Research Article
BibTex RIS Cite

Makine Öğrenmesi Algoritmaları Kullanarak RPL Tabanlı Yönlendirme Saldırılarının Tespiti

Year 2024, Volume: 15 Issue: 4, 783 - 796
https://doi.org/10.24012/dumf.1490367

Abstract

Bu çalışma, Nesnelerin İnterneti (IoT) uygulamalarında yaygın olarak kullanılan bir yönlendirme protokolü olan Düşük Güçlü ve Kayıplı Ağlar için Yönlendirme Protokolü'ne (RPL) yönelik saldırıları tespit etmek için çeşitli makine öğrenimi tekniklerini analiz etmektedir. RPL genellikle düşük güç tüketimi ve sınırlı bant genişliği gerektiren IPv6 tabanlı IoT uygulamalarında kullanılmaktadır. Araştırma, RPL tabanlı ağlara yönelik saldırıları inceleyen son literatürü gözden geçirmekte ve yönlendirme saldırılarını tespit etmek için ROUT-4-2023 veri kümesini kullanmaktadır. Cooja simülatörü kullanılarak oluşturulan bu veri kümesi, dört tür yönlendirme saldırısını kapsamaktadır: Kara Delik Saldırısı, Sel Saldırısı, DODAG Sürüm Numarası Saldırısı ve Azaltılmış Sıralama Saldırısı. Saldırı türleri AdaBoost, KNN, Random Forest, Decision Tree ve Bagging gibi makine öğrenimi teknikleri kullanılarak tespit edilmiştir. Birleşik veri kümesinde, Karar Ağacı ve Torbalama algoritması %99,99 doğruluk oranıyla en yüksek performansı sergilemiştir. Gerçek dünyanın daha doğru bir temsilini oluşturmak için veri kümesine %10 düzeyinde gürültü ekledik. Gürültülü veri kümesinde, Rastgele Orman algoritması yaklaşık %84,80 doğrulukla en iyi performansı göstermiştir. Yüksek doğruluk, kullanılan yöntemlerin IoT ağlarını korumak için bir Saldırı Tespit Sistemi (IDS) olarak etkili bir şekilde kullanılabileceğini göstermektedir. Sonuç olarak bu çalışma, makine öğrenimi tekniklerinin RPL protokolündeki yönlendirme saldırılarını tespit etmek için umut verici bir yaklaşım sunduğunu göstermektedir. Bulgular, IoT güvenliği alanındaki araştırmacılar ve uygulayıcılar için faydalı bilgiler sağlamaktadır. Bu çalışma, IoT ağlarının güvenliğini artırmak için makine öğrenimi tabanlı algoritmaların potansiyeline katkıda bulunmakta ve bu alanda gelecekteki araştırmalara destek olmaktadır.

