基于离散事件系统的入侵检测,提出了一种新的片段重复攻击者识别方案

IF 7.6 3区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Dipojjwal Ray , Pradeepkumar Bhale , Santosh Biswas , Pinaki Mitra , Sukumar Nandi
{"title":"基于离散事件系统的入侵检测,提出了一种新的片段重复攻击者识别方案","authors":"Dipojjwal Ray ,&nbsp;Pradeepkumar Bhale ,&nbsp;Santosh Biswas ,&nbsp;Pinaki Mitra ,&nbsp;Sukumar Nandi","doi":"10.1016/j.iot.2025.101699","DOIUrl":null,"url":null,"abstract":"<div><div>Secure mechanisms protect IoT-6LoWPAN from external attackers, yet, lack of authentication capabilities and the scarcity of resources render the 6LoWPAN susceptible to various design-level internal attacks. Especially, the fragmentation mechanism is easily exploited by replaying spoofed fragments, timely slipped in by an eavesdropping attacker. Neither the original fragment nor the sender node authenticity is differentiable here, making most solution techniques challenging given the resource constrained environment. Current techniques have mostly employed mitigation methods like buffer quarantine and logical node isolation. However they are either incomplete or incur high computational overhead, since the duplicate fragment is replayed. In this paper, a probing based mechanism for attack node localization is proposed. Attack node is differentiable from normal nodes using the probing technique. Our proposed scheme is decentralized, utilizing a set of DES based IDS. Moreover, we eliminate the localized node using the kill switch mechanism to secure the 6LoWPAN. Completeness and correctness of our approach is proved and we implement it in simulation as well as real testbed. The results are observed to be superior to existing works. Minimum false positives and an accuracy over 99.8% is shown to be achieved while identifying the malicious nodes. Nonetheless, our scheme is energy efficient and takes lower detection time.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"33 ","pages":"Article 101699"},"PeriodicalIF":7.6000,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A novel fragment duplication attacker identification scheme using Discrete Event System based intrusion detection\",\"authors\":\"Dipojjwal Ray ,&nbsp;Pradeepkumar Bhale ,&nbsp;Santosh Biswas ,&nbsp;Pinaki Mitra ,&nbsp;Sukumar Nandi\",\"doi\":\"10.1016/j.iot.2025.101699\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Secure mechanisms protect IoT-6LoWPAN from external attackers, yet, lack of authentication capabilities and the scarcity of resources render the 6LoWPAN susceptible to various design-level internal attacks. Especially, the fragmentation mechanism is easily exploited by replaying spoofed fragments, timely slipped in by an eavesdropping attacker. Neither the original fragment nor the sender node authenticity is differentiable here, making most solution techniques challenging given the resource constrained environment. Current techniques have mostly employed mitigation methods like buffer quarantine and logical node isolation. However they are either incomplete or incur high computational overhead, since the duplicate fragment is replayed. In this paper, a probing based mechanism for attack node localization is proposed. Attack node is differentiable from normal nodes using the probing technique. Our proposed scheme is decentralized, utilizing a set of DES based IDS. Moreover, we eliminate the localized node using the kill switch mechanism to secure the 6LoWPAN. Completeness and correctness of our approach is proved and we implement it in simulation as well as real testbed. The results are observed to be superior to existing works. Minimum false positives and an accuracy over 99.8% is shown to be achieved while identifying the malicious nodes. Nonetheless, our scheme is energy efficient and takes lower detection time.</div></div>\",\"PeriodicalId\":29968,\"journal\":{\"name\":\"Internet of Things\",\"volume\":\"33 \",\"pages\":\"Article 101699\"},\"PeriodicalIF\":7.6000,\"publicationDate\":\"2025-07-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Internet of Things\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2542660525002136\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525002136","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

安全机制保护IoT-6LoWPAN免受外部攻击者的攻击,然而,缺乏身份验证功能和资源稀缺使6LoWPAN容易受到各种设计级内部攻击。特别是,碎片化机制很容易被窃听者通过重放被欺骗的碎片来利用。原始片段和发送方节点的真实性在这里都是不可微分的,这使得在资源受限的环境下,大多数解决方案技术都具有挑战性。目前的技术主要采用缓冲隔离和逻辑节点隔离等缓解方法。然而,它们要么是不完整的,要么会产生很高的计算开销,因为重复的片段会被重放。本文提出了一种基于探测的攻击节点定位机制。利用探测技术将攻击节点与正常节点区分开来。我们提出的方案是去中心化的,利用一组基于DES的IDS。此外,我们使用终止开关机制消除了局部节点,以确保6LoWPAN的安全。验证了该方法的完整性和正确性,并在仿真和实际测试平台上实现了该方法。结果优于现有工程。在识别恶意节点时,可以实现最小的误报和超过99.8%的准确率。尽管如此,我们的方案是节能的,并且需要更短的检测时间。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A novel fragment duplication attacker identification scheme using Discrete Event System based intrusion detection
Secure mechanisms protect IoT-6LoWPAN from external attackers, yet, lack of authentication capabilities and the scarcity of resources render the 6LoWPAN susceptible to various design-level internal attacks. Especially, the fragmentation mechanism is easily exploited by replaying spoofed fragments, timely slipped in by an eavesdropping attacker. Neither the original fragment nor the sender node authenticity is differentiable here, making most solution techniques challenging given the resource constrained environment. Current techniques have mostly employed mitigation methods like buffer quarantine and logical node isolation. However they are either incomplete or incur high computational overhead, since the duplicate fragment is replayed. In this paper, a probing based mechanism for attack node localization is proposed. Attack node is differentiable from normal nodes using the probing technique. Our proposed scheme is decentralized, utilizing a set of DES based IDS. Moreover, we eliminate the localized node using the kill switch mechanism to secure the 6LoWPAN. Completeness and correctness of our approach is proved and we implement it in simulation as well as real testbed. The results are observed to be superior to existing works. Minimum false positives and an accuracy over 99.8% is shown to be achieved while identifying the malicious nodes. Nonetheless, our scheme is energy efficient and takes lower detection time.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Internet of Things
Internet of Things Multiple-
CiteScore
3.60
自引率
5.10%
发文量
115
审稿时长
37 days
期刊介绍: Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信