Performance Evaluation of Mobile RPL-Based IoT Networks under Hello Flood Attack

.


Introduction
The Internet of Things (IoT) represents a transformative networking architecture that holds the promise of enhancing our daily lives by imbuing every physical object in our environment with smart capabilities, enabling them to sense their surroundings and engage with other connected devices.Components such as software, wireless networking technologies, and sensors-actuators contribute to the intricate framework of IoT.The rapid proliferation of sensors, actuators, and smart devices connected to the Internet has fueled the momentum of IoT, allowing for data collection and remote control over physical entities.This integration of physical and computer-based systems has ushered in improvements in dependability, accuracy, and financial efficiencies [1].However, this expansion has also introduced security risks, particularly concerning sensitive data.As the number of connected devices grows, security threats become increasingly hazardous, with large businesses being prime targets for cyberattacks aiming to compromise company reports, credit card data, and customer privacy documents.The long-term viability of IoT hinges on its security measures, as the constrained resource structure of IoT devices makes them vulnerable to the damaging consequences of attacks.Anticipated increases in attacks against IoT devices underscore the importance of securing the most crucial routing protocol for Internet Protocol version 6 (IPv6)-based Low-Power Wireless Personal Area Networks: the Routing Protocol for Low-Power and Lossy Networks (RPL).Numerous cyberattacks have targeted a wide array of IoT applications and their integration services online.The primary focus of the most frequent RPL attacks is the resource utilization of nodes in the IoT ecosystem, leading to significant implications such as the loss of data packets, high computational loads, and consistency issues with node energy for Low-Power and Lossy Networks (LLNs).To ensure the resilience of IoT, proactive measures must be taken to mitigate the negative impacts of cyberattacks and fortify the security of this interconnected landscape [2].

Contributions
This paper makes several key contributions to understanding RPL protocol vulnerabilities and the implications of the Hello Flood attack in mobile IoT environments.Firstly, we contribute by conducting a comprehensive simulation-based analysis, specifically focusing on the vulnerability of the RPL protocol to the Hello Flood attack in mobile scenarios.While previous studies have primarily concentrated on static environments, our investigation sheds light on the unique challenges posed by mobile settings.Secondly, we employ four different group mobility models-the Column Mobility Model (CMM), Reference Point Group Mobility Model (RPGM), Nomadic Community Mobility Model (NCM), and Pursue Mobility Model (PMM)-to explore the impact of mobility on the effectiveness of the Hello Flood attack.By utilizing these diverse mobility models, we provide a nuanced understanding of how different movement patterns influence the attack's efficacy and the network's resilience.Additionally, our systematic evaluation encompasses critical performance metrics, including the Packet Delivery Ratio (PDR), End-to-End Delay (E2ED), throughput, Expected Transmission Count (ETX), and Average Power Consumption (APC).Through rigorous analysis, we uncover the disruptive effects of the Hello Flood attack on these metrics across various mobility models, highlighting the need for robust security measures to safeguard RPL-based IoT networks in mobile environments.Furthermore, our proposed system serves as a timely reminder of the evolving security landscape in IoT networks.As mobile IoT applications become increasingly prevalent, understanding the exacerbated impact of attacks like the Hello Flood attack in such scenarios becomes imperative.By shedding light on these challenges, we contribute to the ongoing discourse on IoT network security and advocate for proactive measures to mitigate emerging threats.
This paper is structured into several key sections, each contributing to a comprehensive exploration of the subject matter.Section 3 delves into the core RPL specifications, providing insights into the attack employed in this study and examining mobility within the RPL framework.Building upon this foundation, Section 4 offers a thorough review of relevant research concerning RPL attacks in static environments.Section 5 details the specific setups and methodology used in our simulations and subsequent performance evaluations.The experimental outcomes and a comparative analysis are unveiled in Section 6, providing deeper insights into the results.Section 7 establishes a discussion presenting the strong and weak points of each utilized model.Finally, Section 8 concludes the paper by summarizing our findings and charting a course for future research endeavors in this domain.

