A Softwarized Intrusion Detection System for the RPL-based Internet of Things networks

摘要

Internet of Things (IoT) constitutes a pivotal contributor to the Industry 4.0 (I 4.0) vision, technologically transforming production and societies. It enables novel services through the seamless integration of devices, such as motes carrying sensors, with the Internet. However, the broad adoption of IoT technologies is facing security issues due to the direct access to the devices from the Internet, the broadcasting nature of the wireless media, and the potential unattended operation of relevant deployments. In particular, the Routing over Low Power and Lossy Networks (RPL) protocol, a prominent IoT solution, is vulnerable to a large number of attacks, both of general-purpose and RPL-specific nature, while the resource-constraints of the corresponding devices are making attack mitigation even more challenging, e.g., in terms of involved control overhead and detection accuracy. In this paper, we introduce ASSET, a novel Intrusion Detection System (IDS) for RPL with diverse profiles to tackle the above issues that mitigate at least 13 attacks. At the same time, other solutions go up to eight. ASSET, inspired by the network softwarization paradigm, supports a novel, extendable workflow, bringing together three anomaly-detection and four RPL specification-based mechanisms, a novel attacker identification process, as well as multiple attack mitigation strategies. Our IDS also supports an adaptable control & monitoring protocol, trading overhead for accuracy, depending on the network conditions. The proof-of-concept experiments show that ASSET entails a low overhead for the different modes of operation it supports (i.e., 6.28 percent on average) compared to other solutions reaching up to 30 percent. At the same time, it also keeps the power consumption at acceptable levels (from 0.18 up to 1.54 percent more). Moreover, it provides 100 percent accuracy for specific attacks and can identify the attacker in far more attacks than any other similar solution.