Future Generation Computer Systems

Volume 101, December 2019, Pages 865-879

Detection of multiple-mix-attack
malicious nodes using perceptron-based
trust in IoT networks
Author links open overlay
panelLiang Liu , Zuchao Ma , Weizhi Meng
a a b

Show more
Add to Mendeley
Share
Cite
https://doi.org/10.1016/j.future.2019.07.021Get rights and content

Abstract
The Internet of Things (IoT) has experienced a rapid growth in the
last few years allowing different Internet-enabled devices to interact
with each other in various environments. Due to the distributed
nature, IoT networks are vulnerable to various threats especially
insider attacks. There is a significant need to detect malicious nodes
timely. Intuitively, large damage would be caused in IoT networks if
attackers conduct a set of attacks collaboratively and
simultaneously. In this work, we investigate this issue and first
formalize a multiple-mix-attack model. Then, we propose an
approach called Perceptron Detection (PD), which uses both
perceptron and K-means method to compute IoT nodes’ trust values
and detect malicious nodes accordingly. To further improve the
detection accuracy, we optimize the route of network and design an
enhanced perceptron learning process, named Perceptron Detection
with enhancement (PDE). The experimental results demonstrate
that PD and PDE can detect malicious nodes with a higher accuracy
rate as compared with similar methods, i.e., improving the
detection accuracy of malicious nodes by around 20% to 30%.
Introduction
Internet of Things (IoT) has become a popular infrastructure to
support many modern applications and services, such as smart
homes, smart healthcare, public security, industrial monitoring and
environment protection. Most existing smart devices can work
collaboratively and construct a type of multihop IoT networks.
These devices could be either sensors that collect information from
surroundings or control units that gather information from sensors
to make some suitable strategies. In addition, these devices can use
various IoT protocols [1], [2] to transfer their data including ZigBee,
WiFi, Bluetooth, etc.
The topology of multihop IoT networks is flexible but it is also
fragile, i.e., it suffers from many insider threats, where an attack can
be launched within a network. For example, attackers can
compromise some devices in a multihop IoT network and then
utilize these devices to infer sensitive information, tamper data,
launch Drop attack or denial-of-service (DoS) attack. Therefore, it is
very important to design an effective security mechanism for
detecting malicious nodes in an IoT network.
Motivation. Most existing studies mainly focus on a single and
unique attack in an IoT environment, but an advanced attacker may
choose an intelligent strategy to behave maliciously, i.e., they may
manipulate some specific packets with a probability [3], [4], [5].
More importantly, we notice that practical intruders can perform
several attacks at the same time. Thus in this work, we consider a
stronger and more advanced attacker, who can control some nodes
illegally in IoT networks and perform a multiple-mix-attack with
three malicious actions with a probability, such as tampering data,
dropping packets, and sending duplicated packets. In practice, these
malicious actions can be performed either simultaneously or
separately, making the attacker even more difficult to be detected.
Contributions. In this work, we first formalize attack models for
tamper attack, drop attack, replay attack and multiple-mix-attack,
respectively. For detection, as it is not easy to predict the probability
of each malicious action, we choose to use perceptron to help detect
malicious nodes. In particular, perceptron can adjust the detection
model according to the input, and we can collect some more
targeted information to enhance the perceptron’s learning and
achieve better detection performance. Subsequently, we propose
two approaches of Perceptron Detection (PD) and Perceptron
Detection with enhancement (PDE) in identifying malicious nodes.
Based on the reputation of a path and the trustworthiness of a node,
the former aims to detect the malicious nodes in IoT networks by
using perceptron, while the latter attempts to further leverage the
detection accuracy.
More specifically, we first inject some packets into the IoT network
and collect packets transferred in the network. Based on the
collected information, we use the perceptron to calculate the
reputation of all nodes and cluster nodes to three groups including
benign group (BG), unknown group (UG), malicious group (MG).
Then we change the routing of transmitted packets and increase the
injected packets to collect more information about those nodes in
UG’s, i.e., their influence on the network. Then, we input such
information to the perceptron again in order to enhance its learning
process and obtain the final output, e.g., the trust values of nodes.
Finally, we cluster all nodes into two groups: final benign group
(FBG) and final malicious group (FMG). Experimental results
indicate that our approach can detect malicious nodes with high
accuracy and stability, i.e., improving the detection rate by 20% to
30% as compared with a similar method of Hard Detection (HD).
Organization. The remaining parts of this article are organized as
follows. Section 2 presents related work on how to detect security
threats like malicious nodes. Section 3 formalizes tamper attack,
drop attack, replay attack and multiple mix attack. Section 4
introduces our approaches of Perceptron Detection (PD) and
Perceptron Detection with enhancement (PDE). Section 5 describes
our experimental environment and discusses evaluation results.
Finally, Section 6 concludes our work.

