Detecting Rules-related Attacks in RPL-based Resource-Constrained Wireless Networks

The Routing Protocol for Low Power and Lossy Networks (RPL) was designed to meet the routing requirements of resource-constrained wireless networks to support different topologies as well as various Quality of Services (QoS). In RPL, nodes carefully select the best routes toward the root and avoid routing loops according to their locations in the network. Unfortunately, nodes can be compromised to perform a variety of internal attacks against the RPL rules. To improve the security within the RPL-based networks, in this paper, we extend a centralized Intrusion Detection System (IDS) called ARM, with specification-based intrusion modules added to both the root and the RPL nodes to enhance their ability in detecting a wider range of RPL rules-related attacks. Our extensive simulation results show that the proposed IDS, ARM-Pro, can achieve high accuracy in detecting the RPL rules-related attacks while incurring a moderate overhead on the devices resources.