IoT edge based framework for sybil and buffer overflow detection

IoT edge based framework for sybil and buffer over ow detection Utpal Pandey Indian Institute of Information Technology, Lucknow Brijesh Kumar Chaurasia (  [email protected] ) Indian Institute of Information Technology, Lucknow Research Article Keywords: IoT, IoT attacks, Cyber Security, ML, CNN, CRV (Composite Reputation Value) Posted Date: June 2nd, 2022 DOI: https://doi.org/10.21203/rs.3.rs-1693583/v1 License:   This work is licensed under a Creative Commons Attribution 4.0 International License. Read Full License IoT edge based framework for sybil and buffer overflow detection Utpal Pandey1, Brijesh Kumar Chaurasia2 1,2Indian Institute of Information Technology, Lucknow, UP, INDIA [email protected] 1 and [email protected] 2 Corresponding author Orchid ID: 0000-0003-3708-7819 Abstract The Internet of Things (IoT) is gradually spreading across the globe, offering a wide variety of opportunities across every part of our lives. Unfortunately, the Internet of Things comes with several information technology flaws and exploits. As the number of security vulnerabilities continues to rise, cybersecurity remains a serious problem for every business in cyberspace. In recent times thousands of zero-day attacks are known to exist. As a result, the addition of new attacks emerges regularly several protocols, mostly from the IoT. There are minor modifications to previously reported cyberattacks. This suggests that even advanced mechanisms like basic machine learning systems have a hard time identifying anomalies. IoT applications pose various threats to businesses, according to security experts. Because of the widespread acceptance of IoT devices, their variety, standardization challenges, and inherent versatility, businesses need an intelligent mechanism capable of the detecting unauthorized IoT devices automatically and connected to their networks. In this study, a machine learning approach is used to identify unauthorized IoT devices by detection of sybil and buffer overflow attack among IoT devices infrastructure. The CNN technique focuses on detecting the attack or activity of any malicious node, as well as attempting to resolve the problem. In this research, CNN, a deep learning technique, was applied for extracting features from the network traffic data to accurately identify malicious IoT devices. Index Terms— IoT, IoT attacks, Cyber Security, ML, CNN, CRV (Composite Reputation Value). 1. Introduction The IoT is a concept that describes the connection of all types of things and gadgets to the Internet, whether wired or wirelessly. The IoT, has gain popularity as these technologies are employed for a various reason such as transportation, communication, commercial development, and education [1]. Here, this paper considers the inherent computational weaknesses of IoT devices, as well as their traditional vulnerabilities, it is easy to locate them by the hackers, and their projected global propagation. In every modern environment, both the dangers and the projected global effect of attaching IoT gadgets to the network become clear. [2] The IoT is rapidly gaining popularity in 1 everyday life due to its ability to connect physically exist things with the cybernetic world as phenomenon, i.e., the Internet [3]. Not only cameras, smart computers, and the intelligent lighting are being connected to Internet, but also daily basis appliances such as washers, refrigerators, and house doors, can be connected, resulting in a diverse IoT ecosystem. [4]. Since the last era, production technology of sensor has enabled the quick growth and large acceptance of the stuff. By 2018, 11.8 billion objects are projected to be linked through the Internet. [5] IoT has facilitated the managing, communication, and collection of data in smart applications as an emerging technology [6]. These features have attracted the attention of all the users of the world that can be from variety of field, as the IoT gains widespread acceptance at the network's edge for real-time applications [7]. The increase in the range and complexity of not known cyber-attacks, however, has cast the shadow over the implementation of the smart services. This is since the diversity and delivery of IoT applications it makes IoT protection difficult and complex. [8]. Furthermore, because of the unique characteristics of IoT, which cannot be met by a cloud that is centralized, attack detection in IoT is drastically distinct from current mechanisms: low latency, resource constraints, mobility, distribution, and scalability, to name a few. [9]. As a result, neither cloudbased nor stand-alone attack detection solutions can address IoT security issues. As a result, fog computing, a new form of distributed intelligence that has recently arisen, should