Compression Header Analyzer Intrusion Detection System (CHA - IDS) for 6LoWPAN Communication Protocol

Prior 6LoWPAN intrusion detection system (IDS) utilized several features to detect various malicious activities. However, these IDS methods only detect specific attack but fails when the attacks are combined. In this paper, we propose an IDS known as compression header analyzer intrusion detection system (CHA-IDS) that analyzes 6LoWPAN compression header data to mitigate the individual and combination routing attacks. CHA-IDS is a multi-agent system framework that capture and manage raw data for data collection, analysis, and system actions. The proposed CHA-IDS utilize best first and greedy stepwise with correlation-based feature selection to determine only significant features needed for the intrusion detection. These features are then tested using six machine learning algorithms to find the best classification method that able to distinguish between an attack and non-attack and then from the best classification method, we devise a rule to be implemented in Tmote Sky. To ensure the reliability of our proposed method, we evaluate the CHA-IDS with three types of combination attacks known as hello flood, sinkhole, and wormhole. We also compare our results in term of accuracy of detection, energy overhead, and memory consumption with the prior 6LoWPAN-IDS implementation such as SVELTE and Pongle's IDS. The results show that CHA-IDS performs better than the aforementioned methods with 99% true positive rate and consumed low energy overhead and memory that fit in constrained device such Tmote Sky.