A Security Scheme for Statistical Anomaly Detection and the Mitigation of Rank Attacks in RPL Networks (IoT Environment)
Received: 24 September 2023 | Revised: 7 November 2023 | Accepted: 7 November 2023 | Online: 5 December 2023
Corresponding author: Sajjad Hussain Chauhdary
Abstract
A Routing Protocol for Low-power-lossy (RPL) networks builds a Destination Oriented Directed Acyclic Graph (DODAG) to provide IPv6 connectivity for resource-constrained devices over a large variety of low-power-lossy link layer technologies. Each RPL node maintains a rank value, which quantizes its relative topological distance from the DODAG root and is calculated based on the rank of its preferred parents and the objective function being employed. The RPL routing process does not impose any check to monitor the action and conduct of the parent nodes. A malicious attacking node can exploit this weakness by faking its rank value to be much lower than the original to attract more traffic to traverse through it from its neighboring and underlying child nodes. An attacking node can choose to perform selective forwarding or a sinkhole attack (Rank Attack type 1 – RA1) or exacerbate network performance parameters by causing topological instability (Rank Attack type 2 - RA2). This paper presents the Statistically-based Anomaly Detection Scheme (SARPL) to detect RA1 and RA2 and attempts to mitigate their effects. The simulations and performance evaluations show that SARPL can successfully detect RA1 attacks in all scenarios whereas it has a positive detection rate of approximately 93% for RA2 type attacks. SARPL also significantly improves network performance parameters, such as packet delivery rate and end-to-end delay, while mitigating the effects of RA1 and RA2.
Keywords:
anomaly detection, rank attack, RPL network, low power lossy networkDownloads
References
J. P. Vasseur, "Terms Used in Routing for Low-Power and Lossy Networks," Internet Engineering Task Force, Request for Comments RFC 7102, Jan. 2014. https://doi.org/10.17487/RFC7102. DOI: https://doi.org/10.17487/rfc7102
T. Tsvetkov, "RPL: IPv6 Routing Protocol for LOW Power and Lossy Networks," in Seminar SN SS2011, Network Architectures and Services, Jul. 2011, https://doi.org/10.2313/NET-2011-07-1_09.
R. Alexander et al., "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks," Internet Engineering Task Force, Request for Comments RFC 6550, Nov. 2012. https://doi.org/10.17487/RFC6550. DOI: https://doi.org/10.17487/rfc6550
A. Le, J. Loo, A. Lasebae, A. Vinel, Y. Chen, and M. Chai, "The Impact of Rank Attack on Network Topology of Routing Protocol for Low-Power and Lossy Networks," IEEE Sensors Journal, vol. 13, no. 10, pp. 3685–3692, Jul. 2013.
O. Gnawali and P. Levis, "The Minimum Rank with Hysteresis Objective Function," Internet Engineering Task Force, Request for Comments RFC 6719, Jun. 2012. https://doi.org/10.17487/RFC6719. DOI: https://doi.org/10.17487/rfc6719
T. Tsao, R. Alexander, M. Dohler, V. Daza, A. Lozano, and M. Richardson, "A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)," Internet Engineering Task Force, Request for Comments RFC 7416, Jan. 2015. https://doi.org/10.17487/RFC7416. DOI: https://doi.org/10.17487/rfc7416
H. Perrey, M. Landsmann, O. Ugus, T. C. Schmidt, and M. Wählisch, "TRAIL: Topology Authentication in RPL." arXiv, Dec. 15, 2015.
