Network Forensics of RPL-Based Attacks

SİNDİREN, Erhan; YILMAZ, Ercan Nurcan; KARACAYILMAZ, Gökçe; Sayan, Hasan Huseyin; GONEN, Serkan; Artuner, Harun

doi:10.29130/dubited.788006

Network Forensics of RPL-Based Attacks

Gökçe KARACAYILMAZ, (Hacettepe Üniversitesi, Ankara, Türkiye)

Serkan GÖNEN, (İstanbul Gelişim Üniversitesi, Mühendislik ve Mimarlık Fakültesi, İstanbul, Türkiye)

Harun ARTUNER, (Hacettepe Üniversitesi, Ankara, Türkiye)

Ercan Nurcan YILMAZ, (Gazi Üniversitesi, Fen Bilimleri Enstitüsü, Ankara, Türkiye)

Hasan Hüseyin SAYAN, (Gazi Üniversitesi, Fen Bilimleri Enstitüsü, Ankara, Türkiye)

Erhan SİNDİREN (Gazi Üniversitesi, Fen Bilimleri Enstitüsü, Ankara, Türkiye)

Düzce Üniversitesi Bilim ve Teknoloji Dergisi

5 1

Yıl: 2020 Cilt: 8 Sayı: 4 Sayfa Aralığı: 2366 - 2376 Metin Dili: İngilizce DOI: 10.29130/dubited.788006 İndeks Tarihi: 13-01-2021

Network Forensics of RPL-Based Attacks

Öz:

IoT devices, which are increasing in highly manner day by day, are now in everywhere in our life. WSNs are usedtogether with IoT devices to monitor real environments. In this study, attacks against WSNs were carried out. Theattack chosen for this study is a flood attack. In addition, solution suggestions for this attack are presented. In thiscontext, firstly reference and attack packages have been collected, and then the collected packages have beencompared with the reference packages and forensic investigations have been carried out. The result of theevaluation has shown the importance continuous monitoring on 24/7 basis and detecting abnormal behaviors inIoT traffic with forensics analysis for preventing attacks.

Anahtar Kelime:

RPL Tabanlı Atakların Ağ Adli Bilişimi

Öz:

Her geçen gün hızla artan IoT cihazları artık hayatımızın her yerindedir. WSN'ler (Kablosuz sensor ağları), gerçek ortamları izlemek için IoT cihazlarıyla birlikte kullanılır. Bu çalışmada WSN’lere yönelik saldırılar gerçekleştirilmiştir. Bu çalışma için seçilen saldırı sel saldırısıdır. Ayrıca sonuçta bu saldırıya yönelik çözüm önerileri sunulmuştur. Bu kapsamda önce referans ve saldırı paketleri toplanmış, ardından toplanan paketler referans paketlerle karşılaştırılarak adli incelemeler yapılmıştır. Değerlendirme sonucu, saldırıları önlemek için 7/24 bazında sürekli izleme ve ağ adli bilişim analizi ile IoT trafiğindeki anormal davranışları tespit etmenin önemini göstermiştir.

Anahtar Kelime:

