1 Introduction
Many wireless sensor networks are expected to work in a possibly adverse or even hostile environment. Due to their unattended operations, it is easy for an adversary to physically pick up and compromise sensor nodes, obtaining their stored data including secret keys. These compromised “moles” can launch various types of attacks, an important one of which is false data injection [12], [14]. One single mole can inject large amounts of bogus traffic to flood the sink, leading to application failures and wasting energy and bandwidth resources along the forwarding path. Recent research [12], [14], [11] has proposed a number of schemes to detect and drop such bogus messages en-route. However, they are all passive in that they only mitigate the damage of attacks. They do not provide active means for fight-back.