be explored as a means of bridging gap. Fog computing is extended of CC to the network edge, allowing for the continuity of cloud-things services. It is founded on the idea that data handling and the communication should be provided nearer to the data sources [10]. The theory helps to mitigate the difficulty of resource shortage in IoT by offloading computation, expensive storage, and power, as well as networking, to nearby fog nodes. As a result, the efficacy and reliability of smart applications improves. As any services, protection measures in IoT could be introduced and implemented at various fog layer level, having proxy as a fog node, to offload costly computations and storage from IoT gadgets. As a result, fog nodes provide a one-of-a-kind ability for the IoT to deploy distributed and shared security frameworks. The current study concentrates on the dangers that IoT gadgets present towards the large corporations. Enterprise IoT protection is linked to both the organization's and employees' actions. Self-deployed IoT systems can be used to support a large variety of business requests. cameras and alarms smoke, for example, improve safety; smart light bulbs, smart thermostats, and sockets, for example, help to save energy; and so on. Given this, caution should be exercised to ensure that such enabled Web devices that does not lead to an increase in the organization's cyberattack surface. Smart TVs, which are commonly used in conference rooms, are a good example. A widget can use the Skype app to gain elevated privileges, as defined in [11] the Skype app. It can then root the computer, generate pictures of the entire storage, and send them to a remote FTP server. While the monitor is turned off, an embedded malware is still too able record nearby sounds and unethically convey them to 3rd parties via a Wireless connection in [12] a "Fake-Off mode." Additional smart TV exploits are described in [13,14] as a result, corporate enterprises should reconsider allowing smart TVs to connect to their networks. The concern in designing solutions for security IoT devices, stems from the fact that these devices have weaker security and are becoming more common today. [15]. For e.g., according to the report of Symantec’s 2019 Internet Security Threat [16], cameras and routers are those devices which were most affected, respectively accounting for 2 high percent of IoT attacks. E.g., of famous IoT malware consist of VPN Filter and Mirai distributed denial of service (DDoS) worm, where the latter is allegedly armed with powerful payloads, counting targeted for the credential theft, etc. Likewise, Cisco's 2018 study is similar [17] revealed that network-based ransomware does not require individual intervention to affect gadgets. WannaCry and Nyetya are two examples of ransomware that took advantage of the “Eternal Blue” vulnerability. WannaCry used the ransom component as the smokescreen to hide its true goal of the wiping data from affected users, according to the US government and other security organizations. Nyetya was also hidden as ransomware to erase information from its sufferers. The Nyeta attack was aided by leveraging the "Eternal Blue" susceptibility, the remote code execution susceptibility known as "Eternal Romance" and credential harvesting vectors. It is difficult to go up with a low-weight, high-security approach because IoT systems are typically constrained in terms of resources and processing capacity. The IoT security domain faces several challenges, including integrity, encryption capability, general security, patching, automation, a standard architecture, and privacy concerns. The scientific field in this area is brimming with possibilities, and no single project or study can possibly address all of them at once. The paper is distributed into sections as will be mentioned. Section 2 will go through related work information regarding security in IoT environment, IoT attacks and related works in the literature. Section 3 will be discussing the background and process flow behind the research approach in details. Section 4 will go through the methodology; The findings of our experiment are presented in Section 5, along with comments on the outcome. Finally, we conclude our work in Section 6. 