Visible to the public Biblio

Found 115 results

Filters: Keyword is telecommunication traffic  [Clear All Filters]
2020-01-02
Hagan, Matthew, Kang, BooJoong, McLaughlin, Kieran, Sezer, Sakir.  2018.  Peer Based Tracking Using Multi-Tuple Indexing for Network Traffic Analysis and Malware Detection. 2018 16th Annual Conference on Privacy, Security and Trust (PST). :1–5.

Traditional firewalls, Intrusion Detection Systems(IDS) and network analytics tools extensively use the `flow' connection concept, consisting of five `tuples' of source and destination IP, ports and protocol type, for classification and management of network activities. By analysing flows, information can be obtained from TCP/IP fields and packet content to give an understanding of what is being transferred within a single connection. As networks have evolved to incorporate more connections and greater bandwidth, particularly from ``always on'' IoT devices and video and data streaming, so too have malicious network threats, whose communication methods have increased in sophistication. As a result, the concept of the 5 tuple flow in isolation is unable to detect such threats and malicious behaviours. This is due to factors such as the length of time and data required to understand the network traffic behaviour, which cannot be accomplished by observing a single connection. To alleviate this issue, this paper proposes the use of additional, two tuple and single tuple flow types to associate multiple 5 tuple communications, with generated metadata used to profile individual connnection behaviour. This proposed approach enables advanced linking of different connections and behaviours, developing a clearer picture as to what network activities have been taking place over a prolonged period of time. To demonstrate the capability of this approach, an expert system rule set has been developed to detect the presence of a multi-peered ZeuS botnet, which communicates by making multiple connections with multiple hosts, thus undetectable to standard IDS systems observing 5 tuple flow types in isolation. Finally, as the solution is rule based, this implementation operates in realtime and does not require post-processing and analytics of other research solutions. This paper aims to demonstrate possible applications for next generation firewalls and methods to acquire additional information from network traffic.

Mar\'ın, Gonzalo, Casas, Pedro, Capdehourat, Germán.  2019.  Deep in the Dark - Deep Learning-Based Malware Traffic Detection Without Expert Knowledge. 2019 IEEE Security and Privacy Workshops (SPW). :36–42.

With the ever-growing occurrence of networking attacks, robust network security systems are essential to prevent and mitigate their harming effects. In recent years, machine learning-based systems have gain popularity for network security applications, usually considering the application of shallow models, where a set of expert handcrafted features are needed to pre-process the data before training. The main problem with this approach is that handcrafted features can fail to perform well given different kinds of scenarios and problems. Deep Learning models can solve this kind of issues using their ability to learn feature representations from input raw or basic, non-processed data. In this paper we explore the power of deep learning models on the specific problem of detection and classification of malware network traffic, using different representations for the input data. As a major advantage as compared to the state of the art, we consider raw measurements coming directly from the stream of monitored bytes as the input to the proposed models, and evaluate different raw-traffic feature representations, including packet and flow-level ones. Our results suggest that deep learning models can better capture the underlying statistics of malicious traffic as compared to classical, shallow-like models, even while operating in the dark, i.e., without any sort of expert handcrafted inputs.

2019-12-18
Kirti, Agrawal, Namrata, Kumar, Sunil, Sah, D.K..  2018.  Prevention of DDoS Attack through Harmonic Homogeneity Difference Mechanism on Traffic Flow. 2018 4th International Conference on Recent Advances in Information Technology (RAIT). :1-6.

The ever rising attacks on IT infrastructure, especially on networks has become the cause of anxiety for the IT professionals and the people venturing in the cyber-world. There are numerous instances wherein the vulnerabilities in the network has been exploited by the attackers leading to huge financial loss. Distributed denial of service (DDoS) is one of the most indirect security attack on computer networks. Many active computer bots or zombies start flooding the servers with requests, but due to its distributed nature throughout the Internet, it cannot simply be terminated at server side. Once the DDoS attack initiates, it causes huge overhead to the servers in terms of its processing capability and service delivery. Though, the study and analysis of request packets may help in distinguishing the legitimate users from among the malicious attackers but such detection becomes non-viable due to continuous flooding of packets on servers and eventually leads to denial of service to the authorized users. In the present research, we propose traffic flow and flow count variable based prevention mechanism with the difference in homogeneity. Its simplicity and practical approach facilitates the detection of DDoS attack at the early stage which helps in prevention of the attack and the subsequent damage. Further, simulation result based on different instances of time has been shown on T-value including generation of simple and harmonic homogeneity for observing the real time request difference and gaps.

