Visible to the public ELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things

TitleELNIDS: Ensemble Learning based Network Intrusion Detection System for RPL based Internet of Things
Publication TypeConference Paper
Year of Publication2019
AuthorsVerma, Abhishek, Ranga, Virender
Conference Name2019 4th International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU)
Date Publishedapr
Keywords6LoWPAN, bagged trees, boosted trees, classification, classifier validation methods, composability, ELNIDS, Ensemble Learning, ensemble learning based network intrusion detection system, global connectivity, heterogeneous smart devices, Internet of Things, Intrusion detection, intrusion detection model, IPv6 Routing Protocol, learning (artificial intelligence), local repair attacks, lossy networks, NIDS, pubcrawl, Resiliency, Routing, routing attacks, Routing protocols, RPL, RPL based Internet of Things, RPL-NIDDS17 dataset, RUSBoosted trees, security of data, smart devices, subspace discriminant method, Vegetation, wireless networks
AbstractInternet of Things is realized by a large number of heterogeneous smart devices which sense, collect and share data with each other over the internet in order to control the physical world. Due to open nature, global connectivity and resource constrained nature of smart devices and wireless networks the Internet of Things is susceptible to various routing attacks. In this paper, we purpose an architecture of Ensemble Learning based Network Intrusion Detection System named ELNIDS for detecting routing attacks against IPv6 Routing Protocol for Low-Power and Lossy Networks. We implement four different ensemble based machine learning classifiers including Boosted Trees, Bagged Trees, Subspace Discriminant and RUSBoosted Trees. To evaluate proposed intrusion detection model we have used RPL-NIDDS17 dataset which contains packet traces of Sinkhole, Blackhole, Sybil, Clone ID, Selective Forwarding, Hello Flooding and Local Repair attacks. Simulation results show the effectiveness of the proposed architecture. We observe that ensemble of Boosted Trees achieve the highest Accuracy of 94.5% while Subspace Discriminant method achieves the lowest Accuracy of 77.8 % among classifier validation methods. Similarly, an ensemble of RUSBoosted Trees achieves the highest Area under ROC value of 0.98 while lowest Area under ROC value of 0.87 is achieved by an ensemble of Subspace Discriminant among all classifier validation methods. All the implemented classifiers show acceptable performance results.
DOI10.1109/IoT-SIU.2019.8777504
Citation Keyverma_elnids_2019