Network Intrusion Detection Using Autoencode Neural Network

In today's interconnected digital landscape, safeguarding computer networks against unauthorized access and cyber threats is of paramount importance. NIDS play a crucial role in identifying and mitigating potential security breaches. This research paper explores the application of autoencoder neural networks, a subset of deep learning techniques, in the realm of Network Intrusion Detection.Autoencoder neural networks are known for their ability to learn and represent data in a compressed, low-dimensional form. This study investigates their potential in modeling network traffic patterns and identifying anomalous activities. By training autoencoder networks on both normal and malicious network traffic data, we aim to create effective intrusion detection models that can distinguish between benign and malicious network behavior.The paper provides an in-depth analysis of the architecture and training methodologies of autoencoder neural networks for intrusion detection. It also explores various data preprocessing techniques and feature engineering approaches to enhance the model's performance. Additionally, the research evaluates the robustness and scalability of autoencoder-based NIDS in real-world network environments. Furthermore, ethical considerations in network intrusion detection, including privacy concerns and false positive rates, are discussed. It addresses the need for a balanced approach that ensures network security while respecting user privacy and minimizing disruptions. operation. This approach compresses the majority samples & increases the minority sample count in tough samples so that the IDS can achieve greater classification accuracy

Atomic-SDN: Is Synchronous Flooding the Solution to Software-Defined Networking in IoT?

The adoption of Software Defined Networking (SDN) within traditional networks has provided operators the ability to manage diverse resources and easily reconfigure networks as requirements change. Recent research has extended this concept to IEEE 802.15.4 low-power wireless networks, which form a key component of the Internet of Things (IoT). However, the multiple traffic patterns necessary for SDN control makes it difficult to apply this approach to these highly challenging environments. This paper presents Atomic-SDN, a highly reliable and low-latency solution for SDN in low-power wireless. Atomic-SDN introduces a novel Synchronous Flooding (SF) architecture capable of dynamically configuring SF protocols to satisfy complex SDN control requirements, and draws from the authors' previous experiences in the IEEE EWSN Dependability Competition: where SF solutions have consistently outperformed other entries. Using this approach, Atomic-SDN presents considerable performance gains over other SDN implementations for low-power IoT networks. We evaluate Atomic-SDN through simulation and experimentation, and show how utilizing SF techniques provides latency and reliability guarantees to SDN control operations as the local mesh scales. We compare Atomic-SDN against other SDN implementations based on the IEEE 802.15.4 network stack, and establish that Atomic-SDN improves SDN control by orders-of-magnitude across latency, reliability, and energy-efficiency metrics

Assessing the Impact of Mobile Attackers on RPL-based Internet of Things

The Internet of Things (IoT) is becoming ubiquitous in our daily life. IoT networks that are made up of devices low power, low memory, and low computing capability appears in many applications such as healthcare, home, agriculture. IPv6 Routing Protocol for Low Power and Lossy Network (RPL) has become a standardized routing protocol for such low-power and lossy networks in IoT. RPL establishes the best routes between devices according to the requirements of the application, which is achieved by the Objective Function (OF). Even though some security mechanisms are defined for external attackers in its RFC, RPL is vulnerable to attacks coming from inside. Moreover, the same attacks could has different impacts on networks with different OFs. Therefore, an analysis of such attacks becomes important in order to develop suitable security solutions for RPL. This study analyze RPL-specific attacks on networks using RPL's default OFs, namely Objective Function Zero (OF0) and the Minimum Rank with Hysteresis Objective Function (MRHOF). Moreover, mobile attackers could affect more nodes in a network due to their mobility. While the security solutions proposed in the literature assume that the network is static, this study takes into account mobile attackers.Comment: 11 pages,3 figures, Journa

Securing IoT Attacks: A Machine Learning Approach for Developing Lightweight Trust-Based Intrusion Detection System

