Research Article Hierarchical and On-Demand Attack Defence Framework for IoT Devices

Internet of Things ( IoT) devices are lightweight such that they generally possess low battery power. Hence, the chances of battery exhaustion and ﬂ ooding attacks are more. In order to perform attack response actions against various attacks, this paper proposes Hierarchical and On-Demand Attack Defence Framework (HOAD) for IoT security. In this framework, primary (PC) and secondary controller (SC) nodes are deployed in the network along with the IoT devices. The SC scan be moved on-demand by the PC. The response agent at PC will ﬁ rst establish a new route via the SCs by excluding the intruders and the suspected nodes. Then, it will resend the stored packets to their destination via the newly established route. The proposed HOAD framework is implemented in NS2 and compared with the MECshield framework. Simulation results show that the HOAD has reduced end-to-end delay, increased packet delivery ratio, and increased residual energy.


Introduction
IoT is considered as the third industrial revolution. It is defined as "the interconnection, via the Internet, of computing devices embedded in everyday objects, enabling them to send and receive data." IoT devices are capable of gathering information from specific region at specific time intervals. IoT is useful in various applications such as smart homes, education, and healthcare [1].
IoT networks face many challenges with respect to connectivity, computing, and security. Since IoT devices possess low battery power, the chances of battery exhaustion and flooding attacks are more [2].
The complexity in the nature of IoT security rotates around the reality that, since, it is a great challenge to combine several technologies into one; the system tries to connect devices securely which have limited computation capability, storage, and power. Few of the devices utilized by IoT can hold only a little basic mechanism of security measures, some of which are not capable to maintain the confidentiality and integrity of the users' information data.
There are three primary entities which poses threats to the privacy and security in IoT: dishonest users, bad manufacturer, and outside attackers. Various-type attacks targeted towards IoT devices include tampering of device, information revealing, denial of service (DoS), and spoofing [3].
Owing to their resource limitations and heterogeneous nature, conventional security solutions may not be applicable for IoT systems. Hence, there is a need for developing alternate solutions for defending against attacks in IoT networks [4].
The defensive techniques can be useful to develop the efficient model for securing the Internet of Things (IoT). The effort for developing defensive techniques will be easier and efficient once we understand the behaviour of the attacks completely [5].
1.1. Problem Identification. In our previous work, an authorization, attack detection, and avoidance (AAA) framework for IoT devices has been developed. The detection agent checks the collected traffic information against attack rule table. If any matching attack pattern is found, it informs the attack type to response agent. Once the response agent obtains the attack type from detection agent, then it estimates the severity of attack by computing the attack frequency over different time windows, and appropriate action will be performed.
In order to perform attack response actions against various attacks, we propose a hierarchical self-healing framework for IoT security, as an extension work.
In this framework, whenever the RA receives the intrusion confirmation message from the detection agent, it triggers the response action, by broadcasting the reroute information to the PC. Then, PC establishes a new route via the SCs by excluding the intruders and the suspected nodes. After that, it will resend the deposited packages to their terminus through the freshly reputable way.

Related Works
A localized DDoS prevention framework known as MEC-Sheild has been developed [2].
Nhu-Ngoc et al. [2] have proposed MECshield, a restricted DDoS avoidance outline leveraging MEC power to set up numerous shrewd sieves at the verge of related attack-source/terminus systems. The support amongst the shrewd sieves is overseen by a dominant regulator. The dominant regulator confines every shrewd sieve by serving suitable teaching factors into its self-organizing map (SOM) module, centred on the offensive conduct. The presentation of the MEC defence outline is tested using three typical IoT traffic scenarios.
Daz López et al. [4] have proposed a safety way out centred on the administration of safety activities inside IoT situations so as to precisely recognize doubtful actions. To this conclusion, diverse susceptibilities discovered in IoT strategies are defined, along with exclusive structures that make these strategies an alluring objective for outbreaks. Lastly, three IoT outbreak situations are offered, defining oppressed susceptibilities, safety activities produced by the outbreak, and precise reactions that could be propelled to support lessening the influence of the outbreak on IoT strategies.
Ketan et al. [6] have proposed a novel method that influences verge figuring to set up verge operations that collect info about inbound congestion and transfer that info through a fast-path with a close discovery facility. This quickens the discovery and the capture of such outbreaks, restraining their destructive effect. Initial examination displays assurance for up to 10x quicker discovery that decreases up to 82% of the Internet congestion because of IoT-DDoS.
Ali et al. [7] have proposed new discovery methods or refining prevailing ones, but there is a scarcity of awareness about the recent sorts of Sybil outbreaks and their counter mea-sures. The determination of their article is to discover the diverse sorts of Sybil outbreaks and possible countermeasures.
Vincentius et al. [8] have proposed a wide-ranging home system protection, Pot2DPI, and utilise it to increase an assailant's improbability about strategies and allow the home system to observe congestion, sense irregularities, and sieve spiteful packages. The safety presented by Pot2DPI arises from a combination of applied methods: honeypot, deep packet inspection (DPI), and a understanding of moving target defense (MTD) in port forwarding. In specific, Pot2DPI has a series of honeypot and DPI that gathers doubtful package suggestions, obtains outbreak initials, and connects sifting instructions at a home router timely. In the meantime, Pot2DPI scuffles the plotting of ports amid the router and the strategies associated to it, creating a besieged outbreak hard and protection more real.

