A Security Scheme for Statistical Anomaly Detection and the Mitigation of Rank Attacks in RPL Networks (IoT Environment)

A Routing Protocol for Low-power-lossy (RPL) networks builds a Destination Oriented Directed Acyclic Graph (DODAG) to provide IPv6 connectivity for resource-constrained devices over a large variety of low-power-lossy link layer technologies. Each RPL node maintains a rank value, which quantizes its relative topological distance from the DODAG root and is calculated based on the rank of its preferred parents and the objective function being employed. The RPL routing process does not impose any check to monitor the action and conduct of the parent nodes. A malicious attacking node can exploit this weakness by faking its rank value to be much lower than the original to attract more traffic to traverse through it from its neighboring and underlying child nodes. An attacking node can choose to perform selective forwarding or a sinkhole attack (Rank Attack type 1 - RA1) or exacerbate network performance parameters by causing topological instability (Rank Attack type 2 -RA2). This paper presents the Statistically-based Anomaly Detection Scheme (SARPL) to detect RA1 and RA2 and attempts to mitigate their effects. The simulations and performance evaluations show that SARPL can successfully detect RA1 attacks in all scenarios whereas it has a positive detection rate of approximately 93% for RA2 type attacks. SARPL also significantly improves network performance parameters, such as packet delivery rate and end-to-end delay, while mitigating the effects of RA1 and RA2.