Article Preview
Top1. Introduction
The Internet of Things (IoT) is a network of interconnected computing devices embedded in everyday objects, enabling them to exchange data in a Machine-to-Machine approach. This technology is empowering new services and business opportunities as the number of diverse IoT applications (smart homes, smart cities, smart vehicles (Nasr, Kfoury, & Khoury, 2016), e-health and personal care, smart agriculture and others, etc.) is ultimately increasing. According to Gartner, the deployment of IoT devices is expected to reach almost $3 trillion in 2020. Hence, it is considered as a vital topic nowadays because of its influence different aspects of human lifestyle. A research (Bourne, 2017) indicates that security is one of the top three barriers preventing the adoption of IoT. Results of a recent survey (Altman Vilandrie & Company, 2017) showed that almost half of all U.S companies that use IoT devices have been suffering from a security breach. Therefore, securing IoT devices is important to foster their adoption by businesses and end costumers. Multiple solutions for securing IoT devices exist (Khoury & Kfoury, 2017; Raza, Voigt & Jutvik, 2012), but most of them tackle the integrity and authentication problems, but not the availability.
Figure 1. 6LoWPAN Protocol Stack (OSI Model Reference)
IoT network architecture is maintained based on various protocols (Figure 1). For instance, a typical WSN (Wireless Sensor Network) include IEEE 802.15.4 on the physical and media access layers, IPv6, 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks), and RPL (Routing Protocol for Low power and Lossy Network) on the network layer, MQTT (Message Queuing Telemetry Transport) or CoAP (Constrained Application Protocol) on the application layer. RPL is a novel distance vector routing protocol standardized for constrained 6LoWPAN networks enabling nodes to communicate in a mesh topology. Unfortunately, several attacks exist on the RPL protocol that target a node’s availability, and increase dramatically its power consumption.
In this paper we propose a novel Intrusion Detection System (IDS) for classifying RPL well-known attacks. Several attempts to create an IDS for RPL attacks have been introduced, namely, SVELTE (Raza, Wallgren, & Voigt, 2013), Support Vector Machines (SVM) to detect selective forwarding attacks (Kaplantzis, Shilton, Mani, & Sekercioglu. 2007), Feature vectors-based IDS (Livani & Abadi, 2011). In our IDS, we used the Self-Organizing Map (SOM) neural networks to perform RPL attacks classification. Neural networks in general can be divided into a variety of types, and can be applied to different types of applications (Achkar et al., 2016; Harkouss et al., 2010; Abou Kassem et al., 2017; Saide et al., 2015).
The main contributions of our IDS include: 1) The ability to detect multiple types of RPL attacks using unsupervised learning, 2) Enhancing power consumption by notifying the network administrator at an early stage about a certain attack, 3) Ensuring network availability due to the immediate notice of a security breach. The paper is divided as follows: Section 2 describes some background on RPL protocol and how the WSN topology is formed. Next, it explains the RPL well-known attacks and the control messages frequency on each attack. Moreover, it explains the SOM and how it can build a map from input samples. Section 3 introduces the proposed system; Section 4 discusses the simulation and results. Finally, we conclude with the intended future work.