Proposed Solution
3.1. System Model. Here, S represents the sink node. PC and SC represent the primary and secondary controllers. Z1-Z8 represent the IoT devices.
In this framework, primary (PC) and secondary controller (SC) nodes are deployed in the network along with the IoT device. The SCs can be moved on-demand by the PC [9].
It is assumed that the response agent (RA) resides at the PC. The SCs are connected to a set of IoT devices as well as with each other. The PC will have the accurate location information of each node and SCs at the time of deployment. When a SC becomes mobile, it will update its network topology information.
3.2. Overview. In this paper, we propose a hierarchical selfhealing framework for IoT security. Whenever the RA receives the intrusion confirmation message from the detection agent, it triggers the response action, by broadcasting the reroute information to the PC. Then, PC establishes a new route via the SCs by excluding the intruders and the suspected nodes. After that, it will resend the deposited packages to their terminus through the recently recognised way.

Attack Recovery
Procedure. The steps involved in this process are as follows: When a standby RREQ is transmitted, the dependability track is utilised to decide the finest suitability standby path also. If a nodule on the major path that has only one standby path info expected a standby RREQ, the dependability track from base to terminus in the standby RREQ is initially taken into consideration.
If the dependability of the track along its principal standby track from itself to the terminus is better than terminus of the standby RREQ, it removes the acknowledged standby RREQ noiselessly to stop generating a very little dependability standby track for the demanding nodules. Else, a standby RREP package is engendered and unicasted again to the standby path demanding nodule. When a nodule which is on the principal track acknowledged a standby RREQ, it removes RREQ message and avert a dismissal message. If a standby RREQ with subsequent step along the principal track is acknowledged by the terminus, then it is noiselessly rejected so as to avert a creation of unusable standby track coinciding with the principal track; else, a standby RREP or appeal to standby path via the equivalent track is engendered. When the recovery process is initiated, the main route is changed to the secondary route, and the packets are delivered to destination. Figure 1 shows the primary and backup route setup process, whereas Figure 2 shows the backup route switching process.
As exposed in Figure 3, once the base obtains the principal RREP, the path of data transfer from base to terminus (S ⟶4 ⟶ 3 ⟶ D, S ⟶ A ⟶ B ⟶ C ⟶ D, S ⟶1 ⟶2 ⟶ D) is recognized and then receipts the dependability track as choosing principal path technique. If the path S ⟶ A ⟶ B ⟶ C ⟶ D is the greatest (43 R > R SABCD s D, 12 R > R SABCD s D) dependability, and then, the path is the b principal path. In principal path, every nodule needs to take standby path, e.g., standby path for nodule A is S →1 → B, for nodule B is S ⟶ A ⟶2 ⟶ C, and for nodule C is S → A → B →2 → D are also formed. If the nodule B is sensed as an assailant, the principal track immediately shifts to the standby path as exposed in Figure 1.
On establishing the route, devices that are deployed over the network plane are responsible for reporting to the edge device, which is further connected to the cloud server for processing. The process is given in Figure 4.            Table 3 and Figure 5 show the E2D occurred in case of both frameworks. The figure shows that HOAD has 25% lesser E2D when compared to MECSheild. Table 4 and Figure 6 show the PDR measured in case of both frameworks. It was seen that HOAD has 0.84% higher PDR than MECSheild. Table 5 and Figure 7 show the throughput measured in case of both frameworks. It has been seen that HOAD has 54% higher throughput than MECSheild. Table 6 and Figure 8 show the average residual energy measured, in case of both frameworks. It was observed that HOAD has 1% higher residual energy than MECSheild.

Based on Attack
Frequency. In this section, results are plotted by varying the attack frequency from 50 to 150 Kb. Table 7 and Figure 9 show the E2D occurred in case of both frameworks. From the figure, it can be seen that HOAD has 25% lesser delay than MECSheild. Table 8 and Figure 10 show the PDR measured in case of both frameworks. It was seen that HOAD has 0.1% higher PDR when compared to MECSheild.       Wireless Communications and Mobile Computing Table 9 and Figure 11 show the throughput measured in case of both frameworks. It has been seen that HOAD obtains 55% higher throughput than MECSheild. Table 10 and Figure 12 show the average residual energy measured for both the frameworks. It was observed that HOAD has 2% higher residual energy than MECSheild.

Conclusion
In this paper, we have proposed a hierarchical self-healing framework for IoT security. In this framework, primary (PC) and secondary controller (SC) nodes are deployed in the network along with the IoT devices. The SCs can be moved on-demand by the PC. The response agent at PC will first establish a new route via the SCs by excluding the intruders and the suspected nodes. Then, it will resend the stored packets to their destination via the newly established route. By simulation results, we have shown that the proposed technique increases the efficiency and reduces overhead and energy consumption. Advanced cryptographic standards can be used to tighten the security process in a more efficient manner by evaluating more types of threats. The security paradigm can be used in a 5G-based IoT network as well.

Data Availability
No data were used to support this research work.

Conflicts of Interest
The authors declare that they have no conflicts of interest.