Belge Türü: Makale Makale Türü: Araştırma Makalesi Erişim Türü: Erişime Açık

[1] Z. Sun, M. Wei, Z. Zhang, G. Qu, “Secure Routing Protocol Based on Multi-Objective AntColony-Optimization for Wireless Sensor Networks,” Applied Soft Computing, vol. 77, pp. 366-375, 2019.
[2] D. Evans, “How the Next Evolution of the Internet Is Changing Everything,” 2011. [Online]. Available: https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf. Accessed: 17.09.2020.
[3] S. Görmüş, H. Aydın, G. Ulutaş, “Security for the Internet of Things: A Survey of Existing Mechanisms, Protocols and Open Research Issues,” Journal of the Faculty of Engineering and Architecture of Gazi University, vol. 33, no. 4, pp. 1247-1272, 2018.
[4] H. Lamaazi, N. Benamar and A. J. Jara, “RPL-Based Networks in Static and Mobile Environment: A Performance Assessment Analysis,” Journal of King Saud University-Computer and Information Sciences, vol. 30, no. 3, pp. 320-333, 2018.
[5] H. Lamaazi, N. Benamar, “A Comprehensive Survey on Enhancements and Limitations of the RPL Protocol: A Focus on the Objective Function,” Ad Hoc Networks, vol. 96, 2020.
[6] I. Butun, P. Österberg and H. Song, "Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures," IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 616-644, 2020.
[7] I. Wadhaj, B. Ghaleb, C. Thomson, A. Al-Dubai and W. J. Buchanan, “Mitigation Mechanisms Against the DAO Attack on the Routing Protocol for Low Power and Lossy Networks (RPL),” IEEE Access, vol. 8, pp. 43665-43675, 2020.
[8] C. Pu, “Sybil Attack in RPL-Based Internet of Things: Analysis and Defenses,” IEEE Internet of Things Journal, 2020.
[9] A. L. Imoize, T.R. Oyedare, C. G. Ezekafor, & S. Shetty, “Deployment of An Energy Efficient Routing Protocol for Wireless Sensor Networks Operating in A Resource Constrained Environment,” Transactions on Networks and Communications, vol. 7, no. 1, pp. 41-41, 2019.
[10] K. N. Qureshi, S. S. Rana, A. Ahmed, & G. Jeon, “A Novel and Secure Attacks Detection Framework for Smart Cities Industrial Internet of Things,” Sustainable Cities and Society, vol. 61, 2020.
[11] X. Sun, W. Liu, T. Wang, Q. Deng, A. Liu, N. N. Xiong, & S. Zhang, “Two-Hop Neighborhood Information Joint Double Broadcast Radius for Effective Code Dissemination in WSNs,” IEEE Access, vol. 7, pp. 88547-88569, 2019.
[12] A. Verma & V. Ranga, “Addressing Flooding Attacks in IPv6-Based Low Power and Lossy Networks,” TENCON 2019-2019 IEEE Region 10 Conference (TENCON), pp. 552-557, 2019.
[13] Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai, D. Breitenbacher, & Y. Elovici, “N-Baiot—Network-Based Detection of Iot Botnet Attacks Using Deep Autoencoders,” IEEE Pervasive Computing, vol. 17, no. 3, pp. 12-22, 2018.
[14] X. Zhang, O. Upton, N. L. Beebe & K. K. R. Choo, “IoT Botnet Forensics: A Comprehensive Digital Forensic Case Study on Mirai Botnet Servers,” Forensic Science International: Digital Investigation, vol. 32, 2020.
[15] A. Dunkels, B. Gronvall, & T. Voigt, “Contiki-A Lightweight and Flexible Operating System for Tiny Networked Sensors,” IEEE International Conference on Local Computer Networks, pp. 455- 462, 2004.
[16] E. Sesli & G. Hacıoğlu, “Contiki OS Usage in Wireless Sensor Networks (WSNs),” Turk J Electrom Energy, vol. 2, no. 2, pp. 1-6, 2017.
[17] L. Wallgren, S. Raza & T. Voigt, “Routing Attacks and Countermeasures in the RPL-Based Internet of Things,” International Journal of Distributed Sensor Networks, vol. 9, no. 8, pp. 794326, 2013.
[18] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal & B. Sikdar, “A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures,” IEEE Access, vol. 7, pp. 82721- 82743, 2019.
[19] T. Kothmayr, C. Schmitt, W. Hu, M. Brünig & G. Carle, “DTLS Based Security and Two-Way Authentication for the Internet of Things,” Ad Hoc Networks, vol. 11, no. 8, pp. 2710-2723, 2013.
[20] S. Raza, S. Duquennoy, J. Höglund, U. Roedig & T. Voigt, “Secure Communication for the Internet of Things—A Comparison of Link‐Layer Security and IPsec for 6LoWPAN,” Security and Communication Networks, vol. 7, no. 12, pp. 2654-2668, 2014.

