International Journal of Computer Engineering and Applications, Volume XII, Issue I, Jan. 18, ISSN

Size: px

Start display at page:

Download "International Journal of Computer Engineering and Applications, Volume XII, Issue I, Jan. 18, ISSN"

Gyles Lambert
5 years ago
Views:

International Journal of Computer Engineering and Applications, Volume XII, Issue I, Jan. 18, www.ijcea.com ISSN 2321-3469 INTRUSION DETECTION IN INTERNET OF THINGS A SURVEY T. S. Urmila, Dr. B.

new paradigm that integrates the internet and physical objects belonging to completely different domains like home automation, industrial process, human health and environmental monitoring.

1 International Journal of Computer Engineering and Applications, Volume XII, Issue I, Jan. 18, ISSN INTRUSION DETECTION IN INTERNET OF THINGS A SURVEY T. S. Urmila, Dr. B. Balasubramanian Research Scholar, Mother Teresa Women s University, Kodaikannal,, Dean, KarpagaVinayagar College of Engineering and Technology, Mathuranthagam ABSTRACT Internet of Things (IoT) is a new paradigm that integrates the internet and physical objects belonging to completely different domains like home automation, industrial process, human health and environmental monitoring. It depend the presence of internet connected devices in our day to day activities, bringing, additionally to several benefits, challenges associated with security issues. For more than two decades, Intrusion Detection Systems (IDS) have been a vital tool for the protection of networks and information systems.. in this paper, we present a survey of IDS research efforts for IoT. Our objective is to spot leading trends, open issues, and future research possibilities. We classified the IDS s proposed in the literature consistent with the following attributes: type of IDS, Attacks on IOT Applications, IDS Detection Approaches. Keywords: Intrusion Detection System, Internet of Things, Cyber security, IOT, IOT-IDS, IDS. ======================================================================= [1] INTRODUCTION Evolution of different technology areas like sensors, automatic identification and tracking, embedded computing, wireless communications and distributed services has increased the potential of integrating smart objects into our everyday activities through the Internet. Convergence of the Internet and smart objects that can communicate and interrelate with each other defines the Internet of Things T. S. Urmila, Dr. B. Balasubramanian 286

2 INTRUSION DETECTION IN INTERNET OF THINGS A SURVEY (IoT). However, the integration of realworld objects with the Internet brings the cyber security threats to the most of our daily activities. Attacks against critical infrastructures, such as power plants and transportation system, may have terrible consequences for whole cities and countries. Household appliances may also be a primary target, threatening security and privacy of families. Considering that the development of IDSs for IoT represents a significant challenge for information security researchers, we present a survey about intrusion detection in IoT. [2] REVIEW OF LITERATURE Mishra et al. [1] point out that applying the research of wired networks to wireless networks is not an easy task due to the fundamental architectural differences, especially the lack of fixed infrastructure. The authors argue that the type of intrusion response for wireless ad hoc networks depends on the type of intrusion, the network protocols and applications in use, and the confidence in the evidence. Kumar and Dutta [2] present an overview of intrusion detection techniques for MANETs focusing on the detection algorithms. The authors introduce a classification tree for intrusion detection techniques by the nature of processing mechanism involved in the detection method. In proportion to Mitchell and Chen [3], Cyber-Physical Systems (CPSs) are largescale, geographically dispersed, lifecritical systems that comprise sensors, actuators, and control and networking components. The authors present a taxonomy of modern IDSs for CPSs based on two design dimensions: detection technique and audit material (host based or network based). In IoT networks, the IDS can be placed in the border router, in one or more dedicated hosts, or in every physical object. The advantage of placing the IDS in the border router is the detection of intrusion attacks from the Internet against the objects in the physical domain. This review paper discuss about software relevant IDS of IOT. Types of IDS The advantage of placing the IDS in the border router is the detection of intrusion attacks from the Internet against the objects in the physical domain. However, IDS in the border router might generate communication overhead between the LLN nodes and the border router due to the IDS frequent querying of the network state. Matches the existing profile of the network against pre-defined attack patterns or signatures. Rule-based detection technique. Signatures or patterns are predefined, stored in the database and each attack can be detected according to patterns or signatures. This technique only requires patterns of individual attacks and must also store those patterns in some database. Signature Based IDS T. S. Urmila, Dr. B. Balasubramanian 287

