A Trust Based Anomaly Detection Scheme Using a Hybrid Deep Learning Model for IoT Routing Attacks Mitigation

Internet of Things (IoT), as a remarkable paradigm, establishes a wide range of applications in various industries like healthcare, smart homes, smart cities, agriculture, transportation, and military domains. This widespread technology provides a general platform for heterogeneous objects to connect, exchange, and process gathered information. Beside significant efficiency and productivity impacts of IoT technology, security and privacy concerns have emerged more than ever. The routing protocol for low power and lossy networks (RPL) which is standardized for IoT environment, suffers from the basic security considerations, which makes it vulnerable to many well-known attacks. Several security solutions have been proposed to address routing attacks detection in RPL-based IoT, most of which are based on machine learning techniques, intrusion detection systems and trust-based approaches. Securing RPL-based IoT networks is challenging because resource constraint IoT devices are connected to untrusted Internet, the communication links are lossy and the devices use a set of novel and heterogenous technologies. Therefore, providing light-weight security mechanisms play a vital role in timely detection and prevention of IoT routing attacks. In this paper, we proposed a novel anomaly detection-based trust management model using the concepts of sequence prediction and deep learning. We have formulated the problem of routing behavior anomaly detection as a time series forecasting method, which is solved based on a stacked long-short term memory (LSTM) sequence to sequence autoencoder; that is, a hybrid training model of recurrent neural networks and autoencoders. The proposed model is then utilized to provide a detection mechanism to address four prevalent and destructive RPL attacks including: black-hole attack, destination-oriented directed acyclic graph (DODAG) information solicitation (DIS) flooding attack, version number (VN) attack, and decreased rank (DR) attack. In order to evaluate the efficiency and effectiveness of the proposed model in timely detection of RPL-specific routing attacks, we have implemented the proposed model on several RPL-based IoT scenarios simulated using Contiki Cooja simulator separately, and the results have been compared in details. According to the presented results, the implemented detection scheme on all attack scenarios, demonstrated that the trend of estimated anomaly between real and predicted routing behavior is similar to the evaluated attack frequency of malicious nodes during the RPL process and in contrast, analyzed trust scores represent an opposite pattern, which shows high accurate and timely detection of attack incidences using our proposed trust scheme.