LDES: detector design for version number attack detection using linear temporal logic based on discrete event system.

Saved in:
Bibliographic Details
Title: LDES: detector design for version number attack detection using linear temporal logic based on discrete event system.
Authors: Seth, Abhay Deep1 (AUTHOR) abhays@iitbhilai.ac.in, Biswas, Santosh1 (AUTHOR), Dhar, Amit Kumar1 (AUTHOR)
Source: International Journal of Information Security. Aug2023, Vol. 22 Issue 4, p961-985. 25p.
Subjects: Internet Engineering Task Force (Organization), Discrete systems, Directed acyclic graphs, Computer network protocols, Logic, Task forces, Delay-tolerant networks
Abstract: The Internet Engineering Task Force (IETF) has defined routing protocols for low power and lossy networks (RPL) for constrained devices. RPL constructs DODAGs (destination oriented directed acyclic graphs), to optimize routing. RPL ensures acyclic topology with the DODAG version number. However, the control message's DODAG version number is not authenticated. So, RPL is vulnerable to network resource attack known as DODAG Version Number (DVN) attack. DVN attack creates a packet delay, packet loss, cyclic topology, etc., in the network. This paper proposes a method for detecting DODAG version number attacks. Several existing schemes to defend against the DVN, such as cryptographic techniques, trust-based, threshold-based and mitigation are computationally intensive or require protocol modification. DVN does not change the packet format or sequence of packets, but can still perform attacks and hence fall under the category of stealthy attacks, which are difficult to detect using traditional intrusion detection system's (IDS). Discrete-event system (DES) based IDS have been applied in the literature for stealthy attacks that achieve low overhead, low false alarm rate, etc. However, the construction of DES-based IDS for network protocol may lead to errors, as modelling is manual. The resulting IDS, therefore, is unable to guarantee its correctness. This paper proposes linear temporal logic (LTL) based DES paradigm to detect DVN. LTL-based paradigm facilitates formal verification of the DES-based IDS, and hence the correctness of the scheme is ascertained. The proposed technique is simulated using the Contiki cooja simulator. When the percentage of spiteful nodes in the network increases, the true positive rate, and packet delivery rate drops, while the false positive rate and control message overhead increase. The memory requirement for sending the packets and verifying the nodes is minimal. The LTL-based IDS has been formally verified using NuSMV to ensure the correctness of the framework. [ABSTRACT FROM AUTHOR]
Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
Full text is not displayed to guests.
FullText Links:
  – Type: pdflink
Text:
  Availability: 1
Header DbId: egs
DbLabel: Engineering Source
An: 166735765
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: LDES: detector design for version number attack detection using linear temporal logic based on discrete event system.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Seth%2C+Abhay+Deep%22">Seth, Abhay Deep</searchLink><relatesTo>1</relatesTo> (AUTHOR)<i> abhays@iitbhilai.ac.in</i><br /><searchLink fieldCode="AR" term="%22Biswas%2C+Santosh%22">Biswas, Santosh</searchLink><relatesTo>1</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Dhar%2C+Amit+Kumar%22">Dhar, Amit Kumar</searchLink><relatesTo>1</relatesTo> (AUTHOR)
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22International+Journal+of+Information+Security%22">International Journal of Information Security</searchLink>. Aug2023, Vol. 22 Issue 4, p961-985. 25p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Internet+Engineering+Task+Force+%28Organization%29%22">Internet Engineering Task Force (Organization)</searchLink><br /><searchLink fieldCode="DE" term="%22Discrete+systems%22">Discrete systems</searchLink><br /><searchLink fieldCode="DE" term="%22Directed+acyclic+graphs%22">Directed acyclic graphs</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+network+protocols%22">Computer network protocols</searchLink><br /><searchLink fieldCode="DE" term="%22Logic%22">Logic</searchLink><br /><searchLink fieldCode="DE" term="%22Task+forces%22">Task forces</searchLink><br /><searchLink fieldCode="DE" term="%22Delay-tolerant+networks%22">Delay-tolerant networks</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: The Internet Engineering Task Force (IETF) has defined routing protocols for low power and lossy networks (RPL) for constrained devices. RPL constructs DODAGs (destination oriented directed acyclic graphs), to optimize routing. RPL ensures acyclic topology with the DODAG version number. However, the control message's DODAG version number is not authenticated. So, RPL is vulnerable to network resource attack known as DODAG Version Number (DVN) attack. DVN attack creates a packet delay, packet loss, cyclic topology, etc., in the network. This paper proposes a method for detecting DODAG version number attacks. Several existing schemes to defend against the DVN, such as cryptographic techniques, trust-based, threshold-based and mitigation are computationally intensive or require protocol modification. DVN does not change the packet format or sequence of packets, but can still perform attacks and hence fall under the category of stealthy attacks, which are difficult to detect using traditional intrusion detection system's (IDS). Discrete-event system (DES) based IDS have been applied in the literature for stealthy attacks that achieve low overhead, low false alarm rate, etc. However, the construction of DES-based IDS for network protocol may lead to errors, as modelling is manual. The resulting IDS, therefore, is unable to guarantee its correctness. This paper proposes linear temporal logic (LTL) based DES paradigm to detect DVN. LTL-based paradigm facilitates formal verification of the DES-based IDS, and hence the correctness of the scheme is ascertained. The proposed technique is simulated using the Contiki cooja simulator. When the percentage of spiteful nodes in the network increases, the true positive rate, and packet delivery rate drops, while the false positive rate and control message overhead increase. The memory requirement for sending the packets and verifying the nodes is minimal. The LTL-based IDS has been formally verified using NuSMV to ensure the correctness of the framework. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=166735765
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s10207-023-00665-3
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 25
        StartPage: 961
    Subjects:
      – SubjectFull: Internet Engineering Task Force (Organization)
        Type: general
      – SubjectFull: Discrete systems
        Type: general
      – SubjectFull: Directed acyclic graphs
        Type: general
      – SubjectFull: Computer network protocols
        Type: general
      – SubjectFull: Logic
        Type: general
      – SubjectFull: Task forces
        Type: general
      – SubjectFull: Delay-tolerant networks
        Type: general
    Titles:
      – TitleFull: LDES: detector design for version number attack detection using linear temporal logic based on discrete event system.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Seth, Abhay Deep
      – PersonEntity:
          Name:
            NameFull: Biswas, Santosh
      – PersonEntity:
          Name:
            NameFull: Dhar, Amit Kumar
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 08
              Text: Aug2023
              Type: published
              Y: 2023
          Identifiers:
            – Type: issn-print
              Value: 16155262
          Numbering:
            – Type: volume
              Value: 22
            – Type: issue
              Value: 4
          Titles:
            – TitleFull: International Journal of Information Security
              Type: main
ResultId 1