Reputation Management Using Honeypots for Intrusion Detection in the Internet of Things
Abstract
:1. Introduction
2. Related Work
2.1. Routing and MAC Layer protocols for the IoT Network
2.1.1. RPL Protocol
2.1.2. IEEE 802.15.4 MAC Protocol
- Full-Function Devices (FFD) support all the communication properties.
- Reduced-Function Devices (RFD) support tiny devices with lower performance characteristics.
2.2. Threats and Low-Cost Security for the IoT Network
2.2.1. Low-Cost Security Solutions for the IoT Networks
2.2.2. Threats against the IoT Networks
- Selective-Forwarding Attacks: [20,21] discusses the Selective-Forwarding Attacks. It is initiated by an attacker by selective-forwarding packets, e.g., forwarding only data traffic and dropping rest of it. This attack can be avoided by making sure that the malicious node is not involved in packet forwarding. Another way is to hide the packet’s type, so that malicious node is unaware of the packet’s type.
- Sinkhole Attacks: These types of attacks are described in [20,21]. A sink broadcasts a message for a false path for attracting more data traffic. However, on receiving all the traffic, the attacker does not forward it. Rather, it drops all the packets. This creates a non-functional network leading. However, this attack can be minimized by using reputation mechanism described above.
- Version Number Attacks: In an RPL-based routing protocol, a version number attack [13] can be initiated. The border router uses a version number to control the repair process of the DODAG tree. An attacker can change this field by announcing a new version number, which may cause confusion about a wrong version number. This would disrupt the network, and it will deplete the energy resources of the network.
- Self-promoting attacks: To attract more data traffic, the attacker announces a better recommendation for itself. Once traffic is forwarded to the attacker, it can then launch selective-forwarding or sinkhole attacks.
- Bad-mouthing attacks: Another goal of the attacker is to target good nodes by decreasing their reputation. To do so, the attacker may ruin the good node’s reputation by giving false values of the trust values. If successful, the other nodes will not forward the traffic via that good node.
- Ballot-stuffing attacks: Finally, another strategy of the attacker is to falsely enhance the reputation of other attackers by providing false trust values. This will help in launching a coordinated attack by these malicious nodes.
2.3. Honeypots for the IoT network
3. Honeypot-Based Reputation development for Intrusion Detection in the IoT
3.1. Reputation Management for the RPL protocol
- The nodes support idle mode listening for neighboring traffic.
- The malicious nodes are involved in routing attacks described previously.
Algorithm 1 Security Monitoring |
while do if then if then if Packet is forwarded towards next hop then else end if end if end if end while |
3.2. Insertion of Honeypots for Reputation Management in RPL
- Monitor Nodes involved in malicious activity.
- Gain the trust of bad nodes by decreasing reputation of good nodes, and increasing the reputation of bad nodes.
3.2.1. Random Honeypots placement for the RPL
Algorithm 2 Reputation Management in RPL for Randomly placed Honeypots |
if Periodic Trust packets are received from member nodes then Combine trust values for every member node to compute its reputation if the Reputation of a certain node falls below a threshold then Activate randomly placed Honeypots in the network end if end if |
3.2.2. Homogeneous Honeypots placement for the RPL
Algorithm 3 Reputation Management in RPL for Homogeneously placed Honeypots |
if Periodic Trust packets are received from member nodes then Combine trust values for every member node to accumulate its reputation if the Reputation of a certain node falls below a threshold then Activate homogeneously placed Honeypots in the network end if end if |
4. Battery Lifetime Estimation for the IEEE 802.15.4
4.1. Best Case
4.2. Average Case
4.3. Worst Case
5. Simulation Results
5.1. Analysis of Honeypot-Based Reputation Management
5.1.1. Homogeneously Placed Honeypots
5.1.2. Randomly Placed Honeypots
5.2. Energy Consumption Analysis
6. Conclusions
Author Contributions
Funding
