Yi Shen,Chunming Wu,Dezhang Kong,Mingliang Yang

DOI: https://doi.org/10.1109/icc40277.2020.9149276

2020-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threats to the current network security. As a new network architecture, Software-Defined Networking (SDN) draws notable attention from both industry and academia. The characteristics of SDN such as centralized management and flow-based traffic monitoring make it an ideal platform to defend against DDoS attacks. When designing a network intrusion detection system (NIDS) in SDN, how to obtain fine-grained flow information with minimal overhead to the SDN architecture is a problem to be solved. In this paper, we propose TPDD, a two-phase DDoS detection system to detect DDoS attacks in SDN. In the first phase, we utilize the characteristics of SDN to collect coarse-grained flow information from the core switches and locate the potential victim. Then we monitor the edge switches located close to the potential victim to obtain finer-grained traffic information in the second phase. The collection method of each phase fully considers the impact on the bandwidth between the controller and switches. Without modifying the existing flow rules, the collection module can obtain sufficient information about traffic. By using entropy-based and machine learning-based methods, the detection module can effectively detect anomalies and identify whether the potential victim marked in the first phase is the target of attacks. Experimental results show that TPDD can effectively detect DDoS attacks with little overhead.

Hanane Azzaoui,Akram Zine Eddine Boukhamla,Pericle Perazzo,Mamoun Alazab,Vinayakumar Ravi

DOI: https://doi.org/10.1007/s11277-024-11009-2

IF: 2.017

2024-04-14

Wireless Personal Communications

Abstract:The successful deployment of an Intrusion Detection System (IDS) in the Internet of Things (IoT) is subject to two primary criteria: the detection method and the deployment strategy. IDS schemes should take into account that IoT devices often have limited resources. Thus, IDS should be limited in devices' memory and power usage. In this paper, we design, implement, and evaluate an effective cross-layer lightweight IDS scheme for the IoT (RPL-IDS). The proposed IDS scheme cooperates with the RPL routing protocol using its selected parents as distributed agents. A lightweight artificial neural network (ANN) model is deployed in these agents to detect malicious traffic and collaborates with a centralized system. According to the topology built by the Routing Protocol for Low-Power and Lossy Networks (RPL), these agents are automatically selected, i.e., the routers (parents) of the topology are chosen to act as IDS agents. We implemented RPL-IDS using the Contiki operating system and then comprehensively evaluated it with the Cooja simulator. Experimental results indicate that RPL-IDS is lightweight and can be deployed on devices with limited resources. Most state-of-the-art IDS schemes do not consider the limitation of resources of IoT devices, making them impractical for deployment in many IoT applications. Furthermore, the proposed RPL-IDS demonstrated one of the highest detection rates in the literature while incurring an insignificant energy overload, allowing for scalability in large-scale networks.

telecommunications

Rabia Khan,Noshina Tariq,Muhammad Ashraf,Farrukh Aslam Khan,Saira Shafi,Aftab Ali

DOI: https://doi.org/10.3390/s24175834

IF: 3.9

2024-09-08

Sensors

Abstract:The Internet of Things (IoT) is a significant technological advancement that allows for seamless device integration and data flow. The development of the IoT has led to the emergence of several solutions in various sectors. However, rapid popularization also has its challenges, and one of the most serious challenges is the security of the IoT. Security is a major concern, particularly routing attacks in the core network, which may cause severe damage due to information loss. Routing Protocol for Low-Power and Lossy Networks (RPL), a routing protocol used for IoT devices, is faced with selective forwarding attacks. In this paper, we present a federated learning-based detection technique for detecting selective forwarding attacks, termed FL-DSFA. A lightweight model involving the IoT Routing Attack Dataset (IRAD), which comprises Hello Flood (HF), Decreased Rank (DR), and Version Number (VN), is used in this technique to increase the detection efficiency. The attacks on IoT threaten the security of the IoT system since they mainly focus on essential elements of RPL. The components include control messages, routing topologies, repair procedures, and resources within sensor networks. Binary classification approaches have been used to assess the training efficiency of the proposed model. The training step includes the implementation of machine learning algorithms, including logistic regression (LR), K-nearest neighbors (KNN), support vector machine (SVM), and naive Bayes (NB). The comparative analysis illustrates that this study, with SVM and KNN classifiers, exhibits the highest accuracy during training and achieves the most efficient runtime performance. The proposed system demonstrates exceptional performance, achieving a prediction precision of 97.50%, an accuracy of 95%, a recall rate of 98.33%, and an F1 score of 97.01%. It outperforms the current leading research in this field, with its classification results, scalability, and enhanced privacy.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zahrah A. Almusaylim,NZ Jhanjhi,Abdulaziz Alhumam