Chugunkov, Ilya V., Fedorov, Leonid O., Achmiz, Bela Sh., Sayfullina, Zarina R..  2018.  Development of the Algorithm for Protection against DDoS-Attacks of Type Pulse Wave. 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :292-294.

Protection from DDoS-attacks is one of the most urgent problems in the world of network technologies. And while protect systems has algorithms for detection and preventing DDoS attacks, there are still some unresolved problems. This article is devoted to the DDoS-attack called Pulse Wave. Providing a brief introduction to the world of network technologies and DDoS-attacks, in particular, aims at the algorithm for protecting against DDoS-attack Pulse Wave. The main goal of this article is the implementation of traffic classifier that adds rules for infected computers to put them into a separate queue with limited bandwidth. This approach reduces their load on the service and, thus, firewall neutralises the attack.

Dincalp, Uygar, Güzel, Mehmet Serdar, Sevine, Omer, Bostanci, Erkan, Askerzade, Iman.  2018.  Anomaly Based Distributed Denial of Service Attack Detection and Prevention with Machine Learning. 2018 2nd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT). :1-4.

Everyday., the DoS/DDoS attacks are increasing all over the world and the ways attackers are using changing continuously. This increase and variety on the attacks are affecting the governments, institutions, organizations and corporations in a bad way. Every successful attack is causing them to lose money and lose reputation in return. This paper presents an introduction to a method which can show what the attack and where the attack based on. This is tried to be achieved with using clustering algorithm DBSCAN on network traffic because of the change and variety in attack vectors.

Saharan, Shail, Gupta, Vishal.  2019.  Prevention and Mitigation of DNS Based DDoS Attacks in SDN Environment. 2019 11th International Conference on Communication Systems Networks (COMSNETS). :571-573.

Denial-of-Service attack (DoS attack) is an attack on network in which an attacker tries to disrupt the availability of network resources by overwhelming the target network with attack packets. In DoS attack it is typically done using a single source, and in a Distributed Denial-of-Service attack (DDoS attack), like the name suggests, multiple sources are used to flood the incoming traffic of victim. Typically, such attacks use vulnerabilities of Domain Name System (DNS) protocol and IP spoofing to disrupt the normal functioning of service provider or Internet user. The attacks involving DNS, or attacks exploiting vulnerabilities of DNS are known as DNS based DDOS attacks. Many of the proposed DNS based DDoS solutions try to prevent/mitigate such attacks using some intelligent non-``network layer'' (typically application layer) protocols. Utilizing the flexibility and programmability aspects of Software Defined Networks (SDN), via this proposed doctoral research it is intended to make underlying network intelligent enough so as to prevent DNS based DDoS attacks.

Lawal, Babatunde Hafis, Nuray, A. T..  2018.  Real-time detection and mitigation of distributed denial of service (DDoS) attacks in software defined networking (SDN). 2018 26th Signal Processing and Communications Applications Conference (SIU). :1–4.
The emergence of Software Defined Network (SDN) and its promises in networking technology has gotten every stakeholder excited. However, it is believed that every technological development comes with its own challenges of which the most prominent in this case is security. This paper presents a real time detection of the distributed denial of service (DDoS) attacks on the SDN and a control method based on the sFlow mitigation technology. sFlow analyses samples of packets collected from the network traffic and generates handling rules to be sent to the controller in case of an attack detection. The implementation was done by emulating the network in Mininet which runs on a Virtual Machine (VM) and it was shown that the proposed method effectively detects and mitigates DDoS attacks.
Essaid, Meryam, Kim, DaeYong, Maeng, Soo Hoon, Park, Sejin, Ju, Hong Taek.  2019.  A Collaborative DDoS Mitigation Solution Based on Ethereum Smart Contract and RNN-LSTM. 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS). :1–6.
Recently Distributed Denial-of-Service (DDoS) are becoming more and more sophisticated, which makes the existing defence systems not capable of tolerating by themselves against wide-ranging attacks. Thus, collaborative protection mitigation has become a needed alternative to extend defence mechanisms. However, the existing coordinated DDoS mitigation approaches either they require a complex configuration or are highly-priced. Blockchain technology offers a solution that reduces the complexity of signalling DDoS system, as well as a platform where many autonomous systems (Ass) can share hardware resources and defence capabilities for an effective DDoS defence. In this work, we also used a Deep learning DDoS detection system; we identify individual DDoS attack class and also define whether the incoming traffic is legitimate or attack. By classifying the attack traffic flow separately, our proposed mitigation technique could deny only the specific traffic causing the attack, instead of blocking all the traffic coming towards the victim(s).
2019-12-16
Zhou, Liming, Shan, Yingzi, Chen, Xiaopan.  2019.  An Anonymous Routing Scheme for Preserving Location Privacy in Wireless Sensor Networks. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :262-265.

