Improving Sinkhole Attack Detection Rate through Knowledge-Based Specification Rule for a Sinkhole Attack Intrusion Detection Technique of IoT

Abstract

The Internet of Things (IoT) is a technology that enables various IoT devices to collect data through sensors or sensor networks and to allow devices to share the collected data in an internet environment. Therefore, most communication is made wirelessly, and it is very vulnerable to a blackhole, selective forwarding, and sinkhole attacks that can occur in the network. One of the destructive attacks is the sinkhole attack, which compromises the integrity and reliability of data in a network. In general, the sinkhole attack detection method used by ad hoc networks and WSNs is less effective than the method used for IoT because of environmental differences. Therefore, the Intrusion detection of SiNkhole attack on 6LoWPAN for InterneT of Things (INTI) method can detect sinkhole attacks occurring in IoT. In this study, rules are defined using a specification-based approach of intrusion detection technology based on the number of input/output transmissions collected in the monitoring phase of INTI. Knowledge base rules were defined to thresholds of normal operation, and different rules were defined according to the role each node plays in improving sinkhole attack detection rates.