DOI: https://doi.org/10.3390/s20215997

IF: 3.9

2020-10-22

Sensors

Abstract:The rapid growth of the Internet of Things (IoT) and the massive propagation of wireless technologies has revealed recent opportunities for development in various domains of real life, such as smart cities and E-Health applications. A slight defense against different forms of attack is offered for the current secure and lightweight Routing Protocol for Low Power and Lossy Networks (RPL) of IoT resource-constrained devices. Data packets are highly likely to be exposed in transmission during data packet routing. The RPL rank and version number attacks, which are two forms of RPL attacks, can have critical consequences for RPL networks. The studies conducted on these attacks have several security defects and performance shortcomings. In this research, we propose a Secure RPL Routing Protocol (SRPL-RP) for rank and version number attacks. This mainly detects, mitigates, and isolates attacks in RPL networks. The detection is based on a comparison of the rank strategy. The mitigation uses threshold and attack status tables, and the isolation adds them to a blacklist table and alerts nodes to skip them. SRPL-RP supports diverse types of network topologies and is comprehensively analyzed with multiple studies, such as Standard RPL with Attacks, Sink-Based Intrusion Detection Systems (SBIDS), and RPL+Shield. The analysis results showed that the SRPL-RP achieved significant improvements with a Packet Delivery Ratio (PDR) of 98.48%, a control message value of 991 packets/s, and an average energy consumption of 1231.75 joules. SRPL-RP provided a better accuracy rate of 98.30% under the attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Abhishek Verma,Virender Ranga

DOI: https://doi.org/10.1007/s11235-020-00674-w

2023-02-24

Abstract:The IPv6 routing protocol for low-power and lossy networks (RPL) is the standard routing protocol for IPv6 based low-power wireless personal area networks (6LoWPANs). In RPL protocol, DODAG information object (DIO) messages are used to disseminate routing information to other nodes in the network. A malicious node may eavesdrop DIO messages of its neighbor nodes and later replay the captured DIO many times with fixed intervals. In this paper, we present and investigate one of the severe attacks named as a non-spoofed copycat attack, a type of replay based DoS attack against RPL protocol. It is shown that the non-spoofed copycat attack increases the average end-to-end delay (AE2ED) and packet delivery ratio of the network. Thus, to address this problem, an intrusion detection system (IDS) named CoSec-RPL is proposed in this paper. The attack detection logic of CoSec-RPL is primarily based on the idea of outlier detection (OD). CoSec-RPL significantly mitigates the effects of the non-spoofed copycat attack on the network's performance. The effectiveness of the proposed IDS is compared with the standard RPL protocol. The experimental results indicate that CoSec-RPL detects and mitigates non-spoofed copycat attack efficiently in both static and mobile network scenarios without adding any significant overhead to the nodes. To the best of our knowledge, CoSec-RPL is the first RPL specific IDS that utilizes OD for intrusion detection in 6LoWPANs.

