Professional Documents
Culture Documents
12-Averaged Dependence Estimators For DoS Attack Detection in IoT Networks
12-Averaged Dependence Estimators For DoS Attack Detection in IoT Networks
Abstract
Wireless sensor networks (WSNs) have evolved to become an integral part of the
contemporary Internet of Things (IoT) paradigm. The sensor node activities of both
sensing phenomena in their immediate environments and reporting their findings to
a centralized base station (BS) have remained a core platform to sustain
heterogeneous service-centric applications. However, the adversarial threat to the
sensors of the IoT paradigm remains significant. Denial of service (DoS) attacks,
comprising a large volume of network packets, targeting a given sensor node(s) of the
network, may cripple routine operations and cause catastrophic losses to emergency
services. This paper presents an intelligent DoS detection framework comprising
modules for data generation, feature ranking and generation, and training and
testing. The proposed framework is experimentally tested under actual IoT attack
scenarios, and the accuracy of the results is greater than that of
traditional classification techniques.
Introduction
A wireless sensor network (WSN) is defined as a network of interconnected sensors
that constantly monitor their respective environments for phenomena, communicate
their readings to peer sensor nodes and to a centralized base station (BS) for storage
and processing, and inform relevant stakeholders in the event of the detection of an
anomalous event. Minute sensor nodes deployed for these activities have limited
computing, storage, and communication capabilities for carrying out their
designated tasks [1], [2], [3], [4].
Historically, WSNs have played a vital role in supporting critical infrastructures. In
legacy sensor networks, the sensor nodes communicated with a centralized BS, which
would effectively be connected to emergency services, on stand by for mobilization in
the event of an emergency event. For instance, the detection of unusually high
temperatures in a bush region would be indicative of a likely fire in the area. Further
investigation may be entailed, and a fire control crew may need to be mobilized to
contain the threat posed by the fire [2], [4].
We categorize the above sensors as smart IoT sensors, as they not only sense the
environment but also perform intelligent processing of collected sensory data,
participate in the transmission of the data to centralized data centers (e.g., Cloud),
and respond to requests received from decision makers such as the BS. These sensor
nodes are deployed at various locations of the IoT infrastructure for monitoring and
reporting observed phenomena from their local environments [6], [7].
Based on the application categories specified by Libelium [8], sensor applications for
contemporary applications include the following: 1. smart cities; 2. smart
environments; 3. smart water; 4. smart metering; 5. retail; 6. logistics; 7. industrial
control; 8. smart agriculture; 9. smart animal farming; 10. domestic and home
automation; and 11. eHealth. A related enumeration of smart city services, smart
grids, smart water management, and smart healthcare was presented in [9].
In general, an IoT sensor network architecture comprises data generators and data
capturers, as shown in Fig. 1. Data generators are identified as individual IoT sensors
of the network, which operate in the immediate environment, sensing their
surroundings for phenomena such as temperature or pressure variations, and
reporting the same to a centralized entity (in most cases, a higher performance node
such as a BS).
Data capturers are centralized sensor nodes within a cluster (region) of operation,
that is, a cluster head (CH); responsible for the capture/aggregation and subsequent
rendering of environmental readings to a powerful computing node of the IoT
network, i.e., the BS. Several CH nodes will be operational within a mid- to large-
scale IoT network. Data capturers play a similar role to IoT middleware platforms,
where they aggregate data from multiple sensors and route the data to various
endpoints, such as the Cloud. The large number of connections from the IoT and the
exchange of massive amounts of data from numerous IoT devices requires a fast and
reliable data connection. The fifth generation (5G) network is poised to become a key
technology enabler for the IoT to complement this explosive growth of connected
devices [10]. With the advent of the 5G infrastructure, the IoT middleware platforms
will play a crucial role in providing necessary device abstractions and data
management services.
The IoT sensor architecture suffers from several security threats that may affect the
regular working of the network and the delivery of foolproof and resilient service to
critical infrastructure [11]. Data generated from sensor nodes must be securely and
promptly delivered to the data capturers and onwards to the centralized BSs.
Security of these data in transit over the communication lines, as well as at rest
within the various sensor nodes of the communication hierarchy, is paramount.
•
Data Integrity — An integrity violation in the IoT network is defined as a
deliberate or accidental modification to the reading that is observed by a data
generator. Such a violation of data integrity, which is invariably a matter of
tampering with sensitive information, may occur at one or more locations of
the network, including at the data generator, data capturer, BS, or during
transit through the communication channels [12].
•
Data Confidentiality — Data generated by the sensor nodes must be
protected against unwanted disclosure to the adversary. To maintain the
confidentiality of sensor data, the following locations of data at rest and in
transit are identified: data generator, data capturer, BS, and the
communication links among these entities. Although, in principle, the
encryption of all data is a solution, the unaltered application of standard
encryption techniques, including Rivest–Shamir–Adleman (RSA), data
encryption standard (DES), Blowfish, and ElGamal methods, are not entirely
viable on resource-constrained sensor nodes. Consequently, data encryption
must be lightweight as well as resilient against adversarial attacks [12].
•
Data availability — Rogue sensor nodes, middleware devices or a
compromised BSs may be programmed by the adversary class to carry out a
denial of service (DoS) flooding attack against selective targets in the network,
with the purpose of disrupting routine network operations and crippling
critical sensor network services [9], [12].