The routing process in the Internet of Things (IoT) presents challenges in industrial applications due to its complexity, involving multiple devices, critical decision-making, and accurate data transmission. The complexity further increases with dynamic IoT devices, which creates opportunities for potential intruders to disrupt routing. Traditional security measures are inadequate for IoT devices with limited battery capabilities. Although RPL (Routing Protocol for Low Energy and Lossy Networks) is commonly used for IoT routing, it remains vulnerable to security threats. This study aims to detect and isolate three routing attacks on RPL: Rank, Sybil, and Wormhole. To achieve this, a lightweight trust-based secured routing system is proposed, utilizing machine learning techniques to derive values for devices in new networks, where initial trust values are unavailable. The system demonstrates successful detection and isolation of attacks, achieving an accuracy of 98.59%, precision of 98%, recall of 99%, and f-score of 98%, thereby reinforcing its effectiveness. Attacker nodes are identified and promptly disabled, ensuring a secure routing environment. Validation on a generated dataset further confirms the reliability of the system

Performance Assessment of Routing Protocols for IoT/6LoWPAN Networks

The Internet of Things (IoT) proposes a disruptive communication paradigm that allows smart objects to exchange data among themselves to reach a common goal. IoT application scenarios are multiple and can range from a simple smart home lighting system to fully controlled automated manufacturing chains. In the majority of IoT deployments, things are equipped with small devices that can suffer from severe hardware and energy restrictions that are responsible for performing data processing and wireless communication tasks. Thus, due to their features, communication networks that are used by these devices are generally categorized as Low Power and Lossy Networks (LLNs). The considerable variation in IoT applications represents a critical issue to LLN networks, which should offer support to different requirements as well as keeping reasonable quality-of-service (QoS) levels. Based on this challenge, routing protocols represent a key issue in IoT scenarios deployment. Routing protocols are responsible for creating paths among devices and their interactions. Hence, network performance and features are highly dependent on protocol behavior. Also, based on the adopted protocol, the support for some specific requirements of IoT applications may or may not be provided. Thus, a routing protocol should be projected to attend the needs of the applications considering the limitations of the device that will execute them. Looking to attend the demand of routing protocols for LLNs and, consequently, for IoT networks, the Internet Engineering Task Force (IETF) has designed and standardized the IPv6 Routing Protocol for Low Power and Lossy Networks (RPL). This protocol, although being robust and offering features to fulfill the need of several applications, still presents several faults and weaknesses (mainly related to its high complexity and memory requirement), which limits its adoption in IoT scenarios. An alternative to RPL, the Lightweight On-demand Ad Hoc Distancevector Routing Protocol – Next Generation (LOADng) has emerged as a less complicated routing solution for LLNs. However, the cost of its simplicity is paid for with the absence of adequate support for a critical set of features required for many IoT environments. Thus, based on the challenging open issues related to routing in IoT networks, this thesis aims to study and propose contributions to better attend the network requirements of IoT scenarios. A comprehensive survey, reviewing state-of-the-art routing protocols adopted for IoT, identified the strengths and weaknesses of current solutions available in the literature. Based on the identified limitations, a set of improvements is designed to overcome these issues and enhance IoT network performance. The novel solutions are proposed to include reliable and efficient support to attend the needs of IoT applications, such as mobility, heterogeneity, and different traffic patterns. Moreover, mechanisms to improve the network performance in IoT scenarios, which integrate devices with different communication technologies, are introduced. The studies conducted to assess the performance of the proposed solutions showed the high potential of the proposed solutions. When the approaches presented in this thesis were compared with others available in the literature, they presented very promising results considering the metrics related to the Quality of Service (QoS), network and energy efficiency, and memory usage as well as adding new features to the base protocols. Hence, it is believed that the proposed improvements contribute to the state-of-the-art of routing solutions for IoT networks, increasing the performance and adoption of enhanced protocols.A Internet das Coisas, do inglês Internet of Things (IoT), propõe um