Abstract
Routing Protocol for Low power and Lossy network (RPL) topology attacks can downgrade the network performance significantly by disrupting the optimal protocol structure. To detect such threats, we propose a RPL-specification, obtained by a semi-auto profiling technique that constructs a high-level abstract of operations through network simulation traces, to use as reference for verifying the node behaviors. This specification, including all the legitimate protocol states and transitions with corresponding statistics, will be implemented as a set of rules in the intrusion detection agents, in the form of the cluster heads propagated to monitor the whole network. In order to save resources, we set the cluster members to report related information about itself and other neighbors to the cluster head instead of making the head overhearing all the communication. As a result, information about a cluster member will be reported by different neighbors, which allow the cluster head to do cross-check. We propose to record the sequence in RPL Information Object (DIO) and Information Solicitation (DIS) messages to eliminate the synchronized issue created by the delay in transmitting the report, in which the cluster head only does cross-check on information that come from sources with the same sequence. Simulation results show that the proposed Intrusion Detection System (IDS) has a high accuracy rate in detecting RPL topology attacks, while only creating insignificant overhead (about 6.3%) that enable its scalability in large-scale network.
Highlights
Routing Protocol for Low power and Lossy network (RPL) is a protocol developed for the 6LoWPAN network, in order to bring the concept of Internet of Things (IoT) to the real life
This paper is the continuation of our on-going research on Intrusion Detection System (IDS) for detecting the internal threats in IP-connected wireless sensor network [2,3,4,5], where we identified and evaluated prominent internal threats and proposed a general IDS framework to detect them
There is one sink placed in the center and 11 IDS cluster heads to cover the operation of the remaining 88 nodes in the network
Summary
Routing Protocol for Low power and Lossy network (RPL) is a protocol developed for the 6LoWPAN network, in order to bring the concept of Internet of Things (IoT) to the real life. RPL has many advantages such as the energy efficiency, optimal routing and minimal overhead, which makes it outperform other previous routing protocol [1]. For the overall operation of the protocol as well as the basic concepts of routing messages like DIO, DIS, and the trickle algorithm, readers can refer to [1,2,3,4,5,6,7,8] for more detail. Internal threats on RPL-based network is a challenge due to the weak physical protections of the nodes, no centralized administration, low capability node that make strong cryptography not applicable, and lack of node co-operation. Topology attacks involve node operation to disrupt the optimal network topology, for example, creating loops, attracting traffic, or generating heavy overhead.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
