An Intrusion Detection System for RPL-Based IoT Networks

Abstract

The Internet of Things (IoT) has become very popular during the last decade by providing new solutions to modern industry and to entire societies. At the same time, the rise of the industrial Internet of Things (IIoT) has provided various benefits by linking infrastructure around the world via sensors, machine learning, and data analytics. However, the security of IoT devices has been proven to be a major concern. Almost a decade ago, the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) was designed to handle routing in IoT and IIoT. Since then, numerous types of attacks on RPL have been published. In this paper, a novel intrusion detection system (IDS) is designed and implemented for RPL-based IoT. The objective is to perform an accurate and efficient detection of various types of routing and denial-of-service (DoS) attacks such as version number attack, blackhole attack, and grayhole attack, and different variations of flooding attacks such as Hello flood attack, DIS attack, and DAO insider attack. To achieve this, different detection strategies are combined, taking advantage of the strengths of each individual strategy. In addition, the proposed IDS is experimentally evaluated by performing a deep analysis of the aforementioned attacks in order to study the impact caused. This evaluation also estimates the accuracy and effectiveness of the IDS performance when confronted with the considered attacks. The obtained results show high detection accuracy. Furthermore, the overhead introduced in terms of CPU usage and power consumption is negligible. In particular, the CPU usage overhead is less than 2% in all cases, whereas the average power consumption increase is no more than 0.5%, which can be considered an insignificant impact on the overall resource utilisation.