Adaptive Intrusion Detection System for 6LoWPAN

Drastic reduction in the manufacturing cost of sensors and actuators has resulted in considerable growth in the number of smart objects. The so-called Internet of Things (IoT) blends the real and virtual environments and removes time and distance barriers. It is widely perceived as a major enabler for the efficient and effective provision of services across a range of sectors. Low power and lossy networks have grown in importance in recent years. A good deal of work has been carried out to provide routing with desirable characteristics over such networks. Of particular note is the Routing Protocol for Low Power and Lossy Networks, generally referred to as RPL. This is a flexible protocol that can provide routing for the needs of various applications (such as smart agricultural systems, smart-city, and smart-home environments). However, the protocol itself is subject to attack with severe consequences. Researchers have proposed different security infrastructures to mitigate harm to IoT networks. One of these is the Intrusion Detection System (IDS). An IDS is an essential component for network security and is widely adopted to reinforce the security of the Low Power and Lossy Network. IDSs for detecting RPL attacks must also cope with the often significant resource constraints that apply in such networks. Furthermore, due to the evolving nature of 6LoWPAN data streams, the performance of batch-trained/offline IDSs based on machine learning may degrade dramatically when computer network traffic changes.

In this thesis, we empirically investigated several machine learning (ML) algorithms (e.g. OZABagging, KNNADWIN, and One-Class Support Vector Machine), concept-drift detection algorithms (e.g. ADWIN, DDM, and EDDM), and reinforcement learning algorithms (Deep Q-Network and Double Deep Q-Network) to develop efficient, robust, and generalised IDSs for 6LoWPAN. For the first time, we propose an adaptive hybrid ML-based IDS to efficiently identify a wide range of RPL attacks in an evolving network environment. We propose an adversarial reinforcement learning framework to generate efficient and generalised incremental ML-based IDS agents for 6LoWPAN.

We apply our frameworks to networks under various numbers of nodes with varying levels of mobility and node maliciousness. To emulate different RPL attacks and measure the performance of the proposed schemes, we use the Tetcos Netsim simulator.
The proposed schemes can detect various RPL attacks, including several intrusions unaddressed by current research. The outcomes of our experiments show that the proposed schemes are well suited to the resource-constrained environments of our target networks.