Cryptography and Security,Networking and Internet Architecture

Lan Zhang,Gang Feng,Shuang Qin

DOI: https://doi.org/10.1109/ICCW.2015.7247579

2015-01-01

Abstract:RPL is specifically designed for Low power and Lossy Networks (LLNs). With the expansion of LLNs applications, security of RPL becomes one of the major concerns. This paper mainly addresses the security aspect of RPL. We first analyze the vulnerability of RPL self-organising properties, and identify a new RPL internal intrusion, named routing choice (RC) intrusion. We specially analyze the harm of a type RC intrusion in RPL using ETX metric, which further validates the effectiveness of our work. Second, we design IDSs for RPL to defense intrusions. Our design discusses detection methodologies, system architectures, detection data and intrusion respose with some promotions. To satisfy the energy efficiency requirements, we propose three type Monitor Nodes (MNs) devices for different RPL applications. To explicitly show the design of IDSs, we apply our IDS to defense the type of RC intrusion in RPL using ETX metric on Contiki OS, and the results verify the effectiveness of our IDSs. Finally, we theoretically analyzed the applicability of IDSs for RPL.

Ziming Zhao,Zhaoxuan Li,Zhuoxue Song,Fan Zhang

DOI: https://doi.org/10.1109/rtss59052.2023.00045

2023-01-01

Abstract:Existing Deep Learning (DL)-based network Intrusion Detection System (IDS) is able to characterize sequence semantics of traffic and discover malicious behaviors. Yet DL models are often nonlinear and highly non-convex functions that are difficult for in-network real-time deployment, i.e., existing DL solutions are essentially offline analysis. In this paper, we present RIDS, a hardware-friendly Recurrent Neural Network (RNN) model that is co-designed with programmable switches. As its core, RIDS is powered by two tightly-coupled components: (i) rLearner, the RNN learning module with in-network deployability as the first-class requirement; and (ii) rEnforcer, the concrete pipeline design to realize rLearner-generated models inside the network dataplane. We implement a prototype of RIDS and evaluate it on our physical testbed. The experiments show that RIDS could satisfy both detection performance and high-speed bandwidth adaptation simultaneously, when none of the other existing approaches could do so. Inspiringly, RIDS realizes remarkable intrusion/malware detection effect (e.g., ∽99% F1 score) and model deployment (e.g., 100 Gbps per port), while only imposing nanoseconds of latency.

Ziming Zhao,Zhaoxuan Li,Zhuoxue Song,Fan Zhang,Binbin Chen

DOI: https://doi.org/10.1109/infocom52122.2024.10621290

2024-01-01

Abstract:Existing Deep Learning (DL)-based network Intrusion Detection System (IDS) is able to characterize sequence semantics of traffic and discover malicious behaviors. Yet DL models are often nonlinear and highly non-convex functions that are difficult for in-network deployment. In this paper, we present RIDS, a hardware-friendly Recurrent Neural Network (RNN) model that is co-designed with programmable switches. As its core, RIDS is powered by two tightly-coupled components: (i) rLearner, the RNN learning module with in-network deployability as the first-class requirement; and (ii) rEnforcer, the concrete pipeline design to realize rLearner-generated models inside the network dataplane. We implement a prototype of RIDS and evaluate it on our physical testbed. The experiments show that RIDS could satisfy both detection performance and high-speed bandwidth adaptation simultaneously, when none of the other existing approaches could do so. Inspiringly, RIDS realizes remarkable intrusion/malware detection effect (e.g., similar to 99% F1 score) and model deployment (e.g., 100 Gbps per port), while only imposing nanoseconds of latency.

Jun Jiang,Yuhong Liu

DOI: https://doi.org/10.48550/arXiv.2201.06937

2022-01-18

Abstract:IPv6 Routing Protocol for Low Power and Lossy Networks (RPL) is an essential routing protocol to enable communications for IoT networks with low power devices. RPL uses an objective function and routing constraints to find an optimized routing path for each node in the network. However, recent research has shown that topological attacks, such as selective forwarding attacks, pose great challenges to the secure routing of IoT networks. Many conventional secure routing solutions, on the other hand, are computationally heavy to be directly applied in resource-constrained IoT networks. There is an urgent need to develop lightweight secure routing solutions for IoT networks. In this paper, we first design and implement a series of advanced selective forwarding attacks from the attack perspective, which can flexibly select the type and percentage of forwarding packets in an energy efficient way, and even bad-mouth other innocent nodes in the network. Experiment results show that the proposed attacks can maximize the attack consequences (i.e. number of dropped packets) while maintaining undetected. Moreover, we propose a lightweight trust-based defense solution to detect and eliminate malicious selective forwarding nodes from the network. The results show that the proposed defense solution can achieve high detection accuracy with very limited extra energy usage (i.e. 3.4%).

Networking and Internet Architecture

Nashat, D.,Xiaohong Jiang,Horiguchi, S.

DOI: https://doi.org/10.1109/HSPR.2008.4734440

2008-01-01

Abstract:The TCP SYN flooding attack is the most prevalent type of DDoS attacks that exhaust network resources. The current detection schemes only work well for the detection of high-rate flooding sources. It is notable, however, that in the current DDoS attacks, the flooding rate is usually distributed among many low-rate flooding agents to make the detection more difficult. Therefore, a more sensitive and fast detection scheme is highly desirable for the efficient detection of these low-rate flooding sources. In this paper, we focus on the low-rate agent and propose a router-based detection scheme for it. The proposed scheme is based on the TCP SYN-SYN/ACK protocol pair with the consideration of packet header information (both sequence and Ack. numbers). To make our scheme more sensitive and generally applicable, the counting bloom filter is used to avoid the effect of SYN/ACK retransmission and the change point detection method is applied to avoid the dependence of detection on sites and access patterns. Extensive trace-driven simulation has been conducted to demonstrate the efficiency of the proposed scheme in terms of its detection probability and also average detection time.

Abhishek Verma,Sachin Kumar Verma,Avinash Chandra Pandey,Jyoti Grover,Girish Sharma

DOI: https://doi.org/10.1016/j.future.2024.05.032

2024-09-16

Abstract:Many IoT applications run on a wireless infrastructure supported by resource-constrained nodes which is popularly known as Low-Power and Lossy Networks (LLNs). Currently, LLNs play a vital role in digital transformation of industries. The resource limitations of LLNs restrict the usage of traditional routing protocols and therefore require an energy-efficient routing solution. IETF's Routing Protocol for Low-power Lossy Networks (RPL, pronounced 'ripple') is one of the most popular energy-efficient protocols for LLNs, specified in RFC 6550. In RPL, Destination Advertisement Object (DAO) control message is transmitted by a child node to pass on its reachability information to its immediate parent or root node. An attacker may exploit the insecure DAO sending mechanism of RPL to perform 'DAO insider attack' by transmitting DAO multiple times. This paper shows that an aggressive DAO insider attacker can drastically degrade network performance. We propose a Lightweight Mitigation Solution for DAO insider attack, which is termed as 'Li-MSD'. Li-MSD uses a blacklisting strategy to mitigate the attack and restore RPL performance, significantly. By using simulations, it is shown that Li-MSD outperforms the existing solution in the literature.

Networking and Internet Architecture,Cryptography and Security

Somnath Karmakar,Jayasree Sengupta,Sipra Das Bit

DOI: https://doi.org/10.1109/comsnets51098.2021.9352937

2021-01-05

Abstract:In recent times researchers have found several security vulnerabilities in the Routing Protocol for Low power and Lossy network (RPL), amongst which rank attack is a predominant one causing detrimental effects on the network by creating a fake topology. To address this concern, we propose a low-overhead rank attack detection scheme for non-storing mode of RPL used in IoT to deal with both increased and decreased rank attacks. Accordingly, we have modified the RPL Destination Oriented Directed Acyclic Graph (DODAG) formation algorithm to detect rank attacks during topology formation and maintenance. The distributed module of the algorithm runs in all the participating nodes whereas the centralized module runs in the sink. Unlike many existing schemes, instead of sending additional control message, we make the scheme low-overhead by simply modifying the DAO control message. Additionally, a lightweight Message Authentication Code (HMAC-LOCHA) is used to verify the integrity and authenticity of the control messages exchanged between nodes and the sink. The correctness of the proposed scheme is established through a concrete proof using multiple test case scenarios. Finally, the performance of the proposed scheme is evaluated both theoretically and through simulation in Contiki-based Cooja simulator. Theoretical evaluation proves the scheme’s energy efficiency. Simulation results show that our scheme outperforms over a state-of-the-art rank attack detection scheme in terms of detection accuracy, false positive/negative rate and energy consumption while also keeping acceptable network performance such as improved detection latency and at par packet delivery ratio.

