Abstract
The Internet of Things (IoT) is a heterogeneous network of constrained devices connected both to each other and to the Internet. Since the significance of IoT has risen remarkably in recent years, a considerable amount of research has been conducted in this area, and especially on, new mechanisms and protocols suited to such complex systems. Routing Procotol for Lower-Power and Lossy Networks (RPL) is one of the well-accepted routing protocols for IoT. Even though RPL has defined some specifications for its security, it is still vulnerable to insider attacks. Moreover, lossy communication links and resource-constraints of devices introduce a challenge for developing suitable security solutions for such networks. Therefore, in this study, a new intrusion detection system based on neural networks is proposed for detecting specific attacks against RPL. Besides features collected from the routing layer, the effects of link layer-based features are investigated on intrusion detection. To the best of our knowledge, this study presents the first cross-layer intrusion detection system in the literature.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
IoT: Number of Connected Devices Worldwide 2012–2025|statistica. https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/. Accessed 18 Jan 2020
Tmote sky from moteiv. https://insense.cs.st-andrews.ac.uk/files/2013/04/tmote-sky-datasheet.pdf. Accessed 13 Jan 2020
Airehrour, D., Gutierrez, J.A., Ray, S.K.: Sectrust-RPL: a secure trust-aware RPL routing protocol for Internet of Things. Future Gener. Comput. Syst. 93, 860–876 (2019). https://doi.org/10.1016/j.future.2018.03.021. http://www.sciencedirect.com/science/article/pii/S0167739X17306581
Alexander, R., et al.: RPL: IPv6 routing protocol for low-power and lossy networks. RFC 6550 (March 2012). https://doi.org/10.17487/RFC6550, https://rfc-editor.org/rfc/rfc6550.txt
Aris, A., Oktug, S.F., Berna Ors Yalcin, S.: RPL version number attacks: in-depth study. In: NOMS 2016–2016 IEEE/IFIP Network Operations and Management Symposium, pp. 776–779 (2016)
Arş, A., Örs Yalçın, S.B., Oktuğ, S.F.: New lightweight mitigation techniques for RPL version number attacks. Ad Hoc Netw. 85, 81–91 (2019). https://doi.org/10.1016/j.adhoc.2018.10.022. http://www.sciencedirect.com/science/article/pii/S1570870518307625
Aydogan, E., Yilmaz, S., Sen, S., Butun, I., Forsström, S., Gidlund, M.: A central intrusion detection system for RPL-based industrial internet of things. In: 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS), pp. 1–5 (2019)
Chollet, F., et al.: Keras. https://keras.io (2015)
Glissa, G., Rachedi, A., Meddeb, A.: A secure routing protocol based on RPL for Internet of Things. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp. 1–7 (2016)
Kim, H.S., Ko, J., Culler, D.E., Paek, J.: Challenging the IPv6 routing protocol for low-power and lossy networks (RPL): a survey. IEEE Commun. Surv. Tutor. 19(4), 2502–2525 (2017)
Le, A., Loo, J., Chai, M., Aiash, M.: A specification-based IDS for detecting attacks on RPL-based network topology. Information 7, 25 (2016). https://doi.org/10.3390/info7020025
Le, A., Loo, J., Lasebae, A., Vinel, A., Chen, Y., Chai, M.: The impact of rank attack on network topology of routing protocol for low-power and lossy networks. IEEE Sens. J. 13, 3685–3692 (2013). https://doi.org/10.1109/JSEN.2013.2266399
Le, A., Loo, J., Luo, Y., Lasebae, A.: The impacts of internal threats towards routing protocol for low power and lossy network performance, pp. 000789–000794 (July 2013). https://doi.org/10.1109/ISCC.2013.6755045
Levis, P., Clausen, T.H., Gnawali, O., Hui, J., Ko, J.: The trickle algorithm. RFC 6206 (March 2011). https://doi.org/10.17487/RFC6206, https://rfc-editor.org/rfc/rfc6206.txt
