基于离散事件系统的入侵检测，提出了一种新的片段重复攻击者识别方案

IF 7.6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-07-18 DOI:10.1016/j.iot.2025.101699

Dipojjwal Ray , Pradeepkumar Bhale , Santosh Biswas , Pinaki Mitra , Sukumar Nandi

{"title":"基于离散事件系统的入侵检测，提出了一种新的片段重复攻击者识别方案","authors":"Dipojjwal Ray , Pradeepkumar Bhale , Santosh Biswas , Pinaki Mitra , Sukumar Nandi","doi":"10.1016/j.iot.2025.101699","DOIUrl":null,"url":null,"abstract":"<div><div>Secure mechanisms protect IoT-6LoWPAN from external attackers, yet, lack of authentication capabilities and the scarcity of resources render the 6LoWPAN susceptible to various design-level internal attacks. Especially, the fragmentation mechanism is easily exploited by replaying spoofed fragments, timely slipped in by an eavesdropping attacker. Neither the original fragment nor the sender node authenticity is differentiable here, making most solution techniques challenging given the resource constrained environment. Current techniques have mostly employed mitigation methods like buffer quarantine and logical node isolation. However they are either incomplete or incur high computational overhead, since the duplicate fragment is replayed. In this paper, a probing based mechanism for attack node localization is proposed. Attack node is differentiable from normal nodes using the probing technique. Our proposed scheme is decentralized, utilizing a set of DES based IDS. Moreover, we eliminate the localized node using the kill switch mechanism to secure the 6LoWPAN. Completeness and correctness of our approach is proved and we implement it in simulation as well as real testbed. The results are observed to be superior to existing works. Minimum false positives and an accuracy over 99.8% is shown to be achieved while identifying the malicious nodes. Nonetheless, our scheme is energy efficient and takes lower detection time.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"33 ","pages":"Article 101699"},"PeriodicalIF":7.6000,"publicationDate":"2025-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A novel fragment duplication attacker identification scheme using Discrete Event System based intrusion detection\",\"authors\":\"Dipojjwal Ray , Pradeepkumar Bhale , Santosh Biswas , Pinaki Mitra , Sukumar Nandi\",\"doi\":\"10.1016/j.iot.2025.101699\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Secure mechanisms protect IoT-6LoWPAN from external attackers, yet, lack of authentication capabilities and the scarcity of resources render the 6LoWPAN susceptible to various design-level internal attacks. Especially, the fragmentation mechanism is easily exploited by replaying spoofed fragments, timely slipped in by an eavesdropping attacker. Neither the original fragment nor the sender node authenticity is differentiable here, making most solution techniques challenging given the resource constrained environment. Current techniques have mostly employed mitigation methods like buffer quarantine and logical node isolation. However they are either incomplete or incur high computational overhead, since the duplicate fragment is replayed. In this paper, a probing based mechanism for attack node localization is proposed. Attack node is differentiable from normal nodes using the probing technique. Our proposed scheme is decentralized, utilizing a set of DES based IDS. Moreover, we eliminate the localized node using the kill switch mechanism to secure the 6LoWPAN. Completeness and correctness of our approach is proved and we implement it in simulation as well as real testbed. The results are observed to be superior to existing works. Minimum false positives and an accuracy over 99.8% is shown to be achieved while identifying the malicious nodes. Nonetheless, our scheme is energy efficient and takes lower detection time.</div></div>\",\"PeriodicalId\":29968,\"journal\":{\"name\":\"Internet of Things\",\"volume\":\"33 \",\"pages\":\"Article 101699\"},\"PeriodicalIF\":7.6000,\"publicationDate\":\"2025-07-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Internet of Things\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2542660525002136\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525002136","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

安全机制保护IoT-6LoWPAN免受外部攻击者的攻击，然而，缺乏身份验证功能和资源稀缺使6LoWPAN容易受到各种设计级内部攻击。特别是，碎片化机制很容易被窃听者通过重放被欺骗的碎片来利用。原始片段和发送方节点的真实性在这里都是不可微分的，这使得在资源受限的环境下，大多数解决方案技术都具有挑战性。目前的技术主要采用缓冲隔离和逻辑节点隔离等缓解方法。然而，它们要么是不完整的，要么会产生很高的计算开销，因为重复的片段会被重放。本文提出了一种基于探测的攻击节点定位机制。利用探测技术将攻击节点与正常节点区分开来。我们提出的方案是去中心化的，利用一组基于DES的IDS。此外，我们使用终止开关机制消除了局部节点，以确保6LoWPAN的安全。验证了该方法的完整性和正确性，并在仿真和实际测试平台上实现了该方法。结果优于现有工程。在识别恶意节点时，可以实现最小的误报和超过99.8%的准确率。尽管如此，我们的方案是节能的，并且需要更短的检测时间。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A novel fragment duplication attacker identification scheme using Discrete Event System based intrusion detection

Secure mechanisms protect IoT-6LoWPAN from external attackers, yet, lack of authentication capabilities and the scarcity of resources render the 6LoWPAN susceptible to various design-level internal attacks. Especially, the fragmentation mechanism is easily exploited by replaying spoofed fragments, timely slipped in by an eavesdropping attacker. Neither the original fragment nor the sender node authenticity is differentiable here, making most solution techniques challenging given the resource constrained environment. Current techniques have mostly employed mitigation methods like buffer quarantine and logical node isolation. However they are either incomplete or incur high computational overhead, since the duplicate fragment is replayed. In this paper, a probing based mechanism for attack node localization is proposed. Attack node is differentiable from normal nodes using the probing technique. Our proposed scheme is decentralized, utilizing a set of DES based IDS. Moreover, we eliminate the localized node using the kill switch mechanism to secure the 6LoWPAN. Completeness and correctness of our approach is proved and we implement it in simulation as well as real testbed. The results are observed to be superior to existing works. Minimum false positives and an accuracy over 99.8% is shown to be achieved while identifying the malicious nodes. Nonetheless, our scheme is energy efficient and takes lower detection time.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.