Professional Documents
Culture Documents
(04.10.18)
(04.10.18)
◆ Several cryptography algorithms have been suggested for IoT communication securit
y.
◆ They detect the malicious activities using the features of specified security attacks.
◆ However, the defense systems against a specified security attack are quickly
conquered by the attackers with modified features or new types of attacks.
◆ Thus, the powerful tool to identify the attackers is machine learning methods
Related Works
◆ The commonly used machine learning algorithms for providing the IoT security are a
s follows.
1) decision trees,
2) Support Vector Machines (SVMs),
3) Bayesian algorithms,
4) Random forest,
5) Association rule,
6) Ensemble learning,
7) K-Means clustering,
8) K-nearest neighbor, and
9) Principal Component Analysis (PCA).
Cont...
◆ The SVM creates a splitting hyperplane in the data features.
◆ The main advantage of SVMs is scalability, due to the updation of training patterns
dynamically.
◆ However, it requires labeled data to identify the attacks in RPL.
◆ In addition, naive Bayesian algorithm successfully handles the features
independently, however it fails in extracting the relationships and interactions among
features.
◆ The k-nearest neighbor algorithm should decide the optimal k value to improve its pe
rformance.
◆ However, it is a time consuming process for IoT applications.
Cont...
◆ An unsupervised learning approach, K-Means clustering identifies clusters in the
messages on the basis of feature similarities.
◆ However, it is less effective than supervised learning methods, specifically in
detecting known attacks.
◆ The PCA scheme reduce the number of features.
◆ But, there is a necessity to use other machine learning algorithm to establish an
effective security approach.
Problem Statement
◆ The major challenge encountered by the machine learning algorithms in IoT, is how
to generate the rules with training dataset.
◆ A main characteristic of the IoT environment is dynamism.
◆ In such network, normal structures and attack patterns in RPL protocol are
considerably changed with time.
◆ Generating collaborative IoT threat training data need to be updated continuously
with new attacks.
◆ However, it is difficult due to the wide diversity of IoT devices.
◆ Since, the IoT clients share sensitive messages, that are not meant to be shared
publicly, a privacy issue prevails in the RPL protocol.
Research Gap
◆ An attacker exploits the security weaknesses in a RPL and exerts a negative impact
on routing performance.
◆ Numerous routing layer attacks, such as passive attacks, such as eavesdropping and
active attacks, such as spoofing, Sybil, man-in-the-middle, malicious inputs and
denial of service affect the RPL performance.
◆ Thus, the provision of security for a RPL protocol should be of high priority.
◆ However, the IoT devices cannot support complex security algorithms, due to their
limited computation and battery resources.
Aims and Objectives
◆ To learn from existing messages and to predict future unknown attacks in RPL using
SVM in IoT
◆ To adapt the machine learning algorithm to resource constrained IoT devices by
reducing the features using PCA
◆ To identify the unknown attacks in RPL, by enabling the security system to execute
the learning module frequently.
Proposed Methodology
Cont...
◆ The proposed defense system adopts the SVM classifier as detector using a reduced
feature set.
◆ The proposed scheme includes the training and testing phase to learn standard RPL
features and to identify the attackers respectively.
◆ By observing the RPL protocol, the data packets are collected over a time.
◆ The proposed scheme divides the data into training and testing RPL messages.
◆ The RPL packets include a vast number of features resulting in an extensive learning
time and computational complexity.
Feature Reduction
◆ ll the RPL features do not contribute in improving the accuracy of attack detection.
◆ Thus, the proposed scheme system utilizes the PCA in extracting the most relevant
features that have a maximum number of attacks, and the SVM to categorize the
RPL specific attackers accurately.
◆ An information gain is a measurement of impurity level in each feature.
◆ However, considering alone the information gain is not efficient always in feature
reduction.
◆ Instead of measuring the information gain, the proposed scheme considers the bias of
information gain.
Attack Classification
◆ The normalized gain is measured as the ratio of Information gain to the break point
information.
◆ To precisely differentiate the normal routing activities from the malicious behavior
from normal, the proposed scheme exploits the use of classifiers.
◆ It utilizes the SVM classifier to identify the attack packets, since the SVM is an effici
ent tool to learn the high dimensional data.
◆ It can update the training patterns arbitrarily, when a new attack is entered into the
network.
Performance Evaluation
◆ For the performance evaluation of proposed methodology including SVM
classification and PCA, there is a need to collect the samples for RPL routing
activities.
◆ The dataset for training is generated using the Cooja simulator over Contiki
operating system.
◆ The dataset for malicious activities is created by modeling the spoofing and data
integrity related attacks in RPL.
◆ This dataset is generated by monitoring the RPL routing protocol for 8 min, in which
the attack-free IoT traffic is spanning for 5 min and the IoT traffic that contains
attacks lasting for 3 min.
Cont...
◆ The proposed scheme is implemented in Java using Java Machine Learning Library
for reducing the features.
◆ The reduced feature set and its values are provided as an input to Waikato
Environment for Knowledge Analysis (WEKA) for classification.
◆ Secondly, the attack classification exercise using SVM classifier is executed in the
WEKA.
Evaluation Settings
◆ OS : Ubuntu 12.04 LTS 64bit, Instant Contiki-3.0 and Vmware Player 12.5.6,
◆ Tool: Cooja and WEKA
◆ Language : C and Java
Performance Measures
◆ Detection Accuracy: The ratio of total number of detected malicious messages and
total number of malicious messages transmitted over wireless medium.
◆ Throughput: Total number of delivered bits to the server.
◆ Delay: Total time taken by a packet to reach the server node in the network.
◆ Overhead: Total number of control messages used for providing the security in
RPL.
Conclusion
◆ This work surveys various existing RPL routing attack countermeasures for secure
routing in IoT.
◆ The routing and security issues associated with the RPL are discussed.
◆ The importance of machine learning algorithms in RPL security are described.
◆ This work proposes the solutions for the security issues such as SVM classification
and PCA based secure RPL in IoT.
Cont...
◆ The clustering algorithm is designed with the use of an optimal set of network layer
features, which is reduced using PCA.
◆ The performance evaluation and metrics are also discussed.