2. Related Work IoT systems has received a lot of notice in current years. When examine the literature, a lot of similarities find out with current IDS efforts for WSN; however, only look at efforts that are specifically related to IoT systems. Also divided the efforts into classifications based on the type of intrusion detection device used, such as signature, anomaly, or hybrid. [4]. Median et al. [18] showed how the supervised machine learning can be used to evaluate web traffic data to reliably identify unauthorized IoT gadgets. Authors obtained and manually labelled network traffic data from the Seventeen IoT gadgets on behalf of 9 gadget types to train and test a multi-class classifier; to determine the ability of their system to notice a range of unauthorized IoT gadgets, they trained a classifier for each gadgets type on the residual 8 gadgets types, and verified that classification accuracy through majority voting over the categories of <20 successive sessions, the qualified classifiers achieved 96 percent accuracy in detecting unauthorized IoT system types on a test range. Six of the nine unauthorized system forms had accuracy of 99-100 percent. Simultaneously, whitelisted IoT system forms were assigned to their respective types with an average precision of nearly 99%. Diro et al. [19] designed an attack detection framework for distributed DL based IoT/Fog network. The experiment demonstrated the efficient application of AI to cybersecurity, as well as the implementation and design 3 of a framework for detection attack in IoT application distributed architecture. Execution system of measurement like as detection rate, accuracy, and incorrect alarm rate were used in the evaluation process to demonstrate the efficacy of deep models compare to the shallow models. Due to factor sharing, which prevent local minima in the training, distributed attack detect cyber-attacks more accurately than the centralized approach. For the classification of network data into normal and attack, our deep model outperformed traditional ML systems such as SoftMax when tested on previously unseen test data. Bhunia et al. [20] suggested IoT systems are vulnerable to cyber-attacks. By using the capabilities of SDN, able to resolve the challenges posed by such attacks. Soft Stuff was proposed which is an SD-based system for detecting and minimizing anomalies in IoT traffic. The aim of the system is to detect traffic anomalies closer to network's edge rather than at higher levels of the network. This assists in the rapid IoT system attacks detection and the execution of effective mitigation procedures. ML methods were used to identify traffic irregularities. To test their architecture and techniques for various attack scenarios, mininet-based emulation experiments were used. Their discoveries show that methods is able to detect and mitigate attacks with high value of precision and recall in a matter of seconds. To provide more information in the event of real-world implementation situations, author currently working on a hardware prototype using IoT devices and switches. Christropher et al. [21] provides a method for detecting botnet behavior on user IoT gadgets. DDoS attacks focused on the IoT have increased as the IoT has grown in popularity. A model that is used for the detection based on the Bidirectional Long Short-Term Memory based Recurrent Neural Network (BLSTM-RNN) is developed using a novel DL application. For botnet detection, the BLSTM-RNN is used in the conjunction with the Word Embedding to implement DL. The model is equated to the unidirectional Long Short-Term Memory based to see whether the BLSTM-RNN might send back improved efficiency or loss metrics for the dataset captured by accumulating contextual knowledge from the past and future. For the 4 attack vectors used by the mirai malware botnet, both models returned low loss and high accuracy metrics. Moreover, although bidirectional technique improves overhead to every epoch and increases the processing time, it is the progressive model that is going to be better as the time passes. As the Internet of Things has risen in popularity, so has the number of DDoS attacks targeting it. It gives users a way to detect botnet behavior on their IoT gadgets, networks, and devices. Using a novel DP application, a detection based model on a BLSTMRNN is developed (BLSTM-RNN). The BLSTM-RNN is applied in combination with the Word Embedding to introduce the deep learning for the detection botnet. By collecting contextual information from the future and past, the BLSTM-RNN was contrasted to the unidirectional LSTM-RNN to see whether it might return loss metrics or better accuracy for the captured dataset. Both the models produced low loss and high accuracy metrics for 4 attack vectors used by Mirai malware botnet. Golomb et al [22] showed in paper about IoT devices have become a core part of our daily lives because of their rapid growth and deployment. They do, however, have a lot of flaws that an intruder can take advantage of. Anomaly detection and other unsupervised techniques may assist in the protection of IoT devices. However, to catch all benign habits, an anomaly detection model should be trained for lengthy time. Since all findings are presumed to be benign when training the anomaly detection model, this method is susceptible to attacks. CIoTA is a solution based on