Research On 6LoWPAN Intrusion Detection Technology Based On Evolutionary Game

The Internet of Things give the object network identity,which led to a great improvement in lifestyle,office works and industrial production.The Wireless Personal Area Network is one of important components of Internet of Things,such as 6LoWPAN.Its low power consumption,support for IPv6,self-organization and wide connections can adapt to many application scenarios.The 6LoWPAN nodes,mostly based on embedded devices,usually have limited capacities,such as processing,storage,communication and energy.Because of weak security protection capability,6LoWPAN can’t defend many attackes that from the WPAN side and the Internet side.Establishing a security barrier with intrusion detection technology can effectively resist malicious network attacks.In this thesis,the research on intrusion detection technology is carried out for the network layer and application layer against 6LoWPAN stack security issues,which mainly includes four aspects.First,an in-depth analysis of the confrontation scenarios of intrusion and detection has been done.According to the game phenomenon in biological evolution,discovered the one-to-one correspondence between various intrusion detection elements and the evolutionary game.Abstracted the intruder group and the detector group with bounded rationality,and the 0day vulnerability was analogous to the biological mutation mechanism.Second,according to the asymmetry of information between groups,the shared game information was defined as public knowledge,and the potential security threat(e.g.0day vulnerability)was defined as stealth knowledge,and the CVSS v3.0 standard was used to quantify the cost and benefit of the strategy.The Intrusion-Detection Evolutionary Game Model(IDEGM)has been built on public knowledge information,and the public knowledge evolution and stability detection strategy was obtained by calculating the dynamic equations of the group replication.Third,in order to detect potential intrusion behaviors,the strategy Swim Bladder factor γ was defined to indicate whether the stealth knowledge strategy should be selected,and the γ can be calculated by the atomic correlation between the strategies.Finally,the IDEGM was used to design the Optimal Detection Strategy Selection Algorithm(ODSSA).Fourthly,against the network layer RPL protocol attackes,e.g.selection and forwarding attack,sink-hole attack,witch attack,and application layer MQTT protocol attackes,e.g.DoS,remote code execution,arbitrary memory reading and other CVE vulnerabilities,the prototype system was designed according to the best stability strategy obtained by ODSSA.Especially,firstly extended the detection engine of the MQTT protocol based on the open source IDS Suricata,and proposed the Adaptive Energy Saving Algorithm(AESA)to improve the RPL detection engine SVELTE.The experimental environment was set up and the experimental test scheme was designed to verify the effectiveness of algorithm,prototype system for detecting intru-sion behavior,the influence of evolutionary game on detection rate,overall utility and system resource occupation.According to the experimental results,the prototype sys-tem designed in this thesis can maintain the detection rate of more than 90% and con-trol the false alarm rate within 6%.The introduction of game decision can increase the utility value of the strategy by 3.5% and reduce the CPU and memory occupancy rate of the detection system.Finally,it is concluded that the detection model and prototype system proposed in this thesis can effectively detect the intrusion behavior in 6LoWPAN network.