Skip to main content
SpringerLink
Log in

Evaluation of Network Intrusion Detection Systems for RPL Based 6LoWPAN Networks in IoT

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Over the past few years, Internet of Things security has attracted the attention of many researchers due to its challenging and constrained nature. Particularly in the development of Network Intrusion Detection Systems which act as first line of defence for the networks. Due to the lack of reliable Internet of Things based datasets, intrusion detection approaches are suffering from uniform and accurate performance advancements. Existing benchmark datasets like KDD99, NSL-KDD cup 99 are obsolete and unfit for the evaluation of Network Intrusion Detection Systems developed for RPL based 6LoWPAN networks. To address this issue, the RPL-NIDDS17 dataset has recently been generated. This dataset consists seven types of modern routing attack patterns along with normal traffic patterns. In the proposed dataset we consider twenty two attributes that comprise of flow, basic, time type of features and two additional labelling attributes. In this study, we have shown the effectiveness of RPL-NIDDS17 by statistically analysing the probability distribution of features, correlation between features. Complexity analysis of the developed dataset is done by evaluating five machine learning techniques on the dataset. Evaluation results are shown in terms of two prominent metrics accuracy and false alarm rate, and compared with the results of KDD99, UNSW-NB15, WSN-DS datasets. The experimental results are presented to show the suitability of our proposed RPL-NIDDS17 dataset for the evaluation of Network Intrusion Detection Systems in Internet of Things.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Turner, V., MacGillivray, C., & Gorman, P. (2017). Connecting the IoT: The road to success. https://www.idc.com/infographics/IoT. Accessed February 22, 2018

  2. Stankovic, J. A. (2014). Research directions for the internet of things. IEEE Internet of Things Journal, 1(1), 3–9.

    Article  MathSciNet  Google Scholar 

  3. Wallgren, L., Raza, S., & Voigt, T. (2013). Routing attacks and countermeasures in the RPL-based internet of things. International Journal of Distributed Sensor Networks, 9(8), 794326.

    Article  Google Scholar 

  4. Pongle, P., & Chavan, G. (2015). A survey: Attacks on RPL and 6LoWPAN in IoT. In 2015 International conference on pervasive computing (ICPC), January 8, 2015 (pp. 1–6). IEEE.

  5. Zarpelão, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in internet of things. Journal of Network and Computer Applications, 15(84), 25–37.

    Article  Google Scholar 

  6. Sun, M., & Chen, T. (2010). Inventors; Inventec Corp, assignee. Network intrusion detection system. United States patent application US 12/411,916. September 30, 2010.

  7. Wu, H., Schwab, S., & Peckham, R. L. (2008). Inventors; McAfee LLC, assignee. Signature based network intrusion detection system and method. United States patent US 7,424,744. September 9, 2008.

  8. Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., & Vázquez, E. (2009). Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1–2), 18–28.

    Article  Google Scholar 

  9. Lippmann, R. P., Fried, D. J., Graf, I., Haines, J. W., Kendall, K. R., McClung, D., et al. (2000). Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In Proceedings of the DARPA information survivability conference and exposition, 2000. DISCEX’00. 2000 (Vol. 2, pp. 12–26). IEEE.

  10. Moustafa, N., & Slay, J. (2016). The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective, 25(1–3), 18–31.

    Google Scholar 

  11. KDD99 Dataset. https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed February 22, 2017.

  12. Stolfo, S. J., Fan, W., Lee, W., Prodromidis, A., & Chan, P. K. (2000) Cost-based modeling for fraud and intrusion detection: Results from the JAM project. In Proceedings of the DARPA information survivability conference and exposition, 2000. DISCEX’00. 2000 (Vol. 2, pp. 130-144). IEEE.

  13. NSL-KDD cup 99. https://github.com/defcom17/NSL_KDD. Accessed February 22, 2018.

  14. Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In IEEE symposium on computational intelligence for security and defense applications, CISDA 2009 (Cisda); 2009 (pp. 1–6).

