A lightweight distributed detection algorithm for DDAO attack on RPL routing protocol in Internet of Things

Abstract

A significant increase in the number of connected devices in the Internet of Things poses a key challenge to efficiently handling the attacks in routing protocols such as Routing Protocol for Low Power and Lossy Networks (RPL). The attacks on RPL are partly studied in the literature, and the proposed solutions typically overlook the appropriate trade-off among the detection rate and communication and computational overhead. This study aimed at introducing a new attack called Dropped Destination Advertisement Object (DDAO) and a new Intrusion Detection System (IDS) to counter this attack in RPL protocol. DDAO attack adversely affects the network by preventing the creation of the downward routes through not forwarding Destination Advertisement Object (DAO) messages and sending fake Destination Advertisement Object Acknowledgment (DAO-ACK) messages to the DAO source. A distributed lightweight IDS is proposed in this study to detect and counter DDAO attacks by monitoring the behavior of parents against forwarded DAO messages. According to the evaluations conducted on the Cooja simulator under different real-world conditions, the proposed IDS can detect DDAO attacks with high accuracy, precision, and True Positive Rate (TPR) and low False Positive Rate (i.e., close to zero). Additionally, compared to RPL, the proposed IDS improves Packet Delivery Rate (PDR) by 158 percent when countering attacks.