Code Monkey home page Code Monkey logo

asset's Introduction

ASSET: An Sdn-inspired intruSion dEtection sysTem for Rpl

A centralized (SDN-paradigm) controller to monitor IoT networks. In this implementation, it cooperates with Cooja, the contiki emulator to monitor RPL networks. The project was the basis for a publication in Elsevier Future Generation Computer Systems, https://doi.org/10.1016/j.future.2021.07.013

This is a controller for IoT Networks running RPL protocol. It follows the SDN paradigm, hence it only communicates with the sink. The controller is able to identify an intruder, and the attacked nodes. Intro video The controller will automaticailly discover the underlying network, monitor in real time, an depict changes. A video example here, where the network, starts and then node no 7 changes position. After a while (remember, RPL takes time to adjust), the node's new position and parent are automatically depicted in the GUI. An actual attack is identified in this video, by two attacker (purple color). The network nodes are connected via the attackers who are implementing two attacks: rank attack & grayhole attack. After minute ~5, the attack is identified. the controller runs kMeans algoritm, finds all suspicious nodes, runs a Kosaraju algorithm to find how many stronlgy connected graphs there are, and at the end finds the mother of each such sub-graph. The "mother(s)" identified are the attackers. As a meta-step, the network can exclude the attackers from being selected as parents by using "coloring" from a previous work, a video here, papers here & here.

You can freely run, modify, adapt it, use it for your research project. You also need a contiki OS with specificly adapted nodes (sink-client-intruder) in order to run experiments. The "proffesional" way which gives you access to all, is to download contiki TWICE:

  1. the contiki (slightly altereed with a lot of custom messages, etc.) from [here]. Go to contiki/examples/ipv6/rpl-udp-fresh/ and run one of the many *.csc files there. they all use the same two nodes: udp-server.c and udp-client.c. The *dixon*.csc emulations are using the respective *dixon*.c sink/client code.
  2. In order to include one or more intruder node(s), you have to download another contriki version (completely separated), from contiki-malicious, or contiki-malicious-controller-aware, or contiki-malicious-controller-aware-version-attack. Again, in all cases, the intruder code is in contiki/examples/ipv6/rpl-udp-fresh/*.c.

2023 INSTALLATION UPDATE

All JavaFX libraries were embedded in the folder /libraries. It was found that the project was not really portable when expecting those libraries to be found in the Java JRE/JDK.Specificallly, it only worked with specific Java flavous (Oracle), when those included all the JavaFX libraries, otherwise the project was failing on runtime (compile was ok!). You can read more in such articles: https://stackoverflow.com/questions/51478675/error-javafx-runtime-components-are-missing-and-are-required-to-run-this-appli

With the above "hack" I tried the project in a clean Ubuntu 20 installation (September 2023). If any problems, email [email protected]

HOW TO RUN IT

Look in the picture above for details. Open in cooja any of the network setups inside the folders in the altered Contiki folders described above, or just create a custom network with one server node, and multiple clients. You may omit the attacking nodes. DON’T START COOJA YET. Open ASSET project in any IDE (I run it in Eclipse, but any other one should work fine , e.g., netbeans). Run the main.java file. It should start automatically and open two windows: 1. The GUI with the dynamic map of the network, and 2. The log serial output. In this screen, just press “Start” BEFORE you start cooja. After you start ASSET, pay attention to the log output. Is the serial port found the same with the one in cooja? If not, play with the values of “searchFromNum” and searchUpToNum” variables in the SerialProbePort.java file. Sometimes, some Ubuntu versions falsly advertise other ports as open. If you did everything correctly, you should the message “SUCCESS, Serial Port found. Dev/pts/XX, where XX should be the same number with the one depicted in cooja in the “Serial 2 PTY” window for Serial Device (2nd line). After a while, the logs of the discovered nodes will start appearing, and the network GUI should be filled accordingly. As soon as you implement attackers into the network, you may start experimenting with the other buttons (kMeans, Print Edges, Chebyshev).

##DONT FORGER TO CITE...

George Violettas, George Simoglou, Sophia Petridou, Lefteris Mamatas, A Softwarized Intrusion Detection System for the RPL-based Internet of Things networks, Future Generation Computer Systems, Volume 125, 2021, Pages 698-714, ISSN 0167-739X, https://doi.org/10.1016/j.future.2021.07.013.

SPECIAL THANKS

Kyriakos Vougioukas ([email protected]) created a superb testing framework in Python, fully parameterizable, which was used for extensive tests of Dixon-Q test, and Chebyshev's Inequality. He also made it freely avaliable, !here. You can obviously use it for other purposes. I sincerely thank him...

SCREENSHOTS

Controller in Action 1

Controller in Action 2

Controller in Action 3

Controller in Action 4

Controller in Action 5

Controller in Action 6

asset's People

Contributors

georgevio avatar

Stargazers

 avatar  avatar  avatar

Watchers

 avatar  avatar

asset's Issues

How to make the controller link to sink?

Hello,George. I am very interested in the implementation of controller. And I run the project, but I don't know how to make controller link to sink by serial 2 pty. Could you teach me more detailed? Thanks very much!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.