Naive Bayes and Dempster Shafer based Trust Model to Secure RPL Routing Protocol
on Internet of Battlefield Things (IoBT) Environment
1T.Janani and2K.Prathapchandran 1Research scholar
2Assistant Professor
1,2Department of Computer Science
Karpagam Academy of Higher Education Coimbatore- 641021, Tamilnadu, India
1janani0609@gmail.com,2kprathapchandran@gmail.com
Article History: Received: 11 January 2021; Revised: 12 February 2021; Accepted: 27 March 2021; Published
online: 16 April 2021
Abstract: Recently, the Internet of Battlefield Thing (IoBT) application is popularly used in the
battlefield environment to enhance the mission effectiveness. Ensuring security in IoBT is a more crucial task because most of the IoBT nodes used in the battlefield network are resource-constrained devices. Therefore, an attacker may exploit the security vulnerabilities in IoBT devices. Achieving cooperativeness and trust on the battlefield is a difficult task in a dynamic and scalable environment. Traditional security mechanisms such as cryptography technique, anomaly detection is not suitable for a highly flexible and distributed battlefield environment. The IoBT requires a secure routing protocol based on trust instead of traditional security mechanisms to ensure secure communication on the battlefield. Hence, in this paper Naive Bayes and Dempster Shafer Trust Model (NBDSTrust) is proposed. The proposed model is specially designed for group-based communication like a battlefield environment. In the mobile and wireless IoBT environment, each node is responsible to evaluate and maintain the trust value of the neighbor nodes. The proposed model identifies the black hole attack and isolates the malicious IoBT nodes from the network. In the battlefield environment, both QoS trust and social trust are important which are received from the communication and social network. This model uses the Naive Bayes and Dempster Shafer Theory to detect and remove the misbehaving IoBT nodes from the battlefield environment. The Naive Bayes is the machine learning technique to classify and predict the node’s behavior that provides an accurate trust estimation for IoBT nodes that assist to select trusted nodes for routing operation in the IoBT network. The Dempster Shafer Theory is a belief theory that combines several recommendation trusts and reduces the impact of the bias recommendation. The mathematical analysis has proven the applicability of the NBDSTrust in such IoBT. The simulation results show that the proposed model is better than the others in terms of various performance metrics.
Keywords: IoBT, Security, RPL, Trust, Naive Bayes Theory, Dempster Shafer Theory, blackhole
attack.
1. Introduction
With the development of different new technologies, the tiny size of computational devices and low-cost IoT devices increases the number of IoT users constantly. Due to the significant growth of smart devices, the concept of IoT has arisen. The Internet of Things (IoT) concept has arrived from intelligent objects. The IoT makes a composite network that exists of non-homogeneous intelligent devices. The IoT is popularly used in a variety of application domains that need the data to be sensed, collected, processed, and scrutinized to make an intelligent decision based on the analysis. The IoT framework plays an important role to enhance human life that provides smart applications including smart homes, smart health, smart vehicles, smart industry, military application, etc [1]. The IoBT applications are one of the emerging applications to enhance the mission effectiveness in the battlefield environment.
In an existing military network, sensors and IoT devices are attached to the applications that provide accurate and full information about the battlefield and also enable situation awareness decision
making by the commander and soldier. The integration of IoT with the existing military networks creates the Internet of Battlefield Things (IoBT) [2].
In an IoBT environment, whole military units are interconnected on the battlefield to improve the effectiveness of the military networks and also to achieve a mission. In the battlefield environment soldiers, drones, and autonomous vehicles are attached to different IoT devices, actuators, and sensors. These IoT-enabled battlefield environments facilitate the military commanders to receive transitory information about the current status of the military units. For example, wearable devices can send information about the soldier's current situation, besides sensors attached to vehicles can transfer real-time data about the vehicle's current status. One of the significant features of the IoT is mobile crowd-sensing which is very useful in the battlefield environment [2].
Commanders analyze the real-time data that is accumulated from various unmanned sensors and reports from the battlefield and take certain decisions. These commanders use a broad range of data generated by sensors and cameras placed on the ground, manned, and unmanned vehicles or soldiers [3]. The data aggregated from all the IoBT nodes gives exact and appropriate information, thus enhancing the effectiveness of the military mission [4]. High-grade military units are supported with inclusive situation awareness via a central operations place that gets the information from the platforms. Lower level military units also receive the information in their area [3].
Generally, the IoBT is highly susceptible when compared to the commercial IoT, because of the adversarial feature in the battlefield environment [5]. It faces several challenges such as integrating heterogeneous devices, integrating various technology, environmental conditions, security, maintaining trust level, etc. The main goal of the adversary is to interrupt the network connectivity by attacking the IoBT devices and take control over those devices. Security services like authenticity, confidentiality, integrity, availability, authorization, and non-reputation can provide security using various cryptography techniques but it requires key management. Due to the resource constraints of the IoBT devices and the dynamic battlefield environment, traditional cryptography techniques are not applicable in the IoBT [6]. The susceptibility of the IoBT nodes requires lightweight security solutions. Therefore, IoBT requires a trust model to evaluate the node's behavior to provide security on the battlefield.
In the battlefield environment, both Quality-of-Service and social trusts are important to achieve a mission. Therefore, the proposed trust-based model uses QoS and Social trust to evaluate the node behavior. Each IoBT node selects the one-hop neighbor nodes based on these trust values. Nodes with the highest trust value will be involved in the mission to maximize the probability of mission success. Low trust nodes may be seized by an attacker or may not cooperate with the neighbor nodes, that IoBT nodes are isolated from the network. By isolating such IoBT nodes from the network, security can be ensured in the battlefield environment.
1.1 Contribution
In this paper, we propose a secure RPL routing protocol in the IoBT environment using a trust aware mechanism called NBDSTrust. The main goal of the NBDSTrust is to ensure secure and reliable data transmission between different IoBT nodes in the massive and distributed IoBT networks.
The primary contributions of the NBDSTrust model are listed below:
● The NBDSTrust model is embedded with the RPL routing protocol to enhance the security of the Internet of Battlefield Network (IoBT) network.