References

  • [1] S. Görmüş, H. Aydın, and G. Ulutaş, “Security for the internet of things: a survey of existing mechanisms, protocols and open research issues,” Journal of the Faculty of Engineering and Architecture of Gazi University, vol. 33, no. 4, pp. 1247–1272, 2018.
  • [2] Q. Jing, A. V. Vasilakos, J. Wan, J. Lu, and D. Qiu, “Security of the internet of things: perspectives and challenges,” Wireless networks, vol. 20, pp. 2481 2501, 2014.
  • [3] R. Alexander, A. Brandt, J. Vasseur, J. Hui, K. Pister, P. Thubert, P. Levis, R. Struik, R. Kelsey, and T. Winter, “RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks,” RFC 6550, Mar. 2012. [Online]. Available: editor.org/info/rfc6550 https://www.rfc
  • [4] A. Verma and V. Ranga, “Machine learning based intrusion detection systems for iot applications,” Wireless Personal Communications, vol. 111, no. 4, pp. 2287–2310, 2020.
  • [5] T. Bekar, S. Görmüş, B. Aydın, and H. Aydın, “Q learning algorithm inspired objective function optimization for ietf 6tisch networks,” in 2023 International Conference on Smart Applications, Communications and Networking (SmartNets), 2023, pp. 1–6.
  • [6] M. EMEÇ and M. H. ÖZCANHAN, “Rout-4-2023: Rpl based routing attack dataset for iot,” 2023. [Online]. Available: https://dx.doi.org/10.21227/3mbe-5j70
  • [7] H. Aydin, S. Goermues, and Y. Jin, “A distributed user authentication mechanism for ietf 6tisch protocol,” in 2018 IEEE 87th Vehicular Technology Conference (VTC Spring), 2018, pp. 1–7.
  • [8] S. Külcü and S. Görmüş, “Improving synchronization time in 6tisch networks with smart antennas,” in 2022 30th Signal Processing and Communications Applications Conference (SIU). IEEE, 2022, pp. 1–4.
  • [9] A. Mayzaud, R. Badonnel, and I. Chrisment, “A taxonomy of attacks in rpl-based internet of things,” Int. J. Netw. Secur., vol. 18, pp. 459–473, 2016.
  • [10] B. Aydın, S. Görmüş, H. Aydın, and S. Kulcu, “A new routing objective function for ietf 6tisch protocol,” in 2022 30th Signal Processing and Communications Applications Conference (SIU). IEEE, 2022, pp. 1–4.
  • [11] A. Verma and V. Ranga, “Elnids: Ensemble learning based network intrusion detection system for rpl based internet of things,” in 2019 4th International conference on Internet of Things: Smart innovation and usages (IoT-SIU). IEEE, 2019, pp. 1–6.
  • [12] E. Aydogan, S. Yilmaz, S. Sen, I. Butun, S. Forsström, and M. Gidlund, “A central intrusion detection system for rpl-based industrial internet of things,” in 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS). IEEE, 2019, pp. 1–5.
  • [13] S. Deshmukh-Bhosale and S. S. Sonavane, “A real time intrusion detection system for wormhole attack in the rpl based internet of things,” Procedia Manufacturing, vol. 32, pp. 840–847, 2019.
  • [14] B. Farzaneh, M. Koosha, E. Boochanpour, and E. Alizadeh, “A new method for intrusion detection on rpl routing protocol using fuzzy logic,” in 2020 6th International Conference on Web Research (ICWR), 2020, pp. 245–250.
  • [15] A. Agiollo, M. Conti, P. Kaliyar, T.-N. Lin, and L. Pajola, “Detonar: Detection of routing attacks in rpl based iot,” IEEE transactions on network and service management, vol. 18, no. 2, pp. 1178–1190, 2021.
  • [16] E. Garcia Ribera, B. Martinez Alvarez, C. Samuel, P. P. Ioulianou, and V. G. Vassilakis, “An intrusion detection system for rpl-based iot networks,” Electronics, vol. 11, no. 23, 2022.
  • [17] A. Alazab, A. Khraisat, S. Singh, S. Bevinakoppa, and O. A. Mahdi, “Routing attacks detection in 6lowpan-based internet of things,” Electronics, vol. 12, no. 6, 2023.
  • [18] H. Azzaoui, A. Z. E. Boukhamla, P. Perazzo, M. Alazab, and V. Ravi, “A lightweight cooperative intrusion detection system for rpl-based iot,” Wireless Personal Communications, pp. 1–24, 2024.
  • [19] R. Bokka and T. Sadasivam, “Simulation-based analysis of rpl routing attacks and their impact on iot network performance,” Journal of Electronic Testing, pp. 1–15, 2024.
  • [20] U. Kiran, P. Maurya, and H. Sharma, “Investigating routing protocol attacks on low power and lossy iot networks,” SN Computer Science, vol. 5, no. 4, p. 393, 2024.
  • [21] M. Osman, J. He, K. Zhu, and F. M. M. Mokbal, “An ensemble learning framework for the detection of rpl attacks in iot networks based on the genetic feature selection approach,” Ad Hoc Networks, vol. 152, p. 103331, 2024. 795 DUJE (Dicle University Journal of Engineering) 15:4 (2024) Page 783-796
  • [22] A. Verma and V. Ranga, “Rpl-nidds17-a data set for intrusion detection in rpl based 6lowpan networks,” Internet of Things, vol. 5, no. 1, pp. 1-20, 2018.
  • [23] G. De’Ath, “Boosted trees for ecological modeling and prediction,” Ecology, vol. 88, no. 1, pp. 243-251, 2007.
  • [24] C. Seiffert, T. M. Khoshgoftaar, J. Van Hulse, and A. Napolitano, “Rusboost: A hybrid approach to alleviating class imbalance,” IEEE transactions on systems, man, and cybernetics-part A: systems and humans, vol. 40, no. 1, pp. 185-197, 2009.
  • [25] D. Airehrour, J. Gutierrez, and S. K. Ray, “Securing rpl routing protocol from blackhole attacks using a trust-based mechanism,” in 2016 26th International Telecommunication Networks and Applications Conference (ITNAC), 2016, pp. 115-120.
  • [26] A. Mayzaud, R. Badonnel, and I. Chrisment, “A taxonomy of attacks in rpl-based internet of things,” International Journal of Network Security, vol. 18, no. 3, pp. 459-473, 2016.
  • [27] T. NGUYEN, T. NGO, T. NGUYEN, D. TRAN, H. A. TRAN, and T. BUI, “The flooding attack in low power and lossy networks: A case study,” in 2018 International Conference on Smart Communications in Network Technologies (SaCoNeT), 2018, pp. 183 187.
  • [28] A. Mayzaud, R. Badonnel, and I. Chrisment, “Detecting version number attacks in rpl-based networks using a distributed monitoring architecture,” in 2016 12th International Conference on Network and Service Management (CNSM), 2016, pp. 127-135.
  • [29] A. D. Seth, S. Biswas, and A. K. Dhar, “Detection and verification of decreased rank attack using round-trip times in rpl-based 6lowpan networks,” in 2020 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), 2020, pp. 1 6.
  • [30] O. H. Abdulganiyu, T. Ait Tchakoucht, and Y. K. Saheed, “A systematic literature review for network intrusion detection system (ids),” International Journal of Information Security, vol. 22, no. 5, pp. 1125-1162, 2023.
  • [31] M. Douiba, S. Benkirane, A. Guezzaz, and M. Azrour, “An improved anomaly detection model for iot security using decision tree and gradient boosting,” The Journal of Supercomputing, vol. 79, no. 3, pp. 3392-3411, 2023.
  • [32] J. B. Awotunde, F. E. Ayo, R. Panigrahi, A. Garg, A. K. Bhoi, and P. Barsocchi, “A multi-level random forest model-based intrusion detection using fuzzy inference system for internet of things networks,” International Journal of Computational Intelligence Systems, vol. 16, no. 1, p. 31, 2023.
  • [33] J. B. Awotunde, S. O. Folorunso, A. L. Imoize, J. O. Odunuga, C.-C. Lee, C.-T. Li, and D.-T. Do, “An ensemble tree-based model for intrusion detection in industrial internet of things networks,” Applied Sciences, vol. 13, no. 4, p. 2479, 2023.

