Skip to main content
SpringerLink
Log in

Denial-of-Service Attacks and Countermeasures in the RPL-Based Internet of Things

  • Conference paper
  • First Online:
Computer Security (CyberICPS 2019, SECPRE 2019, SPOSE 2019, ADIoT 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11980))

Abstract

Internet of Things (IoT) is already playing a significant role in our lives, as more and more industries are adopting IoT for improving existing systems and providing novel applications. However, recent attacks caused by Mirai and Chalubo botnets show that IoT systems are vulnerable and new security mechanisms are required. In this work, we design and implement a prototype of Intrusion Detection System (IDS) for protecting IoT networks and devices from Denial-of-Service (DoS) attacks. Our focus is on detecting attacks that exploit the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL), which is a widely used protocol for packet routing in low-power IoT networks. Our considered Operating System (OS) is the popular ContikiOS and we use the Cooja simulator to study DoS attacks and test the detection algorithms. In particular, we simulated scenarios that involve both benign and malicious/compromised IoT devices. A compromised device exploits RPL control messages to cause other devices perform heavy computations and disrupt the established network routes. The obtained simulation results help us understand the characteristics of an RPL-based IoT network under its normal operation and devise effective countermeasures against malicious activity. A new threshold-based IDS is proposed and a first prototype is implemented in ContikiOS. The IDS relies on tunable parameters and involves both centralised and distributed components in order to effectively detect malicious RPL messages. Experimental results show high detection rate and low false positives in large networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Contiki: The Open Source OS for the Internet of Things. http://www.contiki-os.org/. Accessed 13 Aug 2019

  2. TinyOS: An OS for Embedded, Wireless Devices. https://github.com/tinyos/tinyos-main. Accessed 13 Aug 2019

  3. Zolertia technical documentation (2017). https://github.com/Zolertia/Resources/wiki/Zolertia-Technical-documentation

  4. McAfee Labs Threats Report, September 2018. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-sep-2018.pdf

  5. Alaba, F.A., Othman, M., Hashem, I.A.T., Alotaibi, F.: Internet of Things security: a survey. J. Netw. Comput. Appl. 88, 10–28 (2017). https://doi.org/10.1016/j.jnca.2017.04.002

    Article  Google Scholar 

  6. Alohali, B.A., Vassilakis, V.G., Moscholios, I.D., Logothetis, M.D.: A secure scheme for group communication of wireless IoT devices. In: Proceedings 11th IEEE/IET International Symposium on Communication Systems, Networks, and Digital Signal Processing (CSNDSP), Budapest, Hungary, pp. 1–6, July 2018. https://doi.org/10.1109/csndsp.2018.8471871

  7. Ammar, M., Russello, G., Crispo, B.: Internet of things: a survey on the security of IoT frameworks. J. Inform. Secur. Appl. 38, 8–27 (2018). https://doi.org/10.1016/j.jisa.2017.11.002

    Article  Google Scholar 

  8. Bhuyan, M.H., Bhattacharyya, D., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate ddos attack detection. Pattern Recogn. Lett. 51, 1–7 (2015)

    Article  Google Scholar 

  9. CISCO: The Internet of Things Reference Model (2014). http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_Paper_June_4_2014.pdf

  10. Dunkels, A., Gronvall, B., Voigt, T.: Contiki - a lightweight and flexible operating system for tiny networked sensors. In: Proceedings 29th IEEE International Conference on Local Computer Networks, Tampa, FL, USA, pp. 455–462, November 2004. https://doi.org/10.1109/lcn.2004.38

  11. Easton, T.: Chalubo botnet wants to DDoS from your server or IoT device, October 2018. https://news.sophos.com/en-us/2018/10/22/chalubo-botnet-wants-to-ddos-from-your-server-or-iot-device/

  12. Geenens, P.: BrickerBot - The Dark Knight of IoT (2017). https://blog.radware.com/security/2017/04/brickerbot-dark-knight-iot/

