A ZigBee Intrusion Detection System for IoT using Secure and Efficient Data Collection

The market for Internet of Things (IoT) products and services has grown rapidly. It has been predicted that the deployment of these IoT applications will grow exponentially in the near future. However, the rapid growth of the IoT brings new security risks and potentially opens systems and networks t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Internet of things (Amsterdam. Online) Jg. 12; S. 100306
Hauptverfasser: Sadikin, Fal, Deursen, Ton van, Kumar, Sandeep
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Elsevier B.V 01.12.2020
Schlagworte:
Machine Learning Anomaly Detection
Rule-based Detection Method
Secure and Efficient Data Collection
ZigBee IoT Intrusion Detection System
Secure and Efficient Data Collection
Machine Learning Anomaly Detection
Rule-based Detection Method
ZigBee IoT Intrusion Detection System
ISSN:2542-6605, 2542-6605
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Abstract The market for Internet of Things (IoT) products and services has grown rapidly. It has been predicted that the deployment of these IoT applications will grow exponentially in the near future. However, the rapid growth of the IoT brings new security risks and potentially opens systems and networks to new attacks. This paper outlines various techniques to detect known attacks and new types of attacks particularly on ZigBee-based IoT systems. We introduce a novel hybrid Intrusion Detection System (IDS) by merging rule-based intrusion detection and machine learning-based anomaly detection. The rule-based attack detection technique is used to provide an accurate detection method for known attacks. However, specifying accurate and precise detection rules require significant human effort. It is tedious and error prone and may lead to false alarms if done incorrectly. Hence, to mitigate this potential problem, the system is enhanced by combining it with machine learning-based anomaly detection. This paper discusses our IDS implementation that covers various types of detection techniques both to detect known attacks, as well as potential new types of attack in ZigBee-based IoT systems. Furthermore, this paper introduces a secure and efficient method for large-scale IDS data collection. Thus, it provides a trusted reporting mechanism that can operate under the strict resource requirements imposed by current IoT systems.
AbstractList The market for Internet of Things (IoT) products and services has grown rapidly. It has been predicted that the deployment of these IoT applications will grow exponentially in the near future. However, the rapid growth of the IoT brings new security risks and potentially opens systems and networks to new attacks. This paper outlines various techniques to detect known attacks and new types of attacks particularly on ZigBee-based IoT systems. We introduce a novel hybrid Intrusion Detection System (IDS) by merging rule-based intrusion detection and machine learning-based anomaly detection. The rule-based attack detection technique is used to provide an accurate detection method for known attacks. However, specifying accurate and precise detection rules require significant human effort. It is tedious and error prone and may lead to false alarms if done incorrectly. Hence, to mitigate this potential problem, the system is enhanced by combining it with machine learning-based anomaly detection. This paper discusses our IDS implementation that covers various types of detection techniques both to detect known attacks, as well as potential new types of attack in ZigBee-based IoT systems. Furthermore, this paper introduces a secure and efficient method for large-scale IDS data collection. Thus, it provides a trusted reporting mechanism that can operate under the strict resource requirements imposed by current IoT systems.
ArticleNumber 100306
Author Kumar, Sandeep
Deursen, Ton van
Sadikin, Fal
Author_xml – sequence: 1
  givenname: Fal
  surname: Sadikin
  fullname: Sadikin, Fal
  email: fal.sadikin@signify.com
– sequence: 2
  givenname: Ton van
  surname: Deursen
  fullname: Deursen, Ton van
  email: ton.van.deursen@signify.com
– sequence: 3
  givenname: Sandeep
