Abstract

The increased connectivity introduced in Internet of Things (IoT) applications makes such systems vulnerable to serious security threats. In this paper, we consider one of the most challenging threats in IoT networks, where devices manipulate (maliciously or unintentionally) the data transmitted in information packets as they are being forwarded from the source to the destination. We propose unsupervised learning that exploits network diversity to detect and identify suspicious networked elements. Our proposed method can identify suspicious nodes along multihop transmission paths and under variable attack levels within the network. More specifically, we formulate a contribution metric for each networked element, which is used as a feature to cluster the nodes based on their behavior. We proposed two detection approaches, namely hard detection and soft detection. In the former, nodes are clustered into malicious or benign group; while in the latter, nodes are clustered into three groups based on their suspicious level, then highly suspicious nodes are discarded and more accurate contribution features are evaluated for the remaining nodes. Soft detection has higher detection accuracy provided that there is sufficient network diversity. Simulation results show that the proposed methods achieve high detection accuracy under different percentages of malicious nodes in the network and in the existence of channel errors.