Network Intrusion Detection and Prevention Systems for Attacks in IoT Systems

Network Intrusion Detection and Prevention Systems for Attacks in IoT Systems

Vetrivelan Pandu (VIT Chennai, India), Jagannath Mohan (VIT Chennai, India) and T. S. Pradeep Kumar (VIT Chennai, India)
DOI: 10.4018/978-1-5225-8241-0.ch006
OnDemand PDF Download:
No Current Special Offers


Internet of things (IoT) has transformed greatly the improved way of business through machine-to-machine (M2M) communications. This vast network and its associated technologies have opened the doors to an increasing number of security threats which are dangerous to IoT and 5G wireless networks. The first part of this chapter presents instruction detection system (IDS) which detect the various attacks in 6LoWPAN layer. An IDS is to detect and analyze both inbound and outbound network traffic for abnormal activities. An IPS complements an IDS configuration by proactively inspecting a system's incoming traffic to weed out malicious requests. A typical IPS configuration uses web application firewalls and traffic filtering solutions to secure applications. An IPS prevents attacks by dropping malicious packets, blocking offending IPs and alerting security personnel to potential threats. Machine learning (ML)-based instruction detection and prevention system (IDPS) is proposed and implemented in Contiki simulation environment.
Chapter Preview


Internet of Things (IoT) is a smart system which associates everything to the web to exchange data with concurred conventions. Intrusion Detection System (IDS) is utilized to screen the activity specifically hub and system. It can go about as a second line of protection which can guard the system from interlopers. Interruption is an undesirable or noxious movement which is destructive to sensor hubs. IDS recognizes the system parcels and decide if they are gatecrashers or authentic clients. There are three segments of IDS: Monitoring, Analysis and identification, Alarm (Shanzhi et al., 2014). The checking module screens the system’s traffics, examples and assets. Examination and Detection is a center part of IDS which distinguishes the interruptions as indicated by determined calculation. Caution module raised an alert if the interruption is identified.


IoT is a quickly developing advancement that will significantly change the manner in which people live. It tends to be thought of as the following enormous advance in Internet innovation (Tejas et al., 2017). The changing working condition related to the Internet of Things speaks to impressive effect to the attack surface and risk condition of the Internet and Internet associated frameworks (Jun et al., 2014).

Data science is an interdisciplinary field about procedures and frameworks to extricate learning or experiences from information in different structures, either organized or unstructured, which is a continuation of a portion of the information investigation fields, for example, measurements, machine learning, information mining and learning revelation, and prescient examination (Khan et al., 2016).

As constrained remote detecting and activating gadgets are logically incorporated with the Internet interchanges foundation, the significance of recognizing and managing attacks against its security and strength shows up as a principal necessity. This coordination is turning into a reality, because of an institutionalized correspondences stack being intended for the IoT, enabled by conventions, for example, the 6LoWPAN adjustment layer, RPL (IPv6 Routing Protocol for Low Power and Lossy Networks), and the Constrained Application Protocol (CoAP). Other protocols could also be considered at the application layer, such as MQTT (Message Queuing Telemetry Transport) (B. Andrew et al., 2014), but our focus in CoAP is motivated by its support of low-energy wireless local communication environments, machine-to-machine (M2M) communications between constrained sensors and actuators and other external Internet devices, and its direct compatibility with HTTP.

6LoWPAN has been generally utilized as an adaption layer between the standard IPv6 convention and IEEE 802.15.4 connection layer. In this manner, empowers the asset constrained gadgets to viably transmit data by means of the standard IPv6. In the 6LoWPAN system, RPL has been acquainted as a steering convention with manage restricted memory, control and so forth. RPL makes Destination Oriented Directed Acyclic Graph (DODAG) and empowers the hubs to forward the bundles upwards to their folks or descending to their youngsters. In any case, in such constrained condition, RPL has restricted help for security benefits and are presented to inner attacks. There are three fundamental attacks that focusing on the RPL convention in IoT in particular hi surge, sinkhole, and wormhole attacks. There are two surely understood 6LoWPAN-IDS usage, in particular, SVELTE and Pongle's IDS (Pongle et al., 2015).

IoT paradigm permits measures to be detected and prepared at continuously making an immediate cooperation stage between digital physical frameworks. Such a methodology prompts enhanced productivity in the age and use of information prompting financial advantages. Research led by Cisco reports there are as of now 10 billion gadgets associated, contrasted with the total populace of more than 7 billion and it is trusted it will increment by 4% continuously in 2020. These sorts of attack incorporate changing critical information substance or robbery of secret information. Past and ongoing works utilizing Artificial Neural system interruption recognition framework on KDD99 informational collection (N.T.T. Van et al., 2015) demonstrate a promising execution for interruption discovery. IoT danger can be grouped into DoS, Malware, Data Breaches.

Complete Chapter List

Search this Book: