Abstract
Internet of Things (IoT) is already playing a significant role in our lives, as more and more industries are adopting IoT for improving existing systems and providing novel applications. However, recent attacks caused by Mirai and Chalubo botnets show that IoT systems are vulnerable and new security mechanisms are required. In this work, we design and implement a prototype of Intrusion Detection System (IDS) for protecting IoT networks and devices from Denial-of-Service (DoS) attacks. Our focus is on detecting attacks that exploit the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL), which is a widely used protocol for packet routing in low-power IoT networks. Our considered Operating System (OS) is the popular ContikiOS and we use the Cooja simulator to study DoS attacks and test the detection algorithms. In particular, we simulated scenarios that involve both benign and malicious/compromised IoT devices. A compromised device exploits RPL control messages to cause other devices perform heavy computations and disrupt the established network routes. The obtained simulation results help us understand the characteristics of an RPL-based IoT network under its normal operation and devise effective countermeasures against malicious activity. A new threshold-based IDS is proposed and a first prototype is implemented in ContikiOS. The IDS relies on tunable parameters and involves both centralised and distributed components in order to effectively detect malicious RPL messages. Experimental results show high detection rate and low false positives in large networks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Contiki: The Open Source OS for the Internet of Things. http://www.contiki-os.org/. Accessed 13 Aug 2019
TinyOS: An OS for Embedded, Wireless Devices. https://github.com/tinyos/tinyos-main. Accessed 13 Aug 2019
Zolertia technical documentation (2017). https://github.com/Zolertia/Resources/wiki/Zolertia-Technical-documentation
McAfee Labs Threats Report, September 2018. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-sep-2018.pdf
Alaba, F.A., Othman, M., Hashem, I.A.T., Alotaibi, F.: Internet of Things security: a survey. J. Netw. Comput. Appl. 88, 10–28 (2017). https://doi.org/10.1016/j.jnca.2017.04.002
Alohali, B.A., Vassilakis, V.G., Moscholios, I.D., Logothetis, M.D.: A secure scheme for group communication of wireless IoT devices. In: Proceedings 11th IEEE/IET International Symposium on Communication Systems, Networks, and Digital Signal Processing (CSNDSP), Budapest, Hungary, pp. 1–6, July 2018. https://doi.org/10.1109/csndsp.2018.8471871
Ammar, M., Russello, G., Crispo, B.: Internet of things: a survey on the security of IoT frameworks. J. Inform. Secur. Appl. 38, 8–27 (2018). https://doi.org/10.1016/j.jisa.2017.11.002
Bhuyan, M.H., Bhattacharyya, D., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate ddos attack detection. Pattern Recogn. Lett. 51, 1–7 (2015)
CISCO: The Internet of Things Reference Model (2014). http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_Paper_June_4_2014.pdf
Dunkels, A., Gronvall, B., Voigt, T.: Contiki - a lightweight and flexible operating system for tiny networked sensors. In: Proceedings 29th IEEE International Conference on Local Computer Networks, Tampa, FL, USA, pp. 455–462, November 2004. https://doi.org/10.1109/lcn.2004.38
Easton, T.: Chalubo botnet wants to DDoS from your server or IoT device, October 2018. https://news.sophos.com/en-us/2018/10/22/chalubo-botnet-wants-to-ddos-from-your-server-or-iot-device/
Geenens, P.: BrickerBot - The Dark Knight of IoT (2017). https://blog.radware.com/security/2017/04/brickerbot-dark-knight-iot/
Gemalto: The state of IoT security (2018). http://www2.gemalto.com/iot/index.html
Gnawali, O., Levis, P.: The minimum rank with hysteresis objective function. Technical report (2012)
Ioulianou, P.P., Vassilakis, V.G., Logothetis, M.D.: Battery drain denial-of-service attacks and defenses in the internet of things. J. Telecommun. Inform. Technol. 2, 37–45 (2019)
Ioulianou, P.P., Vassilakis, V.G., Moscholios, I.D., Logothetis, M.D.: A signature-based intrusion detection system for the internet of things. In: Proceedings of IEICE Information and Communication Technology Forum (ICTF), Graz, Austria, pp. 1–6, July 2018
Islam, S.R., Kwak, D., Kabir, M.H., Hossain, M., Kwak, K.S.: The internet of things for health care: a comprehensive survey. IEEE Access 3, 678–708 (2015). https://doi.org/10.1109/access.2015.2437951
Kambourakis, G., Kolias, C., Stavrou, A.: The Mirai botnet and the IoT zombie armies. In: Military Communications Conference (MILCOM), pp. 267–272. IEEE (2017). https://doi.org/10.1109/MILCOM.2017.8170867
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017). https://doi.org/10.1109/MC.2017.201
Le, A., Loo, J., Chai, K.K., Aiash, M.: A specification-based IDS for detecting attacks on RPL-based network topology. Information 7(2), 1–19 (2016). https://doi.org/10.3390/info7020025