● This model is primarily designed to detect the black hole attack in the IoBT network by using trust metrics such as correctly forwarding ratio, delay, energy, and selfish behavior. The black nodes are isolated from the network, In this way security can be ensured in the IoBT network. ● The NBDSTrust model is implemented in the Cooja, the Contiki network simulator.
● The performance evaluation of the NBDSTrust model is compared with the existing similar works to show the accuracy and effectiveness of the NBDSTrust.
1.2 Organization
The rest of the paper is organized as follows. Section 2 presents a review of the literature. Section 3 describes the background of the RPL protocol, the Naive Bayes Classifier, and Dempster Shafer Theory, Section 4 describes the proposed NBDSTrust model with its
working methodology and mathematical analysis, Section 5 presents the simulation and performance evaluation of the NBDSTrust model with various performance metrics. The conclusion of the paper is presented in section 6.
2 Related Work
With the growing trend in the field of IoT, many research works were developed by the researchers to provide the solution for both security and trust in general IoT and also in IoBT. This section presents a summary of existing recent research work that includes cryptography-based, anomaly-based, and trust-based security models.
In [7] authors (Bhalaji et al.,2019) proposed a trust-based security mechanism for RPL protocol, that counters the black hole attack. Every node in the network is assigned with certain trust values, based on these trust values routing decisions are made in the RPL network and classifies the trusted and malicious nodes in the IoT environment. The preferred parent is selected based on the node's rank value and expected transmission count in the network. Their approach is implemented in both the inter-DODAG level and the intra-DODAG level. In [8] authors (Patel et al.,2019) proposed a strainer-based mechanism for intrusion detection in 6LoWPAN for the IoT to counter black hole attacks on the RPL. This model first creates a suspect list from the node’s behavior then these nodes are verified by its neighbor node during the network operation. Finally, the root node discards the misbehaving IoT nodes in the RPL network. This system analyzes malicious nodes only. In [9] authors (Kandhoul et al.,2019) proposed a reputation-based approach to provide security for opportunistic IoT where the trust evaluation is done for each node based on its behavior in the network. Malicious nodes are detected and avoided from the routing. Every node in the network maintains two lists: one is a trusted nodes list that is used to involve the message transmission and another one is a malicious nodes list that is avoided from the message transmission.
In [10] authors (Alnasser et al., 2017) proposed a trust model using fuzzy logic for secure routing. This paper uses packet forwarding ratio, amiability, ER, and correct packet ratio trust metrics to compute the direct trust, and indirect trust is computed from the received recommendations. Then, the overall trust is computed using the weighted average of direct trust and indirect trust. They used fuzzy logic to identify the untrustworthy nodes in the smart grid. In [11] authors (Zhang et al., 2019) proposed a Cuckoo-RPL to counter black hole attack in smart metering. They used the cuckoo filter to form a hash table that contains all the authorized members of the AMI network. In this system, malicious nodes are avoided by blocking the DIO control messages from the malicious nodes. In [12] authors (Lim et al., 2018) present an energy-efficient trust computation model in a military IoT environment using stepwise tree-structured routing. In this model trust, the computation process is done only by parent nodes. when the parent node suspects the malicious behavior of the child nodes, then the trust computation process is invoked. This process is done in two phases: the child node inquires to its parent node and local calculation of the trust value.
In [13] authors (Seyedi et al.,2020) proposed intrusion detection mechanisms to counter the black hole attack. They used the hello packet table (HPT) and an intelligent agent-based method to provide trusted IoT. This scheme has three phases: Each node listens to the adjacent nodes and applies the pre-routing process as the first phase of this system. During this phase, black hole attacks are identified. In the second phase, the suspicious nodes are identified and separated from the network. In the final phase, the selected routing path from source to destination is verified. In [14] authors (Airehrour et. al.,2017) proposed a security solution based on trust to mitigate black hole attacks and selective forwarding attacks in IoT networks. They used fuzzy logic to identify trusted nodes and selected the trusted routing path for successful data packet transmission. In [15] authors (Conti et. al.,2017) propose a secure and scalable routing protocol for IoT networks. They used a lightweight remote attestation mechanism to ensure the integrity of the node. Piggyback's attestation is evaluated on the RPL control messages and ensures security in the IoT network.
In [16], the authors (Prathapchandran et al., 2021) proposed trust-based authentication approach to secure RPL Routing Protocol on Internet of Battlefield Thing (IoBT) environment using decision tree machine learning algorithm called DTTrust model. This model is primarily designed to mitigate the rank attack in the battlefield environment using a decision tree algorithm. The decision tree is the predictive modeling and machine learning algorithm that gives an accurate estimation that classifies
the node behavior. It efficiently detects the malicious nodes (i.e., rank attackers) to assure authentication and construct a secure and reliable routing protocol in the IoBT network. Either direct or indirect trust is used to evaluate the BT behavior. Both parent and child BT's trust values are computed. In the DTTrust model, the most tru00sted BT is selected for routing operation and identifies the rank attacker. The increased rank attacker is considered as BT, for those nodes one chance will be given to change their behavior. And the decreased rank attacker is considered as malicious BT, those are permanently removed from the battlefield network.
The proposed work differs from the existing research work mentioned above. This model used a Naive Bayes classifier and Dempster Shafer Theory for trust computation in the IoBT network. This model identifies and removes the malicious IoBT nodes from the network. Only trusted nodes are involved in the mission others are discarded from the network. In this way, security can be ensured in the battlefield network.
3 Background
This section presents an overview of the RPL protocol and a brief description of the Naive Bayes classifier and Dempster Shafer Theory.