  15. UNSW-NB15 Dataset. https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-NB15-Datasets/. Accessed February 22, 2018.

  16. Almomani, I., Al-Kasasbeh, B., & Al-Akhras, M. (2016). WSN-DS: A dataset for intrusion detection systems in wireless sensor networks. Journal of Sensors, 2016, 2016.

    Article  Google Scholar 

  17. Sharma, S., Mishra, R., & Singh, K. (2013). A review on wireless network security. In International conference on heterogeneous networking for quality, reliability, security and robustness, January 11, 2013 (pp. 668–681). Springer, Berlin.

  18. Salman, T. Internet of things protocols and standards.

  19. Winter, T. RPL: IPv6 routing protocol for low-power and lossy networks.

  20. Aijaz, A., Su, H., & Aghvami, A. H. (2015). CORPL: A routing protocol for cognitive radio enabled AMI networks. IEEE Transactions on Smart Grid, 6(1), 477–85.

    Article  Google Scholar 

  21. Shelby, Z., & Bormann, C. (2011). 6LoWPAN: The wireless embedded internet. Hoboken: Wiley.

    Google Scholar 

  22. Orebaugh, A., Ramirez, G., & Beale, J. (2006). Wireshark & Ethereal network protocol analyzer toolkit. Amsterdam: Elsevier.

    Google Scholar 

  23. Kreyszig, E. (2010). Advanced engineering mathematics. Hoboken: Wiley.

    MATH  Google Scholar 

  24. Justel, A., Peña, D., & Zamar, R. (1997). A multivariate Kolmogorov–Smirnov test of goodness of fit. Statistics & Probability Letters, 35(3), 251–9.

    Article  MathSciNet  MATH  Google Scholar 

  25. Mardia, K. V. (1970). Measures of multivariate skewness and kurtosis with applications. Biometrika, 57(3), 519–30.

    Article  MathSciNet  MATH  Google Scholar 

  26. Bland, J. M., & Altman, D. G. (1995). Calculating correlation coefficients with repeated observations: Part 2—correlation between subjects. BMJ, 310(6980), 633.

    Article  Google Scholar 

  27. Karegowda, A. G., Manjunath, A. S., & Jayaram, M. A. (2010). Comparative study of attribute selection using gain ratio and correlation based feature selection. International Journal of Information Technology and Knowledge Management, 2(2), 271–7.

    Google Scholar 

  28. Panda, M., & Patra, M. R. (2007). Network intrusion detection using naive bayes. International Journal of Computer Science and Network Security, 7(12), 258–63.

    Google Scholar 

  29. Bouzida, Y., & Cuppens, F. (2006). Neural networks vs. decision trees for intrusion detection. In IEEE/IST workshop on monitoring, attack detection and mitigation (MonAM), September 2006 (Vol. 28, p. 29).

  30. Mukkamala, S., Sung, A. H., & Abraham, A. (2005). Intrusion detection using an ensemble of intelligent paradigms. Journal of Network and Computer Applications, 28(2), 167–82.

    Article  Google Scholar 

  31. Syarif, I., Prugel-Bennett, A., & Wills, G. (2012). Unsupervised clustering approach for network anomaly detection. In International conference on networked digital technologies, April 24, 2012 (pp. 135–145). Springer, Berlin.

  32. DARPA’98 and DARPA’99 datasets (1999). https://www.ll.mit.edu/ideval/docs/index.html. Accessed February 22, 2018

  33. IXIA PerfectStormOne Tool. (2014). http://www.ixiacom.com/products/perfectstorm. Accessed on Febrauary 22, 2018.

  34. Tcpdump Tool. (2014). http://www.tcpdump.org/. Accessed on Febraury 22, 2018.

  35. Argus Tool. (2014). http://qosient.com/argus/flowtools.html. Accessed on February 22, 2018.

  36. Bro-IDS Tool. (2014). https://www.bro.org/. Accessed on February 22, 2018.

  37. Xiangning, F., & Yulin, S. (2007). Improvement on LEACH protocol of wireless sensor network. In International conference on sensor technologies and applications, 2007. SensorComm October 14, 2007 (pp. 260–264). IEEE.

