Hybrid Deep Learning-Based Intrusion Detection System for RPL IoT Networks

Internet of things (IoT) has become an emerging technology transforming everyday physical objects to be smarter by using underlying technologies such as sensor networks. The routing protocol for low-power and lossy networks (RPL) is considered one of the promising protocols designed for the IoT netw...

Full description

Saved in:
Bibliographic Details
Published in:Journal of sensor and actuator networks Vol. 12; no. 2; p. 21
Main Authors: Al Sawafi, Yahya, Touzene, Abderezak, Hedjam, Rachid
Format: Journal Article
Language:English
Published: Basel MDPI AG 01-04-2023
Subjects:
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Internet of things (IoT) has become an emerging technology transforming everyday physical objects to be smarter by using underlying technologies such as sensor networks. The routing protocol for low-power and lossy networks (RPL) is considered one of the promising protocols designed for the IoT networks. However, due to the constrained nature of the IoT devices in terms of memory, processing power, and network capabilities, they are exposed to many security attacks. Unfortunately, the existing Intrusion Detection System (IDS) approaches using machine learning that have been proposed to detect and mitigate security attacks in internet networks are not suitable for analyzing IoT traffics. This paper proposed an IDS system using the hybridization of supervised and semi-supervised deep learning for network traffic classification for known and unknown abnormal behaviors in the IoT environment. In addition, we have developed a new IoT specialized dataset named IoTR-DS, using the RPL protocol. IoTR-DS is used as a use case to classify three known security attacks (DIS, Rank, and Wormhole). The proposed Hybrid DL-Based IDS is evaluated and compared to some existing ones, and the results are promising. The evaluation results show an accuracy detection rate of 98% and 92% in f1-score for multi-class attacks when using pre-trained attacks (known traffic) and an average accuracy of 95% and 87% in f1-score when predicting untrained attacks for two attack behaviors (unknown traffic).
ISSN:2224-2708
2224-2708
DOI:10.3390/jsan12020021