Detecting FDI Attack on Dense IoT Network with Distributed Filtering Collaboration and Consensus

TL;DR

This paper presents CONFINIT, a distributed intrusion detection system that uses collaborative consensus and watchdog surveillance to detect false data injection attacks in dense IoT networks, achieving high detection accuracy.

Contribution

It introduces a novel detection system combining surveillance and consensus for FDI attack detection in dense IoT environments, addressing a gap in data validation methods.

Findings

Detection rate of 99% for FDI attacks

False negative rate of 3.2%

False positive rate of 3.6%

Abstract

The rise of IoT has made possible the development of %increasingly personalized services, like industrial services that often deal with massive amounts of data. However, as IoT grows, its threats are even greater. The false data injection (FDI) attack stands out as being one of the most harmful to data networks like IoT. The majority of current systems to handle this attack do not take into account the data validation, especially on the data clustering service. This work introduces CONFINIT, an intrusion detection system against FDI attacks on the data dissemination service into dense IoT. It combines watchdog surveillance and collaborative consensus among IoT devices for getting the swift detection of attackers. CONFINIT was evaluated in the NS-3 simulator into a dense industrial IoT and it has gotten detection rates of 99%, 3.2% of false negative and 3.6% of false positive rates, adding up to 35% in clustering without FDI attackers.