3.1 RPL Overview
RPL (Routing Protocol for Low-Power and Lossy Networks) is a proactive routing protocol and it is based on Destination Oriented Acyclic Graph (DODAG) [17]. In the DODAG construction process, the nodes in the network transfer the packet to the border root via the parent node, then the border root discovers the path to transfer the packet to the target node. Data packets transfer through either upward or downward direction. It allows a greater number of RPL instances in the network, every RPL instance consists of several Destination Oriented Directed Acyclic Graphs (DODAG) networks, where many sensor nodes are associated with the root. These roots are all linked together with each other through the internet by a transmit link. The primary attention of the RPL is to create the routing topology to auto-optimize and avoid loops in the network. The rank concept is used to avoid loops in the RPL. Therefore, each node in the network should compute rank based on its parent rank and it should not be less than the parent node [16]. RPL rank represents the distance between the DODAG root and the parent node. The auto-optimization is managed by a global and local repair mechanism that will repair any disconnected link [18].
There are two kinds of sensor nodes in the RPL network, one is storing mode that can collect and transfer the data packets to neighbor nodes, another one is a non-storing mode that can only transfer the data packets to its neighbor. All the root nodes are storing mode which contains the routing table about the whole network. The root node has the right to provide authority to a few other nodes to keep the routing details for a certain part of the network. There are four control messages in RPL that are DODAG Information Solicitation (DIS), Information Object (DIO), Advertisement Object (DAO), and Advertisement ObjectAcknowledgement (DAO-ACK). In the initial stage of the DODAG construction process, the DODAG root node broadcasts the DIO control messages to all participant nodes in the network. If the participant nodes do not receive any DIO messages then it may request DIS control messages to the DODAG root node. The DODAG has trickle timers, participant nodes should broadcast the DAO messages within the interval of time [17].
3.2 Naive Bayes Classifier
The term Naive Bayes is from Bayesian statistics which deals with a simplex probability classifier. It employs the Bayes theorem along with a naive hypothesis. This probabilistic model is an independent feature model. The primary assumption of this classifier is the existence of one attribute is different from other attributes. Due to the accuracy in the probabilistic model, Naive Bayes classifiers can be trained very well in the supervised learning framework. It works very well in more complex real-world problems. The primary merits of this classifier are it needs very less training data to evaluate the parameters that are required for classification.
It is the quick and incremental approach that can deal with both discrete attributes and continuous attributes. It can provide superior performance for a real-life situation [19].
Naive Bayesian classifiers have proven as a strong tool for providing the solution for classification problems in several application domains. It is a model of a collective probability distribution over a group of stochastic variables [20].
1) In theoretical, Naive Bayes classifier’s probabilistic model is defined as follows:
Sample B is a Boolean variable, A is a multidimensional Boolean vector and denoted as A=<A1,
A2,...An>
Where Airepresents the ithBoolean attribute.
Bayesian theorem equation is as follows; P(B|A) = P(A|B)xP(B)
i=1
n P(Ai|B)xP(B)
2) Assume the target function of 'f' is defined as follows; f: A→ B,
the maximum likelihood value of B can be deducted via f(x) VMAP= argmaxAi∈AP(B|A1, A2, . . . , An)
3) Naive Bayes can be denoted as follows; Posterior=likelihood x prior/marginal likelihood Hence,
VMAP = argmaxAi∈A P(B)xP(A1, A2, . . . , An|B)P(A1, A2, . . . , An)
4) The denominator p(A1, A2, …, An) denotes the feature Ai's value which is often considered as 1 or
a particular constant, it does not relate with B. VMAP = argmaxAi∈AP(B)xP(A1, A2, . . . , An|B)
5) Conditional independence believes that every feature of Ai is self-reliant with the feature of Aj.
finally, we can get,
VNB= argmaxAi∈AP(B)x i=1n P(Ai|B)
When implementing Naive Bayes into the real-life problem, it may be constructed with real-valued inputs. It may assess the output of classification in efficient supervised learning, by integrating a little volume of sample data [21].
3.3 Dempster-Shafer Theory
The Dempster-Shafer Theory is a theory of evidence and also probable reasoning. This concept is implemented in different application areas including pattern matching, expert system, information retrieval, computer vision, etc. It can handle the subjective ambiguity and randomness in the trust estimation. By combining shreds of evidence, it restricted the hypothesis set that gives a strong approach for the description and method for trust ambiguity without questioning the earlier allocation. Additionally, Dempster's rule of combination is the mechanism of accumulation and compilation of proof [22].
A mass function or basic belief assignment (BBA) is a function and the element of A's mass value is represented as m(A), along with the value of m: 2Ω→ [0, 1].
(1)
(2)
(4)
(5)
(3)
The fundamental probability assignment function is defined as follows; m(∂) = 0
�⊆�
�(��) = 1
Where, ∂ is the null set and mass function should satisfy the condition m(∂) = 0.
The fundamental probability value may be interpreted as m(A) because the part of complete belief allotted to hypothesis A that shows the evidence power of subsidy.
Bel: 2Ω→[0, 1] is a belief function over Ω and it is measured using the following equation(8);
bel(B) = �:��⊆��(��)
The plausibility function is the greatest extent of a confidence limit, which reports all the observations do not exclude the given proposition. Pls: 2Ω→[0, 1] is a plausibility function over Ω and it is defined
as follows; pls(B) =
�:��∩�≠�
�(��)
The connection between the belief and plausibility is defined as follows; pls(B) = 1 – bel(~B)
The ~B denotes not B. The function fundamental probability value. Belief and plausibility are in 1 to 1 correspondence. If one of them knows then the other two functions can be easily derived.
Assuming that two fundamental possibility values of two autonomous elements prove m1(A) and m1(A). That means two autonomous nearby nodes that serve as an observer in the identical structure of perception. These two values are aggregated using a combination rule that is presented as follows. m(B) = (m1 ⊕ m2)(B) =1 −i,j:Ai∩Aj=Bm1(Ai)m2(Aj)
i,j:Ai∩Aj=θm1(Ai)m2(Aj)
Any number of belief functions is joined with pairwise in any kind of order [23].
4 NBDSTrust Model (Naive Bayes and Dempster Shafer Trust Model) – The Proposed Model
The NBDSTrust provides a complete trust model to counter data drop attack that is black hole attack on the battlefield environment. This model evaluates the trustworthy behavior of the IoBT node based on the previous interaction or from recommendation. The malicious nodes may perform several malicious activities, but this paper focused on the black hole attack.