As IoT networks start adopting 5G networks, the security challenges of IoT
middleware or data capturers will increase drastically [13]. Although 5G networks
will provide fast, reliable, high bandwidth, and location awareness to IoTs, there
remain many unaddressed security concerns. In [13], [14], the authors highlight
many possible attacks against the 5G IoT middleware platforms. Attacks, such as
Man-in-The-Middle, message modification, authentication attacks, DoS attacks,
replay attacks, and eavesdropping, will challenge the effective deployment of the IoT
on a 5G network. With numerous connected devices and critical services depending
on data generated from billions of end points, it is necessary to have an efficient and
robust security mechanism to thwart any malicious attempts to disrupt services,
especially DoS attacks.
In this paper, we present a dependence estimator-based scheme for DoS attack traffic
classification in an IoT sensor network. The presented scheme is the first of its kind,
where the deep analysis of IoT network traffic parameters is conducted to establish a
relationship between the network traffic parameters and to identify the key IoT
network traffic parameters upon which other parameters would depend. Through the
establishment of such a relationship, the analysis of network traffic for malicious
activity proves to be more accurate as well as efficient. The findings presented in this
paper highlight the significance of the dependencies between the individual data
attributes of network traffic and provide the quantification of the quality of solution
proposed. In summary, the key contributions of this paper are as follows:
•
Adoption and redefinition of the averaged one-dependence and two-
dependence (A1DE and A2DE) techniques for detecting DoS attacks in IoT
networks.
•
Proposal of an integration of A1DE and A2DE through the introduction of
MultiScheme and Voting schemes for DoS attack detection in IoT networks.
•
Performance evaluation of the proposed techniques for DoS attack detection
in a real IoT network, i.e., measuring and reporting on the accuracies and
computational times.
This article is organized as follows: Section 2 of the paper provides a background on
machine learning techniques for the IoT and its application to DoS attack detection
for network security. In Section 3, we present the one-dependence estimator
classifier. In Section 4, we present the network and attack model for an IoT network.
Section 5 presents the averaged dependence estimator (ADE)-IoT attack detection
framework. The experimental setup and results analysis are presented in Section 6.
Finally, the article is concluded in Section 7.
Section snippets
Related work
IoT security is a multifaceted challenge. As elaborated upon in [5], IoT
manufacturers merely give consideration to security as a postproduction exercise.
The limited resources available for data processing, storage, and communication
encumber the deployment of robust data confidentiality techniques that require
security keys of sufficient length to guarantee minimum security of data, in transit
and at rest. While IoT communication protocols such as message queuing telemetry
transport (MQTT)
Performance analysis
The classification of the captured network traffic was carried out in the Weka Data
Mining Software Environment [38]. For analysis, i.e., testing data packets on both
ingress and egress channels of the network were presented to the classifiers. The
performance of six classifiers, namely, A1DE, A2DE, Naïve Bayes, Bayesian Network,
C4.5, and MLP, was compared. In addition, the performance of the MultiScheme and
Voting-based techniques was also compared. The performance of the dependence
Conclusion
Service-centric WSNs hold promise for the future of the IoT paradigm. The
underlying principles of data communication for sensor networks have evolved over
time to include new standards. However, the adversarial threat to the availability of
sensor resources still remains, with DoS attacks posing a threat to the routine
operations of a sensor network, merely through large-volume network traffic
generation targeting specific sensor nodes. In this paper, an ADE-based DoS attack
detection scheme
Acknowledgments
This work was supported in part by Enthuse Company Ltd., under Grant Ent-KKU-
2560-01, in part by the Khon Kaen University Grant, in part by the Kasetsart
University Grant, and in part by Thailand Research Fund (TRF) under International
Research Network Program (IRN61W0006).
Zubair Baig is a Senior Lecturer in Cyber Security at the School of Information
Technology, Deakin University. He has authored over 75 journal and conference
articles and book chapters. He is currently serving as the editor of the IET Wireless
Sensor Systems Journal and the PSU — A Review Journal, Emerald Publishing
House. He has served on numerous technical program committees of international
conferences and has delivered numerous keynote talks on cyber security. His
research interests are in
References (40)
BaigZ.A.
Pattern recognition for detecting distributed node exhaustion attacks
in wireless sensor networks
Comput. Commun.
(2011)
BaigZ.A. et al.
Future challenges for smart cities: Cyber-security and digital
forensics
Digit. Investig.
(2017)
LiS. et al.
5G Internet of Things: A survey
J. Ind. Inf. Integr.
(2018)
DeprenO. et al.
An intelligent intrusion detection system (IDS) for anomaly and
misuse detection in computer networks
Expert Syst. Appl.
(2005)
BojovićP. et al.
A practical approach to detection of distributed denial-of-service
attacks using a hybrid detection method
Comput. Electr. Eng.
(2019)
KoroniotisN. et al.
Towards the development of realistic botnet dataset in the internet of
things for network forensic analytics: Bot-IoT dataset
Future Gener. Comput. Syst.
(2019)
KimB. et al.
A survey on real-time communications in wireless sensor networks
Wirel. Commun. Mob. Comput.
(2017)
LiuJ. et al.
IoT hierarchical topology strategy and intelligentize evaluation
system of diesel engine in complexity environment
Sensors
(2018)
McGrathM. et al.
Sensor network topologies and design considerations
Sens. Technol.
(2014)
SongH. et al.
Overview of security and privacy in cyber-physical systems
View more references
Cited by (72)