Wireless sensor networks consist of various sensors that are deployed to monitor the physical world. And many existing security schemes use traditional cryptography theory to protect message content and contextual information. However, we are concerned about location security of nodes. In this paper, we propose an anonymous routing strategy for preserving location privacy (ARPLP), which sets a proxy source node to hide the location of real source node. And the real source node randomly selects several neighbors as receivers until the packets are transmitted to the proxy source. And the proxy source is randomly selected so that the adversary finds it difficult to obtain the location information of the real source node. Meanwhile, our scheme sets a branch area around the sink, which can disturb the adversary by increasing the routing branch. According to the analysis and simulation experiments, our scheme can reduce traffic consumption and communication delay, and improve the security of source node and base station.

McDermott, Christopher D., Jeannelle, Bastien, Isaacs, John P..  2019.  Towards a Conversational Agent for Threat Detection in the Internet of Things. 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA). :1–8.
A conversational agent to detect anomalous traffic in consumer IoT networks is presented. The agent accepts two inputs in the form of user speech received by Amazon Alexa enabled devices, and classified IDS logs stored in a DynamoDB Table. Aural analysis is used to query the database of network traffic, and respond accordingly. In doing so, this paper presents a solution to the problem of making consumers situationally aware when their IoT devices are infected, and anomalous traffic has been detected. The proposed conversational agent addresses the issue of how to present network information to non-technical users, for better comprehension, and improves awareness of threats derived from the mirai botnet malware.
2019-10-02
Alkadi, A., Chi, H., Prodanoff, Z. G., Kreidl, P..  2018.  Evaluation of Two RFID Traffic Models with Potential in Anomaly Detection. SoutheastCon 2018. :1–5.

The use of Knuth's Rule and Bayesian Blocks constant piecewise models for characterization of RFID traffic has been proposed already. This study presents an evaluation of the application of those two modeling techniques for various RFID traffic patterns. The data sets used in this study consist of time series of binned RFID command counts. More specifically., we compare the shape of several empirical plots of raw data sets we obtained from experimental RIFD readings., against the constant piecewise graphs produced as an output of the two modeling algorithms. One issue limiting the applicability of modeling techniques to RFID traffic is the fact that there are a large number of various RFID applications available. We consider this phenomenon to present the main motivation for this study. The general expectation is that the RFID traffic traces from different applications would be sequences with different histogram shapes. Therefore., no modeling technique could be considered universal for modeling the traffic from multiple RFID applications., without first evaluating its model performance for various traffic patterns. We postulate that differences in traffic patterns are present if the histograms of two different sets of RFID traces form visually different plot shapes.

2019-09-05
Nasseralfoghara, M., Hamidi, H..  2019.  Web Covert Timing Channels Detection Based on Entropy. 2019 5th International Conference on Web Research (ICWR). :12-15.

Todays analyzing web weaknesses and vulnerabilities in order to find security attacks has become more urgent. In case there is a communication contrary to the system security policies, a covert channel has been created. The attacker can easily disclosure information from the victim's system with just one public access permission. Covert timing channels, unlike covert storage channels, do not have memory storage and they draw less attention. Different methods have been proposed for their identification, which generally benefit from the shape of traffic and the channel's regularity. In this article, an entropy-based detection method is designed and implemented. The attacker can adjust the amount of channel entropy by controlling measures such as changing the channel's level or creating noise on the channel to protect from the analyst's detection. As a result, the entropy threshold is not always constant for detection. By comparing the entropy from different levels of the channel and the analyst, we conclude that the analyst must investigate traffic at all possible levels.