  38. Ring, M., Wunderlich, S., Grüdl, D., Landes, D., & Hotho, A. (2017). Flow-based benchmark data sets for intrusion detection. In Proceedings of the 16th European conference on cyber warfare and security Jun 1, 2017 (pp. 361–369).

  39. CIDDS-001 Dataset. (2017). https://www.hs-coburg.de/index.php?id=927. Accessed on February 22, 2018.

  40. Claise, B. Cisco systems netflow services export version 9.

  41. Verma, A., & Ranga, V. (2018). Statistical analysis of CIDDS-001 dataset for network intrusion detection systems using distance-based machine learning. Procedia Computer Science, 31(125), 709–16.

    Article  Google Scholar 

  42. NetSim Simulator and Emulator. http://www.tetcos.com/netsim-std.html. Accessed on February 22, 2018.

  43. Palattella, M. R., Accettura, N., Vilajosana, X., Watteyne, T., Grieco, L. A., Boggia, G., et al. (2013). Standardized protocol stack for the internet of (important) things. IEEE Communications Surveys & Tutorials, 15(3), 1389–406.

    Article  Google Scholar 

  44. Elmasri, R. (2008). Fundamentals of database systems. Bengaluru: Pearson Education India.

    MATH  Google Scholar 

  45. Velleman, P. F., & Wilkinson, L. (1993). Nominal, ordinal, interval, and ratio typologies are misleading. The American Statistician, 47(1), 65–72.

    Google Scholar 

  46. Shyu, M. L., Sarinnapakorn, K., Kuruppu-Appuhamilage, I., Chen, S. C., Chang, L., & Goldring, T. (2005). Handling nominal features in anomaly intrusion detection problems. In 15th international workshop on research issues in data engineering: Stream data mining and applications, 2005. RIDE-SDMA 2005. April 3, 2005 (pp. 55–62). IEEE.

  47. Salem, M., & Buehler, U. (2012). Mining techniques in network security to enhance intrusion detection systems. arXiv preprint arXiv:1212.2414. December 11, 2012.

  48. Cherkassky, V., & Mulier, F. M. (2007). Learning from data: concepts, theory, and methods. Hoboken: Wiley.

    Book  MATH  Google Scholar 

  49. Appavu, S., Rajaram, R., Nagammai, M., Priyanga, N., & Priyanka, S. (2011). Bayes theorem and information gain based feature selection for maximizing the performance of classifiers. In International conference on computer science and information technology, January 2, 2011 (pp. 501–511). Springer, Berlin.

  50. Gauvain, J. L., & Lee, C. H. (1994). Maximum a posteriori estimation for multivariate Gaussian mixture observations of Markov chains. IEEE Transactions on Speech and Audio Processing, 2(2), 291–8.

    Article  Google Scholar 

  51. Scholz, F. W. (1985). Maximum likelihood estimation. Encyclopedia of statistical sciences.

  52. GNU PSPP Tool. https://www.gnu.org/software/pspp/. Accessed February 22, 2018.

  53. MATLAB. https://www.mathworks.com/products/matlab.html. Accessed on February 22, 2018.

  54. Weka Data Mining Software. https://www.cs.waikato.ac.nz/ml/weka/. Accessed February 22, 2018.

  55. Garner, S. 0R. (1995). Weka: The waikato environment for knowledge analysis. In Proceedings of the New Zealand computer science research students conference, April 18, 1995 (pp. 57–64).

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, National Institute of Technology, Kurukshetra, India

    Abhishek Verma & Virender Ranga

Authors
  1. Abhishek Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Virender Ranga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abhishek Verma.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Verma, A., Ranga, V. Evaluation of Network Intrusion Detection Systems for RPL Based 6LoWPAN Networks in IoT. Wireless Pers Commun 108, 1571–1594 (2019). https://doi.org/10.1007/s11277-019-06485-w

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06485-w

Keywords

Search

Navigation