Year 2020, Volume 8 , Issue 4, Pages 2366 - 2376 2020-10-29

Network Forensics of RPL-Based Attacks
RPL Tabanlı Atakların Ağ Adli Bilişimi

Gökçe KARACAYILMAZ [1] , Serkan GÖNEN [2] , Harun ARTUNER [3] , Ercan Nurcan YILMAZ [4] , Hasan Hüseyin SAYAN [5] , Erhan SİNDİREN [6]


IoT devices, which are increasing in highly manner day by day, are now in everywhere in our life. WSNs are used together with IoT devices to monitor real environments. In this study, attacks against WSNs were carried out. The attack chosen for this study is a flood attack. In addition, solution suggestions for this attack are presented. In this context, firstly reference and attack packages have been collected, and then the collected packages have been compared with the reference packages and forensic investigations have been carried out. The result of the evaluation has shown the importance continuous monitoring on 24/7 basis and detecting abnormal behaviors in IoT traffic with forensics analysis for preventing attacks.

Her geçen gün hızla artan IoT cihazları artık hayatımızın her yerindedir. WSN'ler (Kablosuz sensor ağları), gerçek ortamları izlemek için IoT cihazlarıyla birlikte kullanılır. Bu çalışmada WSN’lere yönelik saldırılar gerçekleştirilmiştir. Bu çalışma için seçilen saldırı sel saldırısıdır. Ayrıca sonuçta bu saldırıya yönelik çözüm önerileri sunulmuştur. Bu kapsamda önce referans ve saldırı paketleri toplanmış, ardından toplanan paketler referans paketlerle karşılaştırılarak adli incelemeler yapılmıştır. Değerlendirme sonucu, saldırıları önlemek için 7/24 bazında sürekli izleme ve ağ adli bilişim analizi ile IoT trafiğindeki anormal davranışları tespit etmenin önemini göstermiştir.
  • [1] Z. Sun, M. Wei, Z. Zhang, G. Qu, “Secure Routing Protocol Based on Multi-Objective Ant-Colony-Optimization for Wireless Sensor Networks,” Applied Soft Computing, vol. 77, pp. 366-375, 2019.
  • [2] D. Evans, “How the Next Evolution of the Internet Is Changing Everything,” 2011. [Online]. Available: https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf. Accessed: 17.09.2020.
  • [3] S. Görmüş, H. Aydın, G. Ulutaş, “Security for the Internet of Things: A Survey of Existing Mechanisms, Protocols and Open Research Issues,” Journal of the Faculty of Engineering and Architecture of Gazi University, vol. 33, no. 4, pp. 1247-1272, 2018.
  • [4] H. Lamaazi, N. Benamar and A. J. Jara, “RPL-Based Networks in Static and Mobile Environment: A Performance Assessment Analysis,” Journal of King Saud University-Computer and Information Sciences, vol. 30, no. 3, pp. 320-333, 2018.
  • [5] H. Lamaazi, N. Benamar, “A Comprehensive Survey on Enhancements and Limitations of the RPL Protocol: A Focus on the Objective Function,” Ad Hoc Networks, vol. 96, 2020.
  • [6] I. Butun, P. Österberg and H. Song, "Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures," IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 616-644, 2020.