Detection of RPL-based Routing Attacks Using Machine Learning Algorithms

Year 2024, Volume: 15 Issue: 4, 783 - 796
https://doi.org/10.24012/dumf.1490367

Abstract

This study analyzes various machine learning techniques for detecting attacks against Routing Protocol for Low-Power and Lossy Networks (RPL), a routing protocol commonly used in Internet of Things (IoT) applications. RPL is often employed in IPv6-based IoT applications that require low power consumption and limited bandwidth. The research reviews recent literature examining attacks on RPL-based networks and utilizes the ROUT-4-2023 dataset for detecting routing attacks. This dataset, created using the Cooja simulator, encompasses four types of routing attacks: Blackhole Attack, Flooding Attack, DODAG Version Number Attack, and Decreased Rank Attack. The attack types are detected using machine learning techniques like AdaBoost, KNN, Random Forest, Decision Tree, and Bagging. In the combined dataset, the Decision Tree and Bagging algorithm exhibited the highest performance with a 99.99% accuracy. To create a more accurate representation of the real world, we incorporate a 10% level of noise into the dataset. On the noisy dataset, Random Forest algorithm performed the best with about 84.80% accuracy. The high accuracy show that the employed methods can be effectively used as an Intrusion Detection System (IDS) to protect IoT networks. As a result, this study demonstrates that machine learning techniques offer a promising approach for detecting routing attacks in the RPL protocol. The findings provide useful information for researchers and practitioners in the field of IoT security. This study contributes to the potential of machine learning-based algorithms to enhance the security of IoT networks and contributes to future research in this area.

