Cyber attacks have become more common and sophisticated in the new age of technology. Intrusion detection systems were designed to detect attacks while they are being carried out and many applications have been deployed in IoT, showing great effectiveness to identify anomalies. However, almost all of them are built under a conventional scheme where network traffic is generated by services based on a client-server architecture. Pure Zigbee networks are distinguished by the connection between end devices and do not generate this kind of network traffic because Zigbee protocol stack is limited. Because of this, many of the variables presented in related works to train machine learning algorithms are not present in such a network. This would generate effects such as data theft, identity theft, permanent loss of information and even manipulation of devices, something significantly serious in the area of unmanned vehicles. The purpose of this article is to expose variables obtained from pure Zigbee in a distributed environment can be used to identify intrusions in a simulated test case such as the connection between unmanned vehicles. In this way, a new identification approach is introduced, within end devices are focused instead network traffic only to identify anomalies. It is intended to demonstrate that CPU and RAM variables analysis directly from end devices allow an effective identification in packet storm denial of service attacks and that they would be a considerable option to avoid end effects. Keywords: Intrusion Detection System, Zigbee Networks, Unmanned Aerial Vehicles, Denial of Service, Support Vector Machines.
Read full abstract