- University of Bourgogne France-Comte
The Internet of Things (IoT) technology incorporates a large number of heterogeneous devices connected to untrusted networks. Nevertheless, securing IoT devices is a fundamental issue due to the relevant information handled in IoT networks. The intrusion detection system (IDS) is the most commonly used technique to detect intruders and acts as a second wall of defense when cryptography is broken. This is achieved by combining the advantages of anomaly and signature detection techniques, which are characterized by high detection rates and low false positives, respectively. To achieve a high detection rate, the anomaly detection technique relies on a learning algorithm to model the normal behavior of a node, and when a new attack pattern (often known as signature) is detected, it will be modeled with a set of rules. This latter is used by the signature detection technique for attack confirmation. Activating the anomaly detection technique simultaneously at each low-resource IoT device and all the time could generate a high-energy consumption. Thereby, we propose a game theoretic technique to activate anomaly detection technique only when a new attack's signature is expected to occur; hence, a balance between detection and false positive rates, and energy consumption is achieved. Even by combining between these two detection techniques, we observed that the number of false positives is still non null (almost equal to 5%). Thereby, to decrease further the false positive rate, a reputation model based on game theory is proposed. Simulation results show that this lightweight anomaly detection outperforms current anomaly detection techniques, since in scaling mode (i.e., when the number of IoT devices and attackers are high) it requires low energy consumption to detect the attacks with high detection and low false positive rates, almost 93% and 2%, respectively.