3 International Journal of Computer Engineering and Applications, Volume XII, Issue I, Jan. 18, ISSN This approach needs specific knowledge of the individual attack This technique cannot identify new attacks unless their signatures or patterns are manually added into the database. It needs the knowledge to form attack patterns. It cannot discover new and previously unknown attacks [6]. This technique is also known as event-based detection. This technique identifies malicious activities by analyzing the event. Firstly, it defines the normal behaviour of the network. Then, if any activity differs from normal behaviour then its mark as an intrusion [7]. Anomaly Based IDS In this approach, a malicious node can be detected by matching the current protocol specification with previously defined protocol state. Automated training is generally used to define a normal behaviour of the system. This technique is somewhat similar to anomaly detection technique. In this technique, the normal behaviour of the network is defined by manually, so it gives less incorrect positives rate. Specification Based IDS This technique attempts to excerpt best between signature-based and anomaly based detection approaches by trying to clarify deviations from normal behavioural patterns that are created neither by the training data nor by the machine learning method. T. S. Urmila, Dr. B. Balasubramanian 288

4 INTRUSION DETECTION IN INTERNET OF THINGS A SURVEY [3] ATTACKS ON IOT APPLICATIONS IoT networks are exposed to a choice of attacks both from internal and external. Attacks are mostly classified by two kinds inside and outside attacks. In an outside attack, the attacker is not a division of the network while in an inside attack, the attack can be initiated by cooperated or malicious nodes that are part of the network. We confer some potential cyber-attacks on IoT applications. Malicious node at-tracts network traffic towards it. Malicious node attracts all adjacent nodes to forward their packets through the malicious node by showing its routing cost minimum. Sinkhole Attack The attacker creates an attack by introducing false node inside a network [15]. Adversary node creates a virtual tunnel between two ends. An adversary node acts as a forwarding node between two actual nodes. Wormhole Attack The two malicious nodes usually claim that they are one hop away from the base station. The wormhole attack can also be used to convince two distinct nodes that they are the neighbors by relaying packets between two of them. Sybil Attack Denial of Service (DOS) Attack Hello Flood Attack In this attack, the node has multiple identities. The routing protocol, detection algorithm and co-operation processes can be attacked by a malicious node. This attack can damage the availability of resources. When this attack is made, resources are not available to legitimate users This attack may affect the network resources, bandwidth, CPU time etc. Routing protocol broadcast hello message to announce its presence to its neighbors. A node which receives the hello message may assume that the source node is within its communication range and add this source node to its neighbor list. T. S. Urmila, Dr. B. Balasubramanian 289

5 International Journal of Computer Engineering and Applications, Volume XII, Issue I, Jan. 18, ISSN Selective Forwarding Attack Malicious node acts as a normal node but it selectively drops some packets. Black hole attack is the simplest form of selective forwarding attack in which all packets are dropped by the malicious node. Black hole attack Simplest form of selective forwarding attack in which all packets are dropped by the malicious node. [4] IDS DETECTION APPROACHES Intrusion detection is a variety of passive network watching in which traffic is inspected at a packet level and results of the analysis are logged. In this section we explain the intrusion detection approaches. Event processing based IDS to solve the problem of real time of IDS in IoT network[4]. In this approach, they designed the IDS Rule Based Approaches Anomaly Based Approaches rchitecture on the basis of Event Processing Model (EPM). It is rule-based IDS in which rules are stored in Rule Pattern Repository and takes SQL and EPL of Epser as a reference. According to obtained result, this approach consumed more CPU resources, consumed less memory and took less processing time than traditional IDS. Intrusion detection system in WSN based on mobile agent [5]. This approach uses multi-agent and a classification based approach for detection of intrusions. The first agent is collector agent which collects the data from the wireless environment and gives feedback to the misuse detection agent. The second agent is misuse detection agent which detects the known attacks using misuse detection technique. The third agent is anomaly detection agent which detects the unknown attacks by using SVM classification algorithm. T. S. Urmila, Dr. B. Balasubramanian 290

