Specification-based Distributed Detection of Rank-related Attacks in RPL-based Resource-Constrained Real-Time Wireless Networks

RPL, the IPv6 Routing Protocol for Low-Power and Lossy Networks (LLNs), is widely used in resource-constrained wireless sensor networks. RPL is, however, vulnerable to internal routing attacks where compromised nodes may seek to exploit the vulnerability of the Rank value that represents the node's position relative to the root in the RPL graph. The impact of such attacks can be devastating, especially for real-time wireless networks where network-wide time synchronization needs to be maintained during system operation. In this paper, we present a distributed detection system FORCE to protect the RPL topology from Rank-related attacks. In FORCE, each node locally analyzes the received control messages from its neighbors and generates alerts upon the discovery of an intrusion. We evaluate the performance of proposed IDS using extensive simulations. The findings demonstrate that it can effectively detect Rank-related attacks with a high detection rate, yet incurring only moderate computation and communication overheads.