Department of Computer Technology PDF
Added on 2021-08-30
5 Pages4213 Words21 Views
Intrusion Detector for Blockchain based
IoT Networks1Gunasekaran Raja,2Aishwarya Ganapathisubramaniyan,3Gokul Anand and4Gowshika
Department of Computer Technology,Anna University,MIT Campus,Chennai.1dr.r.gunasekaran@ieee.org,2aishwarya97.mit@gmail.com,3gokulanand205@gmail.com,4gowshikaappavoo@gmail.com
Abstract—Internet of Things (IoT) is a fast growing technology
in the digitalised world where each device in the network inter-
connect and interact with other device to collect the information
and automate tasks.A lotof vulnerabilities are exposed in IoT
devices,which can be exploited to compromise the devices and
an infected device can disruptall other nodes in the network.
The severeness of the vulnerabilities can vary from launching a
Distributed Denial of Service (DDOS) attack to entirely draining
the batteriesof a heart pacemaker.Although IoT providers
constantly working on reducing the vulnerabilities,an Intrusion
Detection (ID)system can be builtto find,whether the nodes
are behaving abnormally or not.ID system can be built with a
centralized architecture, but compromising the centralized entity
can result in compromising the entire network.For storing data
and running ID system in a decentralized manner,blockchain
technology is executed to increase trust between the peers.With
this decentralized blockchain architecture each node will be able
to find out whether the peers in the group are malicious or not.
So, we propose a architecture,IDBIoT (Intrusion Detector for
Blockchain based IoT networks) for Intrusion detection in an IoT
environment, that mainly focuses on the securing the network by
detecting intruders, using statistical significance while preventing
Goldfinger attack.
Index Terms—IoT,Blockchain,Intrusion Detection,Statistical
Significance,Goldfinger Attack.
I. INTRODUCTION
IoT is a networkof interconnectedobjectsbuilt with
electronics,sensors,software and actuators.With increase in
popularity,it also suffers from security threats such as Man-
In-The-Middle (MITM) and Denial of Service (DoS) attacks.
Attackers are able to compromise IoT devices with known
vulnerabilities like insecure web interface,insecure network
services,insecure software or firmware and insufficient secu-
rity configurability, and with the help of a compromised node,
the entire network can be manipulated.IoT devices infected
with Miraimalware controlled online devices and used them
to launch distributed DDoS attacks [11].
With increase in growth ofIoT devices,the amountof
communication handled will increase exponentially. Also, each
affected node can actas a bottleneck and disruptthe entire
network [11].After Edward Snowden leaks,it is difficultfor
IoT adopters to trusttechnologicalpartners who,in general,
give device accessand controlto certain authorities(i.e.,
governments,manufacturersor service providers),allowing
them to collectand analyze userdata [10].Though the IoT
manufacturersare constantly working hard to reducethe
vulnerabilities, there is a need for software solutions to prevent
the security threats.
Blockchain on the other hand provides distributed data stor-
age and enhanced security for IoT networks. This facilitates us
with decentralized storage,communication protocols,mining
hardware,addressmanagementand network administration
[10].The advantage of blockchain is that,once transactions
are recorded overriding the transaction is notpossible.Also
blockchain can be used to provide end-to-end secure autho-
rized access to IoT resources [20].With the deploymentof
blockchain enabled IoT network, all nodes in the network will
be provided with the details oftheirpeers in the network.
As the usage of devices tend to follow patterns,we focus on
building a ID system, that will predict the abnormal behaviour
of the nodes,by exploiting the usage pattern.
IDBIoT, intrusion detection system in blockchain based IoT
technology deployed in each device to monitortheirpeers
through periodically updated patterns from the learning model.
The node which send data with maliciousbehavioursare
reported to other nodes in the network whereas the data with
regularpattern getadded to the existing chain ifthe data
achieve consensus within the network. IDBIoT sense intrusion
and protectthe Iotdevice and its data from severeness there
by providing secured IoT environment.
