| dc.description.abstract | Intrusion detection detects misbehaving nodes in a network. In Internet of Things(IoT), IPv6 Routing for Low-Power and Lossy Networks (RPL) is the standard routing protocol. In IoT, devices commonly have low energy, storage and memory, which is why the implemented intrusion algorithm in this thesis will try to minimize the usage of these resources. IDS for RPL-networks have been implemented before, but the use of resources or the number of packets sent was too high to be successful when finding malicious nodes.
In this thesis, Trust-based Intrusion Detection System (TIDS), a trust based intrusion detection system was implemented. Each node in the network should observe and evaluate its neighbors based on whether or not they were acting according to the RPL protocol. These observation were sent to a centralized node where these observations were analyzed. The trust values used are based on Subjective Logic; values for belief, disbelief and uncertainty are used to analyze the observations received from the normal nodes. The number of detected nodes, false positives, false negatives, energy usage, memory and number of nodes were measured. An attack's detection time is also measured.
Seven different experiments were conducted based on this IDS. They were chosen to investigate the different number of nodes and attackers in the network, when the observations should be sent to the border router and whether the border router is always in listening mode. This showed that the implemented IDS captures between 50-100\% of the attackers based on what type of experiment was executed and it also introduces between 2 and 15 false positives. Concerning the resource usage, the IDS uses between 5000-6400 bytes of storage and 700-1000 bytes of memory. The energy consumption in the border router increases with 488 mW when the IDS is implemented, while the normal nodes does not see an increase in the energy consumption.
The results of the thesis are promising, but needs more work to be extended to the RPL protocol. Regarding energy consumption, the border router with IDS is using more energy than without. The normal nodes however, do not have an increased energy consumption because of the IDS. The proposed IDS detects every attacker, but does also introduce false positives. The number of false positives can be reduced by improving the way sinkhole attack is captured. | |