Belozubova, A., Epishkina, A., Kogos, K..  2018.  Dummy Traffic Generation to Limit Timing Covert Channels. 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :1472-1476.
Covert channels are used to hidden transmit information and violate the security policy. What is more it is possible to construct covert channel in such manner that protection system is not able to detect it. IP timing covert channels are objects for research in the article. The focus of the paper is the research of how one can counteract an information leakage by dummy traffic generation. The covert channel capacity formula has been obtained in case of counteraction. In conclusion, the examples of counteraction tool parameter calculation are given.
Elsadig, M. A., Fadlalla, Y. A..  2018.  Packet Length Covert Channel: A Detection Scheme. 2018 1st International Conference on Computer Applications Information Security (ICCAIS). :1-7.

A covert channel is a communication channel that is subjugated for illegal flow of information in a way that violates system security policies. It is a dangerous, invisible, undetectable, and developed security attack. Recently, Packet length covert channel has motivated many researchers as it is a one of the most undetectable network covert channels. Packet length covert channel generates a covert traffic that is very similar to normal terrific which complicates the detection of such type of covert channels. This motivates us to introduce a machine learning based detection scheme. Recently, a machine learning approach has proved its capability in many different fields especially in security field as it usually brings up a reliable and realistic results. Based in our developed content and frequency-based features, the developed detection scheme has been fully trained and tested. Our detection scheme has gained an excellent degree of detection accuracy which reaches 98% (zero false negative rate and 0.02 false positive rate).

2019-08-05
He, X., Zhang, Q., Han, Z..  2018.  The Hamiltonian of Data Center Network BCCC. 2018 IEEE 4th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS). :147–150.

With the development of cloud computing the topology properties of data center network are important to the computing resources. Recently a data center network structure - BCCC is proposed, which is recursively built structure with many good properties. and expandability. The Hamiltonian and expandability in data center network structure plays an extremely important role in network communication. This paper described the Hamiltonian and expandability of the expandable data center network for BCCC structure, the important role of Hamiltonian and expandability in network traffic.

2019-06-17
Gu, R., Zhang, X., Yu, L., Zhang, J..  2018.  Enhancing Security and Scalability in Software Defined LTE Core Networks. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :837–842.

The rapid development of mobile networks has revolutionized the way of accessing the Internet. The exponential growth of mobile subscribers, devices and various applications frequently brings about excessive traffic in mobile networks. The demand for higher data rates, lower latency and seamless handover further drive the demand for the improved mobile network design. However, traditional methods can no longer offer cost-efficient solutions for better user quality of experience with fast time-to-market. Recent work adopts SDN in LTE core networks to meet the requirement. In these software defined LTE core networks, scalability and security become important design issues that must be considered seriously. In this paper, we propose a scalable channel security scheme for the software defined LTE core network. It applies the VxLAN for scalable tunnel establishment and MACsec for security enhancement. According to our evaluation, the proposed scheme not only enhances the security of the channel communication between different network components, but also improves the flexibility and scalability of the core network with little performance penalty. Moreover, it can also shed light on the design of the next generation cellular network.

2019-06-10
Jiang, J., Yin, Q., Shi, Z., Li, M..  2018.  Comprehensive Behavior Profiling Model for Malware Classification. 2018 IEEE Symposium on Computers and Communications (ISCC). :00129-00135.

In view of the great threat posed by malware and the rapid growing trend about malware variants, it is necessary to determine the category of new samples accurately for further analysis and taking appropriate countermeasures. The network behavior based classification methods have become more popular now. However, the behavior profiling models they used usually only depict partial network behavior of samples or require specific traffic selection in advance, which may lead to adverse effects on categorizing advanced malware with complex activities. In this paper, to overcome the shortages of traditional models, we raise a comprehensive behavior model for profiling the behavior of malware network activities. And we also propose a corresponding malware classification method which can extract and compare the major behavior of samples. The experimental and comparison results not only demonstrate our method can categorize samples accurately in both criteria, but also prove the advantage of our profiling model to two other approaches in accuracy performance, especially under scenario based criteria.

