Abstract
The Internet of Things (IoT) is a heterogeneous network of constrained devices connected both to each other and to the Internet. Since the significance of IoT has risen remarkably in recent years, a considerable amount of research has been conducted in this area, and especially on, new mechanisms and protocols suited to such complex systems. Routing Procotol for Lower-Power and Lossy Networks (RPL) is one of the well-accepted routing protocols for IoT. Even though RPL has defined some specifications for its security, it is still vulnerable to insider attacks. Moreover, lossy communication links and resource-constraints of devices introduce a challenge for developing suitable security solutions for such networks. Therefore, in this study, a new intrusion detection system based on neural networks is proposed for detecting specific attacks against RPL. Besides features collected from the routing layer, the effects of link layer-based features are investigated on intrusion detection. To the best of our knowledge, this study presents the first cross-layer intrusion detection system in the literature.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
IoT: Number of Connected Devices Worldwide 2012–2025|statistica. https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/. Accessed 18 Jan 2020
Tmote sky from moteiv. https://insense.cs.st-andrews.ac.uk/files/2013/04/tmote-sky-datasheet.pdf. Accessed 13 Jan 2020
Airehrour, D., Gutierrez, J.A., Ray, S.K.: Sectrust-RPL: a secure trust-aware RPL routing protocol for Internet of Things. Future Gener. Comput. Syst. 93, 860–876 (2019). https://doi.org/10.1016/j.future.2018.03.021. http://www.sciencedirect.com/science/article/pii/S0167739X17306581
Alexander, R., et al.: RPL: IPv6 routing protocol for low-power and lossy networks. RFC 6550 (March 2012). https://doi.org/10.17487/RFC6550, https://rfc-editor.org/rfc/rfc6550.txt
Aris, A., Oktug, S.F., Berna Ors Yalcin, S.: RPL version number attacks: in-depth study. In: NOMS 2016–2016 IEEE/IFIP Network Operations and Management Symposium, pp. 776–779 (2016)
Arş, A., Örs Yalçın, S.B., Oktuğ, S.F.: New lightweight mitigation techniques for RPL version number attacks. Ad Hoc Netw. 85, 81–91 (2019). https://doi.org/10.1016/j.adhoc.2018.10.022. http://www.sciencedirect.com/science/article/pii/S1570870518307625
Aydogan, E., Yilmaz, S., Sen, S., Butun, I., Forsström, S., Gidlund, M.: A central intrusion detection system for RPL-based industrial internet of things. In: 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS), pp. 1–5 (2019)
Chollet, F., et al.: Keras. https://keras.io (2015)
Glissa, G., Rachedi, A., Meddeb, A.: A secure routing protocol based on RPL for Internet of Things. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp. 1–7 (2016)
Kim, H.S., Ko, J., Culler, D.E., Paek, J.: Challenging the IPv6 routing protocol for low-power and lossy networks (RPL): a survey. IEEE Commun. Surv. Tutor. 19(4), 2502–2525 (2017)
Le, A., Loo, J., Chai, M., Aiash, M.: A specification-based IDS for detecting attacks on RPL-based network topology. Information 7, 25 (2016). https://doi.org/10.3390/info7020025
Le, A., Loo, J., Lasebae, A., Vinel, A., Chen, Y., Chai, M.: The impact of rank attack on network topology of routing protocol for low-power and lossy networks. IEEE Sens. J. 13, 3685–3692 (2013). https://doi.org/10.1109/JSEN.2013.2266399
Le, A., Loo, J., Luo, Y., Lasebae, A.: The impacts of internal threats towards routing protocol for low power and lossy network performance, pp. 000789–000794 (July 2013). https://doi.org/10.1109/ISCC.2013.6755045
Levis, P., Clausen, T.H., Gnawali, O., Hui, J., Ko, J.: The trickle algorithm. RFC 6206 (March 2011). https://doi.org/10.17487/RFC6206, https://rfc-editor.org/rfc/rfc6206.txt
