Skip to main content
SpringerLink
Log in

Anomaly-Based Intrusion Detection System in RPL by Applying Stochastic and Evolutionary Game Models over IoT Environment

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The rapid development of Information and Communication Technology and the growing number of devices connected to the Internet make the Internet of Things (IoT) as a promising technology for a new breed of applications. The Routing Protocol for Low-Power and Lossy Networks (RPL) is a widely applied open standard protocol for IoT networks. The RPL routing is highly vulnerable to routing attacks due to the constrained nodes. The attacks on the RPL aim to disrupt the optimal protocol structure and significantly deteriorating network performance. Secure RPL routing schemes attempt to derive a high-level abstract of RPL operations through network simulation traces and apply it as a reference to differentiate the malicious behavior. The RPL specifications include all the states and transitions with its corresponding statistics. However, the malicious activities around a node enforce it to initiate the unnecessary state transition, and thus, the legitimate nodes are equally treated as malicious in dynamic IoT network scenarios. Hence, this work proposes a game theoretic model based anomaly Intrusion Detection System (IDS) to detect the RPL attacks and verify and confirm their malicious activities. This study formulates the Game models based Anomaly Intrusion Detection System (GAIDS) for RPL security. The proposed approach consists of two interrelated formulations, such as a stochastic game for attack detection and evolutionary game for attack confirmation. The stochastic game model formulates the activities of the standard RPL rules as a zero-sum stochastic game. The stochastic game estimates the payoff by observing the states, transitions between them, and their statistics. However, there is a possibility to model legitimate players as malicious, due to the nature of RPL. Thus, the proposed GAIDS scheme implements the evolutionary game theoretic framework on clustered network topology for the attack verification. By synchronizing the results of the stochastic game of neighboring players, it differentiates the legitimate players from the suspected list successfully. As a result, the GAIDS isolates the detected attackers and maintains the routing performance. The simulation results demonstrate that the detection accuracy and throughput of the proposed gaming model based anomaly IDS is substantially high and outperforms the existing scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R., Levis, P., et al. (2012). RPL: IPv6 routing protocol for low-power and Lossy network. Fremont, CA: Internet Engineering Task Force (IETF).

    Google Scholar 

  2. Mayzaud, A., Badonnel, R., & Chrisment, I. (2016). A taxonomy of attacks in the RPL-based internet of things. International Journal of Network Security,18(3), 459–473.

    Google Scholar 

  3. Le, A., Loo, J., Luo, Y., & Lasebae, A. (2013). The impacts of internal threats towards Routing Protocol for Low power and lossy network performance. In Proceedings of the 2013 IEEE symposium on computers and communications (ISCC), Split, Croatia, 710 July 2013 (pp. 789–794).

  4. Dhumane, A., Prasad, R., & Prasad, J. (2016). Routing issues in internet of things: A survey. Proceedings of the International MultiConference of Engineers and Computer Scientists,1, 16–18.

    Google Scholar 

  5. Yan, Zheng, Zhang, Peng, & Vasilakos, Athanasios V. (2014). A survey on trust management for Internet of Things. Journal of network and computer applications,42, 120–134.

    Article  Google Scholar 

  6. Zarpelão, A., Bogaz, Bruno, Miani, Rodrigo Sanches, Kawakani, Cláudio Toshio, & de Alvarenga., S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications,84, 25–37.

    Article  Google Scholar 

  7. Le, A., Loo, J., Luo, Y., & Lasebae, A. (2011) Specification-based IDS for securing RPL from topology attacks. In Proceedings of the 2011 IFIP Wireless Days (WD), Niagara Falls, ON, Canada, 1012 October 2011 (pp. 1–3).

  8. Anita, X., Bhagyaveni, M., & Manickam, J. M. L. (2015). Collaborative lightweight trust management scheme for wireless sensor networks. Wireless Personal Communications,80(1), 117–140.

    Article  Google Scholar 

  9. Arış, A., Sema F. O., & Sıddıka, B. Ö. Y. (2015). Internet-of-Things security: Denial of service attacks. In IEEE Conference on Signal Processing and Communications, 2015.

  10. Ravi, M., Demazeau, Y., & Ramparany, F. (2015). Reasoning with trust and uncertainty illustration in the internet of things. IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology,2, 125–128.

    Google Scholar 

  11. Cervantes, C., et al. (2015). Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for the internet of things. In IEEE IFIP/IEEE International Symposium on Integrated Network Management.

  12. Raza, Shahid, Wallgren, Linus, & Voigt, Thiemo. (2013). SVELTE: Real-time intrusion detection in the internet of things. Ad Hoc Networks,11(8), 2661–2674.

