A Cross-Layer Intrusıon Detectıon System For Rpl-Based Internet Of Thıngs
Canbalaban , Erdem
xmlui.mirage2.itemSummaryView.MetaDataShow full item record
Internet of Things (IoT) is a heterogeneous network of constrained devices connected both to each other and to the Internet. Since the significance of the IoT has risen remarkably in recent years, a considerable amount of research has been conducted in this area, and especially on, new mechanisms and protocols suited to such complex systems. Routing Procotol for Low-Power and Lossy Networks (RPL) is one of the accepted routing protocols for the IoT. It provides for multi-hop routing and is mainly proposed for multipoint-to-point (MP2P) communication as well as supporting point-to-point (P2P) and point-to-multipoint (P2MP) communication. However RPL, as with many protocols proposed for the IoT, was not purposefully designed with security in mind;hence, certain solutions for securing RPL have been developed in the literature. Intrusion detection systems known as IDSs, which monitor activities in systems and detect intrusions, have become an inevitable part of such security systems, since prevention mechanisms alone are never enough. In this thesis study, a new IDS is proposed for these types of low-power and lossy networks. The IoT exists in a variety of fields such as smart homes, medical care and smart vehicles and with each having different security requirements. Devices in the IoT are interconnected to each other over lossy communication links, but with limited resources, they are also susceptible to attacks. Moreover, since the communication of such devices is provided by RPL, the protocol could also be targeted by internal attackers. In this thesis study, specific attacks against RPL, namely version number attack, worst parent attack and hello flood attack were deeply analyzed. Then, an IDS based on neural networks was proposed in order to detect such attacks. Here, the effects of features taken both from the routing layer and the link layer, were explored, and both binary classification and multi-class classification applied. The proposed system was then evaluated on simulated networks using different percentages of attackers (2%, 6%, 10%, 20%). The study's results showed that the proposed system was able to detect the attacks effectively with a 96.88% detection rate, a 0.13% false positive rate for binary classification, and a 97.52% rate of accuracy for multi-class detection. More specifically, the detection rate was shown to be 93.2% for version number attack, 98.17% for worst parent attack and 99.96% for hello flood attack. Also, with the usage of features related to the link layer in training, the false positive rate was shown to decrease from 0.61% to 0.13%. The positive effect of the link layer's features was especially noted in the detection of version number attacks. To the best of the author's knowledge, this study presents the first cross-layer IDS in the literature.
The following license files are associated with this item: