Opening the Pandora’s Box: Exploring the fundamental limitations of designing intrusion detection for MANET routing attacks

2008 ◽  
Vol 31 (14) ◽  
pp. 3178-3189 ◽  
Author(s):  
John Felix Charles Joseph ◽  
Amitabha Das ◽  
Boon-Chong Seet ◽  
Bu-Sung Lee
Keyword(s):  
Intrusion Detection ◽  
Routing Attacks ◽  
Fundamental Limitations ◽  
Manet Routing

scholarly journals A Novel Intrusion Detection System for RPL Based IoT Networks with Bio-Inspired Feature Selection and Ensemble Classifier

2021 ◽  
Author(s):  
Jayaprakash Pokala ◽  
B. Lalitha
Keyword(s):  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Ensemble Classifier ◽  
Support Vector ◽  
Routing Attacks ◽  
Salp Swarm Algorithm ◽  
Network Intrusion ◽  
Swarm Algorithm

Abstract Internet of Things (IoT) is the powerful latest trend that allows communications and networking of many sources over the internet. Routing protocol for low power and lossy networks (RPL) based IoT networks may be exposed to many routing attacks due to resource-constrained and open nature of the IoT nodes. Hence, there is a need for network intrusion detection system (NIDS) to protect RPL based IoT networks from routing attacks. The existing techniques for anomaly-based NIDS (ANIDS) subjects to high false alarm rate (FAR). Therefore, a novel bio-inspired voting ensemble classifier with feature selection technique is proposed in this paper to improve the performance of ANIDS for RPL based IoT networks. The proposed voting ensemble classifier combines the results of various base classifiers such as logistic Regression, support vector machine, decision tree, bidirectional long short-term memory and K-nearest neighbor to detect the attacks accurately based on majority voting rule. The optimized weights of base classifiers are obtained by using the feature selection method called simulated annealing based improved salp swarm algorithm (SA-ISSA), which is the hybridization of particle swarm optimization, opposition based learning and salp swarm algorithm. The experiments are performed with RPL-NIDDS17 dataset that contains seven types of attack instances. The performance of the proposed model is evaluated and compared with existing feature selection and classification techniques in terms of accuracy, attack detection rate (ADR), FAR and so on. The proposed ensemble classifier shows better performance with higher accuracy (96.4%), ADR (97.7%) and reduced FAR (3.6%).

ELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things

2020 ◽  
Author(s):  
Abhishek Verma ◽  
Virender Ranga
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Ensemble Learning ◽  
Intrusion Detection System ◽  
Detection System ◽  
Smart Devices ◽  
Network Intrusion Detection ◽  
The Internet ◽  
Routing Attacks ◽  
Network Intrusion

Internet of Things is realized by a large number of heterogeneous smart devices which sense, collect and share data with each other over the internet in order to control the physical world. Due to open nature, global connectivity and resource constrained nature of smart devices and wireless networks the Internet of Things is susceptible to various routing attacks. In this paper, we purpose an architecture of Ensemble Learning based Network Intrusion Detection System named ELNIDS for detecting routing attacks against IPv6 Routing Protocol for Low-Power and Lossy Networks. We implement four different ensemble based machine learning classifiers including Boosted Trees, Bagged Trees, Subspace Discriminant and RUSBoosted Trees. To evaluate proposed intrusion detection model we have used RPL-NIDDS17 dataset which contains packet traces of Sinkhole, Blackhole, Sybil, Clone ID, Selective Forwarding, Hello Flooding and Local Repair attacks. Simulation results show the effectiveness of the proposed architecture. We observe that ensemble of Boosted Trees achieve the highest Accuracy of 94.5% while Subspace Discriminant method achieves the lowest Accuracy of 77.8% among classifier validation methods. Similarly, an ensemble of RUSBoosted Trees achieves the highest Area under ROC value of 0.98 while lowest Area under ROC value of 0.87 is achieved by an ensemble of Subspace Discriminant among all classifier validation methods. All the implemented classifiers show acceptable performance results.

scholarly journals LC-IDS: Loci-Constellation-Based Intrusion Detection for Reconfigurable Wireless Networks