  surname: Kumar
  fullname: Kumar, Sandeep
  email: sandeep.kumar@signify.com
BookMark eNp9kM9OAjEQxhuDiag8gLe-wGL_0C6NJwRUEhIPoAcvTe3OkpKlNW0x4e3dzXowHjjNNzP5Teb7rtHABw8I3VEypoTK-_3YhTxmhHU94UReoCETE1ZIScTgj75Co5T2hBCmJGe8HKL3Gf5wu0cAvPI5HpMLHi8gg82d2pxShgOuQ8SrsMXt2u_wBuwxAja-wsu6dtaBz3hhssHz0DQ9eYsua9MkGP3WG_T2tNzOX4r16_NqPlsXlqkyF3Q6nZSWGiqmTFgBdlKDEKRSliuohBKSUwqfnMmKlRJEO2KSldRaokopFL9BtL9rY0gpQq2_ojuYeNKU6C4bvddtNrrLRvfZtEz5j7Eum-7rHI1rzpIPPQmtpW8HUafOvYXKxda3roI7Q_8A9Qt-pg
CitedBy_id crossref_primary_10_3390_app12189241
crossref_primary_10_3390_s23052528
crossref_primary_10_1109_COMST_2023_3288942
crossref_primary_10_3390_s23010338
crossref_primary_10_1007_s41870_024_02026_2
crossref_primary_10_1016_j_iot_2023_100791
crossref_primary_10_1007_s10586_022_03776_z
crossref_primary_10_3390_asi8030076
crossref_primary_10_1109_JAS_2021_1004344
crossref_primary_10_1007_s11042_023_16395_6
crossref_primary_10_1016_j_iot_2023_101042
crossref_primary_10_1155_2022_1028251
crossref_primary_10_1007_s13369_022_07412_1
crossref_primary_10_1016_j_compeleceng_2024_109113
crossref_primary_10_1155_2022_1826988
crossref_primary_10_1016_j_iot_2023_100796
crossref_primary_10_1016_j_dajour_2023_100233
crossref_primary_10_1007_s10791_024_09456_3
crossref_primary_10_1002_spy2_354
crossref_primary_10_1080_09540091_2023_2246703
crossref_primary_10_1051_e3sconf_202459904007
crossref_primary_10_1016_j_iot_2023_100780
crossref_primary_10_32604_cmc_2021_016074
crossref_primary_10_1080_1448837X_2025_2454856
crossref_primary_10_51984_jopas_v24i1_3798
crossref_primary_10_1007_s43926_024_00090_5
crossref_primary_10_1016_j_ijleo_2022_170417
crossref_primary_10_1007_s11276_022_02999_7
crossref_primary_10_3390_s23156948
crossref_primary_10_1016_j_iot_2020_100326
crossref_primary_10_1049_ntw2_12128
Cites_doi 10.5120/21565-4589
10.1016/j.asoc.2018.05.049
10.1145/2689746.2689747
10.1145/3212687.3212872
10.1016/j.future.2017.08.043
ContentType Journal Article
Copyright 2020 Elsevier B.V.
Copyright_xml – notice: 2020 Elsevier B.V.
DBID AAYXX
CITATION
DOI 10.1016/j.iot.2020.100306
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 2542-6605
ExternalDocumentID 10_1016_j_iot_2020_100306
S2542660520301384
GroupedDBID 0R~
AACTN
AAEDW
AAIAV
AAKOC
AALRI
AAQFI
AAXUO
AAYFN
ABMAC
ACDAQ
ACHRH
ACRLP
AEBSH
AFKWA
AFTJW
AGUBO
AGUMN
AIALX
AIEXJ
AIKHN
AITUG
AKRWK
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
AOUOD
AXJTR
BELTK
BJAXD
BKOJK
EBS
EFJIC
EJD
FDB
FYGXN
KOM
M41
ROL
SPC
SPCBC
SSB
SSL
SSR
SST
SSV
SSZ
T5K
~G-
AATTM
AAYWO
AAYXX
ABJNI
ACLOT
ACVFH
ADCNI
AEIPS
AEUPX
AFJKZ
AFPUW
AIGII
AIIUN
AKBMS
AKYEP
ANKPU
APXCP
CITATION
EFKBS
EFLBG
ID FETCH-LOGICAL-c297t-18847c1a15825c5ec4fe550d9c39ed5956311eb326d276e5d5926271cc0976593
ISICitedReferencesCount 30
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000695695600022&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 2542-6605
IngestDate Tue Nov 18 22:26:12 EST 2025
Sat Nov 29 05:26:36 EST 2025
Tue Jun 18 08:51:34 EDT 2024
IsPeerReviewed true
IsScholarly true
Keywords Secure and Efficient Data Collection
Machine Learning Anomaly Detection
Rule-based Detection Method
ZigBee IoT Intrusion Detection System
Language English
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c297t-18847c1a15825c5ec4fe550d9c39ed5956311eb326d276e5d5926271cc0976593
ParticipantIDs crossref_primary_10_1016_j_iot_2020_100306
crossref_citationtrail_10_1016_j_iot_2020_100306
elsevier_sciencedirect_doi_10_1016_j_iot_2020_100306
PublicationCentury 2000
PublicationDate December 2020
2020-12-00
PublicationDateYYYYMMDD 2020-12-01
PublicationDate_xml – month: 12
  year: 2020
  text: December 2020
PublicationDecade 2020
PublicationTitle Internet of things (Amsterdam. Online)
PublicationYear 2020
Publisher Elsevier B.V
Publisher_xml – name: Elsevier B.V
References Summerville, Zach, Chen (bib0017) 2015
Lee, Wen, Chang, Chiang, Hsieh (bib0008) 2014
Oh, Kim, Ro (bib0010) 2014
Sadikin, Kumar (bib0014) 2020
Kushalnagar, Montenegro, Schumacher (bib0006) 2007
Sakurada, Yairi (bib0016) 2014
Pacheco, Hariri (bib0011) 2016
Diro, Chilamkurti (bib0003) 2018; 82
Kasinathan, Pastrone, Spirito, Vinkovits (bib0005) 2013
Alliance (bib0018) 2015
Chawla, Thamilarasu (bib0001) 2018
Rathore, Park (bib0013) 2018; 72
