IoT-Sentry: A Cross-Layer-Based Intrusion Detection System in Standardized Internet of Things

Abstract

With the widespread expansion of internet connected devices, securing the Internet of Things (IoT) has become one of the biggest challenges and a crucial issue for ensuring a secure and robust IoT vision. The usage of adhoc topologies and the resource constraints of IoT devices and networks makes first line of defense mechanisms like cryptography unsuitable to implement. Therefore, second line of defense mechanisms such as the intrusion detection system become fundamental to detect attacks. In this work, we propose IoT-Sentry, a cross-layer intrusion detection system to detect five different attacks with zero additional overhead. Also, there is a lack of rich, illustrative and concise public datasets in IoT for evaluation of intrusion detection models for IoT networks. Our research work fills this research gap by (1) developing a novel cross-layer IoT dataset which contains four simulation instances for the five attacks in static IoT networks with up to 100 nodes, (2) utilize novel features of cross-layer attacks, and (3) employ ensemble learning model to detect IoT attacks. In our work, the Cooja IoT simulator has been utilized for generating malicious and benign traffic. The IoT attack dataset is then analyzed and fed into centralized detection module implemented at the 6LoWPAN border router. On evaluation, IoT-Sentry achieves on average an accuracy of 99% for 4 out of 5 attacks. To the best of our knowledge, this is the first time that cross layer intrusion detection system catering to five attacks from different layers is developed for securing standardized IoT networks.