Multi-Objective Approach for Intrusion Detection in RPL-Based Internet of Things

Abstract

In the last decade, humanity has witnessed a tremendous increase in the number of life-saving applications such as smart home or automated industrial systems. This is mainly due to recent advances in resource-constrained sensory devices that have low power and low computational capabilities, as well as the achievements in communication technology between such devices using the IPv6 protocol. Recent rapid integration has led to the development of a new paradigm known as the Internet of Things (IoT). The Internet of Things enables resource-constrained and heterogeneous devices to communicate and access information. This special IoT network called Low Power and Lossy Networks (LLN) enable this communication effectively. The low throughput and packet loss of LLNs characterize them as lossy links. Until now, many routing protocols have been proposed to ensure effective routing between the heterogenous devices in LLN. It is widely considered that the Routing Protocol for Low Power and Lossy Networks (RPL) are the most reliable routing protocols for LLNs, and therefore it has widely been adopted in a diverse range of IoT applications today. Proposed by the IETF-ROLL group in RFC-6550 documents, multipoint-to-point (MP2P) communications are ensured by RPL. Moreover, RPL enables two different kind of communication called point-to-point (P2P) that enables communication one device to one device, and called point-to-multipoint (P2MP) that enables communication between one device to more than one devices (also called nodes), too.

Although effective and efficient routing can be found by RPL, it is very susceptible to malicious attacks that mainly stem from the intruders. This is because the security measurements specified in the protocol are not sufficient, and even they can easily be evaded by the attackers today. When considering the life-threatening consequences of insider attacks, it is of very high importance to develop reliable security solutions, which is the major reason researchers are working on it for a long while now.

Being an indispensable part of security systems, Intrusion Detection Systems (IDSs) have also been integrated into the LLNs operated by RPL. However, most of these solutions disregard the constrained nature of devices and the network, leading the IDS to be too costly, particularly in terms of memory and power consumption. This becomes even problematic as more and more nodes are in charge of the detection task. Therefore, in this thesis, we propose a centralized IDS in which a central node as well as collaborator nodes participate. In contrast to existing solutions, our objective is to make the our proposed IDS model lightweight in terms of battery and memory consumption so that not only effectiveness but also efficiency are guaranteed to secure LLN against four types of RPL attacks, including version number, hello flood, worst parent, and decreased rank.

This thesis employs Genetic Programming (GP), which is an evolutionary-based algorithm, as well as Non-Dominated Sorting Genetic Algorithm-II (NSGA-II), in order to simultaneously achieve the objectives with the lightweight IDS model generated (i.e., effectiveness and efficiency). Here, the performance of the proposed IDS model is extensively explored in a large number of network scenarios with varying topologies and mobility patterns. The results showed the applicability of GP to evolve a low-cost IDS model against various RPL-specific attacks.