Harun ARTUNER, Hasan Hüseyin SAYAN, Gökçe KARACAYILMAZ, Serkan GÖNEN, Ercan Nurcan YILMAZ, Erhan SİNDİREN

RPL Tabanlı Atakların Ağ Adli Bilişimi

Her geçen gün hızla artan IoT cihazları artık hayatımızın her yerindedir. WSN'ler (Kablosuz sensor ağları), gerçek ortamları izlemek için IoT cihazlarıyla birlikte kullanılır. Bu çalışmada WSN’lere yönelik saldırılar gerçekleştirilmiştir. Bu çalışma için seçilen saldırı sel saldırısıdır. Ayrıca sonuçta bu saldırıya yönelik çözüm önerileri sunulmuştur. Bu kapsamda önce referans ve saldırı paketleri toplanmış, ardından toplanan paketler referans paketlerle karşılaştırılarak adli incelemeler yapılmıştır. Değerlendirme sonucu, saldırıları önlemek için 7/24 bazında sürekli izleme ve ağ adli bilişim analizi ile IoT trafiğindeki anormal davranışları tespit etmenin önemini göstermiştir.

Anahtar Kelimeler:

Kablosuz Algılayıcı Ağlar, Sel Saldırısı, Ağ Adli Bilişimi, Sürekli İzleme

Network Forensics of RPL-Based Attacks

IoT devices, which are increasing in highly manner day by day, are now in everywhere in our life. WSNs are used together with IoT devices to monitor real environments. In this study, attacks against WSNs were carried out. The attack chosen for this study is a flood attack. In addition, solution suggestions for this attack are presented. In this context, firstly reference and attack packages have been collected, and then the collected packages have been compared with the reference packages and forensic investigations have been carried out. The result of the evaluation has shown the importance continuous monitoring on 24/7 basis and detecting abnormal behaviors in IoT traffic with forensics analysis for preventing attacks.

Keywords:

Wireless Sensor Networks, Flood Attack, Network Forensics, Continuous Monitoring,

PDF

___

[1] Z. Sun, M. Wei, Z. Zhang, G. Qu, “Secure Routing Protocol Based on Multi-Objective Ant-Colony-Optimization for Wireless Sensor Networks,” Applied Soft Computing, vol. 77, pp. 366-375, 2019.
[2] D. Evans, “How the Next Evolution of the Internet Is Changing Everything,” 2011. [Online]. Available: https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf. Accessed: 17.09.2020.
[3] S. Görmüş, H. Aydın, G. Ulutaş, “Security for the Internet of Things: A Survey of Existing Mechanisms, Protocols and Open Research Issues,” Journal of the Faculty of Engineering and Architecture of Gazi University, vol. 33, no. 4, pp. 1247-1272, 2018.
[4] H. Lamaazi, N. Benamar and A. J. Jara, “RPL-Based Networks in Static and Mobile Environment: A Performance Assessment Analysis,” Journal of King Saud University-Computer and Information Sciences, vol. 30, no. 3, pp. 320-333, 2018.
[5] H. Lamaazi, N. Benamar, “A Comprehensive Survey on Enhancements and Limitations of the RPL Protocol: A Focus on the Objective Function,” Ad Hoc Networks, vol. 96, 2020.
[6] I. Butun, P. Österberg and H. Song, "Security of the Internet of Things: Vulnerabilities, Attacks, and Countermeasures," IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 616-644, 2020.
[7] I. Wadhaj, B. Ghaleb, C. Thomson, A. Al-Dubai and W. J. Buchanan, “Mitigation Mechanisms Against the DAO Attack on the Routing Protocol for Low Power and Lossy Networks (RPL),” IEEE Access, vol. 8, pp. 43665-43675, 2020.
[8] C. Pu, “Sybil Attack in RPL-Based Internet of Things: Analysis and Defenses,” IEEE Internet of Things Journal, 2020.
[9] A. L. Imoize, T.R. Oyedare, C. G. Ezekafor, & S. Shetty, “Deployment of An Energy Efficient Routing Protocol for Wireless Sensor Networks Operating in A Resource Constrained Environment,” Transactions on Networks and Communications, vol. 7, no. 1, pp. 41-41, 2019.
[10] K. N. Qureshi, S. S. Rana, A. Ahmed, & G. Jeon, “A Novel and Secure Attacks Detection Framework for Smart Cities Industrial Internet of Things,” Sustainable Cities and Society, vol. 61, 2020.
[11] X. Sun, W. Liu, T. Wang, Q. Deng, A. Liu, N. N. Xiong, & S. Zhang, “Two-Hop Neighborhood Information Joint Double Broadcast Radius for Effective Code Dissemination in WSNs,” IEEE Access, vol. 7, pp. 88547-88569, 2019.
[12] A. Verma & V. Ranga, “Addressing Flooding Attacks in IPv6-Based Low Power and Lossy Networks,” TENCON 2019-2019 IEEE Region 10 Conference (TENCON), pp. 552-557, 2019.
[13] Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai, D. Breitenbacher, & Y. Elovici, “N-Baiot—Network-Based Detection of Iot Botnet Attacks Using Deep Autoencoders,” IEEE Pervasive Computing, vol. 17, no. 3, pp. 12-22, 2018.
[14] X. Zhang, O. Upton, N. L. Beebe & K. K. R. Choo, “IoT Botnet Forensics: A Comprehensive Digital Forensic Case Study on Mirai Botnet Servers,” Forensic Science International: Digital Investigation, vol. 32, 2020.
[15] A. Dunkels, B. Gronvall, & T. Voigt, “Contiki-A Lightweight and Flexible Operating System for Tiny Networked Sensors,” IEEE International Conference on Local Computer Networks, pp. 455-462, 2004.
[16] E. Sesli & G. Hacıoğlu, “Contiki OS Usage in Wireless Sensor Networks (WSNs),” Turk J Electrom Energy, vol. 2, no. 2, pp. 1-6, 2017.
[17] L. Wallgren, S. Raza & T. Voigt, “Routing Attacks and Countermeasures in the RPL-Based Internet of Things,” International Journal of Distributed Sensor Networks, vol. 9, no. 8, pp. 794326, 2013.
[18] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal & B. Sikdar, “A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures,” IEEE Access, vol. 7, pp. 82721-82743, 2019.
[19] T. Kothmayr, C. Schmitt, W. Hu, M. Brünig & G. Carle, “DTLS Based Security and Two-Way Authentication for the Internet of Things,” Ad Hoc Networks, vol. 11, no. 8, pp. 2710-2723, 2013.
[20] S. Raza, S. Duquennoy, J. Höglund, U. Roedig & T. Voigt, “Secure Communication for the Internet of Things—A Comparison of Link‐Layer Security and IPsec for 6LoWPAN,” Security and Communication Networks, vol. 7, no. 12, pp. 2654-2668, 2014.