Girish Sharma,Jyoti Grover,Abhishek Verma

DOI: https://doi.org/10.1109/ANTS59832.2023.10469481

2024-04-02

Abstract:In recent times, the Internet of Things (IoT) has a significant rise in industries, and we live in the era of Industry 4.0, where each device is connected to the Internet from small to big. These devices are Artificial Intelligence (AI) enabled and are capable of perspective analytics. By 2023, it's anticipated that over 14 billion smart devices will be available on the Internet. These applications operate in a wireless environment where memory, power, and other resource limitations apply to the nodes. In addition, the conventional routing method is ineffective in networks with limited resource devices, lossy links, and slow data rates. Routing Protocol for Low Power and Lossy Networks (RPL), a new routing protocol for such networks, was proposed by the IETF's ROLL group. RPL operates in two modes: Storing and Non-Storing. In Storing mode, each node have the information to reach to other node. In Non-Storing mode, the routing information lies with the root node only. The attacker may exploit the Non-Storing feature of the RPL. When the root node transmits User Datagram Protocol~(UDP) or control message packet to the child nodes, the routing information is stored in the extended header of the IPv6 packet. The attacker may modify the address from the source routing header which leads to Denial of Service (DoS) attack. This attack is RPL specific which is known as Hatchetman attack. This paper shows significant degradation in terms of network performance when an attacker exploits this feature. We also propose a lightweight mitigation of Hatchetman attack using game theoretic approach to detect the Hatchetman attack in IoT.

Cryptography and Security

Pedro Manso,Jose Moura,Carlos Serrao

DOI: https://doi.org/10.3390/info10030106

2021-04-15

Abstract:The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the normal operation of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.

Cryptography and Security,Networking and Internet Architecture

Nasr Abosata,Saba Al-Rubaye,Gokhan Inalhan

DOI: https://doi.org/10.3390/s23010321

2022-12-28

Abstract:Technological breakthroughs in the Internet of Things (IoT) easily promote smart lives for humans by connecting everything through the Internet. The de facto standardised IoT routing strategy is the routing protocol for low-power and lossy networks (RPL), which is applied in various heterogeneous IoT applications. Hence, the increase in reliance on the IoT requires focus on the security of the RPL protocol. The top defence layer is an intrusion detection system (IDS), and the heterogeneous characteristics of the IoT and variety of novel intrusions make the design of the RPL IDS significantly complex. Most existing IDS solutions are unified models and cannot detect novel RPL intrusions. Therefore, the RPL requires a customised global attack knowledge-based IDS model to identify both existing and novel intrusions in order to enhance its security. Federated transfer learning (FTL) is a trending topic that paves the way to designing a customised RPL-IoT IDS security model in a heterogeneous IoT environment. In this paper, we propose a federated-transfer-learning-assisted customised distributed IDS (FT-CID) model to detect RPL intrusion in a heterogeneous IoT. The design process of FT-CID includes three steps: dataset collection, FTL-assisted edge IDS learning, and intrusion detection. Initially, the central server initialises the FT-CID with a predefined learning model and observes the unique features of different RPL-IoTs to construct a local model. The experimental model generates an RPL-IIoT dataset with normal and abnormal traffic through simulation on the Contiki-NG OS. Secondly, the edge IDSs are trained using the local parameters and the globally shared parameters generated by the central server through federation and aggregation of different local parameters of various edges. Hence, transfer learning is exploited to update the server's and edges' local and global parameters based on relational knowledge. It also builds and customised IDS model with partial retraining through local learning based on globally shared server knowledge. Finally, the customised IDS in the FT-CID model enforces the detection of intrusions in heterogeneous IoT networks. Moreover, the FT-CID model accomplishes high RPL security by implicitly utilising the local and global parameters of different IoTs with the assistance of FTL. The FT-CID detects RPL intrusions with an accuracy of 85.52% in tests on a heterogeneous IoT network.