Although lightweight authentication protocol and some encryption methods may prevent external attacks, it is difficult to defend against internal attacks, these attacks are performed by the internal nodes with legal identity [24]. Therefore, the trust aware model to detect node behavior is very effective in network security. Trust metrics are taken into this model based on the impact of these attacks. The malicious nodes are Identified and discarded from the battlefield network, thus ensuring security in the battlefield environment.
4.1 Network Model Assumptions
NBDST developed with the following underlying assumptions.
(6)
(7)
(8)
(9)
(10)
(11)
The Network model is based on the pure Internet of Battlefield Thing (IoBT) environment. This network consists of various IoBT nodes that are attached to the soldiers and military vehicles. To successful mission completion, these IoBT nodes should communicate and collaborate.
Dynamic Topology: Soldiers and vehicles are moved from one network to another network.
Heterogeneity: IoBT nodes in the battlefield environment have different capabilities in terms of energy, memory, processing speed, storage capacity, technologies, etc.
Each network consists of one high capacity device which acts as a border root node and this node is held by the commander.
Decentralized Network: There is no centralized authority (trusted device) on the battlefield, therefore each IoBT node should be aware of its surrounding environment.
They have to maintain the trusted and malicious IoBT node's list for future communication.
Restricted Resources: IoBT nodes are small in size and their memory capacity, energy is also limited. It may get drained due to sensing, monitoring, updating, and processing capacity. These IoBT nodes are compromised by an adversary and it is called malicious nodes.
Malicious IoBT nodes perform data packet drop attacks to interrupt the mission.
4.2 Adversary Model
If the node performs a data drop attack, then the behavior of the IoBT nodes is considered malicious. The well-reputed node can act maliciously because those nodes are compromised by the adversary. In the battlefield environment, a black hole attack causes severe problems. For example, soldiers may transfer the mission-critical information to the commander through the intermediate nodes, malicious nodes may drop the information thus leading to failure in the mission or even risk to the soldier's life. The malicious nodes aim to degrade the routing protocol performance and interrupt the mission.
4.2.1 Blackhole Attack
In this kind of attack, the misbehaving nodes drop all the data packets that are supposed to forward to their neighbor nodes [25].
For example, in the battlefield environment, one of the soldiers may send important mission-critical information to the commander through its intermediate node. The malicious node in the path may drop the data packets instead of forwarding them to its neighbor. Therefore, the mission-critical information may not reach the commander and he cannot take certain action for that information, thus increasing the chance of failure in the mission.
Figure 2. An example battlefield network with a black hole attack
Figure. 1 illustrates the example network scenario on the battlefield environment without any attacks. All IoBT nodes involved in the mission are trusted and authenticated nodes.
Figure. 2 shows the example battlefield environment with black hole attacks. The IoBT node N6 launches a black hole attack which drops the data packets that are forwarded through this node. The main goal of the proposed model is to detect the black hole attack and identify the malicious nodes which perform the blackhole attack and then discard these nodes from the network. By avoiding these malicious nodes from the network, security can be ensured in the battlefield environment.
4.3 Trust Management
The proposed model uses both direct and recommendation trust for trust computation. Direct trust is derived from the neighbor nodes, it is the first-hand information and it can be obtained easily. Indirect trust is second-hand information that is derived from other trustworthy third-party nodes. Recommendation trust is an essential feature in any trust computation system [26]. In direct trust calculation, the Naive Bayes theory is used to identify the node's trustworthiness. Nodes only request and receive the recommendation trust, when it does not have any direct experience with the node, otherwise, it uses their data to estimate the trustworthiness of the data, because the direct experience is the most reliable source of information. In indirect trust calculation, Dempster Shafer theory is used to identify the node's behavior from various sources of information. In the battlefield environment, only the Quality of Service (QoS) trust metric is not enough to evaluate the trustworthiness of the node, but also requires social trust metrics, because it includes the soldier's life. Therefore, the NBDSTrust model considers both Quality of Service (QoS) and social trust to compute the trustworthiness of the node.
QoS trust refers to a belief of the node that it can transfer the data packets to the destination nodes. These trust metrics can be received from the communication and information networks [27]. The proposed model considers packet correctly forwarding ratio and average delay to measure the QoS trust of a node. Social trust refers to the social relationship between the owners of the IoT nodes
which is measured in terms of intimacy, honesty, centrality, etc[28]. This model considers selfish behavior to measure the social trust of the node.
4.3.1 Direct Trust
The proposed model uses the Naive Bayesian classifiers to classify the node's behavior into two classes (trusted and malicious). Malicious IoBT nodes are isolated from the network and trusted nodes are selected for communication. Once the malicious node is isolated, it will not be involved in the mission. To calculate the direct trust, trust metrics such as correctly forwarded ratio, End to end delay, and selfish behavior are used in this model. Trust metrics are selected based on the impact of the data drop attack. The trust metrics used in this model are described below.
4.3.1.1 Selfish Behavior (SB)
Assuming that if the node has adequate energy then the node behaves normally. When the energy level is low it will not use its energy for forwarding other node's data packets. Therefore, the selfish node cannot have a high data delivery rate. The selfish behavior of a node ‘j‘ is measured by node ‘i’ as follows;
SBi,j(t) =TFPi,j(t) − PDj(t)TFPi,j(t)
Where, TFP- Total amount of data packets forwarded to the node ‘j’ by node ’i’ at ‘t’ time, PD refers to the number of packets dropped at ‘t’ time by the node ‘j’ [29].
4.3.1.2 Correctly Forwarding Ratio (CFR)
The proportion of the correctly forwarded data packets is measured as the ratio between the total amount of correctly forwarded data packets and the total amount of data packets received. Correctly forwarded referred to as, relay node not only forwards the data packets to its neighbor nodes but also forwards the data packets without any modification. For example, when a malicious relay node forwards the data packets after altering the data packets, then it is not recognized as correct forwarding, the forwarding ratio of the malicious node will be very low [30].
