An Intelligent Security Approach using Game Theory to Detect DoS Attacks in IoT

The Internet of Things (IoT) is a new concept in the world of Information and Communication Technology (ICT). The structure of this global network is highly interconnected and presents a new category of challenges from the security, trust, and privacy perspectives. The data transfer problems through the Denial-of-Service (DoS) attacks simply occur in this network and lead to service slow down or system crash. At the present time, traditional techniques are being widely used to confront the denial-of-service attacks in the Internet of Things and unfortunately, smart techniques have been less studied and exploited. In this research, a security solution on the basis of game theory is proposed to detect the denial-of-service attacks and prevent the problems in the services of the network of the Internet of Things. In order to scrutinize the performance of the suggested method in the network, this method was simulated using the NS2 simulator. The simulation results confirmed that the game-theory strategies in the proposed method outperformed the existing methods. Furthermore, in order to verify the acquired findings, a comparative evaluation was exhibited according to the three factors of operational throughput, latency, and energy consumption. Keywords—Internet of Things (IoT); network security; attack detection


I. INTRODUCTION
Although the Internet of Things has been highlighted as one of the modern technologies in recent years, its applications have not been completely analyzed yet.This technology initially emerged as the radio frequencies for communications.Afterward, along with the advancements of wireless devices, smart sensors, and microcontrollers, it could improve the machine-to-machine communications and provide a platform for the communications between humans and things [1], [3].The Internet of Things is generally founded on wireless technologies [5].Since in the near future, a massive volume of information will be transmitted and received using the interconnected devices and management systems [4], different concerns will be brought in, particularly on the security issues.Given the rapid growth of this technology and joining of different things to this network, and also, the communication with each other, new challenges have arisen in various security issues, such as confidentiality, identity recognition, privacy, integration, etc.Moreover, the problems resulting from transferring and processing unwanted data have caused new user concerns and legal issues [2].So far, a variety of methods have been presented to create security in the Internet of Things, including light and safe operating systems, scalable procedures for the alternate control, and new detection and blocking solutions for the raised threats.However, due to the existence of threats in different aspects and methods, establishing security in the Internet of Things is a complex and difficult task, requiring various smart mechanisms.
The threats and attacks against the security of the Internet of Things can be investigated from different aspects [7].From one perspective, attacks can be categorized into two active and inactive groups, and from another perspective, they can be classified as the destructive and non-destructive groups [8].However, the pivotal point is that the attacks to networks, regardless of their type, can cause irreparable damages to users, devices, things, and their communications.One of the main attacks used by attackers are the denial-of-service attacks, which are performed to disrupt the services and the network communications, and mostly lead to network disruption.
It should be indicated that the traditional security solutions have many defects and shortcomings.Two principal weaknesses of the traditional methods in the intrusion detection systems are as follows [6]: 1) From a technical viewpoint, they are highly complicated.
2) They rely on the temporary methods, based on trial and error.
The main drawback of the traditional security solutions is the lack of a specific framework, for decision-making about the quantity and the type of attacks [9].In this context, smart security methods can provide us with suitable facilities to overcome this disadvantage.
In confronting problems, smart methods can apply the mathematical frameworks to analyze and model the problems.The solutions based on game theory have been described as an appropriate tool to tackle the security problems and different threats in the network [10], [11].Game theory can be exploited to solve those problems, where several players with different motivations and purposes compete with each other [12].Moreover, it is capable to analyze diverse scenarios (i.e. more than one hundred thousand scenarios) before making any decision, and choose the best solution.
The purpose of the present paper is to provide a smart security solution for detecting the denial-of-service attacks in the services of the network of the Internet of Things, using game theory.Then, through simulating the suggested solution using the NS2 software, the results will be compared with the existing methods.Next, the important factors at the time of the www.ijacsa.thesai.orgdenial-of-service attacks (including energy consumption, latency, and operational throughput) will be investigated.From an innovation perspective, the research contributions are as follows:  Classifying and evaluating the denial-of-service attacks in wireless networks.
 Acquiring a suitable equilibrium, on the basis of the Nash equilibrium, in order to achieve a security balance in the Internet of Things.
 Presenting a smart method for attack detection based on game theory.

