LDES: detector design for version number attack detection using linear temporal logic based on discrete event system.
Saved in:
| Title: | LDES: detector design for version number attack detection using linear temporal logic based on discrete event system. |
|---|---|
| Authors: | Seth, Abhay Deep1 (AUTHOR) abhays@iitbhilai.ac.in, Biswas, Santosh1 (AUTHOR), Dhar, Amit Kumar1 (AUTHOR) |
| Source: | International Journal of Information Security. Aug2023, Vol. 22 Issue 4, p961-985. 25p. |
| Subjects: | Internet Engineering Task Force (Organization), Discrete systems, Directed acyclic graphs, Computer network protocols, Logic, Task forces, Delay-tolerant networks |
| Abstract: | The Internet Engineering Task Force (IETF) has defined routing protocols for low power and lossy networks (RPL) for constrained devices. RPL constructs DODAGs (destination oriented directed acyclic graphs), to optimize routing. RPL ensures acyclic topology with the DODAG version number. However, the control message's DODAG version number is not authenticated. So, RPL is vulnerable to network resource attack known as DODAG Version Number (DVN) attack. DVN attack creates a packet delay, packet loss, cyclic topology, etc., in the network. This paper proposes a method for detecting DODAG version number attacks. Several existing schemes to defend against the DVN, such as cryptographic techniques, trust-based, threshold-based and mitigation are computationally intensive or require protocol modification. DVN does not change the packet format or sequence of packets, but can still perform attacks and hence fall under the category of stealthy attacks, which are difficult to detect using traditional intrusion detection system's (IDS). Discrete-event system (DES) based IDS have been applied in the literature for stealthy attacks that achieve low overhead, low false alarm rate, etc. However, the construction of DES-based IDS for network protocol may lead to errors, as modelling is manual. The resulting IDS, therefore, is unable to guarantee its correctness. This paper proposes linear temporal logic (LTL) based DES paradigm to detect DVN. LTL-based paradigm facilitates formal verification of the DES-based IDS, and hence the correctness of the scheme is ascertained. The proposed technique is simulated using the Contiki cooja simulator. When the percentage of spiteful nodes in the network increases, the true positive rate, and packet delivery rate drops, while the false positive rate and control message overhead increase. The memory requirement for sending the packets and verifying the nodes is minimal. The LTL-based IDS has been formally verified using NuSMV to ensure the correctness of the framework. [ABSTRACT FROM AUTHOR] |
| Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
|
Full text is not displayed to guests.
Login for full access.
|
|
| FullText | Links: – Type: pdflink Text: Availability: 1 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 166735765 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: LDES: detector design for version number attack detection using linear temporal logic based on discrete event system. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Seth%2C+Abhay+Deep%22">Seth, Abhay Deep</searchLink><relatesTo>1</relatesTo> (AUTHOR)<i> abhays@iitbhilai.ac.in</i><br /><searchLink fieldCode="AR" term="%22Biswas%2C+Santosh%22">Biswas, Santosh</searchLink><relatesTo>1</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Dhar%2C+Amit+Kumar%22">Dhar, Amit Kumar</searchLink><relatesTo>1</relatesTo> (AUTHOR) – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22International+Journal+of+Information+Security%22">International Journal of Information Security</searchLink>. Aug2023, Vol. 22 Issue 4, p961-985. 25p. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Internet+Engineering+Task+Force+%28Organization%29%22">Internet Engineering Task Force (Organization)</searchLink><br /><searchLink fieldCode="DE" term="%22Discrete+systems%22">Discrete systems</searchLink><br /><searchLink fieldCode="DE" term="%22Directed+acyclic+graphs%22">Directed acyclic graphs</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+network+protocols%22">Computer network protocols</searchLink><br /><searchLink fieldCode="DE" term="%22Logic%22">Logic</searchLink><br /><searchLink fieldCode="DE" term="%22Task+forces%22">Task forces</searchLink><br /><searchLink fieldCode="DE" term="%22Delay-tolerant+networks%22">Delay-tolerant networks</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: The Internet Engineering Task Force (IETF) has defined routing protocols for low power and lossy networks (RPL) for constrained devices. RPL constructs DODAGs (destination oriented directed acyclic graphs), to optimize routing. RPL ensures acyclic topology with the DODAG version number. However, the control message's DODAG version number is not authenticated. So, RPL is vulnerable to network resource attack known as DODAG Version Number (DVN) attack. DVN attack creates a packet delay, packet loss, cyclic topology, etc., in the network. This paper proposes a method for detecting DODAG version number attacks. Several existing schemes to defend against the DVN, such as cryptographic techniques, trust-based, threshold-based and mitigation are computationally intensive or require protocol modification. DVN does not change the packet format or sequence of packets, but can still perform attacks and hence fall under the category of stealthy attacks, which are difficult to detect using traditional intrusion detection system's (IDS). Discrete-event system (DES) based IDS have been applied in the literature for stealthy attacks that achieve low overhead, low false alarm rate, etc. However, the construction of DES-based IDS for network protocol may lead to errors, as modelling is manual. The resulting IDS, therefore, is unable to guarantee its correctness. This paper proposes linear temporal logic (LTL) based DES paradigm to detect DVN. LTL-based paradigm facilitates formal verification of the DES-based IDS, and hence the correctness of the scheme is ascertained. The proposed technique is simulated using the Contiki cooja simulator. When the percentage of spiteful nodes in the network increases, the true positive rate, and packet delivery rate drops, while the false positive rate and control message overhead increase. The memory requirement for sending the packets and verifying the nodes is minimal. The LTL-based IDS has been formally verified using NuSMV to ensure the correctness of the framework. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=166735765 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1007/s10207-023-00665-3 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 25 StartPage: 961 Subjects: – SubjectFull: Internet Engineering Task Force (Organization) Type: general – SubjectFull: Discrete systems Type: general – SubjectFull: Directed acyclic graphs Type: general – SubjectFull: Computer network protocols Type: general – SubjectFull: Logic Type: general – SubjectFull: Task forces Type: general – SubjectFull: Delay-tolerant networks Type: general Titles: – TitleFull: LDES: detector design for version number attack detection using linear temporal logic based on discrete event system. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Seth, Abhay Deep – PersonEntity: Name: NameFull: Biswas, Santosh – PersonEntity: Name: NameFull: Dhar, Amit Kumar IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 08 Text: Aug2023 Type: published Y: 2023 Identifiers: – Type: issn-print Value: 16155262 Numbering: – Type: volume Value: 22 – Type: issue Value: 4 Titles: – TitleFull: International Journal of Information Security Type: main |
| ResultId | 1 |