Sumit Pundir,Mohammad Wazid,Devesh Pratap Singh,Ashok Kumar Das,Joel J. P. C. Rodrigues,Youngho Park,Joel J. P. C. J. P. C. Rodrigues

DOI: https://doi.org/10.3390/s20051300

IF: 3.9

2020-02-27

Sensors

Abstract:The sinkhole attack in an edge-based Internet of Things (IoT) environment (EIoT) can devastate and ruin the whole functioning of the communication. The sinkhole attacker nodes ( S H A s) have some properties (for example, they first attract the other normal nodes for the shortest path to the destination and when normal nodes initiate the process of sending their packets through that path (i.e., via S H A ), the attacker nodes start disrupting the traffic flow of the network). In the presence of S H A s, the destination (for example, sink node i.e., gateway/base station) does not receive the required information or it may receive partial or modified information. This results in reduction of the network performance and degradation in efficiency and reliability of the communication. In the presence of such an attack, the throughput decreases, end-to-end delay increases and packet delivery ratio decreases. Moreover, it may harm other network performance parameters. Hence, it becomes extremely essential to provide an effective and competent scheme to mitigate this attack in EIoT. In this paper, an intrusion detection scheme to protect EIoT environment against sinkhole attack is proposed, which is named as SAD-EIoT. In SAD-EIoT, the resource rich edge nodes (edge servers) perform the detection of different types of sinkhole attacker nodes with the help of exchanging messages. The practical demonstration of SAD-EIoT is also provided using the well known NS2 simulator to compute the various performance parameters. Additionally, the security analysis of SAD-EIoT is conducted to prove its resiliency against various types of S H A s. SAD-EIoT achieves around 95.83 % detection rate and 1.03 % false positive rate, which are considerably better than other related existing schemes. Apart from those, SAD-EIoT is proficient with respect to computation and communication costs. Eventually, SAD-EIoT will be a suitable match for those applications which can be used in critical and sensitive operations (for example, surveillance, security and monitoring systems).

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xuan-Bo Huang,Kai-Ping Xue,Yi-Tao Xing,Ding-Wen Hu,Ruidong Li,Qi-Bin Sun

DOI: https://doi.org/10.1007/s11390-022-1495-0

IF: 1.871

2022-01-01

Journal of Computer Science and Technology

Abstract:Software-defined networking (SDN) decouples the data and control planes. However, attackers can lead catastrophic results to the whole network using manipulated flooding packets, called the data-to-control-plane saturation attacks. The existing methods, using centralized mitigation policies and ignoring the buffered attack flows, involve extra network entities and make benign traffic suffer from long network recovery delays. For these purposes, we propose LFSDM, a saturation attack detection and mitigation system, which solves these challenges by leveraging three new techniques: 1) using linear discriminant analysis (LDA) and extracting a novel feature called control channel occupation rate (CCOR) to detect the attacks, 2) adopting the distributed mitigation agents to reduce the number of involved network entities and, 3) cleaning up the buffered attack flows to enable fast recovery. Experiments show that our system can detect the attacks timely and accurately. More importantly, compared with the previous work, we save 81% of the network recovery delay under attacks ranging from 1 000 to 4 000 packets per second (PPS) on average, and 87% of the network recovery delay under higher attack rates with PPS ranging from 5 000 to 30 000.

