论文信息 - Specification-based IDS for securing RPL from topology attacks

Specification-based IDS for securing RPL from topology attacks

This paper focuses on the security aspect of RPL (Routing Protocol for Low-power and lossy network) by introducing a new type of threat — the topology attack, which changes the node operation for breaking the optimised network topology, and designing a specification-based IDS for detecting it. We present two novel RPL attacks of this type: the rank attack and local repair attack. We also propose an IDS architecture using network monitor backbone, and describe its monitoring mechanisms through a RPL finite state machine implemented in each monitor node. We show that our system can effectively detect these routing operation threats with a reasonable overhead.

[1] Alfredo Navarra,et al. Distributed Intrusion Detection Systems for Enhancing Security in Mobile Wireless Sensor Networks* , 2008, Int. J. Distributed Sens. Networks.

[2] Siarhei Kuryla,et al. RPL: IPv6 Routing Protocol for Low power and Lossy Networks , 2010 .

[3] Jimmi Grönkvist,et al. Evaluation of a Specification-Based Intrusion Detection System for AODV , 2007 .

[4] Jean-Philippe Vasseur,et al. Interconnecting Smart Objects with IP: The Next Internet , 2010 .

[5] R. Sekar,et al. Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[6] Tsvetko Tsvetkov. RPL: IPv6 Routing Protocol for LOW Power and Lossy Networks , 2011 .

[7] Johnny S. Wong,et al. On the symbiosis of specification-based and anomaly-based detection , 2010, Comput. Secur..

[8] Karl N. Levitt,et al. A Specification-Based Intrusion Detection Model for OLSR , 2005, RAID.