Intrusion Detection System Framework for Internet of Things

Publicerad

Typ

Examensarbete för masterexamen
Master Thesis

Modellbyggare

Tidskriftstitel

ISSN

Volymtitel

Utgivare

Sammanfattning

Today, we see an increasing trend towards connected devices. This trend of connecting devices instead of people is called the Internet of Things (IoT). Some of these devices are sensor nodes that are battery-driven micro controller units that are equipped with sensors and wireless communication capabilities. When they are connected to each other they compose a wireless sensor network (WSN). Historically the sensor nodes have been very limited both in terms of computational power and size of memory. As the nodes have grown more powerful, the WSNs have started to communicate using IP, allowing for communication towards the Internet, which makes the network vulnerable against common attacks against connected devices. This is a problem since the nodes often lack protection due to their hardware limitations. However, a new and more powerful generation of sensor nodes is currently available. Allowing for additional security for the applications because they now have more memory, hence they can store both the intended application and an Intrusion Detection System (IDS). This thesis presents the design, implementation and evaluation of a novel design of an IDS framework for sensor nodes. The IDS is implemented on top of the Contiki operating system (OS) which is a widely used OS for wireless sensor nodes. The evaluation of the IDS is performed with focus on energy consumption, detection rate, network reliability and latency, which makes the results comparable to other related works in the field. The main contribution of the thesis is a novel design of a detection method for detecting different routing attacks against RPL including sinkhole attacks, wormhole attacks and selective-forwarding attacks. The method is called RoVer which stands for role-based verification. The IDS framework combines different detection methods for discovering both Denial of Service attacks and routing attacks. The implementation is tested and evaluated on the modern sensor node platform called Texas Instruments SensorTag CC2650STK. Results show that the methods designed and implemented within the thesis are not just feasible but also effective when detecting attacks against the sensor nodes. Evaluation shows that RoVer has a detection rate of 100% while the two detection algorithms for flooding attacks have detection rates on 75%, all while keeping the amount of false alarms to a low number.

Beskrivning

Ämne/nyckelord

Data- och informationsvetenskap, Computer and Information Science

Citation

Arkitekt (konstruktör)

Geografisk plats

Byggnad (typ)

Byggår

Modelltyp

Skala

Teknik / material

Index

item.page.endorsement

item.page.review

item.page.supplemented

item.page.referenced