Ponmaniraj, S., Rashmi, R., Anand, M. V..  2018.  IDS Based Network Security Architecture with TCP/IP Parameters Using Machine Learning. 2018 International Conference on Computing, Power and Communication Technologies (GUCON). :111-114.

This computer era leads human to interact with computers and networks but there is no such solution to get rid of security problems. Securities threats misleads internet, we are sometimes losing our hope and reliability with many server based access. Even though many more crypto algorithms are coming for integrity and authentic data in computer access still there is a non reliable threat penetrates inconsistent vulnerabilities in networks. These vulnerable sites are taking control over the user's computer and doing harmful actions without user's privileges. Though Firewalls and protocols may support our browsers via setting certain rules, still our system couldn't support for data reliability and confidentiality. Since these problems are based on network access, lets we consider TCP/IP parameters as a dataset for analysis. By doing preprocess of TCP/IP packets we can build sovereign model on data set and clump cluster. Further the data set gets classified into regular traffic pattern and anonymous pattern using KNN classification algorithm. Based on obtained pattern for normal and threats data sets, security devices and system will set rules and guidelines to learn by it to take needed stroke. This paper analysis the computer to learn security actions from the given data sets which already exist in the previous happens.

Hu, Y., Li, X., Liu, J., Ding, H., Gong, Y., Fang, Y..  2018.  Mitigating Traffic Analysis Attack in Smartphones with Edge Network Assistance. 2018 IEEE International Conference on Communications (ICC). :1–6.

With the growth of smartphone sales and app usage, fingerprinting and identification of smartphone apps have become a considerable threat to user security and privacy. Traffic analysis is one of the most common methods for identifying apps. Traditional countermeasures towards traffic analysis includes traffic morphing and multipath routing. The basic idea of multipath routing is to increase the difficulty for adversary to eavesdrop all traffic by splitting traffic into several subflows and transmitting them through different routes. Previous works in multipath routing mainly focus on Wireless Sensor Networks (WSNs) or Mobile Ad Hoc Networks (MANETs). In this paper, we propose a multipath routing scheme for smartphones with edge network assistance to mitigate traffic analysis attack. We consider an adversary with limited capability, that is, he can only intercept the traffic of one node following certain attack probability, and try to minimize the traffic an adversary can intercept. We formulate our design as a flow routing optimization problem. Then a heuristic algorithm is proposed to solve the problem. Finally, we present the simulation results for our scheme and justify that our scheme can effectively protect smartphones from traffic analysis attack.

2019-05-01
Ren, W., Yardley, T., Nahrstedt, K..  2018.  EDMAND: Edge-Based Multi-Level Anomaly Detection for SCADA Networks. 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1-7.

Supervisory Control and Data Acquisition (SCADA) systems play a critical role in the operation of large-scale distributed industrial systems. There are many vulnerabilities in SCADA systems and inadvertent events or malicious attacks from outside as well as inside could lead to catastrophic consequences. Network-based intrusion detection is a preferred approach to provide security analysis for SCADA systems due to its less intrusive nature. Data in SCADA network traffic can be generally divided into transport, operation, and content levels. Most existing solutions only focus on monitoring and event detection of one or two levels of data, which is not enough to detect and reason about attacks in all three levels. In this paper, we develop a novel edge-based multi-level anomaly detection framework for SCADA networks named EDMAND. EDMAND monitors all three levels of network traffic data and applies appropriate anomaly detection methods based on the distinct characteristics of data. Alerts are generated, aggregated, prioritized before sent back to control centers. A prototype of the framework is built to evaluate the detection ability and time overhead of it.

2019-04-05
Bapat, R., Mandya, A., Liu, X., Abraham, B., Brown, D. E., Kang, H., Veeraraghavan, M..  2018.  Identifying Malicious Botnet Traffic Using Logistic Regression. 2018 Systems and Information Engineering Design Symposium (SIEDS). :266-271.