RPL Overview
The RPL protocol was designed to tackle the unique challenges posed by Low-Power and Lossy Networks (LLNs) in the vast realm of the Internet of Things (IoT).With the continuous growth of IoT, the demand for efficient communication among devices with limited resources becomes even more critical.One of its primary goals is energy efficiency, aiming to optimize the consumption of energy within LLNs.RPL, with its focus on efficient energy utilization and reliability in LLNs, addresses the challenges posed by devices with limited resources.It incorporates mechanisms for robust and adaptive routing, adapting to changing network conditions, and overcoming challenges presented by intermittent links and device failures [2].Moreover, RPL is designed to be scalable, accommodating networks of varying sizes and dynamically adjusting to the addition or removal of nodes.Its versatility extends to supporting diverse applications within LLNs, ranging from home automation and smart cities to industrial control systems.This multifaceted approach underscores RPL's significance as a comprehensive and flexible solution for the complexities of LLNs across various applications.Furthermore, RPL employs Destination-Oriented Directed Acyclic Graphs (DODAGs) rooted at a singular destination, referred to as the sink, operating within the IP networking layer through the 6LoWPAN protocol stack.This approach involves constructing a network of logical channels leading to the sink, utilizing actual network connections.Node ranking within the DODAG is a result of evaluating various metrics, such as link reliability, latency, throughput, and constraints like nodes' energy, link color, and throughput.The selection of parents on paths towards the DODAG root is thus framed as a multi-objective optimization problem.The designated Objective Function (OF) guides RPL nodes in choosing and optimizing routing paths within a DODAG, transforming metrics and constraints into ranks.RPL utilizes three primary ICMPv6 control messages for constructing and managing the network topology and routing data.The DODAG Information Object (DIO) message serves as a cornerstone, fostering DODAG creation, maintenance, and the establishment of upward routes from nodes to the root.This message encapsulates vital configuration parameters, including the sender node's rank, RPL instance ID, DODAG ID, version number, RPL mode of operation, and other essential maintenance parameters.Furthermore, DIO messages are strategically issued in response to a DODAG Information Solicitation (DIS) message, contributing to the dynamic adaptability of the network.In tandem, the DODAG Information Solicitation (DIS) message functions as an upward ICMP control message, which is critical for nodes aspiring to join an existing network.When a new node seeks to integrate into the network, it deploys DIS to ask nearby nodes for a DIO message, facilitating a seamless onboarding process.In instances where a node does not receive a DIO message within a designated time frame, it autonomously transmits a DIS message, ensuring the continued progression of network establishment [3].Additionally, the Destination Advertisement Object (DAO) message is instrumental in constructing downward routes within the network.Each node, in the process of building downward routes, advertises to its parent the selection of nodes in its sub-DODAG that prefer it as their parent.This collaborative information exchange is vital for the creation and maintenance of upward routes, facilitated by DIO and DIS messages.Notably, the DAO receiving node retains the option to dispatch a DAO acknowledgement message, a practice not implemented in RPL Contiki.Convergence marks the culmination of this process when each node attains a path to the root, and periodic communication among nodes ensures the network's ongoing stability and maintenance.This interplay of DIO, DIS, and DAO messages orchestrates the intricate dance of network construction, ensuring a robust and dynamic infrastructure within RPL.The Routing Protocol for Low-Power and Lossy Networks (RPL) is very complicated.The DODAG building phase is the most important part.This is when the sink-node guides the (re)construction of the DODAG.This process proceeds through the strategic use of routing control messages, namely DIO, DAO, DAOACK, and DIS.The sink-node initiates the DODAG construction by multicasting the initial DIO message, sparking a cascade of activity.As nodes join, they multicast numerous DIO messages, shaping the network structure as they integrate.Meanwhile, nodes, excluding the sink, leverage DAO messages to disseminate reverse route information.Detached or unconnected nodes, seeking integration, send DIS messages to potentially connected neighbors, enhancing the network's cohesiveness.DIO messages play a crucial role by encapsulating routing metrics, constraints, and the Objective Function (OF) pivotal for the formation of routing paths.Simultaneously, the foundational aspect of DODAG maintenance ensures the network's sustained health and stability.This critical functionality relies on the synchronized propagation of DIO messages, establishing the bedrock for the network's convergence time.Regulated by the Trickle timer algorithm, this process is finely tuned to adapt to network dynamics.Any modification to the DODAG, be it selecting a new parent or encountering an unreachable parent, triggers a reset of the Trickle timer.The algorithm, foreseeing the energy implications, predicts a more frequent transmission of DIO messages in unstable networks and a less frequent transmission in stable networks, effectively conserving energy.This harmonious interplay of DODAG building and maintenance encapsulates the resilience and adaptability ingrained in RPL, ensuring a robust foundation for LLNs [4].