References

  • [1] S. Görmüş, H. Aydın, and G. Ulutaş, “Security for the internet of things: a survey of existing mechanisms, protocols and open research issues,” Journal of the Faculty of Engineering and Architecture of Gazi University, vol. 33, no. 4, pp. 1247–1272, 2018.
  • [2] Q. Jing, A. V. Vasilakos, J. Wan, J. Lu, and D. Qiu, “Security of the internet of things: perspectives and challenges,” Wireless networks, vol. 20, pp. 2481 2501, 2014.
  • [3] R. Alexander, A. Brandt, J. Vasseur, J. Hui, K. Pister, P. Thubert, P. Levis, R. Struik, R. Kelsey, and T. Winter, “RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks,” RFC 6550, Mar. 2012. [Online]. Available: editor.org/info/rfc6550 https://www.rfc
  • [4] A. Verma and V. Ranga, “Machine learning based intrusion detection systems for iot applications,” Wireless Personal Communications, vol. 111, no. 4, pp. 2287–2310, 2020.
  • [5] T. Bekar, S. Görmüş, B. Aydın, and H. Aydın, “Q learning algorithm inspired objective function optimization for ietf 6tisch networks,” in 2023 International Conference on Smart Applications, Communications and Networking (SmartNets), 2023, pp. 1–6.
  • [6] M. EMEÇ and M. H. ÖZCANHAN, “Rout-4-2023: Rpl based routing attack dataset for iot,” 2023. [Online]. Available: https://dx.doi.org/10.21227/3mbe-5j70
  • [7] H. Aydin, S. Goermues, and Y. Jin, “A distributed user authentication mechanism for ietf 6tisch protocol,” in 2018 IEEE 87th Vehicular Technology Conference (VTC Spring), 2018, pp. 1–7.
  • [8] S. Külcü and S. Görmüş, “Improving synchronization time in 6tisch networks with smart antennas,” in 2022 30th Signal Processing and Communications Applications Conference (SIU). IEEE, 2022, pp. 1–4.
  • [9] A. Mayzaud, R. Badonnel, and I. Chrisment, “A taxonomy of attacks in rpl-based internet of things,” Int. J. Netw. Secur., vol. 18, pp. 459–473, 2016.
  • [10] B. Aydın, S. Görmüş, H. Aydın, and S. Kulcu, “A new routing objective function for ietf 6tisch protocol,” in 2022 30th Signal Processing and Communications Applications Conference (SIU). IEEE, 2022, pp. 1–4.
  • [11] A. Verma and V. Ranga, “Elnids: Ensemble learning based network intrusion detection system for rpl based internet of things,” in 2019 4th International conference on Internet of Things: Smart innovation and usages (IoT-SIU). IEEE, 2019, pp. 1–6.
  • [12] E. Aydogan, S. Yilmaz, S. Sen, I. Butun, S. Forsström, and M. Gidlund, “A central intrusion detection system for rpl-based industrial internet of things,” in 2019 15th IEEE International Workshop on Factory Communication Systems (WFCS). IEEE, 2019, pp. 1–5.
  • [13] S. Deshmukh-Bhosale and S. S. Sonavane, “A real time intrusion detection system for wormhole attack in the rpl based internet of things,” Procedia Manufacturing, vol. 32, pp. 840–847, 2019.
  • [14] B. Farzaneh, M. Koosha, E. Boochanpour, and E. Alizadeh, “A new method for intrusion detection on rpl routing protocol using fuzzy logic,” in 2020 6th International Conference on Web Research (ICWR), 2020, pp. 245–250.
  • [15] A. Agiollo, M. Conti, P. Kaliyar, T.-N. Lin, and L. Pajola, “Detonar: Detection of routing attacks in rpl based iot,” IEEE transactions on network and service management, vol. 18, no. 2, pp. 1178–1190, 2021.
  • [16] E. Garcia Ribera, B. Martinez Alvarez, C. Samuel, P. P. Ioulianou, and V. G. Vassilakis, “An intrusion detection system for rpl-based iot networks,” Electronics, vol. 11, no. 23, 2022.
  • [17] A. Alazab, A. Khraisat, S. Singh, S. Bevinakoppa, and O. A. Mahdi, “Routing attacks detection in 6lowpan-based internet of things,” Electronics, vol. 12, no. 6, 2023.
  • [18] H. Azzaoui, A. Z. E. Boukhamla, P. Perazzo, M. Alazab, and V. Ravi, “A lightweight cooperative intrusion detection system for rpl-based iot,” Wireless Personal Communications, pp. 1–24, 2024.
  • [19] R. Bokka and T. Sadasivam, “Simulation-based analysis of rpl routing attacks and their impact on iot network performance,” Journal of Electronic Testing, pp. 1–15, 2024.
  • [20] U. Kiran, P. Maurya, and H. Sharma, “Investigating routing protocol attacks on low power and lossy iot networks,” SN Computer Science, vol. 5, no. 4, p. 393, 2024.