Mina Zaminkar,Reza Fotohi

DOI: https://doi.org/10.48550/arXiv.2005.09140

2020-05-17

Cryptography and Security

Abstract:Through the Internet of Things (IoT) the internet scope is established by the integration of physical things to classify themselves into mutual things. A physical thing can be created by this inventive perception to signify itself in the digital world. Regarding the physical things that are related to the internet, it is worth noting that considering numerous theories and upcoming predictions, they mostly require protected structures, moreover, they are at risk of several attacks. IoTs are endowed with particular routing disobedience called sinkhole attack owing to their distributed features. In these attacks, a malicious node broadcasts illusive information regarding the routings to impose itself as a route towards specific nodes for the neighboring nodes and thus, attract data traffic. RPL (IP-V6 routing protocol for efficient and low-energy networks) is a standard routing protocol which is mainly employed in sensor networks and IoT. This protocol is called SoS-RPL consisting of two key sections of the sinkhole detection. In the first section rating and ranking the nodes in the RPL is carried out based on distance measurements. The second section is in charge of discovering the misbehavior sources within the IoT network through, the Average Packet Transmission RREQ (APT-RREQ). Here, the technique is assessed through wide simulations performed within the NS-3 environment. Based on the results of the simulation, it is indicated that the IoT network behavior metrics are enhanced based on the detection rate, false-negative rate, false-positive rate, packet delivery rate, maximum throughput, and packet loss rate.

Musa Osman,Jingsha He,Nafei Zhu,Fawaz Mahiuob Mohammed Mokbal,Asaad Ahmed

DOI: https://doi.org/10.1007/s11227-024-06453-7

IF: 3.3

2024-09-19

The Journal of Supercomputing

Abstract:The Internet of Things (IoT) is evolving rapidly, increasing demand for safeguarding data against routing attacks. While achieving complete security for RPL protocols remains an ongoing challenge, this paper introduces an innovative hybrid autoencoder–decision tree framework (HADTF) designed to detect four types of RPL attacks: decreased rank, version number, DIS flooding, and blackhole attacks. The HADTF comprises three key components: enhanced feature extraction, feature selection, and a hybrid autoencoder–decision tree classifier. The enhanced feature extraction module identifies the most pertinent features from the raw data collected, while the feature selection component carefully curates' optimal features to reduce dimensionality. The hybrid autoencoder–decision tree classifier synergizes the strengths of both techniques, resulting in high accuracy and detection rates while effectively minimizing false positives and false negatives. To assess the effectiveness of the HADTF, we conducted evaluations using a self-generated dataset. The results demonstrate impressive performance with an accuracy of 97.41%, precision of 97%, recall of 97%, and F1-score of 97%. These findings underscore the potential of the HADTF as a promising solution for detecting RPL attacks within IoT networks.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Xinyu Huang,Yuanming Wu

DOI: https://doi.org/10.1109/jsen.2022.3166601

IF: 4.3

2022-01-01

IEEE Sensors Journal

Abstract:Wireless sensor networks (WSNs) are prone to attack due to open work conditions and broadcast communication. The selective forwarding attack, one of the inner attacks in WSNs, is the hardest attack to detect among denial of service (DoS) attacks. The malicious nodes which launch the selective forwarding attack will drop part of or all the data packets they received. Many proposed detection methods against selective forwarding attacks have low accuracy or high algorithm complexity, especially when the attacker works its way in the network along with several attacks, such as blackhole, wormhole, and Distributed Denial of Service (DDoS). Here, an artificial immune system based on the danger model is established to detect network attacks. To promote detection accuracy and reduce computation, we have proposed a screen-confirm scheme. In the screening phase, the scheme first obtains the danger signals from nodes' energy consumption, forwarding rate, connect duration, transmission frequency, and transmission time, then it screens out the suspected selective forwarding attacks from DoS attacks using a support vector machine (SVM). After that, in the confirming phase, we select an optimal danger threshold and calculate the outputs of the suspected ones, then confirm them by comparing outputs and threshold. The simulation results show that our scheme's missing detection rate (MDR) is close to 1.3% and keeps the false detection rate (FDR) lower than 4.3% when the malicious ratio is 10%. Moreover, compared with other related work, our proposed method offers a lower algorithm complexity.

engineering, electrical & electronic,instruments & instrumentation,physics, applied