Hello Food Attack
The Hello Flood attack poses a significant security threat to the RPL, a crucial component of the Internet of Things (IoT) infrastructure.In this attack, malicious nodes inundate the network with an excessive number of "HELLO" messages, exploiting the initial communication nodes establish when joining a network.The attacker broadcasts "HELLO" messages with a potent signal and favorable routing metrics, posing as a neighbor to numerous nodes across the network.This deceptive tactic can lead to various detrimental effects, such as increased network traffic, potential performance degradation, and the disruption of normal network operations [5,6].In the detailed representation shown in Figure 1, each step is elaborated with specific actions taken during the Hello Flood attack.The "Broadcast Hello Messages" stage represents a critical phase where the attacker strategically inundates the network with a barrage of "HELLO" messages.These messages, intentionally broadcasted in abundance, may not only serve the purpose of node discovery but can also harbor misleading information, including false quality metrics.This move aims to deceive neighboring nodes and potentially manipulate their decision-making processes.After the "Impact on Nodes" step, nodes in the network face challenges dealing with the overwhelming "HELLO" messages.The substantial increase in incoming traffic burdens the network, causing congestion and the potential for performance decline.This assault's aftermath creates a chaotic environment throughout the network.In the subsequent "Node Responses" phase, nodes try to adapt to the changed network dynamics by updating their neighbor tables.However, in a contradictory twist, some nodes may unintentionally connect with the malicious nodes, mistakenly thinking they are legitimate neighbors.This unintended consequence exacerbates the negative effects of the Hello Flood attack, allowing the attacker to illicitly infiltrate the network and potentially compromise its integrity and functionality.

Overview of Mobility Models
This study investigates the performance of proposed scenarios in a mobile environment with and without the Hello Flood attack using different group mobile models.In this context, mobility models play a crucial role, particularly in networks characterized by frequent topology changes, where they are applied in conjunction with the RPL protocol.This subsection provides a brief overview of the mobility models used in the research, emphasizing their impact on routing protocol performance through modeling and analysis.The group models include CMM, RPGM, Nomadic, and Pursue, providing a comprehensive exploration of various mobility scenarios and their effects on the RPL protocols.
