A Self Organizing Map Intrusion Detection System for RPL Protocol Attacks

A Self Organizing Map Intrusion Detection System for RPL Protocol Attacks

Elie Kfoury, Julien Saab, Paul Younes, Roger Achkar
DOI: 10.4018/IJITN.2019010103
(Individual Articles)
No Current Special Offers


Routing over low power and lossy networks (RPL) is a standardized routing protocol for constrained Wireless Sensor Network (WSN) environments. The main node's constraints include processing capability, power, memory, and energy. RPL protocol describes how WSN nodes create a mesh topology, enabling them to route sensor data. Unfortunately, various attacks exist on the RPL protocol that can disrupt the topology and consume nodes' energy. In this article, the authors propose an intrusion detection system (IDS) based on self-organizing map (SOM) neural network to cluster the WSN routing attacks, and hence notify the system administrator at an early stage, reducing the risk of interrupting the network and consuming nodes' power. Results showed that the proposed SOM architecture is able to cluster routing packets into three different types of attacks, as well as clean data.
Article Preview

1. Introduction

The Internet of Things (IoT) is a network of interconnected computing devices embedded in everyday objects, enabling them to exchange data in a Machine-to-Machine approach. This technology is empowering new services and business opportunities as the number of diverse IoT applications (smart homes, smart cities, smart vehicles (Nasr, Kfoury, & Khoury, 2016), e-health and personal care, smart agriculture and others, etc.) is ultimately increasing. According to Gartner, the deployment of IoT devices is expected to reach almost $3 trillion in 2020. Hence, it is considered as a vital topic nowadays because of its influence different aspects of human lifestyle. A research (Bourne, 2017) indicates that security is one of the top three barriers preventing the adoption of IoT. Results of a recent survey (Altman Vilandrie & Company, 2017) showed that almost half of all U.S companies that use IoT devices have been suffering from a security breach. Therefore, securing IoT devices is important to foster their adoption by businesses and end costumers. Multiple solutions for securing IoT devices exist (Khoury & Kfoury, 2017; Raza, Voigt & Jutvik, 2012), but most of them tackle the integrity and authentication problems, but not the availability.

Figure 1.

6LoWPAN Protocol Stack (OSI Model Reference)


IoT network architecture is maintained based on various protocols (Figure 1). For instance, a typical WSN (Wireless Sensor Network) include IEEE 802.15.4 on the physical and media access layers, IPv6, 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks), and RPL (Routing Protocol for Low power and Lossy Network) on the network layer, MQTT (Message Queuing Telemetry Transport) or CoAP (Constrained Application Protocol) on the application layer. RPL is a novel distance vector routing protocol standardized for constrained 6LoWPAN networks enabling nodes to communicate in a mesh topology. Unfortunately, several attacks exist on the RPL protocol that target a node’s availability, and increase dramatically its power consumption.

In this paper we propose a novel Intrusion Detection System (IDS) for classifying RPL well-known attacks. Several attempts to create an IDS for RPL attacks have been introduced, namely, SVELTE (Raza, Wallgren, & Voigt, 2013), Support Vector Machines (SVM) to detect selective forwarding attacks (Kaplantzis, Shilton, Mani, & Sekercioglu. 2007), Feature vectors-based IDS (Livani & Abadi, 2011). In our IDS, we used the Self-Organizing Map (SOM) neural networks to perform RPL attacks classification. Neural networks in general can be divided into a variety of types, and can be applied to different types of applications (Achkar et al., 2016; Harkouss et al., 2010; Abou Kassem et al., 2017; Saide et al., 2015).

The main contributions of our IDS include: 1) The ability to detect multiple types of RPL attacks using unsupervised learning, 2) Enhancing power consumption by notifying the network administrator at an early stage about a certain attack, 3) Ensuring network availability due to the immediate notice of a security breach. The paper is divided as follows: Section 2 describes some background on RPL protocol and how the WSN topology is formed. Next, it explains the RPL well-known attacks and the control messages frequency on each attack. Moreover, it explains the SOM and how it can build a map from input samples. Section 3 introduces the proposed system; Section 4 discusses the simulation and results. Finally, we conclude with the intended future work.

Complete Article List

Search this Journal:
Volume 16: 1 Issue (2024)
Volume 15: 1 Issue (2023)
Volume 14: 1 Issue (2022)
Volume 13: 4 Issues (2021)
Volume 12: 4 Issues (2020)
Volume 11: 4 Issues (2019)
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing