skip to main content
research-article

A Novel Insider Attack and Machine Learning Based Detection for the Internet of Things

Published: 15 July 2021 Publication History

Abstract

Due to the widespread functional benefits, such as supporting internet connectivity, having high visibility and enabling easy connectivity between sensors, the Internet of Things (IoT) has become popular and used in many applications, such as for smart city, smart health, smart home, and smart vehicle realizations. These IoT-based systems contribute to both daily life and business, including sensitive and emergency situations. In general, the devices or sensors used in the IoT have very limited computational power, storage capacity, and communication capabilities, but they help to collect a large amount of data as well as maintain communication with the other devices in the network. Since most of the IoT devices have no physical security, and often are open to everyone via radio communication and via the internet, they are highly vulnerable to existing and emerging novel security attacks. Further, the IoT devices are usually integrated with the corporate networks; in this case, the impact of attacks will be much more significant than operating in isolation. Due to the constraints of the IoT devices, and the nature of their operation, existing security mechanisms are less effective for countering the attacks that are specific to the IoT-based systems. This article presents a new insider attack, named loophole attack, that exploits the vulnerabilities present in a widely used IPv6 routing protocol in IoT-based systems, called RPL (Routing over Low Power and Lossy Networks). To protect the IoT system from this insider attack, a machine learning based security mechanism is presented. The proposed attack has been implemented using a Contiki IoT operating system that runs on the Cooja simulator, and the impacts of the attack are analyzed. Evaluation on the collected network traffic data demonstrates that the machine learning based approaches, along with the proposed features, help to accurately detect the insider attack from the network traffic data.

