IEEE Access (Jan 2023)
A Novel Energy-Efficient Scheme for RPL Attacker Identification in IoT Networks Using Discrete Event Modeling
Abstract
The Internet of Things (IoT) paradigm facilitates communication for a multitude of connected smart objects and provisions essential and mission-critical services across diverse sectors. To route packets, IoT networks use Routing Protocol for Low-Power and Lossy Networks (RPL) by default. However, RPL lacks security features by design, making IoT-RPL prone to low-overhead internal attacks such as the rank and version attacks. The attack and normal traffic are found to be identical, making detection challenging for signature-based and anomaly-based Intrusion Detection Systems (IDS). Moreover, a formal proof of correctness of IDS schemes is lacking. In this paper, we propose a novel rank and version attack detection and rank attacker location identification mechanism that utilizes active probing and Discrete Event System (DES) based IDS. Our proposed IDS scheme is centralized with inputs from sensing at the leaf levels. IDS uses as an intelligent probing technique that helps distinguish normal and attack behaviour. Further, DES is used to model the normal and attack specifications. A DES diagnoser, constructed from the DES models, generates an alert when a malicious node is identified. We also prove the correctness and completeness of our scheme. The DES framework is implemented only at root node, therefore using our IDS does not require any heavy deployment, protocol modifications, or training. Proposed method is implemented in simulation and testbed, with a sufficiently large number of IoT devices. We compare our scheme to state-of-the-art approaches. Our performance is found to be energy-efficient, having minimal false positives and achieving more than 99% accuracy in detecting intrusions and identifying the malicious nodes.
Keywords
