ORMD: Online Learning Real-Time Malicious Node Detection for the IoT Network

With the rapid development of the Internet of Things and its widespread deployment in daily life and production, malicious node detection is becoming more and more important. The attackers can invade the normal nodes to launch various attacks like dropping or tampering data packets. As the current approaches mainly rely on injecting and collecting data for a period of time and out-of-band communications between nodes and the sink node, it is lagging. In addition, these approaches rely on reliable source nodes and use offline data to calculate, which slows down the detection speed. In this paper, for the first time, we propose an Online learning Real-time Malicious node Detection scheme (ORMD) for IoT network. ORMD adopts an out-of-band-free data collection method, in which probe packets are injected from the sink node to randomly chosen source nodes. The source nodes return the probe packets back to the sink node. The sink node analyzes the returned probe packets to obtain the path’s reliability which is used to derive the node’s reliability. The derivation of the node’s reliability is formalized as a multiple linear regression problem, which can be solved by online learning algorithm. Simulation results show that ORMD can detect malicious nodes in real time with a high accuracy, up to 96%.