The Column Mobility Model (CMM) was initially developed to assess routing protocols in ad hoc network simulations.The CMM simulates a group of nodes moving within a column structure.Notably, in this model, the column itself can move forward.Implementing CMM requires an initial reference grid to determine the nodes' locations within each column.Each node is assigned a reference point (RP) along the column and can move randomly within a predefined maximum distance threshold (  ) around this RP, adhering to a predefined mobility model.When the reference grid moves according to an Advanced Vector (AV), the mobile nodes move with it.Once the reference point reaches its destination, the mobile nodes resume roaming around their respective RPs.When the mobile nodes reach the boundaries of the simulation area, they reverse their direction by 180° and head back towards the center.The CMM finds application in specific search tasks like mine clearance or modeling organized military marches, where nodes (forming a column) move collectively towards a designated target [7].On the other hand, the Reference Point Group Mobility Model (RPGM) simulates the collective movements of nodes within a terrain, akin to troop behavior in a battlefield scenario.In the RPGM, each node is assigned a reference point, and its movement is constrained within a maximum allowable distance deviation from this reference point, denoted as   .The reference points of the nodes track the group's motion, following the movements of the logical center.However, each node can only move independently within a radius around its reference point.The groups' logical centers move along predefined paths using the RDM mobility model, which is limited by a specific velocity.These paths in the RPGM comprise multiple checkpoints, with the group's logical center transitioning between checkpoints within a designated time interval (∆t) [8].The Nomadic Community Mobility Model (NCM) is a grouporiented model designed to replicate the movement patterns observed in a collective of nodes traveling together from one location to another, much like the migratory behavior seen in ancient nomadic societies transitioning between different environments throughout the year.This model shares similarities with the RPGM mobility model, where each member of the group moves towards a randomly selected destination within a circular range defined by a radius value denoted as   .As a result, the NCM model is regarded as a specialized version of the RPGM model.In this model, each group is assigned a reference point, which all group members follow as they move randomly within a certain radius around it.Group members' mobility is independent and can be based on various entity mobility models chosen before the simulation begins, such as the Random Walk Model.The NCM model finds application in scenarios where a group of nodes needs to execute coordinated tasks across large areas comprising multiple subareas, such as scanning and search operations.It has practical utility in domains like agricultural robotics and various military operations [9].Meanwhile, the Pursue Mobility Model (PMM) emulates the coordinated movement of multiple nodes as they track a designated target node.Like the NCM model, the PMM is a modified variant of the RPGM model.In the PMM, the target node serves as the central reference point for the group, employing the Random Waypoint Mobility Model to traverse the simulation area at a consistent speed.Meanwhile, the other nodes pursue the target node with varying degrees of deviation.Although each node moves independently, their direction (θ), speed (v), position (Pi), and other movement parameters are influenced by the target node.Every mobile node strives to intercept the target's location by the end of the movement time interval.The PMM finds practical applications across a variety of IoT scenarios, including law enforcement tasks and tracking evasive targets.It is particularly adept at modeling the coordinated movements of groups, such as police units pursuing suspects on a highway [10].

Related Works
In this section, we explore several studies that have investigated the effects of the Hello Flood attack on wireless sensor networks (WSNs).These investigations have provided valuable insights into the behavior of WSNs under attack conditions.
In the study conducted by [11], the impact of the Hello Flood attack was thoroughly examined by analyzing various performance metrics such as the Packet Delivery Ratio, received packets, dropped packets, and average throughput across different node counts.The analysis encompassed node counts ranging from 10 to 110, providing a comprehensive assessment of the attack's effects on network performance as node density varied.Based on simulations done with the network simulator NS2, the Hello Flood attack has a clear negative effect on wireless sensor networks, with overall network performance going down as the number of nodes increased.Furthermore, the authors in [12] delved into the mechanics of the flooding attack, detailing its creation and elucidating its adverse effects on network operations.The study used graphs to show how the attack directly affected throughput and End-to-End Delay.This helped researchers figure out how to find RREQ flooding attacks in WSNs.Additionally, the paper proposed a preventive measure to mitigate the detrimental effects of this attack, further contributing to the body of knowledge on network security in wireless sensor networks.The