A trust model anomaly detection of RPL attacks in WSN-based IOT / Zainab Ebrahim Qamber Ghuloom Abdulla Alansari

Zainab Ebrahim Qamber Ghuloom , Abdulla Alansari (2023) A trust model anomaly detection of RPL attacks in WSN-based IOT / Zainab Ebrahim Qamber Ghuloom Abdulla Alansari. PhD thesis, Universiti Malaya.

	PDF (The Candidate's Agreement) Restricted to Repository staff only Download (182Kb)
	PDF (Thesis PhD) Restricted to Repository staff only until 31 December 2024. Download (3562Kb)

Abstract

Wireless Sensor Networks (WSN) have gained significant attention in academic and industrial research due to their scalability, flexibility, and ease of deployment. WSN comprises sensor nodes that use the Internet of Things (IoT) to exchange sensor data from various sectors such as healthcare, transportation, and agriculture. Protecting sensor data from attacks is essential as they play a crucial role in forecasting, cost reduction, quality assurance, or predictive maintenance. Routing protocols transmit vast amounts of data between WSN and the IoT gateway, but they are vulnerable. RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) is one of the routing protocols for wireless networks with lower energy, which is resource-constrained and provides energy-efficient routing. RPL is more effective than other routing protocols because of its self-organizing and self-healing features. Due to the potential impact on the device's performance with limited resources, RPL's optional security features only prevent external attacks; however, internal attacks resist newer protections such as data encryption and spam detection. Existing internal attack detection techniques reduce network lifetime by consuming significant resources through message overhead, computation, and communication. Furthermore, earlier research ignored mobility nodes and used additional hardware, which increased computational costs. Considering the security problems with RPL, this thesis presents a novel lightweight system for anomaly detection of five internal routing attacks: grayhole, blackhole, selective forwarding, DIS flooding, and wormhole attacks. The study aims to utilize a trust model in RPL protocol to increase network performance and lifetime while attaining high detection accuracy. In addition, this study introduces forgiveness and punishment sublayers to prevent mistakenly labeling normal nodes as attackers. The proposed system, RPL Anomaly Detection of Five Internal Attacks (RPLAD5), includes four layers: information gathering, trust calculation, decision making, and backup and restore. RPLAD5 starts operating immediately after the initial state of the network. The information gathering layer collects neighbouring node data for the trust calculation layer. Layer two utilizes the node's positive and negative behavior to calculate the trust for control and data packets. Layer three uses the results to determine if the node is malicious. Finally, nodes in layer 4 send a backup message to the root to identify malicious nodes and alert the network. All sensor nodes are emulated in RPLAD5 using TmoteSky and a trust model to protect the RPL protocol from internal attacks in a dynamic distributed network. Various experiments were conducted to evaluate the impact of adaptivity, scalability, accuracy, and mobility of RPLAD5 using different threshold values, network sizes, densities, error probabilities, and the rate of attackers. RPLAD5 defeats mobile attackers, mobile victims, or static frameworks as per the results of the comparative analysis. Each experiment undertakes different scenarios with an average of ten runs to obtain the most accurate values using the Cooja/Contiki OS. The evaluation results demonstrate that the proposed system consistently achieves energy and power consumption levels below 1 in most experiments. The PDR and TPR values are close to 1, indicating the system’s high accuracy. The FPR is nearly 0, surpassing both the standard RPL protocol and similar studies.

Actions (For repository staff only : Login required)