Conflicts of Interest
Nomenclature
Belief of node i on node j | |
Disbelief of node i on node j | |
Uncertainty of node i on node j | |
Successful interactions between nodes i and j | |
Unsuccessful interactions between nodes i and j | |
Recommendation of node about node x | |
Recommendation of node about node x | |
Time required to transmit a frame with a data payload of n bytes | |
r | Data transmission rate for IEEE 802.15.4 |
Total MAC overhead | |
Time required by the transceiver for waking up and turning off | |
Current required by the transceiver for waking up and turning off | |
Time required by the transceiver for listening to the channel | |
Current required by the transceiver for listening to the channel | |
Time required by the transceiver during transmission of n bytes | |
Current required by the transceiver during transmission | |
Time of the activity period | |
Mean drain current of the battery | |
Sleep mode current | |
L | Battery lifetime |
C | Battery capacity |
T | Update period |
aMaxF | Maximum number of times a transmission is attempted |
Packet collision probability | |
Probability for a channel access failure | |
Mean transmission time that ended up in a channel access failure | |
Mean expected delay for the CSMA/CA algorithm and CCA operations, which does not result in channel access failure | |
Turnaround time | |
Receiver waiting time for the ACK packet before re-sending the packet | |
Maximum number of times the CSMA algorithm is invoked after the first CCA failure | |
Backoff period | |
Time required by the CCA operation | |
Maximum delay in each transmission attempt | |
macMinBE | Minimum backoff exponent |
macMaxBE | Maximum backoff exponent |
Abbreviations
BI | Beacon intervals |
CAP | Contention Access Period |
CCA | Clear Channel Assessment |
CFP | Contention Free Period |
CSMA/CA | Carrier Sense Multiple Access with Collision Avoidance |
CTD | Cluster-based trust dissemination |
DAO | Destination Advertisement Object |
DDoS | Distributed Denial of Service |
DIO | DODAG Information Object |
DIS | DODAG Information Solicitation |
DODAG | Destination Oriented Directed Acyclic Graph |
DoS | Denial of Service |
FFD | Full-Function Devices |
GTS | Guaranteed Time Slots |
HCTD | Honeypot-based CTD |
HNTD | Honeypot-based NTD |
IDS | Intrusion Detection System |
IEEE | Institute of Electrical and Electronics Engineers |
IoT | Internet of Things |
MAC | Medium Access Control |
MDPU | MAC Protocol Data Units |
NTD | Neighbor-based trust dissemination |
PAN | Personal Area Networks |
RFC | Request for comment |
RFD | Reduced-Function Devices |
RPL | Routing Protocol for Low power and Lossy networks |
UPnP | Universal Plug and Play |
www | world-wide web |
References
- Velosa, A.; Hines, J.F.; LeHong, H.; Perkins, E.; Satish, R.M. Predicts 2015: The Internet of Things. Available online: https://www.gartner.com/doc/2952822/predicts--internet-things (accessed on 26 February 2020).
- Jing, Q.; Vasilakos, A.V.; Wan, J.; Lu, J.; Qiu, D. Security of the internet of things: Perspectives and challenges. Wirel. Netw. 2014, 20, 2481–2501. [Google Scholar] [CrossRef]
- Raza, S.; Shafagh, H.; Hewage, K.; Hummen, R.; Voigt, T. Lithe: Lightweight secure CoAP for the internet of things. IEEE Sens. J. 2013, 13, 3711–3720. [Google Scholar] [CrossRef]
- Khan, Z.A.; Herrmann, P. A Trust Based Distributed Intrusion Detection Mechanism for Internet of Things. In Proceedings of the 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA), Taipei, Taiwan, 27–29 March 2017; pp. 1169–1176. [Google Scholar]
- Khan, Z.A.; Ullrich, J.; Voyiatzis, A.G.; Herrmann, P. A Trust-based Resilient Routing Mechanism for the Internet of Things. In Proceedings of the 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy, 29 August 2017–1 September 2017; pp. 27:1–27:6. [Google Scholar]
- Wang, M.; Santillan, J.; Kuipers, F. ThingPot: An interactive Internet-of-Things honeypot. arXiv 2018, arXiv:1807.04114. [Google Scholar]
- IETF. RfC 6550—RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. Available online: https://tools.ietf.org/html/rfc6550 (accessed on 26 February 2020).
- IETF. Neighbor discovery for IP version 6 (IPv6), IETF RFC 4861. Available online: https://tools.ietf.org/html/rfc4861 (accessed on 26 February 2020).
- Mohamed, B.; Mohamed, F. QoS routing RPL for Low power and Lossy Networks. Int. J. Distrib. Sens. Netw. 2015, 2015, 6. [Google Scholar] [CrossRef]
- Raza, S.; Wallgren, L.; Voigt, T. SVELTE: Real-time intrusion detection in the Internet of Things. Ad Hoc Netw. 2013, 11, 2661–2674. [Google Scholar] [CrossRef]
- Nahrstedt, K. Internet of Mobile Things: Challenges and Opportunities. In Proceedings of the 23rd International Conference on Parallel Architecture and Compilation Techniques, Edmonton, AB, Canada, 24–27 August 2014; pp. 1–2. [Google Scholar]
- Korte, K.D.; Sehgal, A.; Schönwälder, J. A study of the RPL repair process using ContikiRPL. In Proceedings of the IFIP International Conference on Autonomous Infrastructure, Management and Security, Luxembourg, 4–6 June2012; pp. 50–61. [Google Scholar]
- Mayzaud, A.; Sehgal, A.; Badonnel, R.; Chrisment, I.; Schönwälder, J. A study of RPL DODAG version attacks. In Proceedings of the IFIP International Conference on Autonomous Infrastructure, Management and Security, Brno, Czech Republic, 30 June–3 July 2014; pp. 92–104. [Google Scholar]
- Levis, P.; Patel, N.; Culler, D.; Shenker, S. Trickle: A self-regulating algorithm for code propagation and maintenance in wireless sensor networks. In NSDI’04: Proceedings of the 1st Conference on Symposium on Networked Systems Design and Implementation; USENIX Association: Berkeley, CA, USA, 2014. [Google Scholar]
- Bhar, J. A Mac Protocol Implementation for Wireless Sensor Network. J. Comput. Netw. Commun. 2015, 2015, 697153. [Google Scholar] [CrossRef]
- Khan, Z.A.; Belleudy, C.; Auguin, M. Analytical Model for Energy Consumption Analysis in Grid Based Wireless Sensor Networks. In Proceedings of the 2009 3rd International Conference on New Technologies, Mobility and Security, Cairo, Egypt, 20–23 December 2009; pp. 1–5. [Google Scholar]
- Khan, Z.A.; Abbasi, U. Evolution of Wireless Sensor Networks toward Internet of Things. In Emerging Communication Technologies Based on Wireless Sensor Networks: Current Research and Future Applications; CRC Press: Boca Raton, FL, USA, 2016; Chapter 7; pp. 179–200. [Google Scholar]
- Kumar, J.; Ramesh, P.R. Low Cost Energy Efficient Smart Security System with Information Stamping for IoT Networks. In Proceedings of the 2018 3rd International Conference On Internet of Things: Smart Innovation and Usages (IoT-SIU), Bhimtal, India, 23–24 February 2018; pp. 1–5. [Google Scholar]
- Sivanathan, A.; Sherratt, D.; Gharakheili, H.H.; Sivaraman, V.; Vishwanath, A. Low-cost flow-based security solutions for smart-home IoT devices. In Proceedings of the 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), Bangalore, India, 6–9 November 2016; pp. 1–6. [Google Scholar]
- Karlof, C.; Wagner, D. Secure routing in wireless sensor networks: Attacks and countermeasures. Ad Hoc Netw. 2003, 1, 293–315. [Google Scholar] [CrossRef]
- Wallgren, L.; Raza, S.; Voigt, T. Routing Attacks and Countermeasures in the RPL-based Internet of Things. Int. J. Distrib. Sens. Netw. 2013, 2013, 794326. [Google Scholar] [CrossRef]
- Khan, Z.; Herrmann, P. Recent Advancements in Intrusion Detection Systems for the Internet of Things. Secur. Commun. Netw. 2019, 2019, 1–19. [Google Scholar] [CrossRef]
- Vishwakarma, R.; Jain, A.K. A Honeypot with Machine Learning based Detection Framework for defending IoT based Botnet DDoS Attacks. In Proceedings of the 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI), Tirunelveli, India, 23–25 April 2019; pp. 1019–1024. [Google Scholar]
- Zhang, W.; Zhang, B.; Zhou, Y.; He, H.; Ding, Z. An IoT Honeynet based on Multi-port Honeypots for Capturing IoT attacks. IEEE Internet Things J. 2019, in press. [Google Scholar] [CrossRef]
- Anirudh, M.; Thileeban, S.A.; Nallathambi, D.J. Use of honeypots for mitigating DoS attacks targeted on IoT networks. In Proceedings of the 2017 International Conference on Computer, Communication and Signal Processing (ICCCSP), Chennai, India, 10–11 January 2017; pp. 1–4. [Google Scholar]
- Hakim, M.A.; Aksu, H.; Uluagac, A.S.; Akkaya, K. U-PoT: A Honeypot Framework for UPnP-Based IoT Devices. In Proceedings of the 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC), Orlando, FL, USA, 17–19 November 2018; pp. 1–8. [Google Scholar]
- Semic, H.; Mrdovic, S. IoT honeypot: A multi-component solution for handling manual and Mirai-based attacks. In Proceedings of the 2017 25th Telecommunication Forum (TELFOR), Belgrade, Serbia, 21–22 November 2017; pp. 1–4. [Google Scholar]
- Surnin, O.; Hussain, F.; Hussain, R.; Ostrovskaya, S.; Polovinkin, A.; Lee, J.; Fernando, X. Probabilistic Estimation of Honeypot Detection in Internet of Things Environment. In Proceedings of the 2019 International Conference on Computing, Networking and Communications (ICNC), Big Island, HI, USA, 17–20 February 2019; pp. 191–196. [Google Scholar]
- Dowling, S.; Schukat, M.; Melvin, H. A ZigBee honeypot to assess IoT cyberattack behaviour. In Proceedings of the 2017 28th Irish Signals and Systems Conference (ISSC), Killarney, Ireland, 20–21 June 2017; pp. 1–6. [Google Scholar]
- Jeremiah, J. Intrusion Detection System to Enhance Network Security Using Raspberry PI Honeypot in Kali Linux. In Proceedings of the 2019 International Conference on Cybersecurity (ICoCSec), New York City, NY, USA, 22–25 July 2019; pp. 91–95. [Google Scholar]
- Hamada, A.O.; Azab, M.; Mokhtar, A. Honeypot-like Moving-target Defense for secure IoT Operation. In Proceedings of the 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), Vancouver, BC, Canada, 1–3 November 2018; pp. 971–977. [Google Scholar]
- La, Q.D.; Quek, T.Q.S.; Lee, J.; Jin, S.; Zhu, H. Deceptive Attack and Defense Game in Honeypot-Enabled Networks for the Internet of Things. IEEE Internet Things J. 2016, 3, 1025–1035. [Google Scholar] [CrossRef]
- Herrmann, P. Trust-Based Protection of Software Component Users And Designers; Springer: Berlin, Germany, 2003; pp. 75–90. [Google Scholar]
- Casilari, E.; Cano-García, J.M.; Campos-Garrido, G. Modeling of Current Consumption in 802.15.4/ZigBee Sensor Motes. Sensors 2010, 10, 5443–5468. [Google Scholar] [CrossRef] [PubMed]
- Khan, Z.A. Using energy-efficient trust management to protect IoT networks for smart cities. Sustain. Cities Soc. 2018, 40, 1–15. [Google Scholar] [CrossRef]
- GNU Octave–Scientific Programming Language. Available online: https://www.gnu.org/software/octave/ (accessed on 26 February 2020).
- MATLAB. Available online: https://www.mathworks.com/products/matlab.html (accessed on 26 February 2020).
- Coulson, G.; Porter, B.; Chatzigiannakis, I.; Koninis, C.; Fischer, S.; Pfisterer, D.; Bimschas, D.; Braun, T.; Hurni, P.; Anwander, M.; et al. Flexible Experimentation in Wireless Sensor Networks. Commun. ACM 2012, 55, 82–90. [Google Scholar] [CrossRef]
- Gluhak, A.; Krco, S.; Nati, M.; Pfisterer, D.; Mitton, N.; Razafindralambo, T. A survey on facilities for experimental internet of things research. IEEE Commun. Mag. 2011, 49, 58–67. [Google Scholar] [CrossRef] [Green Version]
Parameter | Value |
---|---|
Network Size | 1000 nodes |
Area | 100 m × 100 m |
Number of Clusters | 9 |
Number of Intruders | 0–60 |
Number of Honeypots | 9 |
Routing Protocol | RPL |
MAC Protocol | IEEE 802.15.4 |
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Khan, Z.A.; Abbasi, U. Reputation Management Using Honeypots for Intrusion Detection in the Internet of Things. Electronics 2020, 9, 415. https://doi.org/10.3390/electronics9030415
Khan ZA, Abbasi U. Reputation Management Using Honeypots for Intrusion Detection in the Internet of Things. Electronics. 2020; 9(3):415. https://doi.org/10.3390/electronics9030415
Chicago/Turabian StyleKhan, Zeeshan Ali, and Ubaid Abbasi. 2020. "Reputation Management Using Honeypots for Intrusion Detection in the Internet of Things" Electronics 9, no. 3: 415. https://doi.org/10.3390/electronics9030415
APA StyleKhan, Z. A., & Abbasi, U. (2020). Reputation Management Using Honeypots for Intrusion Detection in the Internet of Things. Electronics, 9(3), 415. https://doi.org/10.3390/electronics9030415