Efficient time-delay attack detection based on node pruning and model fusion

Abstract

IoT devices are vulnerable to various attacks because they are resource-limited. This paper introduces a novel type of attack called time-delay attack. The malicious nodes delay packet forwarding by extending the processing time of packets, thus affecting the performance and availability of the network. This attack is very stealthy and difficult to detect because it does not violate any communication protocol. To the best of our knowledge, how to detect the time-delay attack in IoT networks is still an open problem. We first propose a machine learning-based baseline algorithm to detect the time-delay attack. It models the system features of each node and the forwarding time of packets to detect whether a node is malicious or not. However, the baseline algorithm needs to detect all nodes in the network, which causes unnecessary resource consumption. Moreover, using a single model in the baseline algorithm does not have high robustness. To reduce the overhead and improve the detection performance, we design an efficient Detection algorithm based on Node pruning and Model fusion (DNM). DNM uses node pruning to filter out suspected nodes from all nodes. The suspected nodes are then detected according to a fusion model. We conduct experimental evaluations based on the Cooja network simulator. The experimental results show that baseline and DNM possess close to 90% accuracy, and DNM significantly outperforms other algorithms with an average F1-score of 0.85.