Le, Loo, Chai, Aiash (bib0007) 2016
Maniriho, Ahmad (bib0009) 2018
Pongle, Chavan (bib0012) 2015
Cho, Hong (bib0002) 2009
Granjal, Pedroso (bib0004) 2018
Saia, Carta, Recupero (bib0015) 2018
Sakurada (10.1016/j.iot.2020.100306_bib0016) 2014
Maniriho (10.1016/j.iot.2020.100306_bib0009) 2018
Kushalnagar (10.1016/j.iot.2020.100306_bib0006) 2007
Rathore (10.1016/j.iot.2020.100306_bib0013) 2018; 72
Summerville (10.1016/j.iot.2020.100306_bib0017) 2015
Le (10.1016/j.iot.2020.100306_bib0007) 2016
Kasinathan (10.1016/j.iot.2020.100306_bib0005) 2013
Oh (10.1016/j.iot.2020.100306_bib0010) 2014
Chawla (10.1016/j.iot.2020.100306_bib0001) 2018
Saia (10.1016/j.iot.2020.100306_bib0015) 2018
Sadikin (10.1016/j.iot.2020.100306_bib0014) 2020
Alliance (10.1016/j.iot.2020.100306_bib0018) 2015
Lee (10.1016/j.iot.2020.100306_bib0008) 2014
Pongle (10.1016/j.iot.2020.100306_bib0012) 2015
Pacheco (10.1016/j.iot.2020.100306_bib0011) 2016
Diro (10.1016/j.iot.2020.100306_bib0003) 2018; 82
Granjal (10.1016/j.iot.2020.100306_bib0004) 2018
Cho (10.1016/j.iot.2020.100306_bib0002) 2009
References_xml – year: 2014
  ident: bib0010
  article-title: A malicious pattern detection engine for embedded security systems in the Internet of Things
  publication-title: Sensors, vol. 14, no. 12, pp. 24188–24211
– year: 2013
  ident: bib0005
  article-title: Denial-of-service detection in 6LoWPAN based Internet of Things
  publication-title: 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob)
– year: 2015
  ident: bib0017
  article-title: Ultra-lightweight deep packet anomaly detection for Internet of Things devices
  publication-title: IEEE 34th International Performance Computing and Communications Conference (IPCCC)
– year: 2014
  ident: bib0016
  article-title: Anomaly detection using autoencoders with nonlinear dimensionality reduction
  publication-title: in Proceedings of the MLSDA 2014 2nd Workshop on Machine Learning for Sensory Data Analysis, p. 4, ACM
– start-page: 1205
  year: 2014
  end-page: 1213
  ident: bib0008
  article-title: A lightweight intrusion detection scheme based on energy consumption analysis in 6LoWPAN
  publication-title: Advanced Technologies, Embedded and Multimedia for Human-centric Computing
– year: 2015
  ident: bib0012
  article-title: Real time intrusion and wormhole attack detection in Internet of Things
  publication-title: International Journal of Computer Applications, vol. 121, no. 9
– year: 2007
  ident: bib0006
  article-title: IPv6 over low-power wireless personal area networks (6LoWPANs): Overview, assumptions, problem statement, and goals
  publication-title: IETF RFC 4919
– year: 2016
  ident: bib0007
  article-title: A specification-based IDS for detecting attacks on RPL-based network topology
  publication-title: Information, vol. 7, no. 2, p. 25
– start-page: 1
  year: 2018
  end-page: 6
  ident: bib0009
  article-title: Analyzing the performance of machine learning algorithms in anomaly network intrusion detection systems
  publication-title: 2018 4th International Conference on Science and Technology (ICST)
– year: 2018
  ident: bib0001
  article-title: Security as a service: Real-time intrusion detection in Internet of Things
  publication-title: In Proceedings of the Fifth Cybersecurity Symposium, p. 12, ACM
– start-page: 164
  year: 2018
  end-page: 172
  ident: bib0004
  article-title: Intrusion detection and prevention with internet-integrated CoAP sensing applications
  publication-title: Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security - IoTBDS,
– year: 2015
  ident: bib0018
  article-title: Zigbee specification
– volume: 72
  start-page: 79
  year: 2018
  end-page: 89
  ident: bib0013
  article-title: Semi-supervised learning based distributed attack detection framework for IoT
  publication-title: Applied Soft Computing
– volume: 82
  start-page: 761
  year: 2018
  end-page: 768
  ident: bib0003
  article-title: Distributed attack detection scheme using deep learning approach for Internet of Things
  publication-title: Future Generation Computer Systems
– start-page: 57
  year: 2020
  end-page: 68
  ident: bib0014
  article-title: Zigbee IoT intrusion detection system: A hybrid approach with rule-based and machine learning anomaly detection.