K. D. Korte, A. Sehgal, and J. Schönwälder, "A Study of the RPL Repair Process Using ContikiRPL," in Dependable Networks and Services, Berlin, Heidelberg, 2012, pp. 50–61. DOI: https://doi.org/10.1007/978-3-642-30633-4_8
A. Le, J. Loo, A. Lasebae, A. Vinel, Y. Chen, and M. Chai, "The Impact of Rank Attack on Network Topology of Routing Protocol for Low-Power and Lossy Networks," IEEE Sensors Journal, vol. 13, no. 10, pp. 3685–3692, Jul. 2013. DOI: https://doi.org/10.1109/JSEN.2013.2266399
A. Le, J. Loo, Y. Luo, and A. Lasebae, "Specification-based IDS for securing RPL from topology attacks," in 2011 IFIP Wireless Days (WD), Niagara Falls, ON, Canada, Jul. 2011. DOI: https://doi.org/10.1109/WD.2011.6098218
S. Raza, L. Wallgren, and T. Voigt, "SVELTE: Real-time intrusion detection in the Internet of Things," Ad Hoc Networks, vol. 11, no. 8, pp. 2661–2674, Nov. 2013. DOI: https://doi.org/10.1016/j.adhoc.2013.04.014
T. Matsunaga, K. Toyoda, and I. Sasase, "Low false alarm rate RPL network monitoring system by considering timing inconstancy between the rank measurements," in 2014 11th International Symposium on Wireless Communications Systems (ISWCS), Barcelona, Spain, Aug. 2014, pp. 427–431. DOI: https://doi.org/10.1109/ISWCS.2014.6933391
L. Wallgren, S. Raza, and T. Voigt, "Routing Attacks and Countermeasures in the RPL-Based Internet of Things," International Journal of Distributed Sensor Networks, vol. 9, no. 8, Aug. 2013, Art. no. 794326. DOI: https://doi.org/10.1155/2013/794326
A. Dvir, T. Holczer, and L. Buttyan, "VeRA - Version Number and Rank Authentication in RPL," in 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems, Valencia, Spain, Jul. 2011, pp. 709–714. DOI: https://doi.org/10.1109/MASS.2011.76
P. Kasinathan, G. Costamagna, H. Khaleel, C. Pastrone, and M. A. Spirito, "DEMO: An IDS framework for internet of things empowered by 6LoWPAN," in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, New York, NY, USA, Aug. 2013, pp. 1337–1340. DOI: https://doi.org/10.1145/2508859.2512494
P. Kasinathan, C. Pastrone, M. A. Spirito, and M. Vinkovits, "Denial-of-Service detection in 6LoWPAN based Internet of Things," in 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Lyon, France, Jul. 2013, pp. 600–607. DOI: https://doi.org/10.1109/WiMOB.2013.6673419
N. Tsiftes, J. Eriksson, N. Finne, F. Österlind, J. Höglund, and A. Dunkels, "A framework for low-power IPv6 routing simulation, experimentation, and evaluation," in Proceedings of the ACM SIGCOMM 2010 conference, New York, NY, USA, May 2010, pp. 479–480. DOI: https://doi.org/10.1145/1851182.1851273
M. A. Lawal, R. A. Shaikh, and S. R. Hassan, "Security Analysis of Network Anomalies Mitigation Schemes in IoT Networks," IEEE Access, vol. 8, pp. 43355–43374, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.2976624
N. Tsiftes, J. Eriksson, and A. Dunkels, "Low-power wireless IPv6 routing with ContikiRPL," in Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks, New York, NY, USA, Dec. 2010, pp. 406–407. DOI: https://doi.org/10.1145/1791212.1791277
K. Aldriwish, "A Deep Learning Approach for Malware and Software Piracy Threat Detection," Engineering, Technology & Applied Science Research, vol. 11, no. 6, pp. 7757–7762, Dec. 2021. DOI: https://doi.org/10.48084/etasr.4412
M. Anwer, S. M. Khan, M. U. Farooq, and Waseemullah, "Attack Detection in IoT using Machine Learning," Engineering, Technology & Applied Science Research, vol. 11, no. 3, pp. 7273–7278, Jun. 2021. DOI: https://doi.org/10.48084/etasr.4202
N. A. Alsharif, S. Mishra, and M. Alshehri, "IDS in IoT using Machine Learning and Blockchain," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11197–11203, Aug. 2023. DOI: https://doi.org/10.48084/etasr.5992
Downloads
How to Cite
License
Copyright (c) 2023 Mohammed A. Alqarni, Sajjad Hussain Chauhdary
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.