6 INTRUSION DETECTION IN INTERNET OF THINGS A SURVEY a hierarchical energy efficient IDS to detect black hole Attacks.[6] Sensor node and base station are ex- changing control packets with each other. Hierarchical Energy Efficient Based Approaches Each control packet contains the node id and number of packets sent to the cluster head. Consumes the less energy for intrusion detection. Distributed detection approach to detect flooding and gray whole attacks. Distributed Detection Based Approach In this approach, abnormality of the nodes behaviour observed by a light weight energy prediction algorithm. Cluster head is responsible for energy prediction for all nodes in the cluster. Detection accuracy is achieved by obtaining high prediction accuracy. Only detect gray whole and flooding attacks. IDS to detect sinkhole attacks for IoT called as INTI which is implemented in Cooja simulator[7]. Cluster configure ratio module classifying a node like members, leaders and associated according to their network functions. Next monitoring of routing module in which observer node monitors the number of transmissions is performed. Cluster-Based Approach Attacker detection module which detects the sinkhole attacking node. Isolation of attacker module which isolates the malicious node from the cluster and it also raised an alarm to inform its neighboring nodes. T. S. Urmila, Dr. B. Balasubramanian 291

7 International Journal of Computer Engineering and Applications, Volume XII, Issue I, Jan. 18, ISSN Hybrid Approach SVELTE [8] is only IDS available in IoT which is implemented in Contiki OS. Three main centralized elements which are placed in 6LoWPAN Border Router. The first element is 6LoWPAN Mapped which collects information about the RPL protocol and rebuild the networks in 6BR. The second element is intrusion detection element which detects the intrusion by analyzing the mapped data. The third element is a distributed mini firewall which filters the malicious traffic before it reaches to the network. This approach can only detect spoofing attacks inside the network, sinkhole and selective forwarding attacks. [5] CONCLUSION In this paper, we presented a survey about Intrusion Detection research efforts for IoT. We proposed a taxonomy to classify these papers, which is based on the following attributes: Detection method, IDS placement strategy, security threat, and validation strategy. We observed that the research of IDS schemes for IoT is still incipient. As future research, researchers may focus on the following issues: 1) To examine strong and weak points of different detection methods and placement strategies; 2) to increase the attack detection range; 3) to address more IoT technologies; 4) to improve validation strategies; REFERENCES [1] A. Mishra, K. Nadkarni, A. Patcha, Intrusion detection in wireless ad hoc networks, IEEE Wireless Communications 11 (1) (2004) [2] S. Kumar, K. Dutta, Intrusion detection in mobile ad hoc networks: techniques, systems, and future challenges, Security and Communication Networks 9 (14) (2016) [3] R. Mitchell, I.-R. Chen, A survey of intrusion detection techniques for CyberPhysical Systems, ACM Computing Surveys (CSUR) 46 (4) (2014) 55 T. S. Urmila, Dr. B. Balasubramanian 292

8 INTRUSION DETECTION IN INTERNET OF THINGS A SURVEY [4] Chen Jun, Chen Chi, Design of Complex Event-Processing IDS in Internet of Things, Sixth International Conference on Measuring Technology and Mechatronics Automation, IEEE DOI: /ICMTMA , [5] Yousef EL Mourabit, Ahmed Toumanari, Anouar Bouirden, Hicham zougagh, Rachid Latif, Intrusion Detection System In wireless Sensor network Based On Mobile Agent, Second World Conference on Complex Systems (WCCS), IEEE DOI: /ICoCS , [6] A. Babu Karuppiah, J. Dalfiah, K. Yuvashri, S. Rajaram, Al-Sakib Khan Pathan, A Novel Energy-Efficient Sybil Node Detection Algorithm for Intrusion Detection System in Wireless Sensor Networks 3rd International Conference on Eco-friendly Computing and Communication Systems, [7] Christian Cervantes, Diego Poplade, Michele Nogueira and Aldri Santos, Detection of Sinkhole Attacks for Support- ing Secure Routing on 6LoWPAN for Internet of Things, IFIP/IEEE International Symposium on Integrated Network Management (IM), [8] Shahid Raza and Linus Wallgrena, Thiemo Voigt, SVELTE: Real-time Intrusion Detection in the Internet of Things, Ad Hoc Networks (Elsevier), Vol. 11, No. 8, pp , T. S. Urmila, Dr. B. Balasubramanian 293

Intrusion Detection System to Detect Sinkhole Attack on RPL Protocol in Internet of Things

Intrusion Detection System to Detect Sinkhole Attack on RPL Protocol in Internet of Things R. Stephen 1, Dr. L. Arockiam 2 1 Research Scholar, 2 Associate Professor, Department of Computer Science, St.