  publication-title: IoTBDS
– year: 2016
  ident: bib0011
  article-title: Iot security framework for smart cyber infrastructures
  publication-title: IEEE International Workshops on Foundations and Applications of Self-Systems
– start-page: 139
  year: 2018
  end-page: 146
  ident: bib0015
  article-title: A probabilistic-driven ensemble approach to perform event classification in intrusion detection system
  publication-title: Proceedings of the 10th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management - Volume 1: KDIR, (IC3K 2018)
– start-page: 515
  year: 2009
  end-page: 518
  ident: bib0002
  article-title: Attack model and detection scheme for botnet on 6LoWPAN
  publication-title: Asia-Pacific Network Operations and Management Symposium
– year: 2015
  ident: 10.1016/j.iot.2020.100306_bib0017
  article-title: Ultra-lightweight deep packet anomaly detection for Internet of Things devices
  publication-title: IEEE 34th International Performance Computing and Communications Conference (IPCCC)
– year: 2015
  ident: 10.1016/j.iot.2020.100306_bib0012
  article-title: Real time intrusion and wormhole attack detection in Internet of Things
  publication-title: International Journal of Computer Applications, vol. 121, no. 9
  doi: 10.5120/21565-4589
– start-page: 1205
  year: 2014
  ident: 10.1016/j.iot.2020.100306_bib0008
  article-title: A lightweight intrusion detection scheme based on energy consumption analysis in 6LoWPAN
– start-page: 139
  year: 2018
  ident: 10.1016/j.iot.2020.100306_bib0015
  article-title: A probabilistic-driven ensemble approach to perform event classification in intrusion detection system
– start-page: 1
  year: 2018
  ident: 10.1016/j.iot.2020.100306_bib0009
  article-title: Analyzing the performance of machine learning algorithms in anomaly network intrusion detection systems
– year: 2016
  ident: 10.1016/j.iot.2020.100306_bib0007
  article-title: A specification-based IDS for detecting attacks on RPL-based network topology
  publication-title: Information, vol. 7, no. 2, p. 25
– year: 2007
  ident: 10.1016/j.iot.2020.100306_bib0006
  article-title: IPv6 over low-power wireless personal area networks (6LoWPANs): Overview, assumptions, problem statement, and goals
  publication-title: IETF RFC 4919
– volume: 72
  start-page: 79
  year: 2018
  ident: 10.1016/j.iot.2020.100306_bib0013
  article-title: Semi-supervised learning based distributed attack detection framework for IoT
  publication-title: Applied Soft Computing
  doi: 10.1016/j.asoc.2018.05.049
– start-page: 164
  year: 2018
  ident: 10.1016/j.iot.2020.100306_bib0004
  article-title: Intrusion detection and prevention with internet-integrated CoAP sensing applications
– year: 2014
  ident: 10.1016/j.iot.2020.100306_bib0010
  article-title: A malicious pattern detection engine for embedded security systems in the Internet of Things
  publication-title: Sensors, vol. 14, no. 12, pp. 24188–24211
– start-page: 57
  year: 2020
  ident: 10.1016/j.iot.2020.100306_bib0014
  article-title: Zigbee IoT intrusion detection system: A hybrid approach with rule-based and machine learning anomaly detection.
