Distributed Anomaly Detection of Single Mote Attacks in RPL Networks

Nicolas M. Müller, Pascal Debus, Daniel Kowatsch, Konstantin Böttinger

2019

Abstract

RPL, a protocol for IP packet routing in wireless sensor networks, is known to be susceptible to a wide range of attacks. Especially effective are ’single mote attacks’, where the attacker only needs to control a single sensor node. These attacks work by initiating a ’delayed denial of service’, which depletes the motes’ batteries while maintaining otherwise normal network operation. While active, this is not detectable on the application layer, and thus requires detection on the network layer. Further requirements for detection algorithms are extreme computational and resource efficiency (e.g. avoiding communication overhead) and the use of machine learning (if the drawbacks of signature based detection are not acceptable). In this paper, we present a system for anomaly detection of these kinds of attacks and constraints, implement a prototype in C, and evaluate it on different network topologies against three ’single mote attacks’. We make our system highly resource and energy efficient by deploying pre-trained models to the motes and approximating our choice of ML algorithm (KDE) via parameterized cubic splines. We achieve on average 84.91 percent true-positives and less than 0.5 percent false-positives. We publish all data sets and source code for full reproducibility.

Download


Paper Citation


in Harvard Style

Müller N., Debus P., Kowatsch D. and Böttinger K. (2019). Distributed Anomaly Detection of Single Mote Attacks in RPL Networks.In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT, ISBN 978-989-758-378-0, pages 378-385. DOI: 10.5220/0007836003780385


in Bibtex Style

@conference{secrypt19,
author={Nicolas Müller and Pascal Debus and Daniel Kowatsch and Konstantin Böttinger},
title={Distributed Anomaly Detection of Single Mote Attacks in RPL Networks},
booktitle={Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,},
year={2019},
pages={378-385},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007836003780385},
isbn={978-989-758-378-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,
TI - Distributed Anomaly Detection of Single Mote Attacks in RPL Networks
SN - 978-989-758-378-0
AU - Müller N.
AU - Debus P.
AU - Kowatsch D.
AU - Böttinger K.
PY - 2019
SP - 378
EP - 385
DO - 10.5220/0007836003780385