SVELTE: Real-time intrusion detection in the Internet of Things

In the Internet of Things (IoT), resource-constrained things are connected to the unreliable and untrusted Internet via IPv6 and 6LoWPAN networks. Even when they are secured with encryption and authentication, these things are exposed both to wireless attacks from inside the 6LoWPAN network and from the Internet. Since these attacks may succeed, Intrusion Detection Systems (IDS) are necessary. Currently, there are no IDSs that meet the requirements of the IPv6-connected IoT since the available approaches are either customized for Wireless Sensor Networks (WSN) or for the conventional Internet. In this paper we design, implement, and evaluate a novel intrusion detection system for the IoT that we call SVELTE. In our implementation and evaluation we primarily target routing attacks such as spoofed or altered information, sinkhole, and selective-forwarding. However, our approach can be extended to detect other attacks. We implement SVELTE in the Contiki OS and thoroughly evaluate it. Our evaluation shows that in the simulated scenarios, SVELTE detects all malicious nodes that launch our implemented sinkhole and/or selective forwarding attacks. However, the true positive rate is not 100%, i.e., we have some false alarms during the detection of malicious nodes. Also, SVELTE's overhead is small enough to deploy it on constrained nodes with limited energy and memory capacity.

[1]  Lillian L. Dai,et al.  RPL under mobility , 2012, 2012 IEEE Consumer Communications and Networking Conference (CCNC).

[2]  Utz Roedig,et al.  Secure communication for the Internet of Things - a comparison of link-layer security and IPsec for 6LoWPAN , 2014, Secur. Commun. Networks.

[3]  Gabriel Montenegro,et al.  IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals , 2007, RFC.

[4]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[5]  Bharat K. Bhargava,et al.  Visualization of wormholes in sensor networks , 2004, WiSe '04.

[6]  David E. Culler,et al.  Telos: enabling ultra-low power wireless research , 2005, IPSN 2005. Fourth International Symposium on Information Processing in Sensor Networks, 2005..

[7]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[8]  Jianying Zhou,et al.  Applying intrusion detection systems to wireless sensor networks , 2006, CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006..

[9]  Rituparna Chaki,et al.  Intrusion Detection in Wireless Ad-Hoc Networks , 2014 .

[10]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[11]  Vijay Raghunathan,et al.  AEGIS: A Lightweight Firewall for Wireless Sensor Networks , 2010, DCOSS.

[12]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[13]  Robert Tappan Morris,et al.  a high-throughput path metric for multi-hop wireless routing , 2005, Wirel. Networks.

[14]  Oscar Garcia-Morchon,et al.  Security Considerations in the IP-based Internet of Things , 2013 .

[15]  Zhou Su,et al.  Malicious node detection in wireless sensor networks using weighted trust evaluation , 2008, SpringSim '08.

[16]  Georg Carle,et al.  Poster: Securing the internet of things with DTLS , 2011, SenSys.

[17]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[18]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[19]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[20]  Yin Chen,et al.  FM-based indoor localization , 2012, MobiSys '12.

[21]  Adam Dunkels,et al.  Powertrace: Network-level Power Profiling for Low-power Wireless Networks , 2011 .

[22]  Siarhei Kuryla,et al.  RPL: IPv6 Routing Protocol for Low power and Lossy Networks , 2010 .

[23]  Adam Dunkels,et al.  The ContikiMAC Radio Duty Cycling Protocol , 2011 .

[24]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[25]  Mahdi Abadi,et al.  A PCA-based distributed approach for intrusion detection in wireless sensor networks , 2011, 2011 International Symposium on Computer Networks and Distributed Systems (CNDS).

[26]  P. Venkata Krishna,et al.  LAID: a learning automata-based scheme for intrusion detection in wireless sensor networks , 2009, Secur. Commun. Networks.

[27]  Gary Scott Malkin,et al.  Traceroute Using an IP Option , 1993, RFC.

[28]  Y.A. Sekercioglu,et al.  Detecting Selective Forwarding Attacks in Wireless Sensor Networks using Support Vector Machines , 2007, 2007 3rd International Conference on Intelligent Sensors, Sensor Networks and Information.

[29]  Eui-Nam Huh,et al.  A lightweight intrusion detection framework for wireless sensor networks , 2010, CMC 2010.

[30]  Fredrik Österlind Improving Low-Power Wireless Protocols with Timing-Accurate Simulation , 2011 .

[31]  Elaine Shi,et al.  The Sybil attack in sensor networks: analysis & defenses , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[32]  Hongbing Cheng,et al.  An Efficient Intrusion Detection Scheme for Wireless Sensor Networks , 2011 .

[33]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[34]  Adam Dunkels,et al.  Cross-Level Sensor Network Simulation with COOJA , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[35]  Ying Chen,et al.  Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.