The purpose ofthis research paperis to provide trusted
and secured environmentusing blockchain technology and
intrusion detection system.The paper is structured as VI sec-
tions.Section II describes Blockchain,IoT issues,techniques
to detect anomalies,Goldfinger attack and Low powered IoT
devices.Section IIIproposes the intrusion detection system
modelin blockchain based IoT environment.Section IV de-
rives the propability of achieving consensus within the group
and among the groups,and relation among node size,group
size and consensus probability.Section V demonstrates the
performance againstGoldfinger attack.Section VI concludes
the challenges and future scope.
II. LITERATURE SURVEY
A. Blockchain
Blockchain is a kind of decentralized database, which keeps
record ofevery transaction made on a network.Instead of
having a traditional central database like bank or government
database,it has a ledger distributed over a network of nodes
328978-1-7281-0353-2/18/$31.00 ©2018 IEEE
IoT Networks1Gunasekaran Raja,2Aishwarya Ganapathisubramaniyan,3Gokul Anand and4Gowshika
Department of Computer Technology,Anna University,MIT Campus,Chennai.1dr.r.gunasekaran@ieee.org,2aishwarya97.mit@gmail.com,3gokulanand205@gmail.com,4gowshikaappavoo@gmail.com
Abstract—Internet of Things (IoT) is a fast growing technology
in the digitalised world where each device in the network inter-
connect and interact with other device to collect the information
and automate tasks.A lotof vulnerabilities are exposed in IoT
devices,which can be exploited to compromise the devices and
an infected device can disruptall other nodes in the network.
The severeness of the vulnerabilities can vary from launching a
Distributed Denial of Service (DDOS) attack to entirely draining
the batteriesof a heart pacemaker.Although IoT providers
constantly working on reducing the vulnerabilities,an Intrusion
Detection (ID)system can be builtto find,whether the nodes
are behaving abnormally or not.ID system can be built with a
centralized architecture, but compromising the centralized entity
can result in compromising the entire network.For storing data
and running ID system in a decentralized manner,blockchain
technology is executed to increase trust between the peers.With
this decentralized blockchain architecture each node will be able
to find out whether the peers in the group are malicious or not.
So, we propose a architecture,IDBIoT (Intrusion Detector for
Blockchain based IoT networks) for Intrusion detection in an IoT
environment, that mainly focuses on the securing the network by
detecting intruders, using statistical significance while preventing
Goldfinger attack.
Index Terms—IoT,Blockchain,Intrusion Detection,Statistical
Significance,Goldfinger Attack.
I. INTRODUCTION
IoT is a networkof interconnectedobjectsbuilt with
electronics,sensors,software and actuators.With increase in
popularity,it also suffers from security threats such as Man-
In-The-Middle (MITM) and Denial of Service (DoS) attacks.
Attackers are able to compromise IoT devices with known
vulnerabilities like insecure web interface,insecure network
services,insecure software or firmware and insufficient secu-
rity configurability, and with the help of a compromised node,
the entire network can be manipulated.IoT devices infected
with Miraimalware controlled online devices and used them
to launch distributed DDoS attacks [11].
With increase in growth ofIoT devices,the amountof
communication handled will increase exponentially. Also, each
affected node can actas a bottleneck and disruptthe entire
network [11].After Edward Snowden leaks,it is difficultfor
IoT adopters to trusttechnologicalpartners who,in general,
give device accessand controlto certain authorities(i.e.,
governments,manufacturersor service providers),allowing
them to collectand analyze userdata [10].Though the IoT
manufacturersare constantly working hard to reducethe
vulnerabilities, there is a need for software solutions to prevent
the security threats.
Blockchain on the other hand provides distributed data stor-
age and enhanced security for IoT networks. This facilitates us
with decentralized storage,communication protocols,mining
hardware,addressmanagementand network administration
[10].The advantage of blockchain is that,once transactions
are recorded overriding the transaction is notpossible.Also
blockchain can be used to provide end-to-end secure autho-
rized access to IoT resources [20].With the deploymentof
blockchain enabled IoT network, all nodes in the network will
be provided with the details oftheirpeers in the network.
