4.5.2. Replay Attacks

When an attacker replays a flood of messages between the sender and the receiver, updating the line table (DT) to steal information, it is called a replay attack [33]. It is a network layer attack in which a third party intercepts the data during transmission. The attacker retransmits this data by either modifying or delaying it, spoofing the sender's IP address to the attacker's IP address, and impersonating the legitimate sender.

### 4.5.3. Trojan Worms, Viruses, and Malware

An attacker can use malicious software to manipulate data, steal information, or even launch a denial-of-service attack on a device. A worm, such as a Trojan horse, can infect one's computer when one downloads a file or receives an update. The worm then multiplies and attacks other machines on the network. Unlike a virus, many Trojan horses usually reside on one's own computer. A virus can infect the host's file when sent via email and then spread to other users [78]. Malware is malicious content that can interfere with a computer's operation and slow its performance. When data from IoT devices is compromised, malware can infest the cloud or data centers. These attacks breach the primary security mechanisms of any OS/server, such as a firewall and window defender.

### 4.5.4. Black Hole Attacks

This is a network layer attack known as a packet drop attack. In this attack, a node sends an RREQ packet to all its neighbors in the network, and the router is supposed to forward the packet instead of discarding it. The nature of this attack is similar to a DDoS attack. Attackers are used to attack routers by sending many false requests to prevent legitimate routers from forwarding packets. This is also called a first-come, first-served attack because the attacker can also use a malicious router or reprogram it to block packets instead of sending correct information [78]. These attacks reduce the average throughput. When combined with a sinkhole attack, this attack affects performance and stops all traffic around the black hole. When combined with the sinkhole attack, this attack severely degrades traffic and modifies or discards content during transmission.

### 4.5.5. Sink Hole Attacks

This is a network layer attack where attackers attract all network traffic from nearby nodes to a compromised node and appear as attractive and trusted nodes. This attack is also used to initiate other attacks such as spoofing attacks, DoS, and modification of routing information in WSN [34]. When combined with selective routing and worm attacks, sinkhole attacks become even more dangerous. A sinkhole attack is initiated in two ways, either by hacking a node within the network or by a malicious node impersonating itself as the shortest path to the base station [35,36]. A sinkhole attack impacts the routing configuration/protocols of the forwarding node. Due to this behavior, it is considered as an error or malicious node by the neighboring nodes, which affects the network performance. This leads to mis-routing and incorrect displays of the routing protocol.

### 4.5.6. Wormhole Attacks

A wormhole attack is a network layer attack in which an invader attacks the WSN through two or more compromised nodes. The invaders forward the data from one malicious node to another node at the end of the network through the tunnel. The wormhole appears to other nodes as a fictitious neighbor. Wormhole nodes usually transmit data directly from one node to the destination without including other nodes in the path. Due to this nature, other nodes in WSN easily trust those closest to other nodes, which causes many routing problems. Moreover, they can build better communication channels for long-range communication [37]. Wormhole attacks affect the performance of many network services, such as time synchronization, localization, and data fusion.

### 4.5.7. Selective Forwarding (Gray Hole)

A selective forwarding attack (SFA) is a special type of black hole attack in which the compromised node drops some selective packets instead of all packets. Invaders drop packets containing critical information, such as military information, without noticing them or allowing others that may contain non-critical information to pass. This can lead to worse effects and a decrease in network efficiency [34–37]. Selective forwarding attacks impact network performance and consume limited energy resources.

### *4.6. RQ6: Issues in WSN and IoT Frameworks*

In this section, we mention various WSN and IoT frameworks that highlight the importance of WSN and IoT in different aspects of life. Although many advances have been made in IoT, there are still many problems, as shown in Figure 9, that need to be reduced and solved efficiently to avoid any damage [79,80].

**Figure 9.** Issues in WSN and IoT Framework.