paradigma de comunicação disruptivo para possibilitar que dispositivos, que podem ser dotados de comportamentos autónomos ou inteligentes, troquem dados entre eles buscando alcançar um objetivo comum. Os cenários de aplicação do IoT são muito variados e podem abranger desde um simples sistema de iluminação para casa até o controle total de uma linha de produção industrial. Na maioria das instalações IoT, as “coisas” são equipadas com um pequeno dispositivo, responsável por realizar as tarefas de comunicação e processamento de dados, que pode sofrer com severas restrições de hardware e energia. Assim, devido às suas características, a rede de comunicação criada por esses dispositivos é geralmente categorizada como uma Low Power and Lossy Network (LLN). A grande variedade de cenários IoT representam uma questão crucial para as LLNs, que devem oferecer suporte aos diferentes requisitos das aplicações, além de manter níveis de qualidade de serviço, do inglês Quality of Service (QoS), adequados. Baseado neste desafio, os protocolos de encaminhamento constituem um aspecto chave na implementação de cenários IoT. Os protocolos de encaminhamento são responsáveis por criar os caminhos entre os dispositivos e permitir suas interações. Assim, o desempenho e as características da rede são altamente dependentes do comportamento destes protocolos. Adicionalmente, com base no protocolo adotado, o suporte a alguns requisitos específicos das aplicações de IoT podem ou não ser fornecidos. Portanto, estes protocolos devem ser projetados para atender as necessidades das aplicações assim como considerando as limitações do hardware no qual serão executados. Procurando atender às necessidades dos protocolos de encaminhamento em LLNs e, consequentemente, das redes IoT, a Internet Engineering Task Force (IETF) desenvolveu e padronizou o IPv6 Routing Protocol for Low Power and Lossy Networks (RPL). O protocolo, embora seja robusto e ofereça recursos para atender às necessidades de diferentes aplicações, apresenta algumas falhas e fraquezas (principalmente relacionadas com a sua alta complexidade e necessidade de memória) que limitam sua adoção em cenários IoT. Em alternativa ao RPL, o Lightweight On-demand Ad hoc Distance-vector Routing Protocol – Next Generation (LOADng) emergiu como uma solução de encaminhamento menos complexa para as LLNs. Contudo, o preço da simplicidade é pago com a falta de suporte adequado para um conjunto de recursos essenciais necessários em muitos ambientes IoT. Assim, inspirado pelas desafiadoras questões ainda em aberto relacionadas com o encaminhamento em redes IoT, esta tese tem como objetivo estudar e propor contribuições para melhor atender os requisitos de rede em cenários IoT. Uma profunda e abrangente revisão do estado da arte sobre os protocolos de encaminhamento adotados em IoT identificou os pontos fortes e limitações das soluções atuais. Com base nas debilidades encontradas, um conjunto de soluções de melhoria é proposto para superar carências existentes e melhorar o desempenho das redes IoT. As novas soluções são propostas para incluir um suporte confiável e eficiente capaz atender às necessidades das aplicações IoT relacionadas com suporte à mobilidade, heterogeneidade dos dispositivos e diferentes padrões de tráfego. Além disso, são introduzidos mecanismos para melhorar o desempenho da rede em cenários IoT que integram dispositivos com diferentes tecnologias de comunicação. Os vários estudos realizados para mensurar o desempenho das soluções propostas mostraram o grande potencial do conjunto de melhorias introduzidas. Quando comparadas com outras abordagens existentes na literatura, as soluções propostas nesta tese demonstraram um aumento do desempenho consistente para métricas relacionadas a qualidade de serviço, uso de memória, eficiência energética e de rede, além de adicionar novas funcionalidades aos protocolos base. Portanto, acredita-se que as melhorias propostas contribuiem para o avanço do estado da arte em soluções de encaminhamento para redes IoT e aumentar a adoção e utilização dos protocolos estudados

Incremental hybrid intrusion detection for 6LoWPAN

IPv6 over Low-powered Wireless Personal Area Networks (6LoWPAN) has grown in importance in recent years, with the Routing Protocol for Low Power and Lossy Networks (RPL) emerging as a major enabler. However, RPL can be subject to attack, with severe consequences. Most proposed IDSs have been limited to specific RPL attacks and typically assume a stationary environment. In this article, we propose the first adaptive hybrid IDS to efficiently detect and identify a wide range of RPL attacks (including DIO Suppression, Increase Rank, and Worst Parent attacks, which have been overlooked in the literature) in evolving data environments. We apply our framework to networks under various levels of node mobility and maliciousness. We experiment with several incremental machine learning (ML) approaches and various ‘concept-drift detection’ mechanisms (e.g. ADWIN, DDM, and EDDM) to determine the best underlying settings for the proposed scheme