Maple, C.: Security and privacy in the Internet of Things. J. Cyber Policy 2, 155–184 (2017). https://doi.org/10.1080/23738871.2017.1366536
Mayzaud, A., Badonnel, R., Chrisment, I.: A distributed monitoring strategy for detecting version number attacks in RPL-based networks. IEEE Trans. Netw. Serv. Manag. 14(2), 472–486 (2017). https://doi.org/10.1109/TNSM.2017.2705290
Mayzaud, A., Sehgal, A., Badonnel, R., Chrisment, I., Schönwälder, J.: A study of RPL DODAG version attacks. In: Sperotto, A., Doyen, G., Latré, S., Charalambides, M., Stiller, B. (eds.) AIMS 2014. LNCS, vol. 8508, pp. 92–104. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43862-6_12
McKinney, W., et al.: Data structures for statistical computing in python. In: Proceedings of the 9th Python in Science Conference, Austin, TX, vol. 445, pp. 51–56 (2010)
Müller, N.M., Debus, P., Kowatsch, D., Böttinger, K.: Distributed anomaly detection of single mote attacks in RPL networks. In: Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, SECRYPT, vol. 2, pp. 378–385. INSTICC, SciTePress (2019). https://doi.org/10.5220/0007836003780385
Napiah, M.N., Bin Idris, M.Y.I., Ramli, R., Ahmedy, I.: Compression header analyzer intrusion detection system (CHA - IDS) for 6LoWPAN communication protocol. IEEE Access 6, 16623–16638 (2018)
Oliphant, T.E.: A Guide to NumPy, vol. 1. Trelgol Publishing, USA (2006)
Osterlind, F., Dunkels, A., Eriksson, J., Finne, N., Voigt, T.: Cross-level sensor network simulation with cooja. In: Annual IEEE Conference on Local Computer Networks, pp. 641–648 (November 2006). https://doi.org/10.1109/LCN.2006.322172
Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2011)
Pongle, P.: Real time intrusion and wormhole attack detection in Internet of Things. Int. J. Comput. Appl. 121, 1–9 (2015). https://doi.org/10.5120/21565-4589
Ray, P.: A survey on Internet of Things architectures. J. King Saud Univ. Comput. Inf. Sci. 30(3), 291–319 (2018). https://doi.org/10.1016/j.jksuci.2016.10.003. http://www.sciencedirect.com/science/article/pii/S1319157816300799
Raza, S., Wallgren, L., Voigt, T.: Svelte: real-time intrusion detection in the Internet of Things. Ad Hoc Networks 11(8), 2661–2674 (2013). https://doi.org/10.1016/j.adhoc.2013.04.014. http://www.sciencedirect.com/science/article/pii/S1570870513001005
Verma, A., Ranga, V.: Security of RPL based 6LoWPAN networks in the Internet of Things: a review. IEEE Sens. J. 20(11), 5666–5690 (2020)
Verma, A., Ranga, V.: Mitigation of dis flooding attacks in RPL-based 6LoWPAN networks. Trans. Emerg. Telecommun. Technol. 31(2), e3802 (2020). https://doi.org/10.1002/ett.3802. https://onlinelibrary.wiley.com/doi/abs/10.1002/ett.3802
Yavuz, F.Y., Unal, D., Gul, E.: Deep learning for detection of routing attacks in the Internet of Things. Int. J. Comput. Intell. Syst. 12, 39–58 (2018). https://doi.org/10.2991/ijcis.2018.25905181
Acknowledgements
Thanks to Emre Aydogan and Selim Yilmaz for sharing their experiences during the feature selection and feature extraction process for our neural-network based intrusion detection system.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Canbalaban, E., Sen, S. (2020). A Cross-Layer Intrusion Detection System for RPL-Based Internet of Things. In: Grieco, L.A., Boggia, G., Piro, G., Jararweh, Y., Campolo, C. (eds) Ad-Hoc, Mobile, and Wireless Networks. ADHOC-NOW 2020. Lecture Notes in Computer Science(), vol 12338. Springer, Cham. https://doi.org/10.1007/978-3-030-61746-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-61746-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61745-5
Online ISBN: 978-3-030-61746-2
eBook Packages: Computer ScienceComputer Science (R0)