Article Preview
TopIntrusion Detection System
Intrusion is an unnecessary or malicious activity which is dangerous to sensor nodes. Intrusion Detection System is used to observe the malicious traffic in a network. It can act as a second line of defense which can defend the network from intruders (Alrajeh et al., 2013). IDS can be a software or hardware tool. IDS can examine and investigate machines and user actions, detect signatures of well-known attacks and categorize malicious network activity.
The goal of IDS is to monitor the networks and nodes, detect various intrusions in the network, and alert the users about intrusions. The IDS works as an alarm or network observer, it avoids damage of the systems by generating an alert before the attackers initiate an attack. It can detect both internal and external attacks. Internal attacks are initiated by malicious or compromised nodes that are the part of the network while external attacks are launched by third parties who are initiated by outside network. IDS detect the network packets and determine whether they are intruders or legitimate users. Three components of ID include: Monitoring, Analysis and detection, Alarm (Alrajeh et al., 2013). The monitoring component monitors the network traffics, patterns and resources. Analysis and Detection is a core module of IDS which detects the intrusions according to specified algorithm. Alarm section raises an alarm if intrusion is detected (Thakur & Sanyal, 2012).
Types of IDS
There are basically three types of IDS based on their behavior shown in Figure 1. Here we are going to explain IDS based on their analysis strategy. These are following:
- •
Signature based: It is also known as rule-based detection technique. It matches the present profile of the network with the pre-defined stored attack patterns (Amaral et al., 2014).
- •
Anomaly based: It is also known as event-based detection technique. It defines the regular behavior of the network and if some activity founds diverges from the normal behavior then it is marked as an intrusion (Amaral et al., 2014).
- •
Specification based: It is like anomaly detection technique. In this, normal activities of the network are defined physically by user and then if any malicious activity is found then it raises alarm. It is more time consuming than anomaly technique (Amaral et al., 2014).
Figure 1. Classification of intrusion detection system based on their behavior
The rest of paper is organized as follows: Section II discusses the three layer architecture of IoT and describes each layer. Section III discuss the different types of cyber-attacks on IoT protocols such as RPL and 6LoWPAN, this section also includes some mitigation techniques for attacks. Section IV is Literature Survey on different IDS techniques to find out the various kinds of attacks in Internet of Things network. Section V concludes the paper and Section VI gives future scope and some research directions to researchers.