Intrusion Detection and Prevention in CoAP Wireless Sensor Networks Using Anomaly Detection

It is well recognized that security will play a major role in enabling most of the applications envisioned for the Internet of Things (IoT). We must also note that most of such applications will employ sensing and actuating devices integrated with the Internet communications infrastructure and, from the minute such devices start to support end-to-end communications with external (Internet) hosts, they will be exposed to all kinds of threats and attacks. With this in mind, we propose an IDS framework for the detection and prevention of attacks in the context of Internet-integrated CoAP communication environments and, in the context of this framework, we implement and experimentally evaluate the effectiveness of anomaly-based intrusion detection, with the goal of detecting Denial of Service (DoS) attacks and attacks against the 6LoWPAN and CoAP communication protocols. From the results obtained in our experimental evaluation we observe that the proposed approach may viably protect devices against the considered attacks. We are able to achieve an accuracy of 93% considering the multi-class problem, thus when the pattern of specific intrusions is known. Considering the binary class problem, which allows us to recognize compromised devices, and though a lower accuracy of 92% is observed, a recall and an F_Measure of 98% were achieved. As far as our knowledge goes, ours is the first proposal targeting the usage of anomaly detection and prevention approaches to deal with application-layer and DoS attacks in 6LoWPAN and CoAP communication environments.

[1]  Ravi Sankar,et al.  A Survey of Intrusion Detection Systems in Wireless Sensor Networks , 2014, IEEE Communications Surveys & Tutorials.

[2]  Abderrahmane Baadache,et al.  Intrusions Detection System Based on Ubiquitous Network Nodes , 2014, ArXiv.

[3]  Jhoanna Rhodette I. Pedrasa,et al.  IPv6 routing protocol for low-power and lossy networks implementation in network simulator — 3 , 2017, TENCON 2017 - 2017 IEEE Region 10 Conference.

[4]  Abbas Javed,et al.  Intelligent Intrusion Detection in Low-Power IoTs , 2016, ACM Trans. Internet Techn..

[5]  Shadi Aljawarneh,et al.  Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model , 2017, J. Comput. Sci..

[6]  Yu Chen,et al.  Ultra-lightweight deep packet anomaly detection for Internet of Things devices , 2015, 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC).

[7]  Jonathan Loo,et al.  6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach , 2012, Int. J. Commun. Syst..

[8]  Carsten Bormann,et al.  CoAP: An Application Protocol for Billions of Tiny Internet Nodes , 2012, IEEE Internet Computing.

[9]  Gennaro Boggia,et al.  Standardized Protocol Stack for the Internet of (Important) Things , 2013, IEEE Communications Surveys & Tutorials.

[10]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[11]  John D. Hunter,et al.  Matplotlib: A 2D Graphics Environment , 2007, Computing in Science & Engineering.

[12]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[13]  Joel J. P. C. Rodrigues,et al.  Denial of service mitigation approach for IPv6‐enabled smart object networks , 2013, Concurr. Comput. Pract. Exp..

[14]  Choong Seon Hong,et al.  Attack Model and Detection Scheme for Botnet on 6LoWPAN , 2009, APNOMS.

[15]  Daniele Miorandi,et al.  REATO: REActing TO Denial of Service attacks in the Internet of Things , 2018, Comput. Networks.

[16]  Maurizio A. Spirito,et al.  Denial-of-Service detection in 6LoWPAN based Internet of Things , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[17]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[18]  Keke Gai,et al.  Intrusion detection techniques for mobile cloud computing in heterogeneous 5G , 2016, Secur. Commun. Networks.

[19]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[20]  T. Tsvetkov RPL : IPv 6 Routing Protocol for Low Power and Lossy Networks , 2010 .

[21]  Hon Sun Chiu,et al.  Real Time Intrusion and Wormhole Attack Detection in Internet of Things , 2015 .

[22]  Basavaraj Patil,et al.  IPv6 over BLUETOOTH(R) Low Energy , 2015, RFC.

[23]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[24]  Abhishek Gupta,et al.  Computational intelligence based intrusion detection systems for wireless communication and pervasive computing networks , 2013, 2013 IEEE International Conference on Computational Intelligence and Computing Research.

[25]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[26]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[27]  Ivan Howitt,et al.  IEEE 802.15.4 low rate - wireless personal area network coexistence issues , 2003, 2003 IEEE Wireless Communications and Networking, 2003. WCNC 2003..

[28]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[29]  Christian Huitema,et al.  Transmission of IPv6 Packets over IEEE 802.11 Networks Outside the Context of a Basic Service Set , 2014 .