{"title":"利用混合深度学习模型缓解物联网路由攻击的基于信任的异常检测方案","authors":"Khatereh Ahmadi, Reza Javidan","doi":"10.1049/2024/4449798","DOIUrl":null,"url":null,"abstract":"<div>\n <p>Internet of Things (IoT), as a remarkable paradigm, establishes a wide range of applications in various industries like healthcare, smart homes, smart cities, agriculture, transportation, and military domains. This widespread technology provides a general platform for heterogeneous objects to connect, exchange, and process gathered information. Beside significant efficiency and productivity impacts of IoT technology, security and privacy concerns have emerged more than ever. The routing protocol for low power and lossy networks (RPL) which is standardized for IoT environment, suffers from the basic security considerations, which makes it vulnerable to many well-known attacks. Several security solutions have been proposed to address routing attacks detection in RPL–based IoT, most of which are based on machine learning techniques, intrusion detection systems and trust-based approaches. Securing RPL–based IoT networks is challenging because resource constraint IoT devices are connected to untrusted Internet, the communication links are lossy and the devices use a set of novel and heterogenous technologies. Therefore, providing light-weight security mechanisms play a vital role in timely detection and prevention of IoT routing attacks. In this paper, we proposed a novel anomaly detection–based trust management model using the concepts of sequence prediction and deep learning. We have formulated the problem of routing behavior anomaly detection as a time series forecasting method, which is solved based on a stacked long–short term memory (LSTM) sequence to sequence autoencoder; that is, a hybrid training model of recurrent neural networks and autoencoders. The proposed model is then utilized to provide a detection mechanism to address four prevalent and destructive RPL attacks including: black-hole attack, destination-oriented directed acyclic graph (DODAG) information solicitation (DIS) flooding attack, version number (VN) attack, and decreased rank (DR) attack. In order to evaluate the efficiency and effectiveness of the proposed model in timely detection of RPL–specific routing attacks, we have implemented the proposed model on several RPL–based IoT scenarios simulated using Contiki Cooja simulator separately, and the results have been compared in details. According to the presented results, the implemented detection scheme on all attack scenarios, demonstrated that the trend of estimated anomaly between real and predicted routing behavior is similar to the evaluated attack frequency of malicious nodes during the RPL process and in contrast, analyzed trust scores represent an opposite pattern, which shows high accurate and timely detection of attack incidences using our proposed trust scheme.</p>\n </div>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2024 1","pages":""},"PeriodicalIF":1.3000,"publicationDate":"2024-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/4449798","citationCount":"0","resultStr":"{\"title\":\"A Trust Based Anomaly Detection Scheme Using a Hybrid Deep Learning Model for IoT Routing Attacks Mitigation\",\"authors\":\"Khatereh Ahmadi, Reza Javidan\",\"doi\":\"10.1049/2024/4449798\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n <p>Internet of Things (IoT), as a remarkable paradigm, establishes a wide range of applications in various industries like healthcare, smart homes, smart cities, agriculture, transportation, and military domains. This widespread technology provides a general platform for heterogeneous objects to connect, exchange, and process gathered information. Beside significant efficiency and productivity impacts of IoT technology, security and privacy concerns have emerged more than ever. The routing protocol for low power and lossy networks (RPL) which is standardized for IoT environment, suffers from the basic security considerations, which makes it vulnerable to many well-known attacks. Several security solutions have been proposed to address routing attacks detection in RPL–based IoT, most of which are based on machine learning techniques, intrusion detection systems and trust-based approaches. Securing RPL–based IoT networks is challenging because resource constraint IoT devices are connected to untrusted Internet, the communication links are lossy and the devices use a set of novel and heterogenous technologies. Therefore, providing light-weight security mechanisms play a vital role in timely detection and prevention of IoT routing attacks. In this paper, we proposed a novel anomaly detection–based trust management model using the concepts of sequence prediction and deep learning. We have formulated the problem of routing behavior anomaly detection as a time series forecasting method, which is solved based on a stacked long–short term memory (LSTM) sequence to sequence autoencoder; that is, a hybrid training model of recurrent neural networks and autoencoders. The proposed model is then utilized to provide a detection mechanism to address four prevalent and destructive RPL attacks including: black-hole attack, destination-oriented directed acyclic graph (DODAG) information solicitation (DIS) flooding attack, version number (VN) attack, and decreased rank (DR) attack. In order to evaluate the efficiency and effectiveness of the proposed model in timely detection of RPL–specific routing attacks, we have implemented the proposed model on several RPL–based IoT scenarios simulated using Contiki Cooja simulator separately, and the results have been compared in details. According to the presented results, the implemented detection scheme on all attack scenarios, demonstrated that the trend of estimated anomaly between real and predicted routing behavior is similar to the evaluated attack frequency of malicious nodes during the RPL process and in contrast, analyzed trust scores represent an opposite pattern, which shows high accurate and timely detection of attack incidences using our proposed trust scheme.