Compression Header Analyzer Intrusion Detection System (CHA - IDS) for 6LoWPAN Communication Protocol

Mohamad Nazrin Napiah, Mohd Yamani Idna Bin Idris*, Roziana Ramli, Ismail Ahmedy

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

89 Citations (Scopus)

Abstract

Prior 6LoWPAN intrusion detection system (IDS) utilized several features to detect various malicious activities. However, these IDS methods only detect specific attack but fails when the attacks are combined. In this paper, we propose an IDS known as compression header analyzer intrusion detection system (CHA-IDS) that analyzes 6LoWPAN compression header data to mitigate the individual and combination routing attacks. CHA-IDS is a multi-agent system framework that capture and manage raw data for data collection, analysis, and system actions. The proposed CHA-IDS utilize best first and greedy stepwise with correlation-based feature selection to determine only significant features needed for the intrusion detection. These features are then tested using six machine learning algorithms to find the best classification method that able to distinguish between an attack and non-attack and then from the best classification method, we devise a rule to be implemented in Tmote Sky. To ensure the reliability of our proposed method, we evaluate the CHA-IDS with three types of combination attacks known as hello flood, sinkhole, and wormhole. We also compare our results in term of accuracy of detection, energy overhead, and memory consumption with the prior 6LoWPAN-IDS implementation such as SVELTE and Pongle's IDS. The results show that CHA-IDS performs better than the aforementioned methods with 99% true positive rate and consumed low energy overhead and memory that fit in constrained device such Tmote Sky.

Original languageEnglish
Pages (from-to)16623-16638
Number of pages16
JournalIEEE Access
Volume6
DOIs
Publication statusPublished - 26 Jan 2018
Externally publishedYes

Keywords

  • 6LoWPAN
  • compression header
  • Internet of Things
  • machine learning
  • routing attack
  • RPL
  • security

Cite this