Accurate Detection of Sinkhole Attacks in IoT Networks Using Local Agents
In this paper we explore the feasibility of employing local security agents to detect sinkhole attacks in IoT multihop networks. Sinkhole attacks, which divert traffic towards the compromised node(s), prevent information from reaching their intended destination. Sinkhole attacks are unique in their operation and are often difficult to be recognized locally. We examine three types of local agents and employ thresholds, binary logistic regression (BLR) and support vector machines (SVM) as anomaly detectors. The local security agents’ deployment and evaluation is done both in a simulated environment and in a real network of resource-constrained nodes. We have concluded that threshold-based detection is not suitable for deployment in local agents. During the evaluation phase, the BLR and SVM detection modules for the Sinkhole attack are found to be able to detect the presence of the Sinkhole attack, with exceptionally high accuracy.