APA	KARACAYILMAZ G, GONEN S, Artuner H, YILMAZ E, Sayan H, SİNDİREN E (2020). Network Forensics of RPL-Based Attacks. , 2366 - 2376. 10.29130/dubited.788006
Chicago	KARACAYILMAZ Gökçe,GONEN Serkan,Artuner Harun,YILMAZ Ercan Nurcan,Sayan Hasan Huseyin,SİNDİREN Erhan Network Forensics of RPL-Based Attacks. (2020): 2366 - 2376. 10.29130/dubited.788006
MLA	KARACAYILMAZ Gökçe,GONEN Serkan,Artuner Harun,YILMAZ Ercan Nurcan,Sayan Hasan Huseyin,SİNDİREN Erhan Network Forensics of RPL-Based Attacks. , 2020, ss.2366 - 2376. 10.29130/dubited.788006
AMA	KARACAYILMAZ G,GONEN S,Artuner H,YILMAZ E,Sayan H,SİNDİREN E Network Forensics of RPL-Based Attacks. . 2020; 2366 - 2376. 10.29130/dubited.788006
Vancouver	KARACAYILMAZ G,GONEN S,Artuner H,YILMAZ E,Sayan H,SİNDİREN E Network Forensics of RPL-Based Attacks. . 2020; 2366 - 2376. 10.29130/dubited.788006
IEEE	KARACAYILMAZ G,GONEN S,Artuner H,YILMAZ E,Sayan H,SİNDİREN E "Network Forensics of RPL-Based Attacks." , ss.2366 - 2376, 2020. 10.29130/dubited.788006
ISNAD	KARACAYILMAZ, Gökçe vd. "Network Forensics of RPL-Based Attacks". (2020), 2366-2376. https://doi.org/10.29130/dubited.788006

APA	KARACAYILMAZ G, GONEN S, Artuner H, YILMAZ E, Sayan H, SİNDİREN E (2020). Network Forensics of RPL-Based Attacks. Düzce Üniversitesi Bilim ve Teknoloji Dergisi, 8(4), 2366 - 2376. 10.29130/dubited.788006
Chicago	KARACAYILMAZ Gökçe,GONEN Serkan,Artuner Harun,YILMAZ Ercan Nurcan,Sayan Hasan Huseyin,SİNDİREN Erhan Network Forensics of RPL-Based Attacks. Düzce Üniversitesi Bilim ve Teknoloji Dergisi 8, no.4 (2020): 2366 - 2376. 10.29130/dubited.788006
MLA	KARACAYILMAZ Gökçe,GONEN Serkan,Artuner Harun,YILMAZ Ercan Nurcan,Sayan Hasan Huseyin,SİNDİREN Erhan Network Forensics of RPL-Based Attacks. Düzce Üniversitesi Bilim ve Teknoloji Dergisi, vol.8, no.4, 2020, ss.2366 - 2376. 10.29130/dubited.788006
AMA	KARACAYILMAZ G,GONEN S,Artuner H,YILMAZ E,Sayan H,SİNDİREN E Network Forensics of RPL-Based Attacks. Düzce Üniversitesi Bilim ve Teknoloji Dergisi. 2020; 8(4): 2366 - 2376. 10.29130/dubited.788006
Vancouver	KARACAYILMAZ G,GONEN S,Artuner H,YILMAZ E,Sayan H,SİNDİREN E Network Forensics of RPL-Based Attacks. Düzce Üniversitesi Bilim ve Teknoloji Dergisi. 2020; 8(4): 2366 - 2376. 10.29130/dubited.788006
IEEE	KARACAYILMAZ G,GONEN S,Artuner H,YILMAZ E,Sayan H,SİNDİREN E "Network Forensics of RPL-Based Attacks." Düzce Üniversitesi Bilim ve Teknoloji Dergisi, 8, ss.2366 - 2376, 2020. 10.29130/dubited.788006
ISNAD	KARACAYILMAZ, Gökçe vd. "Network Forensics of RPL-Based Attacks". Düzce Üniversitesi Bilim ve Teknoloji Dergisi 8/4 (2020), 2366-2376. https://doi.org/10.29130/dubited.788006