An important source of cyber-attacks is malware, which proliferates in different forms such as botnets. The botnet malware typically looks for vulnerable devices across the Internet, rather than targeting specific individuals, companies or industries. It attempts to infect as many connected devices as possible, using their resources for automated tasks that may cause significant economic and social harm while being hidden to the user and device. Thus, it becomes very difficult to detect such activity. A considerable amount of research has been conducted to detect and prevent botnet infestation. In this paper, we attempt to create a foundation for an anomaly-based intrusion detection system using a statistical learning method to improve network security and reduce human involvement in botnet detection. We focus on identifying the best features to detect botnet activity within network traffic using a lightweight logistic regression model. The network traffic is processed by Bro, a popular network monitoring framework which provides aggregate statistics about the packets exchanged between a source and destination over a certain time interval. These statistics serve as features to a logistic regression model responsible for classifying malicious and benign traffic. Our model is easy to implement and simple to interpret. We characterized and modeled 8 different botnet families separately and as a mixed dataset. Finally, we measured the performance of our model on multiple parameters using F1 score, accuracy and Area Under Curve (AUC).

Lysenko, S., Bobrovnikova, K., Savenko, O..  2018.  A Botnet Detection Approach Based on the Clonal Selection Algorithm. 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT). :424-428.

The paper presents a new technique for the botnets' detection in the corporate area networks. It is based on the usage of the algorithms of the artificial immune systems. Proposed approach is able to distinguish benign network traffic from malicious one using the clonal selection algorithm taking into account the features of the botnet's presence in the network. An approach present the main improvements of the BotGRABBER system. It is able to detect the IRC, HTTP, DNS and P2P botnets.

Nan, Z., Zhai, L., Zhai, L., Liu, H..  2018.  Botnet Homology Method Based on Symbolic Approximation Algorithm of Communication Characteristic Curve. 2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS). :1-6.

The IRC botnet is the earliest and most significant botnet group that has a significant impact. Its characteristic is to control multiple zombies hosts through the IRC protocol and constructing command control channels. Relevant research analyzes the large amount of network traffic generated by command interaction between the botnet client and the C&C server. Packet capture traffic monitoring on the network is currently a more effective detection method, but this information does not reflect the essential characteristics of the IRC botnet. The increase in the amount of erroneous judgments has often occurred. To identify whether the botnet control server is a homogenous botnet, dynamic network communication characteristic curves are extracted. For unequal time series, dynamic time warping distance clustering is used to identify the homologous botnets by category, and in order to improve detection. Speed, experiments will use SAX to reduce the dimension of the extracted curve, reducing the time cost without reducing the accuracy.

Chen, S., Chen, Y., Tzeng, W..  2018.  Effective Botnet Detection Through Neural Networks on Convolutional Features. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :372-378.

Botnet is one of the major threats on the Internet for committing cybercrimes, such as DDoS attacks, stealing sensitive information, spreading spams, etc. It is a challenging issue to detect modern botnets that are continuously improving for evading detection. In this paper, we propose a machine learning based botnet detection system that is shown to be effective in identifying P2P botnets. Our approach extracts convolutional version of effective flow-based features, and trains a classification model by using a feed-forward artificial neural network. The experimental results show that the accuracy of detection using the convolutional features is better than the ones using the traditional features. It can achieve 94.7% of detection accuracy and 2.2% of false positive rate on the known P2P botnet datasets. Furthermore, our system provides an additional confidence testing for enhancing performance of botnet detection. It further classifies the network traffic of insufficient confidence in the neural network. The experiment shows that this stage can increase the detection accuracy up to 98.6% and decrease the false positive rate up to 0.5%.

2019-03-11
Mehta, R., Parmar, M. M..  2018.  Trust based mechanism for Securing IoT Routing Protocol RPL against Wormhole amp;Grayhole Attacks. 2018 3rd International Conference for Convergence in Technology (I2CT). :1–6.
Internet of Things is attracting a lot of interest in the modern world and has become a part of daily life leading to a large scale of distribution of Low power and Lossy Networks (LLN). For such networks constrained by low power and storage, IETF has proposed RPL an open standard routing protocol. However RPL protocol is exposed to a number of attacks which may degrade the performance and resources of the network leading to incorrect output. In this paper, to address Wormhole and Grayhole attack we propose a light weight Trust based mechanism. The proposed method uses direct trust which is computed based on node properties and Indirect Trust which is based on opinion of the neighboring nodes. The proposed method is energy friendly and does not impose excessive overhead on network traffic.