Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Distributed anomaly detection of single mote attacks in RPL networks

: Müller, N.M.; Debus, P.; Kowatsch, D.; Böttinger, K.


Obaidat, M.S. ; Institute for Systems and Technologies of Information, Control and Communication -INSTICC-, Setubal:
ICETE 2019, 16th International Joint Conference on e-Business and Telecommunications. Proceedings. Vol.2: SECRYPT : July 26-28, 2019, Prague, Czech Republic
Setúbal: SciTePress, 2019
ISBN: 978-989-758-378-0
International Joint Conference on e-Business and Telecommunications (ICETE) <16, 2019, Prague>
International Conference on Security and Cryptography (SECRYPT) <16, 2019, Prague>
Fraunhofer AISEC ()

RPL, a protocol for IP packet routing in wireless sensor networks, is known to be susceptible to a wide range of attacks. Especially effective are ’single mote attacks’, where the attacker only needs to control a single sensor node. These attacks work by initiating a ’delayed denial of service’, which depletes the motes’ batteries while maintaining otherwise normal network operation. While active, this is not detectable on the application layer, and thus requires detection on the network layer. Further requirements for detection algorithms are extreme computational and resource efficiency (e.g. avoiding communication overhead) and the use of machine learning (if the drawbacks of signature based detection are not acceptable). In this paper, we present a system for anomaly detection of these kinds of attacks and constraints, implement a prototype in C, and evaluate it on different network topologies against three ’single mote attacks’. We make our system highly resource and energy effic ient by deploying pre-trained models to the motes and approximating our choice of ML algorithm (KDE) via parameterized cubic splines. We achieve on average 84.91 percent true-positives and less than 0.5 percent false-positives. We publish all data sets and source code for full reproducibility.