As the usage of devices tend to follow patterns,we focus on
building a ID system, that will predict the abnormal behaviour
of the nodes,by exploiting the usage pattern.
IDBIoT, intrusion detection system in blockchain based IoT
technology deployed in each device to monitortheirpeers
through periodically updated patterns from the learning model.
The node which send data with maliciousbehavioursare
reported to other nodes in the network whereas the data with
regularpattern getadded to the existing chain ifthe data
achieve consensus within the network. IDBIoT sense intrusion
and protectthe Iotdevice and its data from severeness there
by providing secured IoT environment.
The purpose ofthis research paperis to provide trusted
and secured environmentusing blockchain technology and
intrusion detection system.The paper is structured as VI sec-
tions.Section II describes Blockchain,IoT issues,techniques
to detect anomalies,Goldfinger attack and Low powered IoT
devices.Section IIIproposes the intrusion detection system
modelin blockchain based IoT environment.Section IV de-
rives the propability of achieving consensus within the group
and among the groups,and relation among node size,group
size and consensus probability.Section V demonstrates the
performance againstGoldfinger attack.Section VI concludes
the challenges and future scope.
II. LITERATURE SURVEY
A. Blockchain
Blockchain is a kind of decentralized database, which keeps
record ofevery transaction made on a network.Instead of
having a traditional central database like bank or government
database,it has a ledger distributed over a network of nodes
328978-1-7281-0353-2/18/$31.00 ©2018 IEEE
[12].In otherwords,a blockchain isa data structure that
creates a immutable record of events in a distributed network
[7].Although blockchain is used in decentralized networks,
in [17] a random group mining approach isdiscussed.In
[19],blockchain is used in recommender systems to improve
performance.
B. Issues in IoT Network
Issues in IoT network that are addressed by blockchain are
[10],
• Cloud server’s costand capacity -Blockchain’s decen-
tralized architecture removes the need for a server.
• Deficientarchitecture - Validity of a device’s identity is
verified, transactions are signed and verified cryptograph-
ically.
• Serverdowntimeand unavailability ofservices- No
single pointof failure:Identicalrecords are maintained
by the distributed network.
• Manipulation - Attacker can’tdisruptthe records unless
he owns more computational power in the network.
C. Intrusion Detection
The authors in [1], detects anomaly using mean and standard
deviation ofthe pastdata.If the new datafalls beyond
the confidence range (i.e)mean ± standard deviation the
data is said to be anomalous.If the usage ofthe resources
goesbelow the normalusage,it is not considered asan
anomalous situation for our use case. Data points are clustered
based on similarity to find anomalies.The advantage of this
unsupervised clustering results in no need for a training data
set.A network based intrusion detection is also deployed to
detectthe anomalies,thatuses the originalnetwork packet
as the data source.Network based IDS usually monitors and
analyzes all communication services over the network using a
network adapter running in a random mode.
In [2] intrusion detection is based on density, cluster centers
and Nearest Neighbors.First,clustering is used to obtain dis-
tances and density based on network data to form a new feature
vectorwith low dimension.k-NearestNeighborclassifieris
developed based on the new feature vectors,and the labelis
the outputclass ofdata.Clustering on training setaims to
obtain the cluster center, the nearest neighbors of each sample
point,and the local density of each sample point.
The authorsin [3] proposesa game theoretic approach
for anomaly detection.In this approach,a setof players are
considered representing either an IDS agent or an attacker. The
IDS player, builds a rule related to each new attack’s signature.
The gaming is divided into static game and dynamic game. In
static game,once a playerdecides his strategy,it can’tbe
changed. However,the decision can be changed in a dynamic
game.
In [5] a distributed fog computing technique is used for
intrusion detection.For decreasing the response time,Ex-
treme Machine Learning,a fastlearning algorithm is used.
The sigmoid function provides betteraccuracy and training
time when compared with sine and RadialBasisFunction
(RBF) activation function. To identify malicious nodes within
IoT networks,authors in [6]and [4]employed a Bayesian
based intrusion detection mechanism in which all packets are
assumed to be independent,irrespective of their origin.
D. Goldfinger attack in Blockchain
The bitcoin is a peer to peer payment network that operates
on cryptographic protocol.Bitcoin transactions are recorded
into distributed database known asthe blockchain through
consensusand Proofof Work (PoW)mechanisms[18].A
clientin Bitcoin network is able to achieve double spending
attack,if he is able to spend same bitcoins in two different
transactions.A varientof double spending attack is >50%
attack or Goldfinger attack. In this attack, an individual miner
has more than 50% of the computing power of the network
under his control.The probability of >50% attack in Bitcoin
network is very low as it is a very large network.[8].
But IoT networks contains less nodes relative to the Bitcoin
network.If an attacker is able to compromise more than 50%
of the node withoutan abnormalbehavior,then the attacker
will be able to control the entire network.
E. Low-powered IoT devices
In [9],alternative way to implementa public ledger over-
coming the limits ofIoT device constraints is discussed.A
chain is builtusing SHA-256 of length k.This chain is used
to record allthe activities.The value k limits the maximum
size ofthe chunk thatmustbe verified before validating a
given message.Also Etherium can be used as a DB server
by utilizing the existing IoT platform servercalled Mobius
[16].For resource constrained IoT devices to interactwith
blockchain,AlkylVM, a split-virtualmachine based imple-
mentation isdiscussed [13].Each IoT node would run an
instance ofthe VirtualMachine,thatwould allow the node
to access and process it’s own blockchain. A proof of concept
to enable low-power,resource-constrained IoT end-devices
accessing a blockchain-based infrastructure, an IoT gateway is
configured as a blockchain node and an event-based messag-
ing mechanism in [14].Publisher-Subscriber mechanism with
intermediate servers is found to be efficient for computational
power consuming technologies such as blockchain [15].
III. IDBI OT
In blockchain network,beforeadding anew block to
existing chain ofblocks,each node called as miners in the
network has to solve a mathematical puzzle to prove that they
are valid miners. Usually the puzzle will be like to find a hash
value satisfying specified constraints.The energy spenton
solving the puzzle can be spent on computations that secures
the network.
In IDBIoT, each node maintains past records of data stored
in the blockchain.This data contain the information about
nodes in the network,like public key of the nodes,resource
requested by the nodes and the time when the requestwas
made. Data over a long period are gathered together to form a
pattern. Every node in the network will monitor their peers by
matching their pattern with the learning model pattern.If the
329
creates a immutable record of events in a distributed network
[7].Although blockchain is used in decentralized networks,
in [17] a random group mining approach isdiscussed.In
[19],blockchain is used in recommender systems to improve
performance.
B. Issues in IoT Network
Issues in IoT network that are addressed by blockchain are
[10],
• Cloud server’s costand capacity -Blockchain’s decen-
tralized architecture removes the need for a server.
• Deficientarchitecture - Validity of a device’s identity is
verified, transactions are signed and verified cryptograph-
ically.
• Serverdowntimeand unavailability ofservices- No
single pointof failure:Identicalrecords are maintained
by the distributed network.
• Manipulation - Attacker can’tdisruptthe records unless
he owns more computational power in the network.
C. Intrusion Detection
The authors in [1], detects anomaly using mean and standard
deviation ofthe pastdata.If the new datafalls beyond
the confidence range (i.e)mean ± standard deviation the
data is said to be anomalous.If the usage ofthe resources
goesbelow the normalusage,it is not considered asan
anomalous situation for our use case. Data points are clustered
based on similarity to find anomalies.The advantage of this
unsupervised clustering results in no need for a training data
set.A network based intrusion detection is also deployed to
detectthe anomalies,thatuses the originalnetwork packet
as the data source.Network based IDS usually monitors and
analyzes all communication services over the network using a
network adapter running in a random mode.
In [2] intrusion detection is based on density, cluster centers
and Nearest Neighbors.First,clustering is used to obtain dis-
tances and density based on network data to form a new feature
vectorwith low dimension.k-NearestNeighborclassifieris
developed based on the new feature vectors,and the labelis
the outputclass ofdata.Clustering on training setaims to
obtain the cluster center, the nearest neighbors of each sample
point,and the local density of each sample point.
The authorsin [3] proposesa game theoretic approach
for anomaly detection.In this approach,a setof players are
considered representing either an IDS agent or an attacker. The
IDS player, builds a rule related to each new attack’s signature.
The gaming is divided into static game and dynamic game. In
static game,once a playerdecides his strategy,it can’tbe
changed. However,the decision can be changed in a dynamic
game.
In [5] a distributed fog computing technique is used for
intrusion detection.For decreasing the response time,Ex-
treme Machine Learning,a fastlearning algorithm is used.
The sigmoid function provides betteraccuracy and training
time when compared with sine and RadialBasisFunction
(RBF) activation function. To identify malicious nodes within
IoT networks,authors in [6]and [4]employed a Bayesian
based intrusion detection mechanism in which all packets are
assumed to be independent,irrespective of their origin.
D. Goldfinger attack in Blockchain
The bitcoin is a peer to peer payment network that operates
on cryptographic protocol.Bitcoin transactions are recorded
into distributed database known asthe blockchain through
consensusand Proofof Work (PoW)mechanisms[18].A
clientin Bitcoin network is able to achieve double spending
attack,if he is able to spend same bitcoins in two different
transactions.A varientof double spending attack is >50%
attack or Goldfinger attack. In this attack, an individual miner
has more than 50% of the computing power of the network
under his control.The probability of >50% attack in Bitcoin
network is very low as it is a very large network.[8].
But IoT networks contains less nodes relative to the Bitcoin
network.If an attacker is able to compromise more than 50%
of the node withoutan abnormalbehavior,then the attacker
will be able to control the entire network.
E. Low-powered IoT devices
In [9],alternative way to implementa public ledger over-
coming the limits ofIoT device constraints is discussed.A
chain is builtusing SHA-256 of length k.This chain is used
to record allthe activities.The value k limits the maximum
size ofthe chunk thatmustbe verified before validating a
given message.Also Etherium can be used as a DB server
by utilizing the existing IoT platform servercalled Mobius
[16].For resource constrained IoT devices to interactwith
blockchain,AlkylVM, a split-virtualmachine based imple-
mentation isdiscussed [13].Each IoT node would run an
instance ofthe VirtualMachine,thatwould allow the node
to access and process it’s own blockchain. A proof of concept
to enable low-power,resource-constrained IoT end-devices
accessing a blockchain-based infrastructure, an IoT gateway is
configured as a blockchain node and an event-based messag-
ing mechanism in [14].Publisher-Subscriber mechanism with
intermediate servers is found to be efficient for computational
power consuming technologies such as blockchain [15].
III. IDBI OT
In blockchain network,beforeadding anew block to
existing chain ofblocks,each node called as miners in the
network has to solve a mathematical puzzle to prove that they
are valid miners. Usually the puzzle will be like to find a hash
value satisfying specified constraints.The energy spenton
solving the puzzle can be spent on computations that secures
the network.
In IDBIoT, each node maintains past records of data stored
in the blockchain.This data contain the information about
nodes in the network,like public key of the nodes,resource
requested by the nodes and the time when the requestwas
made. Data over a long period are gathered together to form a
pattern. Every node in the network will monitor their peers by
matching their pattern with the learning model pattern.If the
329
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
IoT Cloud-based Security Issues: Blockchain Technology as a Solutionlg...
|27
|5671
|406
ITC595 Research Project (Distributed Denial of Service Attacks)lg...
|6
|3302
|205
Using KFSensor to Mitigate Denial of Service Attacks on Advance Research Corporation Networklg...
|6
|1078
|392
Cyber Security and its Impact on IoT and Social Medialg...
|5
|929
|287
Possible Security Change Breaches | Projectlg...
|14
|3273
|20
Overview of Network Security Discussion 2022lg...
|12
|2283
|21