  • [21] M. Osman, J. He, K. Zhu, and F. M. M. Mokbal, “An ensemble learning framework for the detection of rpl attacks in iot networks based on the genetic feature selection approach,” Ad Hoc Networks, vol. 152, p. 103331, 2024. 795 DUJE (Dicle University Journal of Engineering) 15:4 (2024) Page 783-796
  • [22] A. Verma and V. Ranga, “Rpl-nidds17-a data set for intrusion detection in rpl based 6lowpan networks,” Internet of Things, vol. 5, no. 1, pp. 1-20, 2018.
  • [23] G. De’Ath, “Boosted trees for ecological modeling and prediction,” Ecology, vol. 88, no. 1, pp. 243-251, 2007.
  • [24] C. Seiffert, T. M. Khoshgoftaar, J. Van Hulse, and A. Napolitano, “Rusboost: A hybrid approach to alleviating class imbalance,” IEEE transactions on systems, man, and cybernetics-part A: systems and humans, vol. 40, no. 1, pp. 185-197, 2009.
  • [25] D. Airehrour, J. Gutierrez, and S. K. Ray, “Securing rpl routing protocol from blackhole attacks using a trust-based mechanism,” in 2016 26th International Telecommunication Networks and Applications Conference (ITNAC), 2016, pp. 115-120.
  • [26] A. Mayzaud, R. Badonnel, and I. Chrisment, “A taxonomy of attacks in rpl-based internet of things,” International Journal of Network Security, vol. 18, no. 3, pp. 459-473, 2016.
  • [27] T. NGUYEN, T. NGO, T. NGUYEN, D. TRAN, H. A. TRAN, and T. BUI, “The flooding attack in low power and lossy networks: A case study,” in 2018 International Conference on Smart Communications in Network Technologies (SaCoNeT), 2018, pp. 183 187.
  • [28] A. Mayzaud, R. Badonnel, and I. Chrisment, “Detecting version number attacks in rpl-based networks using a distributed monitoring architecture,” in 2016 12th International Conference on Network and Service Management (CNSM), 2016, pp. 127-135.
  • [29] A. D. Seth, S. Biswas, and A. K. Dhar, “Detection and verification of decreased rank attack using round-trip times in rpl-based 6lowpan networks,” in 2020 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), 2020, pp. 1 6.
  • [30] O. H. Abdulganiyu, T. Ait Tchakoucht, and Y. K. Saheed, “A systematic literature review for network intrusion detection system (ids),” International Journal of Information Security, vol. 22, no. 5, pp. 1125-1162, 2023.
  • [31] M. Douiba, S. Benkirane, A. Guezzaz, and M. Azrour, “An improved anomaly detection model for iot security using decision tree and gradient boosting,” The Journal of Supercomputing, vol. 79, no. 3, pp. 3392-3411, 2023.
  • [32] J. B. Awotunde, F. E. Ayo, R. Panigrahi, A. Garg, A. K. Bhoi, and P. Barsocchi, “A multi-level random forest model-based intrusion detection using fuzzy inference system for internet of things networks,” International Journal of Computational Intelligence Systems, vol. 16, no. 1, p. 31, 2023.
  • [33] J. B. Awotunde, S. O. Folorunso, A. L. Imoize, J. O. Odunuga, C.-C. Lee, C.-T. Li, and D.-T. Do, “An ensemble tree-based model for intrusion detection in industrial internet of things networks,” Applied Sciences, vol. 13, no. 4, p. 2479, 2023.
There are 33 citations in total.

Details

Primary Language English
Subjects Machine Learning (Other), Electronics, Sensors and Digital Hardware (Other)
Journal Section Articles
Authors

Burak Aydın 0000-0002-5377-4590

Hakan Aydın 0000-0002-4057-3693

Sedat Görmüş 0000-0003-2172-2144

Emin Mollahasanoğlu 0000-0001-7029-1956

Early Pub Date December 23, 2024
Publication Date
Submission Date May 27, 2024
Acceptance Date November 25, 2024
Published in Issue Year 2024 Volume: 15 Issue: 4

Cite

IEEE B. Aydın, H. Aydın, S. Görmüş, and E. Mollahasanoğlu, “Detection of RPL-based Routing Attacks Using Machine Learning Algorithms”, DUJE, vol. 15, no. 4, pp. 783–796, 2024, doi: 10.24012/dumf.1490367.
DUJE tarafından yayınlanan tüm makaleler, Creative Commons Atıf 4.0 Uluslararası Lisansı ile lisanslanmıştır. Bu, orijinal eser ve kaynağın uygun şekilde belirtilmesi koşuluyla, herkesin eseri kopyalamasına, yeniden dağıtmasına, yeniden düzenlemesine, iletmesine ve uyarlamasına izin verir. 24456