ELNIDS: Ensemble Learning based Network Intrusion Detection System for
RPL based Internet of Things
Abstract
Internet of Things is realized by a large number of heterogeneous smart
devices which sense, collect and share data with each other over the
internet in order to control the physical world. Due to open nature,
global connectivity and resource constrained nature of smart devices and
wireless networks the Internet of Things is susceptible to various
routing attacks. In this paper, we purpose an architecture of Ensemble
Learning based Network Intrusion Detection System named ELNIDS for
detecting routing attacks against IPv6 Routing Protocol for Low-Power
and Lossy Networks. We implement four different ensemble based machine
learning classifiers including Boosted Trees, Bagged Trees, Subspace
Discriminant and RUSBoosted Trees. To evaluate proposed intrusion
detection model we have used RPL-NIDDS17 dataset which contains packet
traces of Sinkhole, Blackhole, Sybil, Clone ID, Selective Forwarding,
Hello Flooding and Local Repair attacks. Simulation results show the
effectiveness of the proposed architecture. We observe that ensemble of
Boosted Trees achieve the highest Accuracy of 94.5% while Subspace
Discriminant method achieves the lowest Accuracy of 77.8% among
classifier validation methods. Similarly, an ensemble of RUSBoosted
Trees achieves the highest Area under ROC value of 0.98 while lowest
Area under ROC value of 0.87 is achieved by an ensemble of Subspace
Discriminant among all classifier validation methods. All the
implemented classifiers show acceptable performance results.