Electronics ◽  
2021 ◽  
Vol 10 (24) ◽  
pp. 3053
Author(s):  
Jaime Zuniga-Mejia ◽  
Rafaela Villalpando-Hernandez ◽  
Cesar Vargas-Rosales ◽  
Mahdi Zareei
Keyword(s):  
Wireless Networks ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Dimensional Space ◽  
Temporal Structure ◽  
Detection Performance ◽  
Detection Accuracy ◽  
Routing Attacks ◽  
Network Intrusion ◽  
Wide Range

Detection accuracy of current machine-learning approaches to intrusion detection depends heavily on feature engineering and dimensionality-reduction techniques (e.g., variational autoencoder) applied to large datasets. For many use cases, a tradeoff between detection performance and resource requirements must be considered. In this paper, we propose Loci-Constellation-based Intrusion Detection System (LC-IDS), a general framework for network intrusion detection (detection of already known and previously unknown routing attacks) for reconfigurable wireless networks (e.g., vehicular ad hoc networks, unmanned aerial vehicle networks). We introduce the concept of ‘attack-constellation’, which allows us to represent all the relevant information for intrusion detection (misuse detection and anomaly detection) on a latent 2-dimensional space that arises naturally by considering the temporal structure of the input data. The attack/anomaly-detection performance of LC-IDS is analyzed through simulations in a wide range of network conditions. We show that for all the analyzed network scenarios, we can detect known attacks, with a good detection accuracy, and anomalies with low false positive rates. We show the flexibility and scalability of LC-IDS that allow us to consider a dynamic number of neighboring nodes and routing attacks in the ‘attack-constellation’ in a distributed fashion and with low computational requirements.

An efficient intrusion detection and prevention framework for ad hoc networks

2016 ◽  
Vol 24 (4) ◽  
pp. 298-325 ◽  
Author(s):  
Abdelaziz Amara Korba ◽  
Mehdi Nafaa ◽  
Salim Ghanemi
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Ad Hoc ◽  
Detection System ◽  
Communication Overhead ◽  
Routing Attacks ◽  
Protocol Specification ◽  
Content Type ◽  
Real Time Detection ◽  
Intrusion Detection And Prevention

Purpose Wireless multi-hop ad hoc networks are becoming very attractive and widely deployed in many kinds of communication and networking applications. However, distributed and collaborative routing in such networks makes them vulnerable to various security attacks. This paper aims to design and implement a new efficient intrusion detection and prevention framework, called EIDPF, a host-based framework suitable for mobile ad hoc network’s characteristics such as high node’s mobility, resource-constraints and rapid topology change. EIDPF aims to protect an AODV-based network against routing attacks that could target such network. Design/methodology/approach This detection and prevention framework is composed of three complementary modules: a specification-based intrusion detection system to detect attacks violating the protocol specification, a load balancer to prevent fast-forwarding attacks such as wormhole and rushing and adaptive response mechanism to isolate malicious node from the network. Findings A key advantage of the proposed framework is its capacity to efficiently avoid fast-forwarding attacks and its real-time detection of both known and unknown attacks violating specification. The simulation results show that EIDPF exhibits a high detection rate, low false positive rate and no extra communication overhead compared to other protection mechanisms. Originality/value It is a new intrusion detection and prevention framework to protect ad hoc network against routing attacks. A key strength of the proposed framework is its ability to guarantee a real-time detection of known and unknown attacks that violate the protocol specification, and avoiding wormhole and rushing attacks by providing a load balancing route discovery.

scholarly journals Routing Attacs pada Internet Of Things Berbasis Smart Intrution Detecion System

2020 ◽  
Vol 7 (2) ◽  
pp. 329
Author(s):  
Eka Lailatus Sofa ◽  
Subiyanto Subiyanto
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Internet Of Things ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Learning Algorithm ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Machine Learning Algorithm ◽  
Routing Attacks