  13. Gemalto: The state of IoT security (2018). http://www2.gemalto.com/iot/index.html

  14. Gnawali, O., Levis, P.: The minimum rank with hysteresis objective function. Technical report (2012)

    Google Scholar 

  15. Ioulianou, P.P., Vassilakis, V.G., Logothetis, M.D.: Battery drain denial-of-service attacks and defenses in the internet of things. J. Telecommun. Inform. Technol. 2, 37–45 (2019)

    Google Scholar 

  16. Ioulianou, P.P., Vassilakis, V.G., Moscholios, I.D., Logothetis, M.D.: A signature-based intrusion detection system for the internet of things. In: Proceedings of IEICE Information and Communication Technology Forum (ICTF), Graz, Austria, pp. 1–6, July 2018

    Google Scholar 

  17. Islam, S.R., Kwak, D., Kabir, M.H., Hossain, M., Kwak, K.S.: The internet of things for health care: a comprehensive survey. IEEE Access 3, 678–708 (2015). https://doi.org/10.1109/access.2015.2437951

    Article  Google Scholar 

  18. Kambourakis, G., Kolias, C., Stavrou, A.: The Mirai botnet and the IoT zombie armies. In: Military Communications Conference (MILCOM), pp. 267–272. IEEE (2017). https://doi.org/10.1109/MILCOM.2017.8170867

  19. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017). https://doi.org/10.1109/MC.2017.201

    Article  Google Scholar 

  20. Le, A., Loo, J., Chai, K.K., Aiash, M.: A specification-based IDS for detecting attacks on RPL-based network topology. Information 7(2), 1–19 (2016). https://doi.org/10.3390/info7020025

    Article  Google Scholar 

  21. Levis, P., Clausen, T., Hui, J., Gnawali, O., Ko, J.: The Trickle algorithm (2011)

    Google Scholar 

  22. Li, W., Meng, W., Luo, X., Kwok, L.F.: MVPSys: toward practical multi-view based false alarm reduction system in network intrusion detection. Comput. Secur. 60, 177–192 (2016). https://doi.org/10.1016/j.cose.2016.04.007

    Article  Google Scholar 

  23. Liao, H.J., et al.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013). https://doi.org/10.1016/j.jnca.2012.09.004

    Article  Google Scholar 

  24. Lyu, M., Sherratt, D., Sivanathan, A., Gharakheili, H.H., Radford, A., Sivaraman, V.: Quantifying the reflective DDoS attack capability of household iot devices. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 46–51. ACM (2017)

    Google Scholar 

  25. Meng, W., Wang, Y., Li, W., Liu, Z., Li, J., Probst, C.W.: Enhancing intelligent alarm reduction for distributed intrusion detection systems via edge computing. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 759–767. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-93638-3_44

    Chapter  Google Scholar 

  26. Midi, D., Rullo, A., Mudgerikar, A., Bertino, E.: Kalis - A system for knowledge-driven adaptable intrusion detection for the internet of things. In: Proceedings IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, USA, pp. 656–666, June 2017. https://doi.org/10.1109/ICDCS.2017.104

  27. Mosenia, A., Jha, N.K.: A comprehensive study of security of internet-of-things. IEEE Trans. Emerg. Top. Comput. 5(4), 586–602 (2017). https://doi.org/10.1109/tetc.2016.2606384

    Article  Google Scholar 

  28. Muna, A.H., Moustafa, N., Sitnikova, E.: Identification of malicious activities in industrial Internet of things based on deep learning models. J. Inform. Secur. Appl. 41, 1–11 (2018). https://doi.org/10.1016/j.jisa.2018.05.002

    Article  Google Scholar 

  29. Nawir, M., Amir, A., Yaakob, N., Lynn, O.B.: Internet of things (IoT): taxonomy of security attacks. In: Proc. 3rd International Conference on Electronic Design (ICED), pp. 321–326. IEEE (2016). https://doi.org/10.1109/iced.2016.7804660

  30. Osterlind, F., et al.: Cross-level sensor network simulation with COOJA. In: Proceedings of 31st IEEE International Conferene on Local Computer Networks, Tampa, FL, USA, pp. 641–648, November 2006. https://doi.org/10.1109/lcn.2006.322172

