Exploring and Enhancing Placement of IDS in RPL: A Federated Learning-based Approach

TL;DR

This paper evaluates IDS placement in RPL networks, highlighting the impact of attacker position, and introduces a federated learning approach to improve detection, reduce communication overhead, and enhance security in lossy network environments.

Contribution

It is the first to apply federated learning for IDS placement in RPL, addressing attacker position effects and optimizing detection with minimal communication overhead.

Findings

Attacker position significantly affects detection performance.

Federated learning improves detection accuracy and privacy.

FL reduces communication overhead and mitigates packet loss issues.

Abstract

In RPL security, intrusion detection (ID) plays a vital role, especially given its susceptibility to attacks, particularly those carried out by insider threats. While numerous studies in the literature have proposed intrusion detection systems (IDS) utilizing diverse techniques, the placement of such systems within RPL topology remains largely unexplored. This study aims to address this gap by rigorously evaluating three intrusion detection architectures, considering central and distributed placement, across multiple criteria including effectiveness, cost, privacy, and security. The findings underscore the significant impact of attacker position and the proximity of IDS to attackers on detection outcomes. Hence, alongside the evaluation of traditional intrusion detection architectures, this study explores the use of federated learning (FL) for improving intrusion detection within RPL networks. FL's decentralized model training approach effectively addresses the impact of attacker position on IDS performance by ensuring the collection of relevant information from nodes regardless of their proximity to potential attackers. Moreover, this approach not only mitigates security concerns but also minimizes communication overhead among ID nodes. Consequently, FL reduces the need for extensive data transfer, thus mitigating the impact of packet loss and latency inherent in lossy networks. Additionally, the study investigates the effect of local data sharing on FL performance, clarifying the balance between effectiveness and security.