A Security Scheme for Statistical Anomaly Detection and the Mitigation of Rank Attacks in RPL Networks (IoT Environment)

Authors

  • Mohammed A. Alqarni Department of Software Engineering, College of Computer Science and Engineering, University of Jeddah, Saudi Arabia
  • Sajjad Hussain Chauhdary Department of Computer Science and Artificial Intelligence, College of Computer Science and Engineering, University of Jeddah, Saudi Arabia
Volume: 13 | Issue: 6 | Pages: 12409-12414 | December 2023 | https://doi.org/10.48084/etasr.6433

Abstract

A Routing Protocol for Low-power-lossy (RPL) networks builds a Destination Oriented Directed Acyclic Graph (DODAG) to provide IPv6 connectivity for resource-constrained devices over a large variety of low-power-lossy link layer technologies. Each RPL node maintains a rank value, which quantizes its relative topological distance from the DODAG root and is calculated based on the rank of its preferred parents and the objective function being employed. The RPL routing process does not impose any check to monitor the action and conduct of the parent nodes. A malicious attacking node can exploit this weakness by faking its rank value to be much lower than the original to attract more traffic to traverse through it from its neighboring and underlying child nodes. An attacking node can choose to perform selective forwarding or a sinkhole attack (Rank Attack type 1 – RA1) or exacerbate network performance parameters by causing topological instability (Rank Attack type 2 - RA2). This paper presents the Statistically-based Anomaly Detection Scheme (SARPL) to detect RA1 and RA2 and attempts to mitigate their effects. The simulations and performance evaluations show that SARPL can successfully detect RA1 attacks in all scenarios whereas it has a positive detection rate of approximately 93% for RA2 type attacks. SARPL also significantly improves network performance parameters, such as packet delivery rate and end-to-end delay, while mitigating the effects of RA1 and RA2.

Keywords:

anomaly detection, rank attack, RPL network, low power lossy network

Downloads

Download data is not yet available.

References

J. P. Vasseur, "Terms Used in Routing for Low-Power and Lossy Networks," Internet Engineering Task Force, Request for Comments RFC 7102, Jan. 2014. https://doi.org/10.17487/RFC7102. DOI: https://doi.org/10.17487/rfc7102

T. Tsvetkov, "RPL: IPv6 Routing Protocol for LOW Power and Lossy Networks," in Seminar SN SS2011, Network Architectures and Services, Jul. 2011, https://doi.org/10.2313/NET-2011-07-1_09.

R. Alexander et al., "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks," Internet Engineering Task Force, Request for Comments RFC 6550, Nov. 2012. https://doi.org/10.17487/RFC6550. DOI: https://doi.org/10.17487/rfc6550

A. Le, J. Loo, A. Lasebae, A. Vinel, Y. Chen, and M. Chai, "The Impact of Rank Attack on Network Topology of Routing Protocol for Low-Power and Lossy Networks," IEEE Sensors Journal, vol. 13, no. 10, pp. 3685–3692, Jul. 2013.

O. Gnawali and P. Levis, "The Minimum Rank with Hysteresis Objective Function," Internet Engineering Task Force, Request for Comments RFC 6719, Jun. 2012. https://doi.org/10.17487/RFC6719. DOI: https://doi.org/10.17487/rfc6719

T. Tsao, R. Alexander, M. Dohler, V. Daza, A. Lozano, and M. Richardson, "A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs)," Internet Engineering Task Force, Request for Comments RFC 7416, Jan. 2015. https://doi.org/10.17487/RFC7416. DOI: https://doi.org/10.17487/rfc7416

H. Perrey, M. Landsmann, O. Ugus, T. C. Schmidt, and M. Wählisch, "TRAIL: Topology Authentication in RPL." arXiv, Dec. 15, 2015.

