A Novel Low-Rate Denial of Service Attack Detection Approach in ZigBee Wireless Sensor Network by Combining Hilbert-Huang Transformation and Trust Evaluation
Low-rate Denial of Service (LDoS) attack is a special DoS attack. The routing protocol is vulnerable to many types of attacks in a wireless sensor network (WSN), which is an important network type of the Internet of Things (IoT). The novel LDoS attack to the routing protocol is proposed to evaluate...
Gespeichert in:
Veröffentlicht in: | IEEE access 2019, Vol.7, p.32853-32866 |
---|---|
Hauptverfasser: | , , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Low-rate Denial of Service (LDoS) attack is a special DoS attack. The routing protocol is vulnerable to many types of attacks in a wireless sensor network (WSN), which is an important network type of the Internet of Things (IoT). The novel LDoS attack to the routing protocol is proposed to evaluate the security and trust mechanism in the WSN. In fact, the LDoS attack is difficult to be detected due to its small-signal characteristics, so it is a serious threat to the security and trust of the WSN. A Hilbert-Huang transform (HHT) time-frequency joint analysis approach is utilized to analyze the non-stationary small signal that is produced by the LDoS attack. However, false intrinsic mode function (IMF) components are the challenge problems to precisely detect the LDoS attack. Correlation coefficient and Kolmogorov-Smirnov (KS) test approaches are united to evaluate the trustworthy of IMF components and exclude the false IMF components. Hilbert-Huang transformation and trust evaluation approaches are combined to detect the novel LDoS attack in Zigbee WSN. CC2530 system-on-chip integrated with ZigBee protocol is utilized to build a wireless sensor node. Random routing REQuest (RREQ) flooding attack is used to implement the routing layer LDoS attack in Zigbee WSN. If the correlation coefficient value of IMF component relative to original traffic is more than 0.3 and the KS similarity probability value of the IMF component relative to the original traffic is more than 0.4, the IMF component is identified as high trust IMF components that will be used to detect LDoS attack. If the IMF component only satisfies one of the trust evaluation conditions, the IMF component is identified as low trust IMF component. Otherwise, the IMF component is the false IMF component. We have proposed a scalable LDoS attack detection architecture for both WSN and IoT. The experimental results demonstrate that the novel approach is highly effective to detect the LDoS attack in the ZigBee WSN. |
---|---|
ISSN: | 2169-3536 2169-3536 |
DOI: | 10.1109/ACCESS.2019.2903816 |