– year: 2013
  ident: 10.1016/j.iot.2020.100306_bib0005
  article-title: Denial-of-service detection in 6LoWPAN based Internet of Things
  publication-title: 2013 IEEE 9th international conference on wireless and mobile computing, networking and communications (WiMob)
– year: 2014
  ident: 10.1016/j.iot.2020.100306_bib0016
  article-title: Anomaly detection using autoencoders with nonlinear dimensionality reduction
  publication-title: in Proceedings of the MLSDA 2014 2nd Workshop on Machine Learning for Sensory Data Analysis, p. 4, ACM
  doi: 10.1145/2689746.2689747
– start-page: 515
  year: 2009
  ident: 10.1016/j.iot.2020.100306_bib0002
  article-title: Attack model and detection scheme for botnet on 6LoWPAN
– year: 2016
  ident: 10.1016/j.iot.2020.100306_bib0011
  article-title: Iot security framework for smart cyber infrastructures
  publication-title: IEEE International Workshops on Foundations and Applications of Self-Systems
– year: 2018
  ident: 10.1016/j.iot.2020.100306_bib0001
  article-title: Security as a service: Real-time intrusion detection in Internet of Things
  publication-title: In Proceedings of the Fifth Cybersecurity Symposium, p. 12, ACM
  doi: 10.1145/3212687.3212872
– volume: 82
  start-page: 761
  year: 2018
  ident: 10.1016/j.iot.2020.100306_bib0003
  article-title: Distributed attack detection scheme using deep learning approach for Internet of Things
  publication-title: Future Generation Computer Systems
  doi: 10.1016/j.future.2017.08.043
– year: 2015
  ident: 10.1016/j.iot.2020.100306_bib0018
SSID ssj0002963237
Score 2.313451
Snippet The market for Internet of Things (IoT) products and services has grown rapidly. It has been predicted that the deployment of these IoT applications will grow...
SourceID crossref
elsevier
SourceType Enrichment Source
Index Database
Publisher
StartPage 100306
SubjectTerms Machine Learning Anomaly Detection
Rule-based Detection Method
Secure and Efficient Data Collection
ZigBee IoT Intrusion Detection System
Title A ZigBee Intrusion Detection System for IoT using Secure and Efficient Data Collection
URI https://dx.doi.org/10.1016/j.iot.2020.100306
Volume 12
WOSCitedRecordID wos000695695600022&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: ScienceDirect database
  customDbUrl:
  eissn: 2542-6605
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0002963237
  issn: 2542-6605
  databaseCode: AIEXJ
  dateStart: 20180901
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1da9swFBVZu4f1oXRftOsHetjTgostf-rRW1PaPZRBsxH2YhRZGQmtE1I39OfvSLKVkGZjLezFBBE55t7jm6Oro3sJ-ch1DRYpfI9L0LcoSbjHRyLyJPwPgEnd7ME0m0ivrrLBgH_rdEbtWZjFTVpV2cMDn_1XV2MMztZHZ5_gbndTDOAznI4r3I7rPzk-7_4c__qsjCZyfq-TYQgqtbItwW2BcqMtvJz2u_cmU2By7nYboWcqSmh9wJmohU0rSOe7yVL2Pq9UbfUFpu8neGp-q2sulOL2tLtav9Tmb0Q5bvp-nQun6ThTWkFi2yPj2RZLoDrh97XOcavZam6Cres8Hh-a0XENS1LmJYlvN7PVhrE2MLONMd6mGyan46nWwjIj9Aj9tXra5h_6Wt9W35XphV-YRS_INktjjui3nV_2Bl9dNo4hDjFTYNU9SbsFbsSAa7-1mcSsEJP-HtltVhQ0t0h4TTqqekN2VupMviU_cmoxQR0mqMMEtZigwAQFJqjBBLWYoDA_dZigGhN0iYl35Pt5r__lwmsaaniS8bT2ggxcRAYiiDMWy1jJaKSwQi25DLkqYyyVwyBQQzD6kqWJijHEEoZ3WfpgrTEP35OtalqpfULB47OhAB2MsjJK8aLDfFE8zMSQydAvxQHxWwsVsqk2r5ue3BStrHBSwKiFNmphjXpAPrkpM1tq5W9fjlqzFw1XtBywAEz-PO3D86YdkldLeB-RLbhKHZOXclGP7-YnDZh-Aybih5w
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+ZigBee+Intrusion+Detection+System+for+IoT+using+Secure+and+Efficient+Data+Collection&rft.jtitle=Internet+of+things+%28Amsterdam.+Online%29&rft.au=Sadikin%2C+Fal&rft.au=Deursen%2C+Ton+van&rft.au=Kumar%2C+Sandeep&rft.date=2020-12-01&rft.pub=Elsevier+B.V&rft.issn=2542-6605&rft.eissn=2542-6605&rft.volume=12&rft_id=info:doi/10.1016%2Fj.iot.2020.100306&rft.externalDocID=S2542660520301384
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2542-6605&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2542-6605&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2542-6605&client=summon