Chenset Kim, Chakchai So-In, Yanika Kongsorot, Phet Aimtongkham
{"title":"FLSec-RPL:基于模糊逻辑的入侵检测方案,用于保护基于 RPL 的物联网网络免受 DIO 邻居压制攻击","authors":"Chenset Kim, Chakchai So-In, Yanika Kongsorot, Phet Aimtongkham","doi":"10.1186/s42400-024-00223-x","DOIUrl":null,"url":null,"abstract":"<p>The Internet of Things (IoT) has gained popularity and is widely used in modern society. The growth in the sizes of IoT networks with more internet-connected devices has led to concerns regarding privacy and security. In particular, related to the routing protocol for low-power and lossy networks (RPL), which lacks robust security functions, many IoT devices in RPL networks are resource-constrained, with limited computing power, bandwidth, memory, and battery life. This causes them to face various vulnerabilities and potential attacks, such as DIO neighbor suppression attacks. This type of attack specifically targets neighboring nodes through DIO messages and poses a significant security threat to RPL-based IoT networks. Recent studies have proposed methods for detecting and mitigating this attack; however, they produce high false-positive and false-negative rates in detection tasks and cannot fully protect RPL networks against this attack type. In this paper, we propose a novel fuzzy logic-based intrusion detection scheme to secure the RPL protocol (FLSec-RPL) to protect against this attack. Our method is built of three key phases consecutively: (1) it tracks attack activity variables to determine potential malicious behaviors; (2) it performs fuzzy logic-based intrusion detection to identify malicious neighbor nodes; and (3) it provides a detection validation and blocking mechanism to ensure that both malicious and suspected malicious nodes are accurately detected and blocked. To evaluate the effectiveness of our method, we conduct comprehensive experiments across diverse scenarios, including Static-RPL and Mobile-RPL networks. We compare the performance of our proposed method with that of the state-of-the-art methods. The results demonstrate that our method outperforms existing methods in terms of the detection accuracy, F1 score, power consumption, end-to-end delay, and packet delivery ratio metrics.</p>","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"48 1","pages":""},"PeriodicalIF":3.9000,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"FLSec-RPL: a fuzzy logic-based intrusion detection scheme for securing RPL-based IoT networks against DIO neighbor suppression attacks\",\"authors\":\"Chenset Kim, Chakchai So-In, Yanika Kongsorot, Phet Aimtongkham\",\"doi\":\"10.1186/s42400-024-00223-x\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>The Internet of Things (IoT) has gained popularity and is widely used in modern society. The growth in the sizes of IoT networks with more internet-connected devices has led to concerns regarding privacy and security. In particular, related to the routing protocol for low-power and lossy networks (RPL), which lacks robust security functions, many IoT devices in RPL networks are resource-constrained, with limited computing power, bandwidth, memory, and battery life. This causes them to face various vulnerabilities and potential attacks, such as DIO neighbor suppression attacks. This type of attack specifically targets neighboring nodes through DIO messages and poses a significant security threat to RPL-based IoT networks. Recent studies have proposed methods for detecting and mitigating this attack; however, they produce high false-positive and false-negative rates in detection tasks and cannot fully protect RPL networks against this attack type. In this paper, we propose a novel fuzzy logic-based intrusion detection scheme to secure the RPL protocol (FLSec-RPL) to protect against this attack. Our method is built of three key phases consecutively: (1) it tracks attack activity variables to determine potential malicious behaviors; (2) it performs fuzzy logic-based intrusion detection to identify malicious neighbor nodes; and (3) it provides a detection validation and blocking mechanism to ensure that both malicious and suspected malicious nodes are accurately detected and blocked. To evaluate the effectiveness of our method, we conduct comprehensive experiments across diverse scenarios, including Static-RPL and Mobile-RPL networks. We compare the performance of our proposed method with that of the state-of-the-art methods. The results demonstrate that our method outperforms existing methods in terms of the detection accuracy, F1 score, power consumption, end-to-end delay, and packet delivery ratio metrics.</p>\",\"PeriodicalId\":36402,\"journal\":{\"name\":\"Cybersecurity\",\"volume\":\"48 1\",\"pages\":\"\"},\"PeriodicalIF\":3.9000,\"publicationDate\":\"2024-09-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Cybersecurity\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1186/s42400-024-00223-x\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1186/s42400-024-00223-x","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
物联网(IoT)已在现代社会得到普及和广泛应用。随着物联网网络规模的扩大,与互联网连接的设备越来越多,引发了人们对隐私和安全的担忧。特别是与缺乏强大安全功能的低功耗和有损网络路由协议(RPL)有关,RPL 网络中的许多物联网设备资源有限,计算能力、带宽、内存和电池寿命都很有限。这导致它们面临各种漏洞和潜在攻击,如 DIO 邻居压制攻击。这类攻击专门通过 DIO 消息攻击邻近节点,对基于 RPL 的物联网网络构成了严重的安全威胁。最近的研究提出了检测和缓解这种攻击的方法,但这些方法在检测任务中会产生很高的假阳性率和假阴性率,无法完全保护 RPL 网络免受这种攻击。在本文中,我们提出了一种新颖的基于模糊逻辑的入侵检测方案来保护 RPL 协议(FLSec-RPL),以抵御这种攻击。我们的方法由三个关键阶段组成:(1) 跟踪攻击活动变量,以确定潜在的恶意行为;(2) 执行基于模糊逻辑的入侵检测,以识别恶意邻居节点;(3) 提供检测验证和阻断机制,以确保准确检测和阻断恶意节点和疑似恶意节点。为了评估我们方法的有效性,我们在静态-RPL 和移动-RPL 网络等不同场景下进行了综合实验。我们比较了我们提出的方法和最先进方法的性能。结果表明,我们的方法在检测准确率、F1 分数、功耗、端到端延迟和数据包交付率等指标上都优于现有方法。
FLSec-RPL: a fuzzy logic-based intrusion detection scheme for securing RPL-based IoT networks against DIO neighbor suppression attacks
The Internet of Things (IoT) has gained popularity and is widely used in modern society. The growth in the sizes of IoT networks with more internet-connected devices has led to concerns regarding privacy and security. In particular, related to the routing protocol for low-power and lossy networks (RPL), which lacks robust security functions, many IoT devices in RPL networks are resource-constrained, with limited computing power, bandwidth, memory, and battery life. This causes them to face various vulnerabilities and potential attacks, such as DIO neighbor suppression attacks. This type of attack specifically targets neighboring nodes through DIO messages and poses a significant security threat to RPL-based IoT networks. Recent studies have proposed methods for detecting and mitigating this attack; however, they produce high false-positive and false-negative rates in detection tasks and cannot fully protect RPL networks against this attack type. In this paper, we propose a novel fuzzy logic-based intrusion detection scheme to secure the RPL protocol (FLSec-RPL) to protect against this attack. Our method is built of three key phases consecutively: (1) it tracks attack activity variables to determine potential malicious behaviors; (2) it performs fuzzy logic-based intrusion detection to identify malicious neighbor nodes; and (3) it provides a detection validation and blocking mechanism to ensure that both malicious and suspected malicious nodes are accurately detected and blocked. To evaluate the effectiveness of our method, we conduct comprehensive experiments across diverse scenarios, including Static-RPL and Mobile-RPL networks. We compare the performance of our proposed method with that of the state-of-the-art methods. The results demonstrate that our method outperforms existing methods in terms of the detection accuracy, F1 score, power consumption, end-to-end delay, and packet delivery ratio metrics.