Abstract
It is well recognized that security will play a major role in enabling most of the applications envisioned for the Internet of Things (IoT). We must also note that most of such applications will employ sensing and actuating devices integrated with the Internet communications infrastructure and, from the minute such devices start to support end-to-end communications with external (Internet) hosts, they will be exposed to all kinds of threats and attacks. With this in mind, we propose an IDS framework for the detection and prevention of attacks in the context of Internet-integrated CoAP communication environments and, in the context of this framework, we implement and experimentally evaluate the effectiveness of anomaly-based intrusion detection, with the goal of detecting Denial of Service (DoS) attacks and attacks against the 6LoWPAN and CoAP communication protocols. From the results obtained in our experimental evaluation we observe that the proposed approach may viably protect devices against the considered attacks. We are able to achieve an accuracy of 93% considering the multi-class problem, thus when the pattern of specific intrusions is known. Considering the binary class problem, which allows us to recognize compromised devices, and though a lower accuracy of 92% is observed, a recall and an F_Measure of 98% were achieved. As far as our knowledge goes, ours is the first proposal targeting the usage of anomaly detection and prevention approaches to deal with application-layer and DoS attacks in 6LoWPAN and CoAP communication environments.
Highlights
It is a well known fact that most of the applications envisioned for the Internet of Things (IoT) will be supported by sensing and actuating devices which are constrained in terms of the available energy, memory and computational performance
We find it important to start by identifying the threat model considered, and in this context we focus on internal attackers, devices that are able to participate in 6LoWPAN and Constrained Application Protocol (CoAP)
In this article we have proposed an IDS framework for the detection and prevention of attacks in Internet-integrated CoAP networks, and in the context of this framework we have evaluated the effectiveness of employing anomaly-based intrusion detection in preventing Denial of Service (DoS) attacks against such communication environments
Summary
It is a well known fact that most of the applications envisioned for the IoT will be supported (at least partially) by sensing and actuating devices which are constrained in terms of the available energy, memory and computational performance. The integration of such devices with the Internet communications infrastructure will enable end-to-end communications with other devices, anywhere on the Internet, and new avenues for attacks from such less resource-constrained hosts. With this motivation in mind, in this article we propose an anomaly-based intrusion detection and prevention framework for Internet-integrated CoAP sensor networks, in the context which we implement and experimentally
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