authors in [13] investigated the impact of the Hello Flood attack on packet delivery, received packets, projected packets, and overall network performance across varying node counts.Using the Network Simulator (NS2), they conducted simulations to analyze the effects of the attack on wireless sensor network (WSN) performance.Their findings unequivocally demonstrate a reduction in WSN performance during a flood attack, highlighting the disruptive nature of such attacks on network operations.Interestingly, the results also revealed a correlation between node count and network performance, indicating that increasing the number of nodes within the WSN can enhance overall network performance.This insight underscores the importance of considering node density when assessing network performance and security in WSN deployments.In their study outlined in [5], the authors investigated the impact of three distinct attacks on RPL networks: the Increase Number attack, the Hello Flood attack, and the Decrease Rank attack.Their analysis extended to scenarios involving multiple attackers and examined the effects over time, with the number of attacking nodes ranging from 1 to 3. The simulations revealed that these attacks could substantially disrupt network performance.It was interesting to see that the number of attackers had the most significant effect on End-to-End Delay (E2ED), network throughput, and the Packet Delivery Ratio (PDR).This shows how important attack density is in determining how resilient and efficient a network is.In the study described in [14], researchers looked at the Hello Flood attack in a simulated environment.They compared how well the Low Energy Adaptive Clustering Hierarchy (LEACH) attack worked with the Hello Flood attack when there were 1 to 5 attacking nodes.The analysis was presented graphically, illustrating the percentage of the Packet Delivery Ratio (PDR) as a function of the number of attacking nodes in the network.The results revealed an exponential decline in the PDR with an increasing number of attacking nodes, underscoring the detrimental impact of heightened attack intensity on network performance.In another study [15], the impact of the Hello Flood attack was investigated across various scenarios, each comprising sink nodes, normal nodes, and malicious nodes.The introduction of an attacker node into each scenario allowed for the examination of network behavior under attack conditions.The number of nodes varied across scenarios, ranging from 5 to 25, enabling a comprehensive analysis of scalability.The experiments were conducted using the Contiki Cooja simulation environment, focusing on network performance metrics such as power consumption and control message transmission.Results revealed significant alterations in control message dynamics, particularly with a notable increase in the number of Destination Advertisement (DIO) messages due to the presence of the Hello Flood attacker node.As a result, the total energy consumption increased significantly post-attack, with a significant portion attributed to the malicious node's reception of DIO messages.
According to the previous analyses, we can conclude that all works tackle the Hello Flood attack only in a static environment without addressing its implications in mobile settings.This renders our work distinctive as it delves into the study and thorough analysis of the Hello Flood attack within a mobile environment, employing various group mobility models for a comprehensive examination.

Simulation Setups
Using the data in Table 1, a set of simulations were run in a 100 m × 100 m space to fully investigate RPL's performance in a range of different mobility scenarios.The network configuration included varying numbers of sensor nodes ranging from 10 to 60, all governed by a singular gateway node.The simulation employed Z1 motes and utilized the UDP transport layer protocol, along with the IEEE 802.15.4 PHY and MAC layers.The Zolertia One (Z1) IoT platform, developed by Zolertia R, utilizes the energy-efficient Texas Instruments MSP430 Micro-Controller (MCU) as its Central Processing Unit (CPU), along with the Chipcon CC2420 radio module for wireless communication [16].Mobility was a crucial consideration in our experiments, facilitated by integrating a dedicated mobility plugin into the Cooja simulator.This expansion allowed us to effectively simulate mobile IoT applications.Movement patterns among mobile nodes were generated using BonnMotion, an open-source Java-based software developed at the University of Bonn in Germany [17].The configuration parameters related to the movement of the nodes, including their velocity, pause times, and acceleration, are based on the values specified in the original mobility models as published in the corresponding research papers [7].
For neighbor discovery and maintenance, "HELLO" packets, specifically DIO messages, were used.These "HELLO" packets typically ranged from 20 to 60 bytes in size.The packet size is designed to be small to minimize overhead and conserve bandwidth and energy, which are critical in Low-Power and Lossy Networks.The transmission interval of these "HELLO" packets was dynamically managed by the Trickle timer algorithm, which adjusts the interval based on network stability.The minimum interval (Imin) was set to a few seconds, with the interval doubling each time up to a maximum period if no inconsistencies were detected, balancing rapid dissemination of routing information and minimizing unnecessary traffic.