blockchain for collaborative anomaly detection among several IoT devices. Although remaining immune to adversarial assaults, CIoTA continuously trains an anomaly detection model. CIoTA is also differentiate between unusual innocuous incidents and harmful acts by using the wisdom of the crowd. One 4 downside of CIoTA is that each IoT model/firmware must have its own chain released. As a result, CIoTA is best fitted to smart cities and vast industrial settings in its current form. Author plan to expand CIoTA in the future to help a variety of frameworks and develop its detection capabilities, for example, by investigating API flows rather than lower-level control-flows. Sudhakaran et el. [23] showed in his paper that the IoT produces vast quantities of data from connections among people, gadgets and security is a major concern. The majority of IoT anomaly detection techniques rely on supervised machine learning, which has high false positive rate. It was discovered that the magnitude of the attack response was not considered when designing the AAA system for IoT devices. Initially, the TCA collects data at the packet and flow levels for a defined time. Then, using the M-class SVM algorithm, DA examines the collected data and determines the type of attack. When the RA receives the attack type from the DA, it measures the attack frequency over various time windows to estimate the intensity of the attack and takes appropriate action. The proposed AAA system was developed in C++ and compared to the DADM approach. Experiments have shown that their proposed AAA system can minimize unauthorized access by 13 percent and false positives by 19 percent. Additionally, energy consumption is decreased by twenty percent. Yu et al. [24] paper looks at how certain security assurances can be accomplished even though the attacker has gained the access to all keys in a system, for example by exploiting software flaws. Encryption is only useful if the decryption key has not been revealed to adversaries; it necessitates the absence of malware on the computer conducting the crypto operations. This research submitted a novel messaging protocol that ensures protection even though an intruder has access to a user's device's secret keys. In specific, (a) Since an attacker is only read the messages sent in same epoch without being noticed, the protocol bounds the impact of a violation, and (b) If an attacker uses long-term keys compromised to impersonate users, the protocol assists participants in detecting this and taking appropriate action. Our procedure supports several gadgets per user, and the variety of devices aids in the detection of attacks by providing users with intuitive indications of which keys have been active recently. The methods it will teach you are not supposed to be a substitute for the methods you have been using to keep your keys secure. Existing technologies for securing keys include TPMs, smart cards, and the ARM Trust Zone. None of these technologies, however, are fully stable. Malware, for example, can be able to cause key usages not having the ability to copy the key, even though hardware protection is used. Sharmila et al. [25] paper describe how to detect attacks at the sinkhole and was found to be very vulnerable to collisions. To identify the sinkhole attack, the WSN used a lightweight detection system. The digest message technique was created, the methods for data digestion are broadcasted using the trusted route to detect sinkhole attacks, and the protocol followed differs from the system's actual design. As the given method considers the active trust mechanism, different forms of the attacks, such as blackhole and the selective forwarding attacks, are observed.Alajmi et al. [26] introduced a discovery strategy for selective forwarding attacks and explored various network monitoring techniques. To discover and observe the many attacks in the WSN like selective forwarding attack. The established technique can detect attacks at the network layer without putting forth a significant amount of effort. The compromised nodes start acting like every other node in the system is in the form of attack described in the paper, and the malicious node will drop some of the personal information before sharing it with the destination node. Geethu et al. [27] suggested the method for the transmission of multipath. As a defensive tactic, against selective forwarding attacks, the built-up approach was used. In this scheme, if a node detects a packet drop 5 during routing, the packet is sent over an alternate path. The routing method's efficiency was enhanced thanks to the resending strategy. The method described protects the network from a variety of threats, including black hole attacks and tiny, active trust-based for-warding attacks. 3. Problem Formulation Security threats are rising in lockstep by the IoT's expansion. To identify attacks in IoT, several attack documentation systems have been developed, in which the attack discovery system is to be deployed at network's point and collects data before classifying it as "attack" or "normal" using a supervised ML algorithm. These mechanisms, however, have struggled to yield substantial outcomes due to specific needs of an IoT devices, like as supply, scalability, resource limitations, and low latency. Owing to the manual assignment of cluster numbers, unsupervised learning has the downside of having lower classification accuracy. In terms of discovering another attack, it outperforms supervised ML, and it is more effective for IoT attack detection. A semi-supervised ML method, on the other hand, has been suggested, which combines unsupervised and supervised ML techniques. It trains on both labelled and unlabeled data extracts the dataset's intra-structure. A fog-based attack recognition system is developed based on the fog computing model and afresh offered ESFCM model to enable real-time attack distributed discovery in IoT. Fog processing distributes the detection load across many fog nodes at the fog layer, improving exposure performing. The planned ESFCM solution also resolves the issue of real-time detection and labelled data unavailability by merging the ELM and SFCM algorithms. By gathering data from a range of IoT devices, the framework can be used as a recognition unit in smart IoT networks, like as smart cities and homes, to detect attacks. The ELM could, however, perform poorly due to framework's random assignment of the weights and the input bias. Because of the unpredictable input bias and weights, the classification problem can be ill-posed, yielding several solutions. The study suggests that a DL (deep learning) algorithm be used to solve the ill-posed problem by eliminating the need for manual feature engineering and offering compression resulting in higher accuracy and quicker processing [28]. Here in this paper we studied performance of CNN against proposed frame work and other conventional machine learning algorithms and also extended this problem to wireless sensor network and devised an edge based algorithm to detect intruders in a cluster. 4. System Model The standard architecture of the IoT-WSN model comprises of framework, end-user layers, and cloud. The system layer comprises of a network of the wireless sensor modules, communication protocols, and data acquisition circuitry that sends data and information to the local storage for processing. All these devices are allowed users to gather information in real time at various acquisition rates. The data from sensors is processed in the cloud layer for 6 additional management, highlight extraction, noise reduction, and data manipulating. This information is then fed into a decision-making system that makes decisions based on advanced data analysis and artificial intelligence. Model considered focuses on randomly deployed wireless sensor network as subset of heterogeneous IoT scenario shown in Fig.3. Clustering is performed by well-known LEACH [29] protocol. Then composite reputation values are calculated for every cluster, the entire set of nodes are differentiated in three different categories: Cluster Head (CH), Member Nodes (MN), and Inspector Node (IN), where the IN is expected to track every activity of the CH and member nodes. IN keeps track of all ongoing contact and the malicious party that is attacking the node. Model is trained with Packet Delivery Ratio, Packet Dropping Ratio and Delay as features. Figure1: System Model 4.1 Attacks in WSN When time progresses in the mechanism, the device becomes more vulnerable to multiple attacks as the attack surface for the attackers expands and the device's complications grow, giving rise to a variety of attacks. As a result, it is difficult to create a safe and stable application or system. The need for encryption is just as crucial as the need for the information system. The attacker is mostly concerned with the functionality, confidentiality and credibility of infrastructure [30]. In this research work two types of attacks are considered. First and most popular attacks is the Sybil assault, in which a malicious node generates Sybil nodes using altered identities. Sybil nodes can gain an authorized node identity and misbehave by altering routing information, causing communication line and storage interruptions. Second one is buffer overflow attack in which, the amount of data in a memory buffer exceeds the storage space available, a buffer overload (or buffer overflow) occurs. The software may behave unpredictably if the transaction overwrites executable code, causing inaccurate results, memory access issues, or even crashing. 