References

[1]
Peltarion. 2020. Categorical Crossentropy. Retrieved May 4, 2020 from https://peltarion.com/knowledge-center/documentation/modeling-view/build-an-ai-model/loss-functions/categorical-crossentropy.
[2]
Scikit Learn. 2020. Random Forest Regressor. Retrieved May 4, 2020 from https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.Random ForestRegressor.html.
[3]
Adnan Anwar, Abdun Mahmood, Biplob Ray, Md Apel Mahmud, and Zahir Tari. 2020. Machine learning to ensure data integrity in power system topological network database. Electronics 9, 4 (2020), 693. https://doi.org/10.3390/electronics9040693
[4]
James C. Bezdek, Sutharshan Rajasegarar, Masud Moshtaghi, Chris Leckie, Marimuthu Palaniswami, and Timothy C. Havens. 2011. Anomaly detection in environmental monitoring networks [application notes]. IEEE Computational Intelligence Magazine 6, 2 (2011), 52–58.
[5]
Christopher J. C. Burges. 1998. A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery 2, 2 (1998), 121–167.
[6]
Dawn Cappelli, Andrew Moore, and Randall Trzeciak. 2012. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley Professional.
[7]
Varun Yarehalli Chandrappa, Biplob Ray, Nanjappa Ashwath, and Pramod Shrestha. 2020. Application of Internet of Things (IoT) to develop a smart watering system for Cairns Parklands—A case study. In Proceedings of the 2020 IEEE Region 10 Symposium (TENSYMP’20). IEEE, Los Alamitos, CA, 1118–1122.
[8]
Chi-Hau Chen. 1991. Neural Networks in Pattern Recognition and Their Applications. World Scientific.
[9]
Tianqi Chen, Tong He, Michael Benesty, Vadim Khotilovich, and Yuan Tang. 2015. XGBoost: Extreme gradient boosting. R package version 0.4-2.1–4.
[10]
Taolue Chen, Florian Kammüller, Ibrahim Nemli, and Christian W. Probst. 2015. A probabilistic analysis framework for malicious insider threats. In Proceedings of the International Conference on Human Aspects of Information Security, Privacy, and Trust. 178–189.
[11]
Morshed U. Chowdhury, Robin Doss, Biplob Ray, Sutharshan Rajasegarar, and Sujan Chowdhury. 2020. IoT insider attack-survey. In Smart Grid and Internet of Things, Der-Jiunn Deng, Ai-Chun Pang, and Chun-Cheng Lin (Eds.). Springer International Publishing, Cham, Switzerland, 28–41.
[12]
SIGFOX. 2020. The Wireless Ethernet Gateway. Retrieved January 4, 2020 from https://partners.sigfox.com/products/sigfox-wireless-ethernet-gateway.
[13]
Sarah M. Erfani, Sutharshan Rajasegarar, Shanika Karunasekera, and Christopher Leckie. 2016. High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recognition 58 (2016), 121–134.
[14]
Y. Gajbhiye and R. D. Daruwala. 2016. RSS-based spoofing detection and localization algorithm in IEEE 802.11 wireless networks. In Proceedings of the 2016 International Conference on Communication and Signal Processing (ICCSP’16). 1642–1645. https://doi.org/10.1109/ICCSP.2016.7754440
[15]
Anagi Gamachchi, Li Sun, and Serdar Boztas. 2018. A graph based framework for malicious insider threat detection. arxiv:1809.00141.
[16]
N. Girnar and S. Kaur. 2017. Intrusion detection for Adhoc networks in IOT. In Proceedings of the 2017 International Conference on Intelligent Computing and Control Systems (ICICCS’17). 110–114. https://doi.org/10.1109/ICCONS.2017.8250649
[17]
M. Gogan. 2017. Insider Threats as the Main Security Threat in 2017. Retrieved March 12, 2018 from https://www.tripwire.com/state-of-security/security-data-protection/insid er-threats-main-security-threat-2017/.
[18]
Jorge Granjal, Edmundo Monteiro, and Jorge Sa Silva. 2013. Application-layer security for the WoT: Extending CoAP to support end-to-end message security for internet-integrated sensing applications. In Wired/Wireless Internet Communication. Springer, Berlin, Germany, 140–153.
[19]
F. Hendaoui, H. Eltaief, and H. Youssef. 2017. FID: Fuzzy based intrusion detection for distributed smart devices. In Proceedings of the 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA’17). 1330–1337. https://doi.org/10.1109/AICCSA.2017.90
[20]
Tin Kam Ho. 1995. Random decision forests. In Proceedings of the 3rd International Conference on Document Analysis and Recognition, Vol. 1. IEEE, Los Alamitos, CA, 278–282.
[21]
Sepp Hochreiter and Jürgen Schmidhuber. 1997. Long short-term memory. Neural Computation 9, 8 (1997), 1735–1780.
[22]
E. Hodo, X. Bellekens, A. Hamilton, P. L. Dubouilh, E. Iorkyase, C. Tachtatzis, and R. Atkinson. 2016. Threat analysis of IoT networks using artificial neural network intrusion detection system. In Proceedings of the 2016 International Symposium on Networks, Computers, and Communications (ISNCC’16). 1–6. https://doi.org/10.1109/ISNCC.2016.7746067
[23]
H. Huang, R. S. Khalid, W. Liu, and H. Yu. 2017. Work-in-progress: A fast online sequential learning accelerator for IoT network intrusion detection. In Proceedings of the 2017 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS’17). 1–2. https://doi.org/10.1145/3125502.3125532
[24]
N. Islam, B. Ray, and F. Pasandideh. 2020. IoT based smart farming: Are the LPWAN technologies suitable for remote communication? In Proceedings of the 2020 IEEE International Conference on Smart Internet of Things (SmartIoT’20). 270–276. https://doi.org/10.1109/SmartIoT49966.2020.00048
[25]
Diederik P. Kingma and Jimmy Ba. 2014. Adam: A method for stochastic optimization. arxiv:1412.6980.
[26]
A. Le, J. Loo, A. Lasebae, A. Vinel, Y. Chen, and M. Chai. 2013. The impact of rank attack on network topology of routing protocol for low-power and lossy networks. IEEE Sensors Journal 13, 10 (Oct. 2013), 3685–3692. https://doi.org/10.1109/JSEN.2013.2266399
[27]
B. Mario and W. Candid. 2015. Insecurity in the Internet of Things. Retrieved March 12, 2018 from https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-insecurity-in-the-internet-of-things-ds.pdf.
[28]
Monali Mavani and Krishna Asawa. 2017. Modeling and analyses of IP spoofing attack in 6LoWPAN network. Computers & Security 70 (2017), 95–110. https://doi.org/10.1016/j.cose.2017.05.004
