scholarly journals A Review of Intrusion Detection Systems in RPL Routing Protocol Based on Machine Learning for Internet of Things Applications

2021 ◽  
Vol 2021 ◽  
pp. 1-32
Author(s):  
Ali Seyfollahi ◽  
Ali Ghaffari
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Low Power ◽  
Routing Protocol ◽  
Directed Acyclic Graph ◽  
Intrusion Detection Systems ◽  
Lossy Networks ◽  
Detection Systems ◽  
Information Object ◽  
Network Router

IPv6 routing protocol for low-power and lossy networks (RPL) has been developed as a routing agent in low-power and lossy networks (LLN), where nodes’ resource constraint nature is challenging. This protocol operates at the network layer and can create routing and optimally distribute routing information between nodes. RPL is a low-power, high-throughput IPv6 routing protocol that uses distance vectors. Each sensor-to-wire network router has a collection of fixed parents and a preferred parent on the path to the Destination-oriented directed acyclic graph (DODAG) graph’s root in steady-state. Each router part of the graph sends DODAG information object (DIO) control messages and specifies its rank within the graph, indicating its position within the network relative to the root. When a node receives a DIO message, it determines its network rank, which must be higher than all its parents’ rank, and then continues sending DIO messages using the trickle timer. As a result, DODAG begins at the root and eventually extends to encompass the whole network. This paper is the first review to study intrusion detection systems in the RPL protocol based on machine learning (ML) techniques to the best of our knowledge. The complexity of the new attack models identified for RPL and the efficiency of ML in intelligent and collaborative threats detection, and the issues of deploying ML in challenging LLN environments underscore the importance of research in this area. The analysis is done using research sources of “Google Scholar,” “Crossref,” “Scopus,” and “Web of Science” resources. The evaluations are assessed for studies from 2016 to 2021. The results are illustrated with tables and figures.

scholarly journals Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT

2021 ◽  
Vol 1 (2) ◽  
pp. 252-273
Author(s):  
Pavlos Papadopoulos ◽  
Oliver Thornewill von Essen ◽  
Nikolaos Pitropakis ◽  
Christos Chrysoulas ◽  
Alexios Mylonas ◽  
...  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection Systems ◽  
Learning Models ◽  
Detection Systems ◽  
Network Intrusion ◽  
Robust Model ◽  
Significant Probability ◽  
Adversarial Examples ◽  
Attack Surface

As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models’ robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability.

scholarly journals Ensemble-Based Online Machine Learning Algorithms for Network Intrusion Detection Systems Using Streaming Data

Information ◽  
2020 ◽  
Vol 11 (6) ◽  
pp. 315
Author(s):  
Nathan Martindale ◽  
Muhammad Ismail ◽  
Douglas A. Talbert
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Intrusion Detection ◽  
Learning Algorithms ◽  
Machine Learning Algorithms ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
Detection Systems ◽  
Network Intrusion ◽  
Network Intrusion Detection Systems

As new cyberattacks are launched against systems and networks on a daily basis, the ability for network intrusion detection systems to operate efficiently in the big data era has become critically important, particularly as more low-power Internet-of-Things (IoT) devices enter the market. This has motivated research in applying machine learning algorithms that can operate on streams of data, trained online or “live” on only a small amount of data kept in memory at a time, as opposed to the more classical approaches that are trained solely offline on all of the data at once. In this context, one important concept from machine learning for improving detection performance is the idea of “ensembles”, where a collection of machine learning algorithms are combined to compensate for their individual limitations and produce an overall superior algorithm. Unfortunately, existing research lacks proper performance comparison between homogeneous and heterogeneous online ensembles. Hence, this paper investigates several homogeneous and heterogeneous ensembles, proposes three novel online heterogeneous ensembles for intrusion detection, and compares their performance accuracy, run-time complexity, and response to concept drifts. Out of the proposed novel online ensembles, the heterogeneous ensemble consisting of an adaptive random forest of Hoeffding Trees combined with a Hoeffding Adaptive Tree performed the best, by dealing with concept drift in the most effective way. While this scheme is less accurate than a larger size adaptive random forest, it offered a marginally better run-time, which is beneficial for online training.

scholarly journals Security Aspects for Rpl-Based Protocols: A Systematic Review in IoT

2020 ◽  
Vol 10 (18) ◽  
pp. 6472
Author(s):  
Karen Avila ◽  
Daladier Jabba ◽  
Javier Gomez
Keyword(s):  
Routing Protocol ◽  
Directed Acyclic Graph ◽  
Network Monitoring ◽  
Mitigation Strategy ◽  
Lossy Networks ◽  
Security Issues ◽  
Information Object ◽  
Selective Forwarding ◽  
The Internet Of Things ◽  
Parent Node

The Internet of things (IoT) is a concept that has gained traction over the last decade. IoT networks have evolved around the wireless sensor network (WSN), and the following research looks at relevant IoT concepts and the different security issues that occur specifically at the network layer. This analysis is performed using a structured literature review (SLR). This form of bibliographic review has been a trend in recent years. Its strength is the performance of a bibliometric analysis that allows studying both trends in the line of research that you want to address and the relevant authors. This SLR reviews 53 proposals between 2011 and 2020, whose contribution is to mitigate attacks in the RPL (Routing Protocol for Low-Power and Lossy Networks) protocol. The revised proposals emerged after selecting keywords and databases in which to apply the search. Initially, approximately 380 research works appeared, for which it was necessary to continue using filters to refine the proposals to be included. After reading titles and abstracts, 53 papers were finally selected. In addition to analyzing the attacks mitigated in the RPL protocol, it is intended to identify the trend by which these attacks are reduced, as a result of the review, nine attacks have been found: rank, blackhole, selective forwarding, wormhole, DODAG (Destination-Oriented Directed Acyclic Graph) version number, DAO (Destination Advertisement Object) inconsistency, DIO (DODAG Information Object) suppression, Sybil, and sinkhole. Each of the 53 proposals analyzed in this review has an associated mitigation strategy, these strategies have been categorized into four groups, based on authentication or cryptography, based on network monitoring, based on secure parent node selection and other. According to the results, the authors’ primary mitigation strategy is based on network monitoring, with 30%. This review also identifies the principal authors and countries that need the development of this line of research.

Sign in / Sign up

Export Citation Format

Share Document