The packet forwarding ratio is calculated as follows; CFRi,j(t) =TPRi,j(t)PCFi,j(t)
PCFi.j(t) denotes the total number of packets correctly forwarded by node ‘j’ at 't' time, it is evaluated
by the node ‘i’.
TPRi.j(t) represents the total amount of data packets received successfully from the node ‘i’ by node
‘j’ at 't' time[31].
4.3.1.3. End to End Delay
It includes every potential delay that occurred during path detection, propagation, re-transmission, and relay time.
It can be calculated as follows; EEDi,j(t) = k=1
n PRT
k− PSTk TNP
Where PRTj(Packet Receive Time) be the time to reach the initial information of the ‘k’ packet to the destination node.
(12)
(13)
PSTj(Packet Sent Time) means the time to initial information of the ‘k’ packet is delivered by the
source node
TNP represents the total number of packets forwarded [32].
Each IoBT node on the battlefield network learns the model from the sample data which is derived from the direct previous interaction. To construct the NB model, class probabilities and conditional probabilities have to be computed. Using this Naive Bayes classification model, the IoBT node predicts the node's future behavior.
The following sections describe the mathematical analysis for direct trust calculation.
4.3.1.4 Mathematical Analysis for Direct Trust computation
Assuming the node N9 in the figure.1 previously interacted with the 8 nodes in the battlefield network. From each interaction, it observes the trust metrics and node behavior of those nodes. This information serves as the training data set to construct the Naive Bayes classification model. Node N9 constructs the Naive Bayes classification model from these training data sets. Assuming, the following data sets which is shown in table 1. are observed by the node N9 which includes different trust metrics along with their node behavior.
Table 1. Sample data set
Nodes CFR EED SB Node Behavior
1 Good High Yes Malicious
2 Good High No Trusted
3 Good Low Yes Trusted
4 Good Low No Trusted
5 Avg High Yes Malicious
6 Avg High No Malicious
7 Avg Low Yes Malicious
8 Avg Low No Trusted
For simplicity, we take the categorical values for trust metrics.
Now compute p(B) and p(Ai|B) in the equation (5). Where p(B) is called the class probability and p(Ai|B) is called the conditional probability.
Computing Conditional probability
The following table demonstrates the conditional probability for the sample data set
Table 2. CFR
CTR T M P(T) P(M)
Good 3 1 3/4 1/4
Total 4 4 100% 100% Table 3. EED EED T M P(T) P(M) High 1 3 1/4 3/4 Low 3 1 3/4 1/4 Total 4 4 100% 100% Table 4. SB SB T M P(T) P(M) Yes 1 3 1/4 3/4 No 3 1 3/4 1/4 Total 3 5 100% 100%
In the above table, we computed p(Ai|B) for each Ai in A. For example, When CFR is Good, then the probability of nodes behavior as trusted is, i.e p (CFR=Good | NB= T)=3/4
Computing Class probability
The following table demonstrates the class probability for the sample data set
Table 5. p(B)
NB Total P(T)/P(M)
T 4 4/8
M 4 4/8
Total 8 100%
Class probabilities (P(B)) is computed in Table 5. For example, p(NB = T) = 4/8.
Now, node N9 learns the model from the training data set. Assuming that the node N9 interacts with the node N6 and observes its trust metrics. Now, node N9 can predict the node N6 behavior from the Naive Bayes Model.
Assuming, the Node n6 trust metrics as follows. N6=(Good, High, Yes)
Probability of node N6 is given by:
p(T|N6)=p(CFR|Good)p(EED|High)p(SB|Yes)p(T)/p(N6) => 3/4x1/4x1/4x4/8 =0.023 p(M|N6)=p(CFR|Good)p(EED|High)p(SB|Yes)p(M)/p(N6)=>1/4x3/4x3/4x4/8= 0.070 In both probabilities p(N6) is common, so we ignore it.
p(T|n6)+p(M|n6)=1
Now we normalize these numbers using the following format p(T|n6)=0.023/(0.023+0.070) =>0.2473
p(M|n6)=0.070/(0.023+0.070) =>0.7527
Since,
The probability of a malicious value is greater than the probability of the trusted value. Therefore, the prediction of node n6 is malicious. Now node N9 disconnects the link from the node N6 and selects the trusted node for communication.
4.3.2 Indirect Trust
This model uses the Dempster Shafer Theory for computing indirect trust. It combines all possible recommendation trust from neighbor nodes to compute the indirect trust. The dishonest recommendation can also be identified by checking the recommendation trust and indirect trust. The node that provides too high recommendation trust for malicious nodes or too low recommendation trust for the trusted node is considered a malicious node, and also that recommendation trust is considered as a dishonest recommendation.
In direct trust calculation, the Naive Bayes classifier model produces two probability values: Trusted and malicious. These two values are given as recommendation trust for requesting node to compute the indirect trust.
The behavior of IoT nodes is classified into two states: Trusted(T) and Malicious(M). The frame of discernment is Ω= {T, M}
Where sum (T, M) =1
The power set is represented by 2Ω,and it has the following subsets.
2Ω= {{∅}, {T}, {M}, {T, M}}
{T, M} represents uncertainty {∅} represents null
The following sections describe the mathematical analysis for indirect trust calculation.
4.3.2.1 Mathematical Analysis for Indirect Trust Computation
In Figure.2 node N10 requests recommendation trust to node N9 and node N11 for node N6. Assuming that node N9 and N11 had direct experience with node N6 and node N10 has no experience with node N6.