[29]
Vasileios Mavroeidis, Kamer Vishi, and Audun Jøsang. 2018. A framework for data-driven physical security and insider threat detection. In Proceedings of the 2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM’18). IEEE, Los Alamitos, CA, 1108–1115.
[30]
Anthéa Mayzaud, Remi Badonnel, and Isabelle Chrisment. 2016. A taxonomy of attacks in RPL-based Internet of Things. I.nternational Journal of Network Security 18 (2016), 459–473.
[31]
Michael Mylrea, Sri Nikhil Gupta Gourisetti, Curtis Larimer, and Christine Noonan. 2018. Insider threat cybersecurity framework webtool and methodology: Defending against complex cyber-physical threats. In Proceedings of the 2018 IEEE Security and Privacy Workshops (SPW’18). IEEE, Los Alamitos, CA, 207–216.
[32]
J. R. C. Nurse, A. Erola, I. Agrafiotis, M. Goldsmith, and S. Creese. 2015. Smart Insiders: Exploring the threat from insiders using the Internet-of-Things. In Proceedings of the 2015 International Workshop on Secure Internet of Things (SIoT’15). 5–14. https://doi.org/10.1109/SIOT.2015.10
[33]
Luís M. L. Oliveira, Joel J. P. C. Rodrigues, Amaro F. De Sousa, and Jaime Lloret. 2013. A network access control framework for 6LoWPAN networks. Sensors 13, 1 (2013), 1210–1230.
[34]
Colin O’Reilly, Alexander Gluhak, Muhammad Ali Imran, and Sutharshan Rajasegarar. 2014. Anomaly detection in wireless sensor networks in a non-stationary environment. IEEE Communications Surveys & Tutorials 16, 3 (2014), 1413–1432.
[35]
P. Parveen, J. Evans, B. Thuraisingham, K. W. Hamlen, and L. Khan. 2011. Insider threat detection using stream mining and graph mining. In Proceedings of the 2011 IEEE 3rd International Conference on Privacy, Security, Risk, and Trust and the 2011 IEEE 3rd International Conference on Social Computing. 1102–1110. https://doi.org/10.1109/PASSAT/SocialCom.2011.211
[36]
Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. TESSERACT: Eliminating experimental bias in malware classification across space and time. arxiv:cs.CR/1807.07838.
[37]
Waqas Ahmad Piracha, Morshed Chowdhury, Biplob Ray, Sutharshan Rajasegarar, and Robin Doss. 2019. Insider attacks on Zigbee based IoT networks by exploiting AT commands. In Applications and Techniques in Information Security, V. S. Shankar Sriram, V. Subramaniyaswamy, N. Sasikaladevi, Leo Zhang, Lynn Batten, and Gang Li (Eds.). Springer Singapore, Singapore, 77–91.
[38]
Sutharshan Rajasegarar, Alexander Gluhak, Muhammad Ali Imran, Michele Nati, Masud Moshtaghi, Christopher Leckie, and Marimuthu Palaniswami. 2014. Ellipsoidal neighbourhood outlier factor for distributed anomaly detection in resource constrained networks. Pattern Recognition 47, 9 (2014), 2867–2879.
[39]
Sutharshan Rajasegarar, Christopher Leckie, James C. Bezdek, and Marimuthu Palaniswami. 2010. Centered hyperspherical and hyperellipsoidal one-class support vector machines for anomaly detection in sensor networks. IEEE Transactions on Information Forensics and Security 5, 3 (2010), 518–533.
[40]
Sutharshan Rajasegarar, Christopher Leckie, and Marimuthu Palaniswami. 2008. Anomaly detection in wireless sensor networks. IEEE Wireless Communications 15, 4 (2008), 34–40.
[41]
Sutharshan Rajasegarar, Christopher Leckie, and Marimuthu Palaniswami. 2014. Hyperspherical cluster based distributed anomaly detection in wireless sensor networks. Journal of Parallel and Distributed Computing 74, 1 (2014), 1833–1847.
[42]
Punit Rathore, Dheeraj Kumar, James C. Bezdek, Sutharshan Rajasegarar, and Marimuthu Palaniswami. 2020. Visual structural assessment and anomaly detection for high-velocity data streams. IEEE Transactions on Cybernetics.Early access, March 19, 2020.
[43]
Punit Rathore, Aravinda S. Rao, Sutharshan Rajasegarar, Elena Vanz, Jayavardhana Gubbi, and Marimuthu Palaniswami. 2017. Real-time urban microclimate analysis using Internet of Things. IEEE Internet of Things Journal 5, 2 (2017), 500–511.
[44]
Biplob R. Ray, Jemal Abawajy, and Morshed Chowdhury. 2014. Scalable RFID security framework and protocol supporting Internet of Things. Computer Networks 67 (2014), 89–103.
[45]
Biplob R. Ray, Jemal Abawajy, Morshed Chowdhury, and Abdulhameed Alelaiwi. 2018. Universal and secure object ownership transfer protocol for the Internet of Things. Future Generation Computer Systems 78 (2018), 838–849.
[46]
Bevinakoppa Savitri, Sundhoro Kanaka, Kumar Neeraj, Sadeque Mubasher, and Ray Biplob. 2017. Performance analysis of Internet of Things sensor architectures and security primitives. Recent Advances in Communications and Networking Technology 6, 1 (2017), 15–25. https://doi.org/10.2174/2215081106666170509164502
[47]
J. A. Stankovic. 2014. Research directions for the Internet of Things. IEEE Internet of Things Journal 1, 1 (Feb. 2014), 3–9. https://doi.org/10.1109/JIOT.2014.2312291
[48]
Thingsquare. 2012. Contiki: The Open Source OS for the Internet of Things. Retrieved April 12, 2018 from http://www.contiki-os.org/index.html.
[49]
Thingsquare. 2012. The Tmote Sky Board. Retrieved April 12, 2018 from http://contiki.sourceforge.net/docs/2.6/a01784.html.
[50]
Linus Wallgren, Shahid Raza, and Thiemo Voigt. 2013. Routing attacks and countermeasures in the RPL-based Internet of Things. International Journal of Distributed Sensor Networks 9, 8 (2013), 794326. https://doi.org/10.1155/2013/794326arXiv:https://doi.org/10.1155/2013/794326
[51]
I. Winter, P. Thubert, A. Brandt, J. Hui, R. Kelsey, P. Levis, K. Pister, R. Struik, J. P. Vasseur, and R. Alexander. 2012. RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. Retrieved May 10, 2018 from https://tools.ietf.org/html/rfc6550.
[52]
L. Xiao, Y. Li, G. Han, H. Dai, and H. V. Poor. 2018. A secure mobile crowdsensing game with deep reinforcement learning. IEEE Transactions on Information Forensics and Security 13, 1 (Jan. 2018), 35–47. https://doi.org/10.1109/TIFS.2017.2737968

