the source to the destination. This is because the path that contains the dead nodes creates packet loss within the network.

Energy consumption
In the AODV protocol, each node's total energy for transmitting the message across the route is extracted. The energy consumption of an entire network is given in Eq. (8).
E c energy consumption, E total energy, E T transmitting and E R receiving energy. Figure 12a shows the energy consumption without a Sybil attack, and Fig. 12b shows the comparison of the attack and the RSSI-LEA-AODV method. The energy consumption of the network with the Sybil attack is greater than that of the RSSI-LEA-AODV method. As the load balancing in the transmission path becomes higher, the energy consumption also increases. The energy efficiency of the network also relies primarily on the distance between the nodes. Therefore, the network that is under a Sybil attack consumes more energy.

Throughput
Throughput is defined as the number of messages transmitted to the destination. This value should be high for efficient data transmission. Equation (9) gives the throughput.
where T H represents the throughput of the network, N T represents the total number of rounds and P L represents the length of the packet. Figure 13a shows the throughput of the network without a Sybil attack, and Fig.  13b shows the comparison of the throughput of the network with an attack and the RSSI-LEA-AODV method. The throughput of the RSSI-LEA-AODV method is increased when compared to the network with an attack. This is because the network that has the Sybil nodes consumes more energy during the transmission between the nodes. The attack causes the link failure through the network. Due to this link failure, packet loss occurs in the network with the presence of a Sybil attack. Figure 14a shows the packet sent of the network without a Sybil attack, and Fig. 14b shows the comparison of the packet send of the network with an attack and the RSSI-LEA-AODV method. This will be the same for both systems because the same number of packets is sent to these systems. The packet losses based on the system considerations are shown in Fig. 15. Figure 15a shows the packet loss of the network without a Sybil attack, and Fig. 15b shows the comparison of the packet loss of the network with an attack and the RSSI-LEA-AODV method. It is inferred from the study that the performance of the RSSI-LEA-AODV method is lower. This is because the throughput is maximised without any packet loss. In this case, the packet loss of the RSSI-LEA-AODV is small, avoiding the dead nodes during the path creation from one node to another. If the path contains dead nodes (i.e. link failure), the AODV routing protocol is initiated again to transfer the data packets. Because Sybil attacks in networks are severe, addressing Sybil attacks is a crucial issue for the security of networks. Sybil attacks use numerous identities or the identification of another node that exists in the network. The presence of Sybil nodes disturbs the communication between the sensor nodes and reduces the trust of the normal nodes in the network. In this paper, RSSI-based Sybil detection is used for detecting the Sybil nodes (i.e. those that create the Sybil attack). The detection of the Sybil nodes depends on the received signal strength of each node. If the RSS of a node goes beyond a certain threshold level, that node is added to the Sybil node list. The lightweight encryption method is used for sending the data from one node to another to improve confidentiality. The AODV routing protocol is utilised for creating the optimal route from one node to another. The AODV routing protocol is optimised by two parameters: the energy of each sensor node and the distance between the sensor nodes. The data, which is encrypted by CCA with LEA, is transmitted via the route of AODV. The Sybil nodes are avoided during the establishment of a route from one node to another node. By avoiding the Sybil nodes in the network, the communication among the sensor nodes occurs properly. The performance of this system is analysed by the network with the presence of a Sybil attack. Based on the comparison, we conclude that the RSSI-LEA-AODV method provides effective performance when the network is under a Sybil attack. Furthermore, the performance of the Sybil attack detection can be improved by using SVM or any other optimisation methods. These Sybil nodes will be avoided while transmitting data. Indeed, this Sybil attack detection and prevention is useful in healthcare systems, like when a patient's health condition changes suddenly beyond the specified range the system will alert the doctor.

Packets sent and packet loss
Future scope involves cost-effective and efficient Sybil attack detection. Performance can be improved by using SVM or any other optimization methods. These Sybil nodes will be prevented while transmitting data.