Node N9 and N11 provide the trust recommendation on node N6 are {0.4767,0.5235} and {0.1}. These values are derived from direct trust calculation in the previous section. Assuming the probability of trust value is m(T) and the probability of a malicious value is uncertainty and it is denoted as m (T, M). mN9(T) = 0.2109 mN9(M) = 0 mN9(T, M) = 0.7527 mN11(T) = 0.0357 mN11(M) = 0 mN11(T, M) = 0.9643
Table 6. Computed values of m(T) and m (T, M)
mn9 mn11 {∅}=0 {T}=0.2109 {M}=0 {T, M}=0.7527 {∅}=0 0 0 0 0 {T}=0.0357 0 0.0075 0 0.02687 {M}=0 0 0 0 0 {T,M}=0.9643 0 0.2033 0 0.7258
Using Dempster Shafer Theory’s combination rule equation (11) recommendation trust are calculated as follows
mn9( mn11(T)+mn9(T)mn11(T,M)+mn9(T,M)mn11(T)
1-[mn9(T)mn11(M)-mn9(M)mn11(T)]
M
n9,n11=>0.0075+0.02687+0.2033/1-[0] =>0.23767
The final recommendation value of the IoBT node N6 is 0.23767. Assuming the threshold value for recommendation trust is 0.5. Node N6 recommendation value falls under the predefined threshold value. Therefore, node N6 is malicious. Now, node N10 disconnects the link from its parent IoBT node N6 and selects a trusted node as a parent node, and transfers the data packets through trusted nodes.
4.3.3 Identifying Malicious Node
Initially nodes construct the Naive Bayes model based on the previous interaction, then the model predicts the trustworthiness of a new node. If the node has previous interaction then it uses first-hand information to compute the direct trust value. The naive Bayes model produces two probability values: trusted and malicious. When the malicious value is greater than the trusted value then the node is malicious nodes. These nodes are stored in the blacklist and also broadcast to all other nodes in the network, thus helping to avoid subsequent communication with the malicious nodes. If the node has no previous interaction then the node receives recommendation trust from its neighbor nodes. To aggregate these trust values, Dempster Shafer Theory is used in this model. If the aggregated trust values fall under the threshold value then the behavior of the node is malicious which is excluded from the routing operation. In this way, malicious nodes are completely avoided from the routing, only trusted and authenticated nodes are involved, thus enhancing the mission effectiveness.
The following figure shows the overall structure of the NBDSTrust Model;
5 Simulation Results and Discussion
5.1 Performance Evaluation Metrics
The NBDSTrust model is evaluated in the Contiki 3.0 OS and the Cooja simulator. It uses TMote Sky (Sensor nodes) as a mote type. The following table shows the simulation parameters of the proposed trust model.
Table 7. The Simulation Parameters of the Proposed NBDSTrust Model System Parameters Values
Number of nodes 50
Mote Type TMote Sky
Simulation Time 3600Sec
Network Coverage Area 300mx300m
Data Rate 3072bps
Data Packet Size 64 byte
Traffic UDP
Mac Layer IEEE 802.15.4
Communication Range 50m
RPL Parameter MinHopRankIncrease=256
Routing Protocol NBDSTrust, Trust-based RPL,RPL
5.2 Simulation Results
The performance evaluation of the NBDSTrust model is compared with the following cases.
1. The performance of the NBDSTrust model is compared with the RPL and Trust-based RPL [33] in terms of Delivery Ratio, Average Delay, and Throughput.
2. Increase the percentage of malicious nodes and compare the detection accuracy, a false positive and false negative rate of the NBDSTrust with Trust-based RPL.
The proposed NBDSTrust model can tolerate up to 50% of malicious nodes. The network functionalities will not stop with these malicious nodes. Thus, the malicious nodes are increased from 0% to 50 % and measures the performance metrics of the proposed NBDSTrust model.
Scenario 1: In this simulation, the performance evaluation of the proposed NBDSTrust model is
compared with the RPL and Trust-based RPL in terms of delivery ratio, average delay, and throughput
Figure 4. Malicious Nodes vs Packet Delivery Ratio
Delivery Ratio: It is a proportion between the total amount of data forwarded by the source and the
total amount of data packets received by the destination. It is one of the significant metrics for appraising the efficiency of the NBDSTrust model. This metric is used to analyze the delivery ratio for the individual node and also for the whole network. Protocols are evaluated by varying percentages of the malicious nodes. These malicious nodes are increased from 0 to 50%.
Figure. 4 demonstrates the delivery ratio of RPL, Trust-based RPL, and NBDSTrust. Results depict the proposed NBDSTrust model’s delivery ratio is greater than the Trust-based RPL and RPL protocols. The reason is, that the proposed model considers correctly forward ratio instead of packet delivery ratio for trust computation. The trust-based model considers a single trust metric (packet delivery ratio) to evaluate the trustworthiness of the node, but the proposed model considers multiple trust metrics (CFR, EED, SB) to evaluate the trustworthiness of the node. Due to this multiple trust metric, the proposed model can detect and remove the malicious nodes which perform the data drop attack. The malicious nodes are not selected for routing, only trusted nodes involved for routing the data packets, thus increasing the delivery ratio.
Average delay: It is measured as the average time needed to send a packet from the origin node to the
target node. It is an essential metric to measure the functionality of the proposed protocols. The existence of misbehaving devices in the network increases the delay. Figure. 5 depicts the impact on the delay of the different protocols (RPL, Trust-based RPL, and NBDSTrust) with the varying percentage of the malicious nodes. It shows that the NBDSTrust model delay is slightly greater than the RPL. This is because of trust computation for selecting trusted nodes for routing the data packets. However, the average delay is lesser than the Trust-based RPL, because the proposed model selects the trusted nodes accurately for routing than the Trust-based RPL, thus avoiding malicious nodes and decreasing the average delay.
Figure 5. Malicious Nodes vs Average Delay
Average Throughput: The total amount of data packets transferred per unit time or an average
number of successful information transferred per second over a communicating transmission channel is called throughput. In general, it is represented in bits per second (bits/s or bps).
Throughput= (Total amount of Packets Received) / ((End Time ±begin Time))
As in Figure 6, when compared to average throughput, the proposed model is greater than the RPL and trust-based RPL. The RPL does not have any mitigation technique to identify the malicious nodes, thus decreasing the average throughput. NBDSTrust model effectively identifies the misbehaving nodes in the initial stage than the Trust-based RPL. So average throughput is increased in the NBDSTrust model when distinguished with the RPL and Trust-based RPL.
