One of the central communication infrastructures of the Internet of Things (IoT) is the IEEE 802.15.4 standard, which defines Low Rate Wireless Personal Area Networks (LR- WPAN). In order to share the medium fairly in a non-beacon-enabled mode, the standard uses Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). The nature of connected objects with respect to various resource constraints makes them vulnerable to cyber attacks. One of the most aggressive DoS attacks is the greedy behaviour attack which aims to deprive legitimate nodes to access to the communication medium. The greedy or selfish node may violate the proper use of the CSMA/CA protocol, by tampering its parameters, in order to take as much bandwidth as possible on the network, and then monopolize access to the medium by depriving legitimate nodes of communication. Based on the analysis of the difference between parameters of greedy and legitimate nodes, we propose a method based on the threshold mechanism to identify greedy nodes. The simulation results show that the proposed mechanism provides a detection efficiency of 99.5%.