  • [7] I. Wadhaj, B. Ghaleb, C. Thomson, A. Al-Dubai and W. J. Buchanan, “Mitigation Mechanisms Against the DAO Attack on the Routing Protocol for Low Power and Lossy Networks (RPL),” IEEE Access, vol. 8, pp. 43665-43675, 2020.
  • [8] C. Pu, “Sybil Attack in RPL-Based Internet of Things: Analysis and Defenses,” IEEE Internet of Things Journal, 2020.
  • [9] A. L. Imoize, T.R. Oyedare, C. G. Ezekafor, & S. Shetty, “Deployment of An Energy Efficient Routing Protocol for Wireless Sensor Networks Operating in A Resource Constrained Environment,” Transactions on Networks and Communications, vol. 7, no. 1, pp. 41-41, 2019.
  • [10] K. N. Qureshi, S. S. Rana, A. Ahmed, & G. Jeon, “A Novel and Secure Attacks Detection Framework for Smart Cities Industrial Internet of Things,” Sustainable Cities and Society, vol. 61, 2020.
  • [11] X. Sun, W. Liu, T. Wang, Q. Deng, A. Liu, N. N. Xiong, & S. Zhang, “Two-Hop Neighborhood Information Joint Double Broadcast Radius for Effective Code Dissemination in WSNs,” IEEE Access, vol. 7, pp. 88547-88569, 2019.
  • [12] A. Verma & V. Ranga, “Addressing Flooding Attacks in IPv6-Based Low Power and Lossy Networks,” TENCON 2019-2019 IEEE Region 10 Conference (TENCON), pp. 552-557, 2019.
  • [13] Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai, D. Breitenbacher, & Y. Elovici, “N-Baiot—Network-Based Detection of Iot Botnet Attacks Using Deep Autoencoders,” IEEE Pervasive Computing, vol. 17, no. 3, pp. 12-22, 2018.
  • [14] X. Zhang, O. Upton, N. L. Beebe & K. K. R. Choo, “IoT Botnet Forensics: A Comprehensive Digital Forensic Case Study on Mirai Botnet Servers,” Forensic Science International: Digital Investigation, vol. 32, 2020.
  • [15] A. Dunkels, B. Gronvall, & T. Voigt, “Contiki-A Lightweight and Flexible Operating System for Tiny Networked Sensors,” IEEE International Conference on Local Computer Networks, pp. 455-462, 2004.
  • [16] E. Sesli & G. Hacıoğlu, “Contiki OS Usage in Wireless Sensor Networks (WSNs),” Turk J Electrom Energy, vol. 2, no. 2, pp. 1-6, 2017.
  • [17] L. Wallgren, S. Raza & T. Voigt, “Routing Attacks and Countermeasures in the RPL-Based Internet of Things,” International Journal of Distributed Sensor Networks, vol. 9, no. 8, pp. 794326, 2013.
  • [18] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal & B. Sikdar, “A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures,” IEEE Access, vol. 7, pp. 82721-82743, 2019.
  • [19] T. Kothmayr, C. Schmitt, W. Hu, M. Brünig & G. Carle, “DTLS Based Security and Two-Way Authentication for the Internet of Things,” Ad Hoc Networks, vol. 11, no. 8, pp. 2710-2723, 2013.
  • [20] S. Raza, S. Duquennoy, J. Höglund, U. Roedig & T. Voigt, “Secure Communication for the Internet of Things—A Comparison of Link‐Layer Security and IPsec for 6LoWPAN,” Security and Communication Networks, vol. 7, no. 12, pp. 2654-2668, 2014.
Primary Language en
Subjects Engineering
Journal Section Articles
Authors