Scenario 2: In this simulation, the effectiveness of the proposed NBDSTrust model is compared with
the Trust-based RPL [24] in terms of false-positive rate, false-negative rate, and detection accuracy.
False Positive Rate: The number of legitimate nodes is incorrectly predicted as malicious nodes from
the total number of legitimate nodes is known as the false-positive rate. It is calculated using equation (15) as follows;
FPR =FP+TNFP (16)
Figure.7 False Positive rate vs Malicious nodes in %.
Figure 7. shows the false positive rate of NBDSTrust and Trust-based RPL under the various percentages of malicious nodes. The malicious nodes have increased from 5% to 25%. The average false positive rate of the proposed NBDSTrust model is 1.8% while the Trust-based RPL is 6.2% respectively. The proposed NBDSTrust model has Low false positive rate when compared to Trust-based RPL.
Fig. 8 False Negative rate vs Malicious nodes in %.
False Negative Rate: The number of malicious nodes is incorrectly predicted as legitimate nodes
from the total number of malicious nodes is known as the false-negative rate. It is calculated using equation (16) as follows;
FNR =TP+FNFN (16)
Figure 8. show the false-negative rate of NBDSTrust and Trust-based RPL under the
various percentage of malicious nodes. The malicious nodes have increased from 5% to 25%. The average false-negative rate of the proposed NBDSTrust model is 2.8% while the Trust-based RPL is 11.4% respectively. The proposed NBDSTrust model has a low false-negative rate when compared to other models.
Detection Accuracy: Figure.9 depicts the detection accuracy between the NBDSTrust model and
Figure 9. Malicious Nodes vs Accuracy
The accuracy of both NBDSTrust and Trust-based RPL protocols degrades with the increasing percentage of the malicious nodes. However, the accuracy of the NBDSTrust model is higher than the Trust-based RPL. The proposed NBDSTrust model can achieve 84% accuracy with the 50% of malicious nodes while the Trust-based RPL can achieve only 70% accuracy.
The proposed NBDSTrust model provides high accuracy, low false-positive, and false-negative rate. The reason is that the proposed model uses the Naive Bayes machine-learning algorithm to compute the direct trust. The machine learning algorithm can accurately predict the node behavior with a minimum false-positive rate and false-negative rate. Whereas the Trust-based RPL uses the Fuzzy logic to identify the malicious nodes. The Naive Bayes and Dempster Shafer evidence theory are more effective than the fuzzy logic, thus the proposed model has high accuracy, low false-positive, and low false-negative rate.
6. Conclusion
The concept of IoBT is derived from the idea of a future battlefield environment that will be controlled by cyber-warfare and machine intelligence. The success of the battlefield application largely depends on its security against cyber-attacks. However, providing security in IoBT is a more challenging one, because of the restricted resources of IoBT devices. The adversary can easily compromise these devices and this adversary intends to interrupt the mission through the compromised IoBT devices. The most common attacks that are performed by the compromised nodes are data dropping attacks. The proposed NBDSTrust model focused on data dropping attacks, the malicious nodes which perform data dropping attacks are identified and permanently removed those IoBT nodes from the battlefield network. In this way, security can be achieved on the battlefield network. The NBDSTrust model uses the Naves Bayes classifier for direct trust computation, it is a simple, quick, accurate, and reliable classifier. Naive Bayes classifier classifies the behavior of the nodes into trusted and malicious based on the previous interaction. Indirect trust is computed using Dempster Shafer theory, it combines multiple recommendation trust. The main advantage of this theory is to reduce the impact of the bias recommendation in trust computation. The proposed trust
model has been embedded into RPL and the performance of the NBDSTrust is evaluated using a cooja simulator. The performance evaluation shows the effectiveness of the NBDSTrust with varying percentages of malicious nodes as compared to Trust-based RPL.
References
1. Al-Garadi, M. A., Mohamed, A., Al-Ali, A., Du, X., Ali, I., & Guizani, M. (2020). A Survey of Machine and Deep Learning Methods for the Internet of Things (IoT) Security. IEEE Communications Surveys & Tutorials, 1–1. doi:10.1109/comst.2020.2988293
2. Sivagurunathan, S& Prathapchandran,K.(2016). A centralized trust computation (CTC) model for secure group formation in military based mobile ad hoc networks using stereotypes. Advances in Intelligent Systems and Computing. 412,427-438, DOI: 10.1007/978-981-10-0251-9_40
3. Fraga-Lamas, P., Fernández-Caramés, T., Suárez-Albela, M., Castedo, L., & González-López, M. (2016). A Review on Internet of Things for Defense and Public Safety. Sensors, 16(10), 1644. doi:10.3390/s16101644
4. Abuzainab, N., & Saad, W. (2019)., A graphical Bayesian game for secure sensor activation in internet of battlefield things. Ad Hoc Networks, 85, 103– 109. doi:10.1016/j.adhoc.2018.10.011.
5. Abuzainab, N., & Saad, W. (2018)., Dynamic Connectivity Game for Adversarial Internet of Battlefield Things Systems. IEEE Internet of Things Journal, 5(1), 378– 390. doi:10.1109/jiot.2017.2786546.
6. Sivagurunathan, S & Prathapchandran, K. (2014). Trust and cluster-based authentication schemes in mobile Ad Hoc networks - A review. International Conference on Power Signals Control and Computations, 2014. DOI: 10.1109/EPSCICON.2014.6887502
7. [7] Bhalaji N, Hariharasudan KS, Aashika K (2019) A trust-based mechanism to combat blackhole attack in RPL protocol. In: International Conference on Intelligent Computing and Communication Technologies. Springer, Singapore, pp 457–464.
8. [8] Patel, H. B., & Jinwala, D. C. (2019). Blackhole Detection in 6LoWPAN Based Internet of Things: An Anomaly Based Approach. TENCON 2019 - 2019 IEEE Region 10 Conference (TENCON). doi:10.1109/tencon.2019.8929491.