  31. Pongle, P., Chavan, G.: A survey: attacks on RPL and 6LoWPAN in IoT. In: Proceedings of International Conference on Pervasive Computing (ICPC), pp. 1–6. IEEE (2015). https://doi.org/10.1109/pervasive.2015.7087034

  32. Raoof, A., Matrawy, A., Lung, C.H.: Routing attacks and mitigation methods for RPL-based internet of things. IEEE Commun. Surv. Tutor. 21, 1582–1606 (2018)

    Article  Google Scholar 

  33. Raza, S., Wallgren, L., Voigt, T.: SVELTE: real-time intrusion detection in the Internet of Things. Ad Hoc Netw. 11(8), 2661–2674 (2013). https://doi.org/10.1016/j.adhoc.2013.04.014

    Article  Google Scholar 

  34. Rghioui, A., Khannous, A., Bouhorma, M.: Denial-of-service attacks on 6LoWPAN-RPL networks: threats and an intrusion detection system proposition. J. Adv. Comput. Sci. Technol. 3(2), 143–153 (2014). https://doi.org/10.14419/jacst.v3i2.3321

    Article  Google Scholar 

  35. Symantec Security Response: Mirai: what you need to know about the botnet behind recent major DDoS attacks, October 2016

    Google Scholar 

  36. Tsiftes, N., Eriksson, J., Dunkels, A.: Low-power wireless IPv6 routing with ContikiRPL. In: Proceedings of 9th ACM/IEEE International Conference on Information Processing in Sensor Networks, pp. 406–407 (2010)

    Google Scholar 

  37. Wallgren, L., Raza, S., Voigt, T.: Routing attacks and countermeasures in the RPL-based Internet of things. Int. J. Distrib. Sens. Netw. 9(8), 1–11 (2013). https://doi.org/10.1155/2013/794326

    Article  Google Scholar 

  38. Wang, D., Cheng, H., Wang, P., Huang, X., Jian, G.: Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 12(11), 2776–2791 (2017)

    Article  Google Scholar 

  39. Wang, D., Wang, P.: The emperor’s new password creation policies. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 456–477. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-319-24177-7_23

    Chapter  Google Scholar 

  40. Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1242–1254. ACM (2016)

    Google Scholar 

  41. Winter, T., et al.: RPL: IPv6 routing protocol for low-power and lossy networks. RFC 6550, March 2012

    Google Scholar 

  42. Yan, Q., Huang, W., Luo, X., Gong, Q., Yu, F.R.: A multi-level DDoS mitigation framework for the industrial internet of things. IEEE Commun. Mag. 56(2), 30–36 (2018)

    Article  Google Scholar 

  43. Yang, Y., et al.: A survey on security and privacy issues in internet-of-things. IEEE Internet Things J. 4(5), 1250–1258 (2017). https://doi.org/10.1109/jiot.2017.2694844

    Article  Google Scholar 

  44. Zarpelão, B.B., Miani, R.S., Kawakani, C.T., de Alvarenga, S.C.: A survey of intrusion detection in internet of things. J. Netw. Comput. Appl. 84, 25–37 (2017). https://doi.org/10.1016/j.jnca.2017.02.009

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of York, York, UK

    Philokypros P. Ioulianou & Vassilios G. Vassilakis

Authors
  1. Philokypros P. Ioulianou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vassilios G. Vassilakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philokypros P. Ioulianou .

Editor information

Editors and Affiliations

  1. Open University of Cyprus, Latsia, Cyprus

    Sokratis Katsikas

  2. IMT Atlantique, Brest, France

    Frédéric Cuppens

  3. IMT Atlantique, Brest, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, GA, USA

    Annie Antón

  8. University of Piraeus, Piraeus, Greece

    Stefanos Gritzalis

  9. Technical University of Berlin, Berlin, Germany

    Frank Pallas

  10. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany

    Jörg Pohle

  11. Ruhr University Bochum, Bochum, Germany

    Angela Sasse

  12. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  13. University of Plymouth, Plymouth, UK

    Steven Furnell

  14. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ioulianou, P.P., Vassilakis, V.G. (2020). Denial-of-Service Attacks and Countermeasures in the RPL-Based Internet of Things. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-42048-2_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-42047-5

  • Online ISBN: 978-3-030-42048-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation