LAUSR

Clustering Internet of Things (IoT) networks, to alleviate the network scalability problem, provides an opportunity for an adversary to compromise a set of nodes by simply compromising the relay they are associated with. In such scenarios, an adversary who has compromised the relay can affect the network’s performance by deliberately dropping the packets transmitted by the IoT devices and/or by corrupting the packets to be forwarded by the relay. In this way, the adversary can successfully mimic a bad radio channel between the IoT devices and the relay, thereby requiring the IoT devices to retransmit more frequently. Such a strategy increases the processing load on the IoT devices and will drain their batteries at a faster rate. To detect such an attack, we present hybrid intrusion detection systems that rely on the monitoring of uplink and downlink packets transmitted between IoT devices and the relay. Specifically, we compare the observed packet drop probabilities against their long-term expected values. The detection rules proposed originate from the generalized likelihood ratio test, where the adversary parameters are estimated using maximum likelihood estimation. A semi-analytical approach to obtain the expressions for the false alarm probability is presented in order to determine the decision thresholds. Results presented show the effectiveness of the proposed detection systems, demonstrate the impact of the choice of adversary parameters on them, and validate the expressions obtained for the false alarm probability.