Cited By

View all
  • (2025)A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT NetworksIEEE Access10.1109/ACCESS.2025.353516613(20472-20490)Online publication date: 2025
  • (2025)A Simple Approach for Mitigating a New Flooding Attack in RPL-Based IoT NetworksIEEE Access10.1109/ACCESS.2025.352579813(5342-5358)Online publication date: 2025
  • (2025)State‐of‐the‐art of cybersecurity in the power system: Simulation, detection, mitigation, and research gapsIET Generation, Transmission & Distribution10.1049/gtd2.7000619:1Online publication date: 21-Jan-2025
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet of Things
ACM Transactions on Internet of Things  Volume 2, Issue 4
November 2021
190 pages
EISSN:2577-6207
DOI:10.1145/3476109
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

Publication History

Published: 15 July 2021
Accepted: 01 May 2021
Revised: 01 April 2021
Received: 01 December 2018
Published in TIOT Volume 2, Issue 4

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Contiki
  2. IoT
  3. RPL
  4. RPL security
  5. insider attack
  6. machine learning

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)86
  • Downloads (Last 6 weeks)6
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)A Lightweight Mitigation Technique Against a Modified Version Number Attack in IoT NetworksIEEE Access10.1109/ACCESS.2025.353516613(20472-20490)Online publication date: 2025
  • (2025)A Simple Approach for Mitigating a New Flooding Attack in RPL-Based IoT NetworksIEEE Access10.1109/ACCESS.2025.352579813(5342-5358)Online publication date: 2025
  • (2025)State‐of‐the‐art of cybersecurity in the power system: Simulation, detection, mitigation, and research gapsIET Generation, Transmission & Distribution10.1049/gtd2.7000619:1Online publication date: 21-Jan-2025
  • (2024)Toward RPL Attacks and Mitigation Taxonomy: Systematic Literature Review ApproachIEEE Transactions on Network and Service Management10.1109/TNSM.2024.338646821:5(5215-5238)Online publication date: 1-Oct-2024
  • (2024)Seamlessly Insecure: Uncovering Outsider Access Risks in AiDot-Controlled Matter Devices2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00034(281-288)Online publication date: 23-May-2024
  • (2024)A Simulation Tool for ZigBee Application Layer Security2024 International Conference Automatics and Informatics (ICAI)10.1109/ICAI63388.2024.10851523(28-33)Online publication date: 10-Oct-2024
  • (2024)Mitigating Insider Threat: A Neural Network Approach for Enhanced SecurityIEEE Access10.1109/ACCESS.2024.340481412(73752-73768)Online publication date: 2024
  • (2024)Optimizing risk mitigation: A simulation-based model for detecting fake IoT clients in smart city environmentsSustainable Computing: Informatics and Systems10.1016/j.suscom.2024.10101943(101019)Online publication date: Sep-2024
  • (2024)A complete client–server architecture providing prevention from insider attack using homogeneous multi-core RSA crypto-processorCSI Transactions on ICT10.1007/s40012-024-00399-012:4(81-93)Online publication date: 10-Oct-2024
  • (2023)A Deep Learning Methodology for Predicting Cybersecurity Attacks on the Internet of ThingsInformation10.3390/info1410055014:10(550)Online publication date: 7-Oct-2023
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media