Section snippets

Related work
Nowadays, Internet of Things (IoT) has become a popular research
topic due to its wide adoption and sustainable development. Farooq
et al. [6] focused on the IoT security with four layers including
perception layer, network layer, middle-ware layer and application
layer. They then defined three security goals: Data Confidentiality,
Data Integrity and Data Availability. There are some security
challenges in the network layer, such as Sybil Attack, Sinkhole
Attack, Sleep Deprivation Attack,

Attack model
This section formalizes different attack models, including tamper
attack, drop attack, replay attack and multiple-mix-attack.

Perceptron-based detection
To detect insider attacks in an IoT network, we can inject packages
and observe the received feedback in Sink, i.e., checking whether
some packages are tampered, missed or copied. Then, we can
calculate trust value for each node based on our trust model —
multivariable linear regression model, and identify malicious nodes
accordingly. Based on the nodes’ reputation, we use K-means
method to cluster nodes into three groups: benign group (BG),
unknown group (UG), and malicious group (MG). Later,

Evaluation results
In this section, we evaluate our proposed Perceptron Detection (PD)
and compare its performance with a similar approach of Hard
Detection (HD) [34]. HD is a mathematical method to detect
malicious nodes that can perform a tamper attack. As the focus of
HD is not fully the same as our target in this work, we tune HD to
make it workable in a multiple-mix-attack environment. In
particular, we add a module in HD to help detect unknown
packages, lost packages and duplicated packages, and enable HD

Conclusions
Due to the broad application of IoT networks, there is a significant
need to design proper security mechanisms in identifying malicious
nodes. Most existing studies mainly consider a single attack, but we
notice that an advanced intruder may perform some attacks in a
collaborative manner to make a more harmful impact. In this work,
we target on this issue and focus on three typical attacks: tamper
attack, drop attack and replay attack. We first formalize a single
attack model and a

Declaration of Competing Interest

The authors declare that they have no known competing financial
interests or personal relationships that could have appeared to
influence the work reported in this paper.

Acknowledgment
This work was supported by the Foundation of Graduate Innovation
Center in NUAA, China , Grant Number KFJJ20181608.
Liang Liu is currently a Lecturer in the College of Computer
Science and Technology, Nanjing University of Aeronautics and
Astronautics, Nanjing, Jiangsu Province, China. His research
interests include distributed computing, big data and system
security. He received the B.S. degree in computer science from
Northwestern Polytechnical University, Xi’an, Shanxi Province,
China in 2005, and the Ph.D. degree in computer science from
Nanjing University of Aeronautics and Astronautics, Nanjing,
References (36)
 LiW. et al.
Enhancing collaborative intrusion detection networks against insider
attacks using supervised intrusion sensitivity-based trust
management model
J. Netw. Comput. Appl.
(2017)
 MengW. et al.
A bayesian inference-based detection mechanism to defend medical
smartphone networks against insider attacks
J. Netw. Comput. Appl.
(2017)
 LiuX. et al.
Identifying malicious nodes in multihop iot networks using diversity
and unsupervised learning
 NassifA.B. et al.
Towards an early software estimation using log-linear regression and
a multilayer perceptron model
J. Syst. Softw.
(2013)
  WithanageC. et al.
A comparison of the popular home automation technologies
 ZhengJ. et al.
A comprehensive performance study of ieee 802.15. 4
Sensor Netw. Oper.
(2006)
 LiW. et al.
PMFA: toward passive message fingerprint attacks on challenge-
based collaborative intrusion detection networks
 MengW. et al.
Design and evaluation of advanced collusion attacks on collaborative
intrusion detection networks in practice
 LiW. et al.
Investigating the influence of special on-off attacks on challenge-
based collaborative intrusion detection networks
Future Internet
(2018)
 FarooqM.U. et al.
A critical analysis on the security concerns of internet of things (iot)
Int. J. Comput. Appl.
(2015)
View more references

Cited by (62)

 A blockchain-assisted security management framework for

collaborative intrusion detection in smart cities
2023, Computers and Electrical Engineering
Show abstract
 A big data analytics for DDOS attack detection using optimized
ensemble framework in Internet of Things
2023, Internet of Things (Netherlands)
Show abstract
 A systematic literature review on attacks defense mechanisms in
RPL-based 6LoWPAN of Internet of Things
2023, Internet of Things (Netherlands)
Show abstract
 A detailed study on trust management techniques for security and
privacy in IoT: challenges, trends, and research directions
2023, High-Confidence Computing
 Show abstract
 Energy aware Clustered blockchain data for IoT: An end-to-end
lightweight secure & Enroute filtering approach
2023, Computer Communications
Show abstract
 Trust secure data aggregation in WSN-based IIoT with single mobile
sink
2022, Ad Hoc Networks
Show abstract
View all citing articles on Scopus

Recommended articles (6)

 Research article

Biometric data on the edge for secure, smart and user tailored access
to cloud services
Future Generation Computer Systems, Volume 101, 2019, pp.
534-541
Show abstract
 Research article

Value-based utility implementation in software-defined testbed for

sensor data traffic management
Future Generation Computer Systems, Volume 101, 2019, pp.
737-746
Show abstract
 Research article

A PUF-based mutual authentication scheme for Cloud-Edges IoT

systems
Future Generation Computer Systems, Volume 101, 2019, pp.
246-261
Show abstract
 Research article
 A scalable method of parallel tasks after the extension of machine
systems based on equal change rate
Future Generation Computer Systems, Volume 101, 2019, pp.
680-693
Show abstract
 Research article

A multi-level study of information trust models in WSN-assisted IoT

Computer Networks, Volume 151, 2019, pp. 12-30
Show abstract
 Research article

A Mobile Code-driven Trust Mechanism for detecting internal attacks

in sensor node-powered IoT
Journal of Parallel and Distributed Computing, Volume 134,
2019, pp. 198-206
Show abstract

Liang Liu is currently a Lecturer in the College of Computer Science and

Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, Jiangsu
Province, China. His research interests include distributed computing, big data and
system security. He received the B.S. degree in computer science from
Northwestern Polytechnical University, Xi’an, Shanxi Province, China in 2005, and
the Ph.D. degree in computer science from Nanjing University of Aeronautics and
Astronautics, Nanjing, Jiangsu Province, China in 2012.

Zuchao Ma received his Bachelor’s degree in 2018, from the Nanjing University of
Aeronautics and Astronautics, China. He is currently a master student in College of
Computer Science and Technology, Nanjing University of Aeronautics and
Astronautics, China. His research interests include Cloud Security, System Security
and IoT Security.
Weizhi Meng is currently an assistant professor in the Cyber Security Section,
Department of Applied Mathematics and Computer Science, Technical University of
Denmark (DTU), Denmark. He obtained his Ph.D. degree in Computer Science from
the City University of Hong Kong (CityU), Hong Kong. Prior to joining DTU, he
worked as a research scientist in Institute for Infocomm Research, A*Star,
Singapore, and as a senior research associate in CS Department, CityU. He won the
Outstanding Academic Performance Award during his doctoral study, and is a
recipient of the Hong Kong Institution of Engineers (HKIE) Outstanding Paper Award
for Young Engineers/Researchers in both 2014 and 2017. He is also a recipient of
Best Paper Award from ISPEC 2018, and Best Student Paper Award from NSS
2016. His primary research interests are cyber security and intelligent technology in
security, including intrusion detection, smartphone security, biometric authentication,
HCI security, trust computing, blockchain in security, and malware analysis. He
served as program committee members for 20+ international conferences. He was
co-PC chair for IEEE Blockchain 2018, IEEE ATC 2019, IFIPTM 2019, Socialsec
2019. He is a senior member of IEEE.