II. RELATED WORK
The intrusion detection systems are amongst the network security issues, in which game theory has been more broadly applied.It logically originates from the fact that the traditional IDSs are based on the decision-making theory.As explained in Chapter One, game theory appears to be more suitable over the traditional decision-making theory for the sake of security problems.
In [13], the theoretical game-theory approaches, compared to IDS, were explained for different game models and in particular, two chapters of this book (9 and 10) were devoted to this topic.In [14], the entire Section 5 is considered the theoretical approaches of the game theory, over the IDS.
In [15], a multi-stage dynamic game model was adopted to study the intrusion detection problem in a mobile ad-hoc network.A method was proposed in [16], which models the configuration problem of the policy-based IDS, as a dynamic random game.In [17], a random game model was considered for the insider attack problem.A game method was suggested in [18] to study the problem of intrusion detection in wireless ad-hoc networks.
In [19], the problem of destructive signals was investigated in a scenario, called a MIMO Gaussian Rayleigh-fading channel.The interaction between the destructive signal generator and the transmitter-receiver pair was modeled as a zero-sum game, in which the attacker attempts to minimize the mutual information between the transmitted and received signals, while the defenders attempt to maximize it.
In [20], a method was exhibited to confront the denial-ofservice attacks on the Internet based on a game theory, in which an attacker in the Internet attempts to transform the main page in a specific server.A random game method between the network manager and the attacker was suggested, where in each time step, the two players choose their actions and the game is transferred into a new state, according to the probabilities, depending on the chosen actions.The authors, through the simulations, showed that the game accepts several Nash equilibriums.
All the conducted studies and the presented games indicated that the resources required by the network may be the target of attacks.In [21], the authors considered a noncooperative multi-person game on a graph with two types of players, which includes a set of attackers and a defender, which respectively indicate the viruses and the system security software.Each attacker selects one node for contamination and the defender selects a simple path (or edge) for protection.
Detection techniques are less efficient in terms of the energy and implementation costs [22], [23].A vast majority of detection methods fail to individually confront the denial-ofservice attacks [24].Proactive counteractions can be mainly classified into two categories of software and software/hardware proactive counteractions [25].The so-far performed studies have disclosed that the software proactive counteractions are more efficient over the other techniques, since unlike others, they do not use some costly algorithms for defense.However, the detection-based counteractions are known as the efficient solutions for the active attacks, such as the constant, deceptive, and random attacks [26].

III. EVALUATION OF ATTACKS IN WIRELESS SENSOR NETWORKS
This section describes the evaluation of attacks in wireless sensor networks.Understanding the behavior of these attacks will be useful for the development of counteractions.Implementation of the attacks for evaluation is carried out based on the modeling, described in the previous section.The modeling process in the previous section presented a clear understanding of the things, involved in signal attacks as well as their interaction.In this section, in order to assess their effect, the attacks will be evaluated, under different traffic conditions and with various numbers of the destructive nodes in the network.In terms of the activity type, the denial-ofservice attacks on wireless sensor networks can be categorized as follows [26], [27]:  Deceptive attacks.

IV. SIMULATION DETAILS
All attacks were implemented using the NS2 simulator.The parameters set during the simulation are shown in Table 1.These parameters are considered according to the IEEE 802.15.4 radio model.The simulation of attacks was done under the following hypothesis: The simulation was accomplished with variable time intervals of the traffic, which is beneficial for measuring the performance of attacks under different traffic conditions.The traffic time interval varied from 0 to 10000 milliseconds.In these simulations, the number of destructive nodes or the attacked nodes in the network was considered variable.

V. GAME THEORY MODEL
The signal game can be regarded as a game between two players (i.e. the destructive signal transmitter and the node (transmitter/receiver)), for which the equations can be made according to their performance and objective.The transmitter of the destructive signal is a player, which prevents the users' communication with each other through blocking the communication channels in the wireless network, and makes it impossible to transmit/receive data in the target channels.The node is a player, whose purpose is to efficiently utilize the network channels in order to increase the operational throughput of the whole network.Furthermore, the game can be modeled as a game between the destructive signal generator node and the observer node, in which the observer nodes are responsible for attach detection.In addition to the above strategic parameters, the following ones were also taken into account in the game: www.ijacsa.thesai.org d G : Gain, obtained from the attack detection.
 t : Time, required for periodic monitoring.
 D A : Attack duration.
 P c and P p : Attack detection costs, using continuous and periodic monitoring.

A. Nash Equilibrium
In this section, the Nash equilibrium will be investigated for a signal game occurring in the network, in which none of the players has an independent motivation for changing the strategy.
In the game, every player attempts to maximize its final gain.Considering the number of strategies in the game on one side, and the possibility of occurring simultaneous attacks with different strategies on the other side, it can be concluded that achieving a deterministic Nash equilibrium will be very difficult.Therefore, achievement of a nash equilibrium can be examined through the probability.Hence, by using a combination of strategies and the probability distribution on the set of strategies, achieving the maximum gain in the final result will become feasible.Thus, m is considered as the probability of continuous monitoring in the channel and 1-m as the probability of periodic monitoring.If the time interval for constant and random attacks is extremely short, it will become nearly equal to constant attacks (i.e.like deceptive attacks).(2)

B. Simulation Results
At this stage, the NS2 discrete event simulator was employed to implement the game theory strategies in order to confront the attacks.The parameters adjusted during the simulations are displayed in Table 1.The idle power, reception power, transmission power, and sleep power were considered according to the IEEE 802.15.4 radio model.Fig. 4, 5 and 6, respectively, show the comparative evaluation for the no-attack condition, the suggested gametheory method, and the optimal detection strategy.At this stage, three parameters (including average energy consumption, latency, and operational throughput) were evaluated at different traffic time intervals.Fig. 4 displays the average energy consumption in different conditions.The obtained results demonstrated that at the time of attacks, the suggested solution works more optimally over the optimal strategy and reduces the energy consumption.The main reason for representing the energy efficiency is that the detection mechanism of the game theory is based on the crosslayer detection, which helps to detect the attacks earlier and lower the energy consumption.
The main reason for representing the energy efficiency is that the detection mechanism of the game theory is based on the cross-layer detection, which helps to detect the attacks earlier and lower the energy consumption [28].Another advantage of the game theory solution over the optimal strategy solution is that it attempts to achieve equilibrium and this helps to maintain the cooperation among the involved nodes.This cooperation can effectively assist to improve the energy consumption.Fig. 5 and 6 presented the average delay and the average operational throughput in the network, respectively.

VI. CONCLUSIONS
Security threats are increasingly being developed due to the expansion of the networks connected to the Internet of Things as well as the lack of suitable mechanisms for counteractions.Wireless sensor networks are seriously vulnerable to attacks, and their ability of resistance against the attacks is one of the critical challenges in the development of these networks.Security in all levels of the Internet of Things is in correlation with its performance.Two main weaknesses of the traditional intrusion detection systems are as follows: 1) from a technical perspective, they are highly complicated; and 2) they rely on the temporary methods based on trial and error.Smart solutions have shown that although they have their own specific complexities, they are faster in speed and much more optimal in performance.The results obtained in this paper, which is based on the game theory, confirmed that smart methods can have better performance compared to the other strategies in terms of energy consumption (25-30%), latency, and operational throughput (10-15%).

Fig. 2 .Fig. 3 .
Fig. 2. Comparison of delay for send/receive packets in network after different attacks in different interval.

Fig. 1 ,
Fig. 1, 2 and 3 exhibit the analyses of the reactive, random, deceptive, and constant attacks, compared to the no-attack condition, by considering different time intervals in the sensor network.The analysis was performed by measuring three parameters of the sensor network.The operational throughput, latency, and energy consumption are, respectively, shown in Fig. 1, 2 and 3.

G
: Attacker's gain for a successful attack. cj P , dj P and rej P : Attack costs for constant, deceptive, and reactive destructive signal generators. s T : Sleeping duration for the destructive signal generator node. i T : Time interval, for producing packages and destructive signals.

Fig. 4 .Fig. 5 .
Fig. 4. Comparison of energy consumption between proposed strategies and optimal solution in variable traffic mode.

Fig. 6 .
Fig.6.Comparison of throughput between proposed strategies and optimal solution in variable traffic mode.

TABLE I .
SIMULATION PARMETERS Fig. 1.Comparison of energy consumption of attacks in different interval.