</p>\\n </div>\",\"PeriodicalId\":50380,\"journal\":{\"name\":\"IET Information Security\",\"volume\":\"2024 1\",\"pages\":\"\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2024-11-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1049/2024/4449798\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1049/2024/4449798\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Information Security","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/2024/4449798","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A Trust Based Anomaly Detection Scheme Using a Hybrid Deep Learning Model for IoT Routing Attacks Mitigation
Internet of Things (IoT), as a remarkable paradigm, establishes a wide range of applications in various industries like healthcare, smart homes, smart cities, agriculture, transportation, and military domains. This widespread technology provides a general platform for heterogeneous objects to connect, exchange, and process gathered information. Beside significant efficiency and productivity impacts of IoT technology, security and privacy concerns have emerged more than ever. The routing protocol for low power and lossy networks (RPL) which is standardized for IoT environment, suffers from the basic security considerations, which makes it vulnerable to many well-known attacks. Several security solutions have been proposed to address routing attacks detection in RPL–based IoT, most of which are based on machine learning techniques, intrusion detection systems and trust-based approaches. Securing RPL–based IoT networks is challenging because resource constraint IoT devices are connected to untrusted Internet, the communication links are lossy and the devices use a set of novel and heterogenous technologies. Therefore, providing light-weight security mechanisms play a vital role in timely detection and prevention of IoT routing attacks. In this paper, we proposed a novel anomaly detection–based trust management model using the concepts of sequence prediction and deep learning. We have formulated the problem of routing behavior anomaly detection as a time series forecasting method, which is solved based on a stacked long–short term memory (LSTM) sequence to sequence autoencoder; that is, a hybrid training model of recurrent neural networks and autoencoders. The proposed model is then utilized to provide a detection mechanism to address four prevalent and destructive RPL attacks including: black-hole attack, destination-oriented directed acyclic graph (DODAG) information solicitation (DIS) flooding attack, version number (VN) attack, and decreased rank (DR) attack. In order to evaluate the efficiency and effectiveness of the proposed model in timely detection of RPL–specific routing attacks, we have implemented the proposed model on several RPL–based IoT scenarios simulated using Contiki Cooja simulator separately, and the results have been compared in details. According to the presented results, the implemented detection scheme on all attack scenarios, demonstrated that the trend of estimated anomaly between real and predicted routing behavior is similar to the evaluated attack frequency of malicious nodes during the RPL process and in contrast, analyzed trust scores represent an opposite pattern, which shows high accurate and timely detection of attack incidences using our proposed trust scheme.
期刊介绍:
IET Information Security publishes original research papers in the following areas of information security and cryptography. Submitting authors should specify clearly in their covering statement the area into which their paper falls.
Scope:
Access Control and Database Security
Ad-Hoc Network Aspects
Anonymity and E-Voting
Authentication
Block Ciphers and Hash Functions
Blockchain, Bitcoin (Technical aspects only)
Broadcast Encryption and Traitor Tracing
Combinatorial Aspects
Covert Channels and Information Flow
Critical Infrastructures
Cryptanalysis
Dependability
Digital Rights Management
Digital Signature Schemes
Digital Steganography
Economic Aspects of Information Security
Elliptic Curve Cryptography and Number Theory
Embedded Systems Aspects
Embedded Systems Security and Forensics
Financial Cryptography
Firewall Security
Formal Methods and Security Verification
Human Aspects
Information Warfare and Survivability
Intrusion Detection
Java and XML Security
Key Distribution
Key Management
Malware
Multi-Party Computation and Threshold Cryptography
Peer-to-peer Security
PKIs
Public-Key and Hybrid Encryption
Quantum Cryptography
Risks of using Computers
Robust Networks
Secret Sharing
Secure Electronic Commerce
Software Obfuscation
Stream Ciphers
Trust Models
Watermarking and Fingerprinting
Special Issues. Current Call for Papers:
Security on Mobile and IoT devices - https://digital-library.theiet.org/files/IET_IFS_SMID_CFP.pdf