Orcid: 0000-0001-8529-1721
Author: Gökçe KARACAYILMAZ
Institution: HACETTEPE ÜNİVERSİTESİ
Country: Turkey


Orcid: 0000-0002-1417-4461
Author: Serkan GÖNEN
Institution: İSTANBUL GELİŞİM ÜNİVERSİTESİ
Country: Turkey


Orcid: 0000-0002-6044-379X
Author: Harun ARTUNER
Institution: HACETTEPE ÜNİVERSİTESİ
Country: Turkey


Orcid: 0000-0001-9859-1600
Author: Ercan Nurcan YILMAZ (Primary Author)
Institution: Gazi Üniversitesi
Country: Turkey


Orcid: 0000-0002-0692-172X
Author: Hasan Hüseyin SAYAN
Institution: GAZİ ÜNİVERSİTESİ
Country: Turkey


Orcid: 0000-0003-1138-1913
Author: Erhan SİNDİREN
Institution: GAZİ ÜNİVERSİTESİ
Country: Turkey


Dates

Publication Date : October 29, 2020

Bibtex @research article { dubited788006, journal = {Düzce Üniversitesi Bilim ve Teknoloji Dergisi}, issn = {}, eissn = {2148-2446}, address = {}, publisher = {Duzce University}, year = {2020}, volume = {8}, pages = {2366 - 2376}, doi = {10.29130/dubited.788006}, title = {Network Forensics of RPL-Based Attacks}, key = {cite}, author = {Karacayılmaz, Gökçe and Gönen, Serkan and Artuner, Harun and Yılmaz, Ercan Nurcan and Sayan, Hasan Hüseyin and Si̇ndi̇ren, Erhan} }
APA Karacayılmaz, G , Gönen, S , Artuner, H , Yılmaz, E , Sayan, H , Si̇ndi̇ren, E . (2020). Network Forensics of RPL-Based Attacks . Düzce Üniversitesi Bilim ve Teknoloji Dergisi , 8 (4) , 2366-2376 . DOI: 10.29130/dubited.788006
MLA Karacayılmaz, G , Gönen, S , Artuner, H , Yılmaz, E , Sayan, H , Si̇ndi̇ren, E . "Network Forensics of RPL-Based Attacks" . Düzce Üniversitesi Bilim ve Teknoloji Dergisi 8 (2020 ): 2366-2376 <https://dergipark.org.tr/en/pub/dubited/issue/57598/788006>
Chicago Karacayılmaz, G , Gönen, S , Artuner, H , Yılmaz, E , Sayan, H , Si̇ndi̇ren, E . "Network Forensics of RPL-Based Attacks". Düzce Üniversitesi Bilim ve Teknoloji Dergisi 8 (2020 ): 2366-2376
RIS TY - JOUR T1 - Network Forensics of RPL-Based Attacks AU - Gökçe Karacayılmaz , Serkan Gönen , Harun Artuner , Ercan Nurcan Yılmaz , Hasan Hüseyin Sayan , Erhan Si̇ndi̇ren Y1 - 2020 PY - 2020 N1 - doi: 10.29130/dubited.788006 DO - 10.29130/dubited.788006 T2 - Düzce Üniversitesi Bilim ve Teknoloji Dergisi JF - Journal JO - JOR SP - 2366 EP - 2376 VL - 8 IS - 4 SN - -2148-2446 M3 - doi: 10.29130/dubited.788006 UR - https://doi.org/10.29130/dubited.788006 Y2 - 2020 ER -
EndNote %0 Düzce Üniversitesi Bilim ve Teknoloji Dergisi Network Forensics of RPL-Based Attacks %A Gökçe Karacayılmaz , Serkan Gönen , Harun Artuner , Ercan Nurcan Yılmaz , Hasan Hüseyin Sayan , Erhan Si̇ndi̇ren %T Network Forensics of RPL-Based Attacks %D 2020 %J Düzce Üniversitesi Bilim ve Teknoloji Dergisi %P -2148-2446 %V 8 %N 4 %R doi: 10.29130/dubited.788006 %U 10.29130/dubited.788006
ISNAD Karacayılmaz, Gökçe , Gönen, Serkan , Artuner, Harun , Yılmaz, Ercan Nurcan , Sayan, Hasan Hüseyin , Si̇ndi̇ren, Erhan . "Network Forensics of RPL-Based Attacks". Düzce Üniversitesi Bilim ve Teknoloji Dergisi 8 / 4 (October 2020): 2366-2376 . https://doi.org/10.29130/dubited.788006
AMA Karacayılmaz G , Gönen S , Artuner H , Yılmaz E , Sayan H , Si̇ndi̇ren E . Network Forensics of RPL-Based Attacks. DÜBİTED. 2020; 8(4): 2366-2376.
Vancouver Karacayılmaz G , Gönen S , Artuner H , Yılmaz E , Sayan H , Si̇ndi̇ren E . Network Forensics of RPL-Based Attacks. Düzce Üniversitesi Bilim ve Teknoloji Dergisi. 2020; 8(4): 2366-2376.
IEEE G. Karacayılmaz , S. Gönen , H. Artuner , E. Yılmaz , H. Sayan and E. Si̇ndi̇ren , "Network Forensics of RPL-Based Attacks", Düzce Üniversitesi Bilim ve Teknoloji Dergisi, vol. 8, no. 4, pp. 2366-2376, Oct. 2020, doi:10.29130/dubited.788006