Levis, P., Clausen, T., Hui, J., Gnawali, O., Ko, J.: The Trickle algorithm (2011)
Li, W., Meng, W., Luo, X., Kwok, L.F.: MVPSys: toward practical multi-view based false alarm reduction system in network intrusion detection. Comput. Secur. 60, 177–192 (2016). https://doi.org/10.1016/j.cose.2016.04.007
Liao, H.J., et al.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013). https://doi.org/10.1016/j.jnca.2012.09.004
Lyu, M., Sherratt, D., Sivanathan, A., Gharakheili, H.H., Radford, A., Sivaraman, V.: Quantifying the reflective DDoS attack capability of household iot devices. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 46–51. ACM (2017)
Meng, W., Wang, Y., Li, W., Liu, Z., Li, J., Probst, C.W.: Enhancing intelligent alarm reduction for distributed intrusion detection systems via edge computing. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 759–767. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-93638-3_44
Midi, D., Rullo, A., Mudgerikar, A., Bertino, E.: Kalis - A system for knowledge-driven adaptable intrusion detection for the internet of things. In: Proceedings IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, USA, pp. 656–666, June 2017. https://doi.org/10.1109/ICDCS.2017.104
Mosenia, A., Jha, N.K.: A comprehensive study of security of internet-of-things. IEEE Trans. Emerg. Top. Comput. 5(4), 586–602 (2017). https://doi.org/10.1109/tetc.2016.2606384
Muna, A.H., Moustafa, N., Sitnikova, E.: Identification of malicious activities in industrial Internet of things based on deep learning models. J. Inform. Secur. Appl. 41, 1–11 (2018). https://doi.org/10.1016/j.jisa.2018.05.002
Nawir, M., Amir, A., Yaakob, N., Lynn, O.B.: Internet of things (IoT): taxonomy of security attacks. In: Proc. 3rd International Conference on Electronic Design (ICED), pp. 321–326. IEEE (2016). https://doi.org/10.1109/iced.2016.7804660
Osterlind, F., et al.: Cross-level sensor network simulation with COOJA. In: Proceedings of 31st IEEE International Conferene on Local Computer Networks, Tampa, FL, USA, pp. 641–648, November 2006. https://doi.org/10.1109/lcn.2006.322172
Pongle, P., Chavan, G.: A survey: attacks on RPL and 6LoWPAN in IoT. In: Proceedings of International Conference on Pervasive Computing (ICPC), pp. 1–6. IEEE (2015). https://doi.org/10.1109/pervasive.2015.7087034
Raoof, A., Matrawy, A., Lung, C.H.: Routing attacks and mitigation methods for RPL-based internet of things. IEEE Commun. Surv. Tutor. 21, 1582–1606 (2018)
Raza, S., Wallgren, L., Voigt, T.: SVELTE: real-time intrusion detection in the Internet of Things. Ad Hoc Netw. 11(8), 2661–2674 (2013). https://doi.org/10.1016/j.adhoc.2013.04.014
Rghioui, A., Khannous, A., Bouhorma, M.: Denial-of-service attacks on 6LoWPAN-RPL networks: threats and an intrusion detection system proposition. J. Adv. Comput. Sci. Technol. 3(2), 143–153 (2014). https://doi.org/10.14419/jacst.v3i2.3321
Symantec Security Response: Mirai: what you need to know about the botnet behind recent major DDoS attacks, October 2016
Tsiftes, N., Eriksson, J., Dunkels, A.: Low-power wireless IPv6 routing with ContikiRPL. In: Proceedings of 9th ACM/IEEE International Conference on Information Processing in Sensor Networks, pp. 406–407 (2010)
Wallgren, L., Raza, S., Voigt, T.: Routing attacks and countermeasures in the RPL-based Internet of things. Int. J. Distrib. Sens. Netw. 9(8), 1–11 (2013). https://doi.org/10.1155/2013/794326
Wang, D., Cheng, H., Wang, P., Huang, X., Jian, G.: Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 12(11), 2776–2791 (2017)
Wang, D., Wang, P.: The emperor’s new password creation policies. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 456–477. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-319-24177-7_23
Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1242–1254. ACM (2016)
Winter, T., et al.: RPL: IPv6 routing protocol for low-power and lossy networks. RFC 6550, March 2012
Yan, Q., Huang, W., Luo, X., Gong, Q., Yu, F.R.: A multi-level DDoS mitigation framework for the industrial internet of things. IEEE Commun. Mag. 56(2), 30–36 (2018)
Yang, Y., et al.: A survey on security and privacy issues in internet-of-things. IEEE Internet Things J. 4(5), 1250–1258 (2017). https://doi.org/10.1109/jiot.2017.2694844
Zarpelão, B.B., Miani, R.S., Kawakani, C.T., de Alvarenga, S.C.: A survey of intrusion detection in internet of things. J. Netw. Comput. Appl. 84, 25–37 (2017). https://doi.org/10.1016/j.jnca.2017.02.009
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ioulianou, P.P., Vassilakis, V.G. (2020). Denial-of-Service Attacks and Countermeasures in the RPL-Based Internet of Things. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-42048-2_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42047-5
Online ISBN: 978-3-030-42048-2
eBook Packages: Computer ScienceComputer Science (R0)