A Novel Insider Attack and Machine Learning Based Detection for the Internet of Things

Abstract

Due to the widespread functional benefits, such as supporting internet connectivity, having high visibility and enabling easy connectivity between sensors, the Internet of Things (IoT) has become popular and used in many applications, such as for smart city, smart health, smart home, and smart vehicle realizations. These IoT-based systems contribute to both daily life and business, including sensitive and emergency situations. In general, the devices or sensors used in the IoT have very limited computational power, storage capacity, and communication capabilities, but they help to collect a large amount of data as well as maintain communication with the other devices in the network. Since most of the IoT devices have no physical security, and often are open to everyone via radio communication and via the internet, they are highly vulnerable to existing and emerging novel security attacks. Further, the IoT devices are usually integrated with the corporate networks; in this case, the impact of attacks will be much more significant than operating in isolation. Due to the constraints of the IoT devices, and the nature of their operation, existing security mechanisms are less effective for countering the attacks that are specific to the IoT-based systems. This article presents a new insider attack, named loophole attack, that exploits the vulnerabilities present in a widely used IPv6 routing protocol in IoT-based systems, called RPL (Routing over Low Power and Lossy Networks). To protect the IoT system from this insider attack, a machine learning based security mechanism is presented. The proposed attack has been implemented using a Contiki IoT operating system that runs on the Cooja simulator, and the impacts of the attack are analyzed. Evaluation on the collected network traffic data demonstrates that the machine learning based approaches, along with the proposed features, help to accurately detect the insider attack from the network traffic data.