Adaptive Hybrid Heterogeneous IDS for 6LoWPAN

TL;DR

This paper introduces the first adaptive hybrid intrusion detection system for 6LoWPAN networks that effectively detects multiple RPL attacks in dynamic environments using incremental machine learning and concept drift detection.

Contribution

It presents a novel adaptive hybrid IDS capable of identifying various RPL attacks in evolving data environments, addressing limitations of previous stationary and attack-specific methods.

Findings

Effective detection of multiple RPL attacks including DIO Suppression, Increase Rank, and Worst Parent.

Demonstrated robustness of the IDS in environments with node mobility and malicious activity.

Optimal settings identified for machine learning and concept drift detection mechanisms.

Abstract

IPv6 over Low-powered Wireless Personal Area Networks (6LoWPAN) have grown in importance in recent years, with the Routing Protocol for Low Power and Lossy Networks (RPL) emerging as a major enabler. However, RPL can be subject to attack, with severe consequences. Most proposed IDSs have been limited to specific RPL attacks and typically assume a stationary environment. In this article, we propose the first adaptive hybrid IDS to efficiently detect and identify a wide range of RPL attacks (including DIO Suppression, Increase Rank, and Worst Parent attacks, which have been overlooked in the literature) in evolving data environments. We apply our framework to networks under various levels of node mobility and maliciousness. We experiment with several incremental machine learning (ML) approaches and various 'concept-drift detection' mechanisms (e.g. ADWIN, DDM, and EDDM) to determine the best underlying settings for the proposed scheme.