Maple, C.: Security and privacy in the Internet of Things. J. Cyber Policy 2, 155–184 (2017). https://doi.org/10.1080/23738871.2017.1366536
Mayzaud, A., Badonnel, R., Chrisment, I.: A distributed monitoring strategy for detecting version number attacks in RPL-based networks. IEEE Trans. Netw. Serv. Manag. 14(2), 472–486 (2017). https://doi.org/10.1109/TNSM.2017.2705290
Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., Schönwälder, J.: A study of RPL DODAG version attacks. In: Sperotto, A., Doyen, G., Latré, S., Charalambides, M., Stiller, B. (eds.) AIMS 2014. LNCS, vol. 8508, pp. 92–104. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43862-6_12
McKinney, W., et al.: Data structures for statistical computing in python. In: Proceedings of the 9th Python in Science Conference, Austin, TX, vol. 445, pp. 51–56 (2010)
Müller, N.M., Debus, P., Kowatsch, D., Böttinger, K.: Distributed anomaly detection of single mote attacks in RPL networks. In: Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, SECRYPT, vol. 2, pp. 378–385. INSTICC, SciTePress (2019). https://doi.org/10.5220/0007836003780385
Napiah, M.N., Bin Idris, M.Y.I., Ramli, R., Ahmedy, I.: Compression header analyzer intrusion detection system (CHA - IDS) for 6LoWPAN communication protocol. IEEE Access 6, 16623–16638 (2018)
Oliphant, T.E.: A Guide to NumPy, vol. 1. Trelgol Publishing, USA (2006)
Osterlind, F., Dunkels, A., Eriksson, J., Finne, N., Voigt, T.: Cross-level sensor network simulation with cooja. In: Annual IEEE Conference on Local Computer Networks, pp. 641–648 (November 2006). https://doi.org/10.1109/LCN.2006.322172
Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2011)
Pongle, P.: Real time intrusion and wormhole attack detection in Internet of Things. Int. J. Comput. Appl. 121, 1–9 (2015). https://doi.org/10.5120/21565-4589
Ray, P.: A survey on Internet of Things architectures. J. King Saud Univ. Comput. Inf. Sci. 30(3), 291–319 (2018). https://doi.org/10.1016/j.jksuci.2016.10.003. http://www.sciencedirect.com/science/article/pii/S1319157816300799
Raza, S., Wallgren, L., Voigt, T.: Svelte: real-time intrusion detection in the Internet of Things. Ad Hoc Networks 11(8), 2661–2674 (2013). https://doi.org/10.1016/j.adhoc.2013.04.014. http://www.sciencedirect.com/science/article/pii/S1570870513001005
Verma, A., Ranga, V.: Security of RPL based 6LoWPAN networks in the Internet of Things: a review. IEEE Sens. J. 20(11), 5666–5690 (2020)
Verma, A., Ranga, V.: Mitigation of dis flooding attacks in RPL-based 6LoWPAN networks. Trans. Emerg. Telecommun. Technol. 31(2), e3802 (2020). https://doi.org/10.1002/ett.3802. https://onlinelibrary.wiley.com/doi/abs/10.1002/ett.3802
Yavuz, F.Y., Unal, D., Gul, E.: Deep learning for detection of routing attacks in the Internet of Things. Int. J. Comput. Intell. Syst. 12, 39–58 (2018). https://doi.org/10.2991/ijcis.2018.25905181
Acknowledgements
Thanks to Emre Aydogan and Selim Yilmaz for sharing their experiences during the feature selection and feature extraction process for our neural-network based intrusion detection system.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Canbalaban, E., Sen, S. (2020). A Cross-Layer Intrusion Detection System for RPL-Based Internet of Things. In: Grieco, L.A., Boggia, G., Piro, G., Jararweh, Y., Campolo, C. (eds) Ad-Hoc, Mobile, and Wireless Networks. ADHOC-NOW 2020. Lecture Notes in Computer Science(), vol 12338. Springer, Cham. https://doi.org/10.1007/978-3-030-61746-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-61746-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61745-5
Online ISBN: 978-3-030-61746-2
eBook Packages: Computer ScienceComputer Science (R0)