4.2 Low-Energy Adaptive Clustering Hierarchy (LEACH) 7 LEACH [29] is a hierarchical routing algorithm for WSNs running in distinct rounds [31] that is energetically efficient. In LEACH, each round is divided into 2 stages: setup and steady state. During the setup phase, sensor nodes form clusters, and during the steady process, the sensor nodes communicate data messages with their respective CHs, who are accountable for interactive with base station (BS). 4.3 Composite reputation value The accessible nodes in a cluster network are distributed into three types: CH, IN, and MN, all of which are isomorphic. The cluster's radius is nearly half of network's communication range, allowing two nodes from the same network to connect with one another. 𝑟0 = 𝑅0 /2 where 𝑟0 denotes the cluster's radius and 𝑅0 denotes the network's established transmission range.The CH and IN in the network are determined by the CRV[32], in which the device with the highest CRV acts as the CH and next node acts as an IN, is formulated as follows: 𝐶𝑅𝑉𝑠𝑒𝑛𝑠𝑜𝑟 𝑖𝑑 = 𝑎𝑃𝑟 + 𝑏 ∗ 𝐸𝑠𝑢𝑟 /𝐸0 Where a and b are constants with values ranging from 0 to 1 and a+b=1. The early energy level of node is 𝐸0 , while surplus strength of the nodes is 𝐸𝑠𝑢𝑟 and 𝑃𝑟 is the forwarding rate for the designated node. 5. Proposed Methodology This proposed work employs a lightweight convolutional neural network to detect compromised cluster head. The technique focuses on detecting the attack or malicious node, as well as attempting to resolve the problem. Clustering is done using LEACH protocol and CRV is also computed for each cluster. The device having highest CRV is selected as CH, and the next highest CRV node is IN. Training of Inspector Node is done using Convolutional Neural Network for Packet Delivery Ratio, Packet Dropping Ratio and Delay. Source node share request service to the Cluster Head and then act for the same. Compute the Round trip time (RTT) after getting the feedback packet from the next node and add to dataset. Following the request and feedback process of the packets travels towards to its destination, the Inspector nodes perform a training-based scan for any malicious behaviors by testing the sybil attack and buffer overflow attack. If any malicious behavior detected, then route will be changed, incase of normal condition, then communication goes as decided. 8 Figure2: Proposed Algorithm 5. Results and Discussion 5.1 Simulation Setup The effectiveness of CNN-model is compared with the different machine learning algorithms on NSL-KDD dataset as shown in Fig. 15 and 16 respectively. The result of the proposed methodology shows better accuracy in comparison with another machine learning classifier. Additionally extended WSN scenario is simulated using dataset generated with the help of the Network Simulator 2 (NS2). The dataset is divided into three parts i.e., 70 percent training, 15 percent testing, and 15 percent for validation. In the given model IoT infrastructure is formed where nodes are created, and the cluster is formed. The work presented here detects unauthorized IoT devices. Implementation is done using the MATLAB tool. We simulate 9 detection model for sybil and buffer over flow attack and investigate the efficacy of the proposed model over various performance matrices 1. confusion matrices 2. Receiver operator characteristics 3. Cross entropy analysis Table 1 depicts the CNN specifications that are used in the implementation. Parameters Value Input, output, hidden layers (1,1,1) Stride length (2,2) Conv filter size (5,5) Pooling layer size (2,2) Output layer activation function Softmax Hidden layer activation function Relu 5.2 Model Implementation and Results Firstly, CNN-model is compared with the different machine learning algorithms on NSL-KDD as shown in Figure 3 and 4 respectively, accuracy of CNN model is around 97% . The result of the CNN model shows better accuracy in comparison with another machine learning classifiers. Further attack detection time for centralized and distributed frameworks are also analyzed in Figure 5, whose mean detection time is well below 5ms. Figure3: Accuracy on KDDTest+ Figure4: Accuracy on KDDTest-21 Figure5: Detection time Then for extended WSN scenario entire set of nodes is distinguished as MNs, CH, and IN. Each cluster has a single node that serves as the CH, accountable for all communication both within and outside the cluster. With the help of a learning process, the Inspector node is expected to overhear every communication in the cluster and be 10 accountable for the malicious activity of CH and MNs. As shown in Figure 6 and 7 CRV for each node is calculated, node with highest CRV is chosen as a CH and the second-highest CRV value chosen as Inspector node . Figure6: Computation of CRV Figure7: CH-IN selection Communication is established via two paths