9. Kandoul, N., Dhurandher, S. K., & Woungang, I. (2019). T_CAFE: A Trust based Security approach for Opportunistic IoT. IET Communications. doi:10.1049/iet-com.2019.0657. 10. Alnasser, A., & Sun, H. (2017). A Fuzzy Logic Trust Model for Secure Routing in Smart
Grid Networks. IEEE Access, 5, 17896–17903. doi:10.1109/access.2017.2740219 .
11. Zhang, T., Ji, X., & Xu, W. (2019). Cuckoo-RPL: Cuckoo Filter based RPL for Defending AMI Network from Blackhole Attacks. 2019 Chinese Control Conference (CCC). doi:10.23919/chicc.2019.8866139.
12. Lim, J., Ko, Y.-B., Kim, D., & Kim, D. (2018). A Stepwise Approach for Energy Efficient Trust Evaluation in Military IoT Networks. 2018 International Conference on Information and Communication Technology Convergence (ICTC). doi:10.1109/ictc.2018.8539353. 13. Seyedi, B., & Fotohi, R. (2020). NIASHPT: a novel intelligent agent-based strategy using
hello packet table (HPT) function for trust Internet of Things. The Journal of Supercomputing. doi:10.1007/s11227-019-03143-7.
14. Airehrour D, Gutierrez JA, Ray SK (2017) A trust-aware RPL routing protocol to detect black hole and selective forwarding attacks. J Telecommun Digital Econ 5(1):50–69. https://doi.org/10.18080/ jtde.v5n1.88.
15. Conti M, Kaliyar P, Rabbani MM, Ranise S (2018) SPLIT: a secure and scalable RPL routing protocol for Internet of Things. In: 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). IEEE, pp 1–8.
16. Prathapchandran Kannimuthu, and Janani Thangamuthu. "Decision Tree Trust (DTTrust)-Based Authentication Mechanism to Secure RPL Routing Protocol on Internet of Battlefield Thing (IoBT)," International Journal of Business Data Communications and Networking (IJBDCN) 17 (2021): 1, accessed (February 15, 2021), doi:10.4018/IJBDCN.2021010101
17. T.Winter, “RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks”,https://tools.ietf.org/html/rfc6550, 2012.
18. Le, A., Loo, J., Luo, Y., & Lasebae, A. (2011). Specification-based IDS for securing RPL from topology attacks. 2011 IFIP Wireless Days (WD). doi:10.1109/wd.2011.6098218. 19. P.Bhargavi,S.Jyothi,”Applying Naive Bayes Data Mining Technique for Classification of
Agricultural Land Soils”IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009
20. Tha, B. A., Hasan, M. I., & Desai, M. A. (2010). Health Care Decision Support System for Swine Flu Prediction Using Naïve Bayes Classifier. 2010 International Conference on Advances in Recent Technologies in Communication and Computing. doi:10.1109/artcom.2010.98.
21. Ren, Y., Pazzi, R. W. N., & Boukerche, A. (2011). Outlier detection using naïve bayes in wireless ad hoc networks. Proceedings of the First ACM International Symposium on Design and Analysis of Intelligent Vehicular Networks and Applications - DIVANet ’11. doi:10.1145/2069000.2069019.
22. Yang, B., Yamamoto, R., & Tanaka, Y. (2014). Dempster-Shafer evidence theory based trust management strategy against cooperative black hole attacks and gray hole attacks in MANETs. 16th International Conference on Advanced Communication Technology. doi:10.1109/icact.2014.6779177.
23. Ahmed, M., Huang, X., & Sharma, D. (2012). Dempster-Shafer Theory to Identify Insider Attacker in Wireless Sensor Network. Network and Parallel Computing, 94– 100. doi:10.1007/978-3-642-35606-3_11
24. Denko, M. K., Sun, T., & Woungang, I. (2011). Trust management in ubiquitous computing: A bayesian approach. Computer Communications, 34(3), 398–406.
25. Kamble, A., Malemath, V. S., & Patil, D. (2017). Security attacks and secure routing protocols in RPL-based Internet of Things: Survey. 2017 International Conference on Emerging Trends & Innovation in ICT (ICEI). doi:10.1109/etiict.2017.7977006.
26. Xia, H., Jia, Z., Li, X., Ju, L., & Sha, E. H.-M. (2013). Trust prediction and trust-based source routing in mobile ad hoc networks. Ad Hoc Networks, 11(7), 2096– 2114. doi:10.1016/j.adhoc.2012.02.009.
27. J. H. Cho, A. Swami, and I. R. Chen, “A Survey on Trust Management for Mobile Ad Hoc Networks,” IEEE Communications Surveys & Tutorials, vol. 13, no. 4, 2011, pp. 562-583. 28. Guo, J., Chen, I.-R., & Tsai, J. J. P. (2017). A survey of trust computation models for service
management in internet of things systems. Computer Communications, 97, 1–14. doi:10.1016/j.comcom.2016.10.012.
29. Gaur, M. S., & Pant, B. (2015). Trusted and secure clustering in mobile pervasive environment. Human-Centric Computing and Information Sciences, 5(1). doi:10.1186/s13673-015-0050-1.
30. Li, X., Jia, Z., Zhang, P., Zhang, R., & Wang, H. (2010). Trust-based on-demand multipath routing in mobile ad hoc networks. IET Information Security, 4(4), 212. doi:10.1049/iet-ifs.2009.0140
31. Wang, B., Chen, X., & Chang, W. (2014). A light-weight trust-based QoS roting algorithm for ad hoc networks. Pervasive and Mobile Computing, 13, 164– 180. doi:10.1016/j.pmcj.2013.06.004 .
32. Wang, Y., Tian, Y., Miao, R., & Chen, W. (2018). Heterogeneous IoTs Routing Strategy Based on Cellular Address. 2018 IEEE International Conference on Smart Internet of Things (SmartIoT). doi:10.1109/smartiot.2018.00021.
33. Airehrour, D., Gutierrez, J., & Ray, S. K. (2016). Securing RPL routing protocol from blackhole attacks using a trust-based mechanism. 2016 26th International Telecommunication Networks and Applications Conference (ITNAC). doi:10.1109/atnac.2016.7878793
