Clustering Internet of Things (IoT) networks, to alleviate the network scalability problem, provides an opportunity for an adversary to compromise a set of nodes by simply compromising the relay they are associated with. In such scenarios, an adversary who has compromised the relay can affect the network's performance by deliberately dropping the packets transmitted by the IoT devices and/or by corrupting the packets to be forwarded by the relay. In this way, the adversary can successfully mimic a bad radio channel between the IoT devices and the relay, thereby requiring the IoT devices to retransmit more frequently. Such a strategy increases the processing load on the IoT devices and will drain their batteries at a faster rate. To detect such an attack, we present hybrid intrusion detection systems that rely on the monitoring of uplink and downlink packets transmitted between IoT devices and the relay. Specifically, we compare the observed packet drop probabilities against their long-term expected values. The detection rules proposed originate from the generalized likelihood ratio test, where the adversary parameters are estimated using maximum likelihood estimation. A semi-analytical approach to obtain the expressions for the false alarm probability is presented in order to determine the decision thresholds. Results presented show the effectiveness of the proposed detection systems, demonstrate the impact of the choice of adversary parameters on them, and validate the expressions obtained for the false alarm probability.

中文翻译：

---

一种基于 GLRT 的机制，用于检测集群物联网网络中的中继错误行为


为了缓解网络可扩展性问题，物联网 (IoT) 网络集群为攻击者提供了通过简单地破坏与其关联的中继来破坏一组节点的机会。在这种情况下，破坏中继的对手可能会故意丢弃物联网设备传输的数据包和/或破坏中继转发的数据包，从而影响网络的性能。通过这种方式，攻击者可以成功模仿物联网设备和中继之间的不良无线电信道，从而要求物联网设备更频繁地重新传输。这种策略会增加物联网设备的处理负载，并会以更快的速度耗尽电池电量。为了检测此类攻击，我们提出了混合入侵检测系统，该系统依赖于对物联网设备和中继之间传输的上行链路和下行链路数据包的监控。具体来说，我们将观察到的丢包概率与其长期预期值进行比较。提出的检测规则源自广义似然比测试，其中使用最大似然估计来估计对手参数。提出了一种获得虚警概率表达式的半解析方法，以确定决策阈值。给出的结果显示了所提出的检测系统的有效性，证明了对手参数的选择对其的影响，并验证了获得的误报概率表达式。