Next Article in Journal
The Potential of Three Computer-Based Communication Activities for Supporting Older Adult Independent Living
Next Article in Special Issue
IoT Privacy and Security Challenges for Smart Home Environments
Previous Article in Journal
Super-Activation as a Unique Feature of Secure Communication in Malicious Environments
Article Menu

Export Article

Open AccessArticle
Information 2016, 7(2), 25;

A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology

School of Electroic Engineering and Computer Science, Queen Mary University of London, London E1 4NS, UK
School of Science and Technology, Middlesex University, London NW4 4BT, UK
Author to whom correspondence should be addressed.
Academic Editor: Willy Susilo
Received: 1 March 2016 / Revised: 15 April 2016 / Accepted: 5 May 2016 / Published: 12 May 2016
(This article belongs to the Special Issue Preserving Privacy and Security in IoT)
Full-Text   |   PDF [1597 KB, uploaded 12 May 2016]   |  


Routing Protocol for Low power and Lossy network (RPL) topology attacks can downgrade the network performance significantly by disrupting the optimal protocol structure. To detect such threats, we propose a RPL-specification, obtained by a semi-auto profiling technique that constructs a high-level abstract of operations through network simulation traces, to use as reference for verifying the node behaviors. This specification, including all the legitimate protocol states and transitions with corresponding statistics, will be implemented as a set of rules in the intrusion detection agents, in the form of the cluster heads propagated to monitor the whole network. In order to save resources, we set the cluster members to report related information about itself and other neighbors to the cluster head instead of making the head overhearing all the communication. As a result, information about a cluster member will be reported by different neighbors, which allow the cluster head to do cross-check. We propose to record the sequence in RPL Information Object (DIO) and Information Solicitation (DIS) messages to eliminate the synchronized issue created by the delay in transmitting the report, in which the cluster head only does cross-check on information that come from sources with the same sequence. Simulation results show that the proposed Intrusion Detection System (IDS) has a high accuracy rate in detecting RPL topology attacks, while only creating insignificant overhead (about 6.3%) that enable its scalability in large-scale network. View Full-Text
Keywords: 6LoWPAN; RPL; internal threats; topology attacks; specification-based; IDS 6LoWPAN; RPL; internal threats; topology attacks; specification-based; IDS

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

Le, A.; Loo, J.; Chai, K.K.; Aiash, M. A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology. Information 2016, 7, 25.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics



[Return to top]
Information EISSN 2078-2489 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top