{"title":"基于离散事件系统的入侵检测,提出了一种新的片段重复攻击者识别方案","authors":"Dipojjwal Ray , Pradeepkumar Bhale , Santosh Biswas , Pinaki Mitra , Sukumar Nandi","doi":"10.1016/j.iot.2025.101699","DOIUrl":null,"url":null,"abstract":"<div><div>Secure mechanisms protect IoT-6LoWPAN from external attackers, yet, lack of authentication capabilities and the scarcity of resources render the 6LoWPAN susceptible to various design-level internal attacks. Especially, the fragmentation mechanism is easily exploited by replaying spoofed fragments, timely slipped in by an eavesdropping attacker. Neither the original fragment nor the sender node authenticity is differentiable here, making most solution techniques challenging given the resource constrained environment. Current techniques have mostly employed mitigation methods like buffer quarantine and logical node isolation. However they are either incomplete or incur high computational overhead, since the duplicate fragment is replayed. In this paper, a probing based mechanism for attack node localization is proposed. Attack node is differentiable from normal nodes using the probing technique. Our proposed scheme is decentralized, utilizing a set of DES based IDS. Moreover, we eliminate the localized node using the kill switch mechanism to secure the 6LoWPAN. Completeness and correctness of our approach is proved and we implement it in simulation as well as real testbed. The results are observed to be superior to existing works. Minimum false positives and an accuracy over 99.8% is shown to be achieved while identifying the malicious nodes. Nonetheless, our scheme is energy efficient and takes lower detection time.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"33 ","pages":"Article 101699"},"PeriodicalIF":7.6000,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A novel fragment duplication attacker identification scheme using Discrete Event System based intrusion detection\",\"authors\":\"Dipojjwal Ray , Pradeepkumar Bhale , Santosh Biswas , Pinaki Mitra , Sukumar Nandi\",\"doi\":\"10.1016/j.iot.2025.101699\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Secure mechanisms protect IoT-6LoWPAN from external attackers, yet, lack of authentication capabilities and the scarcity of resources render the 6LoWPAN susceptible to various design-level internal attacks. Especially, the fragmentation mechanism is easily exploited by replaying spoofed fragments, timely slipped in by an eavesdropping attacker. Neither the original fragment nor the sender node authenticity is differentiable here, making most solution techniques challenging given the resource constrained environment. Current techniques have mostly employed mitigation methods like buffer quarantine and logical node isolation. However they are either incomplete or incur high computational overhead, since the duplicate fragment is replayed. In this paper, a probing based mechanism for attack node localization is proposed. Attack node is differentiable from normal nodes using the probing technique. Our proposed scheme is decentralized, utilizing a set of DES based IDS. Moreover, we eliminate the localized node using the kill switch mechanism to secure the 6LoWPAN. Completeness and correctness of our approach is proved and we implement it in simulation as well as real testbed. The results are observed to be superior to existing works. Minimum false positives and an accuracy over 99.8% is shown to be achieved while identifying the malicious nodes. Nonetheless, our scheme is energy efficient and takes lower detection time.</div></div>\",\"PeriodicalId\":29968,\"journal\":{\"name\":\"Internet of Things\",\"volume\":\"33 \",\"pages\":\"Article 101699\"},\"PeriodicalIF\":7.6000,\"publicationDate\":\"2025-07-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Internet of Things\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2542660525002136\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525002136","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A novel fragment duplication attacker identification scheme using Discrete Event System based intrusion detection
Secure mechanisms protect IoT-6LoWPAN from external attackers, yet, lack of authentication capabilities and the scarcity of resources render the 6LoWPAN susceptible to various design-level internal attacks. Especially, the fragmentation mechanism is easily exploited by replaying spoofed fragments, timely slipped in by an eavesdropping attacker. Neither the original fragment nor the sender node authenticity is differentiable here, making most solution techniques challenging given the resource constrained environment. Current techniques have mostly employed mitigation methods like buffer quarantine and logical node isolation. However they are either incomplete or incur high computational overhead, since the duplicate fragment is replayed. In this paper, a probing based mechanism for attack node localization is proposed. Attack node is differentiable from normal nodes using the probing technique. Our proposed scheme is decentralized, utilizing a set of DES based IDS. Moreover, we eliminate the localized node using the kill switch mechanism to secure the 6LoWPAN. Completeness and correctness of our approach is proved and we implement it in simulation as well as real testbed. The results are observed to be superior to existing works. Minimum false positives and an accuracy over 99.8% is shown to be achieved while identifying the malicious nodes. Nonetheless, our scheme is energy efficient and takes lower detection time.
期刊介绍:
Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT.
The journal will place a high priority on timely publication, and provide a home for high quality.
Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.