    Article  Google Scholar 

  13. Airehrour, D., Gutierrez, J., & Ray, S. K. (2016). A lightweight trust design for IoT routing. In Dependable, autonomic and secure computing, 14th Intl conf on pervasive intelligence and computing, 2nd IEEE intl conf on big data intelligence and computing and cyber science and technology congress (pp. 552–557).

  14. Jøsang, A., Ross H., & Simon, P. (2006). Trust network analysis with subjective logic. In Proceedings of the 29th Australasian computer science conference (Vol. 48.

  15. Khan, Z. A., & Herrmann, P. (2017). A trust based distributed intrusion detection mechanism for internet of things. In IEEE 31st International conference on advanced information networking and applications (AINA), 2017 (pp. 1169–1176). IEEE.

  16. Medjek, F., Djamel, T., Imed, R., & Nabil, D. (2017) A Trust-based Intrusion Detection System for Mobile RPL Based Networks. In IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData), 2017 (pp. 735–742). IEEE.

  17. Airehrour, D., Gutierrez, J. A., & Ray, S. K. (2018). SecTrust-RPL: A secure trust-aware RPL routing protocol for Internet of Things. Future Generation Computer Systems,93, 860–876.

    Article  Google Scholar 

  18. Darwin, R. (2018). Implementation of advanced IDS in contiki for highly secured wireless sensor network. International Journal of Applied Engineering Research,13(6), 4214–4218.

    Google Scholar 

  19. Djedjig, N., Tandjaoui, D., Medjek, F., & Romdhani, I. (2017). New trust metric for the RPL routing protocol. In 8th International conference on information and communication systems (ICICS) (pp. 328–335). IEEE.

  20. Le, A., Loo, J., Luo, Y., & Lasebae, A. (2011). Specification-based IDS for securing RPL from topology attacks. In Proceedings of the 2011 IFIP Wireless Days (WD), Niagara Falls, ON, Canada, 1012 October 2011 (pp. 1–3).

  21. Le, A., Loo, J., Chai, K. K., & Aiash, M. (2016). A specification-based IDS for detecting attacks on RPL-based network topology. Information,7(2), 25.

    Article  Google Scholar 

  22. Zhang, L., Feng, G., & Qin, S. (2015). Intrusion detection system for RPL from routing choice intrusion. In IEEE international conference on communication workshop (ICCW) (pp. 2652–2658). IEEE.

  23. Shreenivas, D., Raza, S., & Voigt, T. (2017). Intrusion detection in the RPL-connected 6LoWPAN networks. In Proceedings of the 3rd ACM international workshop on IoT privacy, trust, and security (pp. 31–38). ACM.

  24. Duan, J., Gao, D., Yang, D., Foh, C. H., & Chen, H. H. (2014). An energy-aware trust derivation scheme with game theoretic approach in wireless sensor networks for IoT applications. IEEE Internet of Things Journal,1(1), 58–69.

    Article  Google Scholar 

  25. Feng, R., Che, S., Wang, X., & Wan, J. (2014). An incentive mechanism based on game theory for trust management. Security and Communication Networks,7, 2318–2325.

    Article  Google Scholar 

  26. Ding, Y., Zhou, X. W., Cheng, Z. M., & Lin, F. H. (2013). A security differential game model for sensor networks in context of the internet of things. Wireless Personal Communications,72(1), 375–388.

    Article  Google Scholar 

  27. Sedjelmaci, H., Senouci, S. M., & Al-Bahri, M. (2016) A lightweight anomaly detection technique for low-resource IoT devices: a game-theoretic methodology. In IEEE Proceedings of the IEEE International Conference on Communications (ICC’16) (pp. 1–6).

  28. Sedjelmaci, H., Senouci, S. M., & Taleb, T. (2017). An accurate security game for low-resource IoT devices. IEEE Transactions on Vehicular Technology,66(10), 9381–9393.

    Article  Google Scholar 

  29. Le, A., Loo, J., Lasebae, A., Vinel, A., Chen, Y., & Chai, M. (2013). The impact of rank attack on network topology of routing protocol for low-power and lossy networks. IEEE Sensors Journal,13(10), 3685–3692.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing Science and Engineering, VIT, Chennai, India

    Deepali Bankatsingh Gothawal & S. V. Nagaraj

Authors
  1. Deepali Bankatsingh Gothawal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. V. Nagaraj
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Deepali Bankatsingh Gothawal.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gothawal, D.B., Nagaraj, S.V. Anomaly-Based Intrusion Detection System in RPL by Applying Stochastic and Evolutionary Game Models over IoT Environment. Wireless Pers Commun 110, 1323–1344 (2020). https://doi.org/10.1007/s11277-019-06789-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06789-x

Keywords

Search

Navigation