K. D. Korte, A. Sehgal, and J. Schönwälder, "A Study of the RPL Repair Process Using ContikiRPL," in Dependable Networks and Services, Berlin, Heidelberg, 2012, pp. 50–61. DOI: https://doi.org/10.1007/978-3-642-30633-4_8

A. Le, J. Loo, A. Lasebae, A. Vinel, Y. Chen, and M. Chai, "The Impact of Rank Attack on Network Topology of Routing Protocol for Low-Power and Lossy Networks," IEEE Sensors Journal, vol. 13, no. 10, pp. 3685–3692, Jul. 2013. DOI: https://doi.org/10.1109/JSEN.2013.2266399

A. Le, J. Loo, Y. Luo, and A. Lasebae, "Specification-based IDS for securing RPL from topology attacks," in 2011 IFIP Wireless Days (WD), Niagara Falls, ON, Canada, Jul. 2011. DOI: https://doi.org/10.1109/WD.2011.6098218

S. Raza, L. Wallgren, and T. Voigt, "SVELTE: Real-time intrusion detection in the Internet of Things," Ad Hoc Networks, vol. 11, no. 8, pp. 2661–2674, Nov. 2013. DOI: https://doi.org/10.1016/j.adhoc.2013.04.014

T. Matsunaga, K. Toyoda, and I. Sasase, "Low false alarm rate RPL network monitoring system by considering timing inconstancy between the rank measurements," in 2014 11th International Symposium on Wireless Communications Systems (ISWCS), Barcelona, Spain, Aug. 2014, pp. 427–431. DOI: https://doi.org/10.1109/ISWCS.2014.6933391

L. Wallgren, S. Raza, and T. Voigt, "Routing Attacks and Countermeasures in the RPL-Based Internet of Things," International Journal of Distributed Sensor Networks, vol. 9, no. 8, Aug. 2013, Art. no. 794326. DOI: https://doi.org/10.1155/2013/794326

A. Dvir, T. Holczer, and L. Buttyan, "VeRA - Version Number and Rank Authentication in RPL," in 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems, Valencia, Spain, Jul. 2011, pp. 709–714. DOI: https://doi.org/10.1109/MASS.2011.76

P. Kasinathan, G. Costamagna, H. Khaleel, C. Pastrone, and M. A. Spirito, "DEMO: An IDS framework for internet of things empowered by 6LoWPAN," in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, New York, NY, USA, Aug. 2013, pp. 1337–1340. DOI: https://doi.org/10.1145/2508859.2512494

P. Kasinathan, C. Pastrone, M. A. Spirito, and M. Vinkovits, "Denial-of-Service detection in 6LoWPAN based Internet of Things," in 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Lyon, France, Jul. 2013, pp. 600–607. DOI: https://doi.org/10.1109/WiMOB.2013.6673419

N. Tsiftes, J. Eriksson, N. Finne, F. Österlind, J. Höglund, and A. Dunkels, "A framework for low-power IPv6 routing simulation, experimentation, and evaluation," in Proceedings of the ACM SIGCOMM 2010 conference, New York, NY, USA, May 2010, pp. 479–480. DOI: https://doi.org/10.1145/1851182.1851273

M. A. Lawal, R. A. Shaikh, and S. R. Hassan, "Security Analysis of Network Anomalies Mitigation Schemes in IoT Networks," IEEE Access, vol. 8, pp. 43355–43374, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.2976624

N. Tsiftes, J. Eriksson, and A. Dunkels, "Low-power wireless IPv6 routing with ContikiRPL," in Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks, New York, NY, USA, Dec. 2010, pp. 406–407. DOI: https://doi.org/10.1145/1791212.1791277

K. Aldriwish, "A Deep Learning Approach for Malware and Software Piracy Threat Detection," Engineering, Technology & Applied Science Research, vol. 11, no. 6, pp. 7757–7762, Dec. 2021. DOI: https://doi.org/10.48084/etasr.4412

M. Anwer, S. M. Khan, M. U. Farooq, and Waseemullah, "Attack Detection in IoT using Machine Learning," Engineering, Technology & Applied Science Research, vol. 11, no. 3, pp. 7273–7278, Jun. 2021. DOI: https://doi.org/10.48084/etasr.4202

N. A. Alsharif, S. Mishra, and M. Alshehri, "IDS in IoT using Machine ‎Learning and Blockchain," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11197–11203, Aug. 2023. DOI: https://doi.org/10.48084/etasr.5992

Downloads

How to Cite

[1]
Alqarni, M.A. and Chauhdary, S.H. 2023. A Security Scheme for Statistical Anomaly Detection and the Mitigation of Rank Attacks in RPL Networks (IoT Environment). Engineering, Technology & Applied Science Research. 13, 6 (Dec. 2023), 12409–12414. DOI:https://doi.org/10.48084/etasr.6433.

Metrics

Abstract Views: 298
PDF Downloads: 326

Metrics Information

Most read articles by the same author(s)