School of Aerospace, Transport and Manufacturing, Cranfield University, Cranfield MK43 0AL, UK.
Sensors (Basel). 2022 Dec 28;23(1):321. doi: 10.3390/s23010321.
Technological breakthroughs in the Internet of Things (IoT) easily promote smart lives for humans by connecting everything through the Internet. The de facto standardised IoT routing strategy is the routing protocol for low-power and lossy networks (RPL), which is applied in various heterogeneous IoT applications. Hence, the increase in reliance on the IoT requires focus on the security of the RPL protocol. The top defence layer is an intrusion detection system (IDS), and the heterogeneous characteristics of the IoT and variety of novel intrusions make the design of the RPL IDS significantly complex. Most existing IDS solutions are unified models and cannot detect novel RPL intrusions. Therefore, the RPL requires a customised global attack knowledge-based IDS model to identify both existing and novel intrusions in order to enhance its security. Federated transfer learning (FTL) is a trending topic that paves the way to designing a customised RPL-IoT IDS security model in a heterogeneous IoT environment. In this paper, we propose a federated-transfer-learning-assisted customised distributed IDS (FT-CID) model to detect RPL intrusion in a heterogeneous IoT. The design process of FT-CID includes three steps: dataset collection, FTL-assisted edge IDS learning, and intrusion detection. Initially, the central server initialises the FT-CID with a predefined learning model and observes the unique features of different RPL-IoTs to construct a local model. The experimental model generates an RPL-IIoT dataset with normal and abnormal traffic through simulation on the Contiki-NG OS. Secondly, the edge IDSs are trained using the local parameters and the globally shared parameters generated by the central server through federation and aggregation of different local parameters of various edges. Hence, transfer learning is exploited to update the server's and edges' local and global parameters based on relational knowledge. It also builds and customised IDS model with partial retraining through local learning based on globally shared server knowledge. Finally, the customised IDS in the FT-CID model enforces the detection of intrusions in heterogeneous IoT networks. Moreover, the FT-CID model accomplishes high RPL security by implicitly utilising the local and global parameters of different IoTs with the assistance of FTL. The FT-CID detects RPL intrusions with an accuracy of 85.52% in tests on a heterogeneous IoT network.
物联网 (IoT) 中的技术突破通过互联网将所有事物连接起来,轻松地为人类创造智能生活。事实上,物联网的标准化路由策略是低功耗有损网络 (RPL) 的路由协议,它应用于各种异构的物联网应用中。因此,对物联网的依赖程度的增加需要关注 RPL 协议的安全性。顶级防御层是入侵检测系统 (IDS),而物联网的异构性和各种新颖的入侵方式使得 RPL IDS 的设计变得非常复杂。大多数现有的 IDS 解决方案都是统一的模型,无法检测到新颖的 RPL 入侵。因此,RPL 需要一个定制的基于全局攻击知识的 IDS 模型来识别现有和新颖的入侵,以增强其安全性。联邦迁移学习 (FTL) 是一个热门话题,为在异构物联网环境中设计定制的 RPL-IoT IDS 安全模型铺平了道路。在本文中,我们提出了一种基于联邦迁移学习辅助的定制分布式 IDS (FT-CID) 模型,用于检测异构物联网中的 RPL 入侵。FT-CID 的设计过程包括三个步骤:数据集收集、FTL 辅助边缘 IDS 学习和入侵检测。首先,中央服务器使用预定义的学习模型初始化 FT-CID,并观察不同 RPL-IoT 的独特特征,以构建本地模型。实验模型通过在 Contiki-NG OS 上进行模拟生成具有正常和异常流量的 RPL-IIoT 数据集。其次,边缘 IDS 使用本地参数和中央服务器生成的全局共享参数通过联邦和聚合不同边缘的各个本地参数进行训练。因此,通过基于关系的知识,迁移学习被用来更新服务器和边缘的本地和全局参数。它还通过基于全局共享服务器知识的本地学习构建和定制具有部分重新训练的 IDS 模型。最后,FT-CID 模型中的定制 IDS 执行异构物联网网络中的入侵检测。此外,FT-CID 模型通过 FTL 的辅助,利用不同 IoT 的本地和全局参数,实现了高度的 RPL 安全性。FT-CID 在异构物联网网络上的测试中实现了 85.52%的 RPL 入侵检测精度。
