A specification-based IDS for detecting attacks on RPL-based network topology

Le, Anhtuan, Loo, Jonathan ORCID: https://orcid.org/0000-0002-2197-8126, Chai, Kok Keong and Aiash, Mahdi (2016) A specification-based IDS for detecting attacks on RPL-based network topology. Information, 7 (2). p. 25. ISSN 2078-2489

[thumbnail of Le-etal-2016-A-specification-based-IDS-for-detecting-attacks-on-RPL-based-netwrok-topology.pdf]
Le-etal-2016-A-specification-based-IDS-for-detecting-attacks-on-RPL-based-netwrok-topology.pdf - Published Version
Available under License Creative Commons Attribution.

Download (1MB) | Preview


Routing Protocol for Low power and Lossy network (RPL) topology attacks can downgrade the network performance significantly by disrupting the optimal protocol structure. To detect such threats, we propose a RPL-specification, obtained by a semi-auto profiling technique that constructs a high-level abstract of operations through network simulation traces, to use as reference for verifying the node behaviors. This specification, including all the legitimate protocol states and transitions with corresponding statistics, will be implemented as a set of rules in the intrusion detection agents, in the form of the cluster heads propagated to monitor the whole network. In order to save resources, we set the cluster members to report related information about itself and other neighbors to the cluster head instead of making the head overhearing all the communication. As a result, information about a cluster member will be reported by different neighbors, which allow the cluster head to do cross-check. We propose to record the sequence in RPL Information Object (DIO) and Information Solicitation (DIS) messages to eliminate the synchronized issue created by the delay in transmitting the report, in which the cluster head only does cross-check on information that come from sources with the same sequence. Simulation results show that the proposed Intrusion Detection System (IDS) has a high accuracy rate in detecting RPL topology attacks, while only creating insignificant overhead (about 6.3%) that enable its scalability in large-scale network

Item Type: Article
Identifier: 10.3390/info7020025
Additional Information: © 2016 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC-BY) license (http://creativecommons.org/licenses/by/4.0/).
Keywords: 6LoWPAN; RPL; internal threats; topology attacks; specification-based; IDS
Subjects: Computing > Information security > Cyber security
Computing > Information security
Depositing User: Jonathan Loo
Date Deposited: 22 Jun 2017 09:28
Last Modified: 06 Feb 2024 15:53
URI: https://repository.uwl.ac.uk/id/eprint/3507


Downloads per month over past year

Actions (login required)

View Item View Item