<p class="Abstrak"><em>Internet of Things</em> (IoT) telah memasuki berbagai aspek kehidupan manusia, diantaranya <em>smart city, smart home, smart street, </em>dan<em> smart industry </em>yang memanfaatkan internet untuk memantau informasi yang dibutuhkan<em>.</em> Meskipun sudah dienkripsi dan diautentikasi, protokol jaringan <a title="IPv6" href="https://en.wikipedia.org/wiki/IPv6">IPv6</a> over Low-Power Wireless <a title="Personal area network" href="https://en.wikipedia.org/wiki/Personal_area_network">Personal Area Networks</a> (6LoWPAN) yang dapat menghubungkan benda-benda yang terbatas sumber daya di IoT masih belum dapat diandalkan. Hal ini dikarenakan benda-benda tersebut masih dapat terpapar oleh <em>routing attacks</em> yang berasal dari jaringan 6LoWPAN dan internet. Makalah ini menyajikan kinerja <em>Smart Intrusion Detection System</em> berdasarkan <em>Compression Header Analyzer</em> untuk menganalisis model <em>routing attacks</em> lainnya pada jaringan IoT. IDS menggunakan <em>compression header</em> 6LoWPAN sebagai fitur untuk <em>machine learning algorithm</em> dalam mempelajari jenis <em>routing attacks</em>. Skenario simulasi dikembangkan untuk mendeteksi <em>routing attacks</em> berupa <em>selective forwarding attack</em> dan <em>sinkhole attack</em>. Pengujian dilakukan menggunakan <em>feature selection</em> dan <em>machine learning algorithm</em>. <em>Feature selection</em> digunakan untuk menentukan fitur signifikan yang dapat membedakan antara aktivitas normal dan abnormal. Sementara <em>machine learning algorithm</em> digunakan untuk mengklasifikasikan <em>routing attacks</em> pada jaringan IoT. Ada tujuh <em>machine learning algorithm</em> yang digunakan dalam klasifikasi antara lain <em>Random Forest, Random Tree, J48, Bayes Net, JRip, SMO,</em> dan <em>Naive Bayes</em>. Hasil percobaan disajikan untuk menunjukkan kinerja <em>Smart Intrusion Detection System</em> berdasarkan <em>Compression Header Analyzer</em> dalam menganalisis <em>routing attacks</em>. Hasil evaluasi menunjukkan bahwa IDS ini dapat mendeteksi antara serangan dan <em>non-</em>serangan.</p><p class="Abstrak"> </p><p class="Abstrak"><em><strong>Abstract</strong></em></p><p class="Abstract"><em>Internet of Things (IoT) has entered various aspects of human life including smart city, smart home, smart street, and smart industries that use the internet to get the information they need. Even though it's encrypted and authenticated, Internet protocol  <a title="IPv6" href="https://en.wikipedia.org/wiki/IPv6">IPv6</a> over Low-Power Wireless <a title="Personal area network" href="https://en.wikipedia.org/wiki/Personal_area_network">Personal Area Networks</a> (6LoWPAN) networks that can connect limited resources to IoT are still unreliable. This is because these objects can still be exposed to attacks from 6LoWPAN and the internet. This paper presents the performance of an Smart Intrusion Detection System based on Compression Header Analyzer to analyze other routing attack models on IoT networks. IDS uses a 6LoWPAN compression header as a feature for machine learning algorithms in learning the types of routing attacks. Simulation scenario was developed to detect routing attacks in the form of selective forwarding and sinkhole. Testing is done using the feature selection and machine learning algorithm. Feature selection is used to determine significant features that can distinguish between normal and abnormal activities. While machine learning algorithm is used to classify attacks on IoT networks. There were seven machine learning algorithms used in the classification including Random Forests, Random Trees, J48, Bayes Net, JRip, SMO, and Naive Bayes. Experiment Results to show the results of the Smart Intrusion Detection System based on Compression Header Analyzer in analyzing routing attacks. The evaluation results show that this IDS can protect between attacks and non-attacks.</em><strong></strong></p><p class="Abstrak"><em><strong><br /></strong></em></p>

scholarly journals Intrusion Detection for Routing Attacks in Sensor Networks

2006 ◽  
Vol 2 (4) ◽  
pp. 313-332 ◽  
Author(s):  
Chong Eik Loo ◽  
Mun Yong Ng ◽  
Christopher Leckie ◽  
Marimuthu Palaniswami
Keyword(s):  
Sensor Networks ◽  
Intrusion Detection ◽  
Routing Attacks
Sign in / Sign up

Export Citation Format

Share Document