Denial-of-Service Attacks and Countermeasures in the RPL-Based Internet of Things

Internet of Things (IoT) is already playing a significant role in our lives, as more and more industries are adopting IoT for improving existing systems and providing novel applications. However, recent attacks caused by Mirai and Chalubo botnets show that IoT systems are vulnerable and new security mechanisms are required. In this work, we design and implement a prototype of Intrusion Detection System (IDS) for protecting IoT networks and devices from Denial-of-Service (DoS) attacks. Our focus is on detecting attacks that exploit the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL), which is a widely used protocol for packet routing in low-power IoT networks. Our considered Operating System (OS) is the popular ContikiOS and we use the Cooja simulator to study DoS attacks and test the detection algorithms. In particular, we simulated scenarios that involve both benign and malicious/compromised IoT devices. A compromised device exploits RPL control messages to cause other devices perform heavy computations and disrupt the established network routes. The obtained simulation results help us understand the characteristics of an RPL-based IoT network under its normal operation and devise effective countermeasures against malicious activity. A new threshold-based IDS is proposed and a first prototype is implemented in ContikiOS. The IDS relies on tunable parameters and involves both centralised and distributed components in order to effectively detect malicious RPL messages. Experimental results show high detection rate and low false positives in large networks.

[1]  Philip Levis,et al.  The Minimum Rank with Hysteresis Objective Function , 2012, RFC.

[2]  Chung-Horng Lung,et al.  Routing Attacks and Mitigation Methods for RPL-Based Internet of Things , 2019, IEEE Communications Surveys & Tutorials.

[3]  Mazliza Othman,et al.  Internet of Things security: A survey , 2017, J. Netw. Comput. Appl..

[4]  Ron Cottam,et al.  Hierarchy and the Nature of Information , 2016, Inf..

[5]  Mahmoud Ammar,et al.  Journal of Information Security and Applications , 2022 .

[6]  Ong Bi Lynn,et al.  Internet of Things (IoT): Taxonomy of security attacks , 2016, 2016 3rd International Conference on Electronic Design (ICED).

[7]  Georgios Kambourakis,et al.  The Mirai botnet and the IoT Zombie Armies , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[8]  Philip Levis,et al.  RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks , 2012, RFC.

[9]  Ioannis D. Moscholios,et al.  A Signature-based Intrusion Detection System for the Internet of Things , 2018 .

[10]  Kyung-Sup Kwak,et al.  The Internet of Things for Health Care: A Comprehensive Survey , 2015, IEEE Access.

[11]  F. Richard Yu,et al.  A Multi-Level DDoS Mitigation Framework for the Industrial Internet of Things , 2018, IEEE Communications Magazine.

[12]  Elisa Bertino,et al.  Kalis — A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[13]  Ping Wang,et al.  The Emperor's New Password Creation Policies: An Evaluation of Leading Web Services and the Effect of Role in Resisting Against Online Guessing , 2015, ESORICS.

[14]  Vassilios G. Vassilakis,et al.  Battery Drain Denial-of-Service Attacks and Defenses in the Internet of Things , 2019, Journal of Telecommunications and Information Technology.

[15]  Nour Moustafa,et al.  Identification of malicious activities in industrial internet of things based on deep learning models , 2018, J. Inf. Secur. Appl..

[16]  Longfei Wu,et al.  A Survey on Security and Privacy Issues in Internet-of-Things , 2017, IEEE Internet of Things Journal.

[17]  Vassilios G. Vassilakis,et al.  A Secure Scheme for Group Communication of Wireless IoT Devices , 2018, 2018 11th International Symposium on Communication Systems, Networks & Digital Signal Processing (CSNDSP).

[18]  Jugal K. Kalita,et al.  An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[19]  Adam Dunkels,et al.  Low-power wireless IPv6 routing with ContikiRPL , 2010, IPSN '10.

[20]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[21]  Pavan Pongle,et al.  A survey: Attacks on RPL and 6LoWPAN in IoT , 2015, 2015 International Conference on Pervasive Computing (ICPC).

[22]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[23]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[24]  Sean Carlisto de Alvarenga,et al.  A survey of intrusion detection in Internet of Things , 2017, J. Netw. Comput. Appl..

[25]  Zhe Liu,et al.  Enhancing Intelligent Alarm Reduction for Distributed Intrusion Detection Systems via Edge Computing , 2018, ACISP.

[26]  Vijay Sivaraman,et al.  Quantifying the reflective DDoS attack capability of household IoT devices , 2017, WISEC.

[27]  Xiapu Luo,et al.  MVPSys: Toward practical multi-view based false alarm reduction system in network intrusion detection , 2016, Comput. Secur..

[28]  JeongGil Ko,et al.  The Trickle Algorithm , 2011, RFC.

[29]  Adam Dunkels,et al.  Cross-Level Sensor Network Simulation with COOJA , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[30]  Mohammed Bouhorma,et al.  Denial-of-Service attacks on 6LoWPAN-RPL networks: Issues and practical solutions , 2014 .

[31]  Jonathan Loo,et al.  A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology , 2016, Inf..

[32]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[33]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[34]  Mohammed Bouhorma,et al.  Denial-of-Service attacks on 6LoWPAN-RPL networks: Threats and an intrusion detection system proposition , 2014 .

[35]  Thiemo Voigt,et al.  Routing Attacks and Countermeasures in the RPL-Based Internet of Things , 2013, Int. J. Distributed Sens. Networks.

[36]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[37]  Ping Wang,et al.  Targeted Online Password Guessing: An Underestimated Threat , 2016, CCS.