viz path A containing N2, N6, N1, N8, N3, and N7 nodes and path B containing nodes N2, N5, N9, N10, and N7 as illustrated in Figure 8 and 9. Figure8: Illustrates communication through path A Figure9: Illustrates communication through path B Figure 10, shows the detection of Sybil attack in a network path from source node N2 to N7 . Nodes N3,N8,N9 and N10 are detected malicious under Sybil attack. Figure 11, shows detection of buffer overflow attack caused by malicious code injection in node N9. Figure10: Illustrates sybill attack Figure11: Illustrates buffer flow attack Figure 12, depicts the confusion matrix of the training, testing, validation, and the overall results of the proposed model. The accuracy of the training is 97.9 percent, the accuracy of the validation is 99.3 percent. After validation, 11 the accuracy of the testing is 95.4 percent. Lastly, the overall accuracy of the model is 97.7 percent. The training accuracy is always better than the testing accuracy because if the model trained well then, it gives a perfect output in the testing, else if the training of the model is not good then the model does not give a perfect output that is the reason behind the higher accuracy of the training. The ROC curve is plotted between a true positive rate against a false positive rate. The four different ROC curve of training, testing, validation, and the overall of the model is shown in the Figure 13. Figure 12: Confusion Matrix Figure13: ROC curve Figure 14: Cross-Entropy Curve Figure15: Gradient Measure and validation The “Cross-Entropy” as a performance parameter is calculated as shown in Figure14. Performance of the training, testing, and validation dataset is depicted with best performance validation is 0.040394 at epoch 10. Gradient measures the change in all weights with regards to change in error. The Figure 15, shows the gradient = 0.045054 and validation checks =6 at 16 epochs. Figure16: Error Histogram 12 Figure 16, shows the results of the error values at 0.0401 with 20 bins. Training dataset shows the error values at approximately 600 instances, validation dataset at approximately 750 instances, and the testing dataset at approximately 850 instances. 6. Conclusion This research work is mainly focuses on to detection of the unauthorized IoT device in the distributed IoT architecture. Because of the widespread acceptance of IoT devices, their variety, standardization challenges, and inherent versatility, businesses need an intelligent mechanism capable of detecting suspicious IoT devices automatically and connected to their networks. In this research work, CRV is calculated for each node to decide the CH and IN. Deep learning-based CNN framework is used in order to train the IN and the CNN is applied for extracting the features from the network traffic in order to detect the malicious IoT device. In the current research attacks naming sybil attack and buffer overrun is detected among the IoT devices. Furthermore, the cross entropy is calculated as a performance parameter with gradient measures the change in all weights with regards to change in error. The model is running for 16 iterations and achieves an overall accuracy of 97.7 percent. There is a pressing need to standardize the methodology for detecting the IoT devices on non-homogeneous platforms like non homogeneous sensor networks, such standards will limit the number of unanticipated vulnerabilities and accompanying attacks. 13 Funding declaration The authors are not received funding from any of the sources. Conflict of interest The work is not submitted in any other journal. There is no conflict of interest between the authors that are relevant to the content of the manuscript. Author contribution The idea and problem formulation along with proposed solution is covered by corresponding author. The simulation and result analysis work done by the other author. Data availability statement The data set generated during and / or analyzed during the current study are available from the corresponding author on reasonable request. However, for extended WSN scenario dataset is generated through ns2 tool. NSL KDD is used in research work- https://www.unb.ca/cic/datasets/nsl.html References 1. Tawalbeh, Lo’ai, Muheidat, F., Tawalbeh, M., and Quwaider, M.: IoT Privacy and security: Challenges and solutions. Applied Sciences. 10 (12). 4102 (2020) Doi:10.3390/app10124102 14 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. Meidan, Y., Bohadana, M., Shabtai, A., Ochoa, M., Tippenhauer, N. O., Guarnizo, J. D., & Elovici, Y.: Detection of Unauthorized IoT Devices Using Machine Learning Techniques. (CoRR). (2017) Peña-López, I. (2005). ITU Internet report 2005: the internet of things. Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future generation computer systems, 29(7), 1645-1660. Gartner report, “Forecast: IoT Security, Worldwide,” 2016 Frahim, J., Pignataro, C., Apcar, J., & Morrow, M. (2015). Securing the internet of things: A proposed framework. Cisco White Paper, 15. Ibrahim, M. H. (2016). OCTOPUS: An edge-fog mutual authentication scheme. Int. J. Netw. Secur., 18(6), 1089-1101. Stojmenovic, I., & Wen, S. (2014, September). The fog computing paradigm: Scenarios and security issues. In 2014 federated conference on computer science and information systems (pp. 1-8). IEEE. Alrawais, A., Alhothaily, A., Hu, C., & Cheng, X. (2017). Fog computing for the internet of things: Security and privacy issues. IEEE Internet Computing, 21(2), 34-42. Yi, S., Qin, Z., & Li, Q. (2015, August). Security and privacy issues of fog computing: A survey. In International conference on wireless algorithms, systems, and applications (pp. 685-695). Springer, Cham. Boztas, A., Riethoven, A. R. J., & Roeloffs, M. (2015). Smart TV forensics: Digital traces on televisions. Digital Investigation, 12, S72-S80. Sam Biddle. 2017. WikiLeaks Dump Shows CIA Could Turn Smart TVs into Listening Devices. (2017). https://theintercept.com/2017/03/07/ wikileaks-dump-shows-cia-could-turn-smart-tvs-into-listening-devices Grattafiori, A., & Yavor, J. (2013). The outer limits: hacking the Samsung smart TV, Blackhat briefing 2013. Lee, S. J., & Kim, S. (2013). Hacking, surveilling and deceiving victims on smart tv. Blackhat USA. Pour, M. S., Bou-Harb, E., Varma, K., Neshenko, N., Pados, D. A., & Choo, K. K. R. (2019). Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns. Digital Investigation, 28, S40-S49. O’Gorman, Brigid, Candid Wueest, Dick O’Brien, Gillian Cleary, Hon Lau, J. Power, Mayee Corpin, Orla Cox, Paul Wood, and Scott Wallace. "Internet security threat report." A Report published by SYMANTEC (2019). Szigeti, T., Zacks, D., Falkner, M., & Arena, S. (2018). Cisco Digital Network Architecture: Intent-based Networking for the Enterprise. Cisco Press. Meidan, Y., Bohadana, M., Shabtai, A., Ochoa, M., Tippenhauer, N. O., Guarnizo, J. D., & Elovici, Y. (2017). Detection of unauthorized IoT devices using machine learning techniques. arXiv preprint arXiv:1709.04647. Diro, A. A., & Chilamkurti, N. (2018). Distributed attack detection scheme using deep learning approach for Internet of Things. Future Generation Computer Systems, 82, 761-768. Bhunia, S. S., & Gurusamy, M. (2017, November). Dynamic attack detection and mitigation in IoT using SDN. In 2017 27th International telecommunication networks and applications conference (ITNAC) (pp. 16). IEEE. McDermott, C. D., Majdani, F., & Petrovski, A. V. (2018, July). Botnet detection in the internet of things using deep learning approaches. In 2018 international joint conference on neural networks (IJCNN) (pp. 18). IEEE Golomb, T., Mirsky, Y., & Elovici, Y. (2018). CIoTA: Collaborative IoT anomaly detection via blockchain. arXiv preprint arXiv:1803.03807. Sudhakaran, P., & Malathy, C. (2020). Authorisation, attack detection and avoidance framework for IoT devices. IET Networks, 9(5), 209-214. Yu, J., Ryan, M., & Cremers, C. (2015). How to detect unauthorised usage of a key. IACR Cryptol. ePrint Arch., 2015, 486. 15 25. Sharmila, S., & Umamaheswari, G. (2011, July). Detection of sinkhole attack in wireless sensor networks using message digest algorithms. In 2011 International Conference on Process Automation, Control and Computing (pp. 1-6). IEEE.. 26. Alajmi, N. M., & Elleithy, K. (2016, April). A new approach for detecting and monitoring of selective forwarding attack in wireless sensor networks. In 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT) (pp. 1-6). IEEE. 27. Geethu, P. C., & Mohammed, A. R. (2013, July). Defense mechanism against selective forwarding attack in wireless sensor networks. In 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT) (pp. 1-4). IEEE. 28. Rathore, S., & Park, J. H. (2018). Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing, 72, 79-89. 29. Krontiris, I., Giannetsos, T., & Dimitriou, T. (2008, October). Launching a sinkhole attack in wireless sensor networks; the intruder side. In 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (pp. 526-531). IEEE. 30. Mann, P., Tyagi, N., Gautam, S., & Rana, A. (2020, September). Classification of Various Types of Attacks in IoT Environment. In 2020 12th International Conference on Computational Intelligence and Communication Networks (CICN) (pp. 346-350). IEEE. 31. Newsome, J., Shi, E., Song, D., & Perrig, A. (2004, April). The sybil attack in sensor networks: analysis & defenses. In Third international symposium on information processing in sensor networks, 2004. IPSN 2004 (pp. 259-268). IEEE. 32. Zhou, H., Wu, Y., Feng, L., & Liu, D. (2016). A security mechanism for cluster-based WSN against selective forwarding. Sensors, 16(9), 1537. 16