Communication was facilitated through a radio medium modeled as a unit disk graph, with a transmission range established at 50 m.To assess network robustness, the experiment introduced dynamic elements by designating 10%, 20%, 30%, and 40% of the nodes as attackers.Furthermore, 60% of the nodes were set as mobile, moving at a consistent speed of 1 to 2 m/s.Data packets, each sized at 30 bytes, were transmitted at intervals of 60 s, enabling a comprehensive analysis of the network's performance and resilience under the specified conditions..This approach ensures efficient network operation, maintaining connectivity while conserving energy.The simulations extended for one hour, allowing for an accurate observation of the network's actual performance.

Simulation Environment
Contiki Cooja serves as a comprehensive simulation platform designed explicitly for the Contiki operating system, a key player in the Internet of Things (IoT) landscape [18].With its primary focus on IoT simulation, Cooja provides developers with a powerful tool to assess and refine their Contiki-based applications before real-world deployment.The platform boasts a range of features, including support for Contiki OS, emulation of resourceconstrained IoT devices, and a graphical user interface that enables the creation and visualization of complex network topologies.Cooja facilitates multi-node simulations, allowing developers to test communication protocols and routing algorithms in a controlled virtual environment.Furthermore, it offers sensor node emulation, with models replicating various sensors found in typical IoT devices.Energy consumption modeling is a critical aspect, allowing developers to analyze and optimize their applications' energy efficiency.Real-time debugging tools also assist in identifying and resolving issues during runtime.Cooja's extensibility is evident through its support for plug-ins, allowing developers to customize the simulation environment.Widely adopted in both academic and industrial settings, Contiki Cooja plays a crucial role in IoT research and development.As an open-source platform, it encourages community contributions and enhancements, ensuring its continued relevance and effectiveness in the dynamic IoT landscape [19].

Performances Metrics
The simulation aimed to assess the impact of employing different group mobility models under two distinct conditions: with and without the Hello Flood attack.The primary focus was on evaluating how the attack and the models influence the operational efficiency of the network.Evaluation criteria included crucial performance indicators such as throughput, the Packet Delivery Ratio (PDR), End-to-End Delay (E2ED), Expected Transmission Count (ETX), and Average Power Consumption (APC).These metrics are widely acknowledged for their significance in accurately measuring network performance and responsiveness.
The Packet Delivery Ratio (PDR) serves as a fundamental quantitative metric, delineating the effectiveness of data transmission within the network.It quantifies the ratio of successfully delivered data packets to the total dispatched packets.Mathematically, the PDR is encapsulated by Equation ( 1) [5]: where   denotes the total number of packets received by the sink node, and   represents the total number of packets generated by the source nodes.
The End-to-End Delay (E2ED) measures the time taken for data transmission to occur from a source node to its destination node.It is calculated using the following Equation ( 2) [5]: where   represents the timestamp value when the packet is received at the destination node, and   denotes the timestamp value when the packet is transmitted from the source node.
According to Equation ( 3), the throughput measures the rate at which data is effectively transmitted across a network, typically expressed in units such as Kilobits per second (Kbps) or packets per second (PPS) [20].
where "Total Received Data" refers to the quantity of successfully received data at the destination node during the simulation."Simulation Time" refers to the simulation's duration.
In wireless ad hoc networks, ETX, or Expected Transmission Count, acts as a measure estimating the anticipated number of transmissions needed for a packet to successfully traverse a link between nodes.It provides insight into the reliability of a link, factoring in aspects like packet loss and interference.Calculating ETX involves utilizing the PDR, where the ETX value is derived as the reciprocal of the PDR, as illustrated in Equation ( 4) below [5].
The Average Power Consumption (APC) represents the average energy consumption rate of simulated nodes within a network over a defined period.It serves as a crucial metric for evaluating the energy efficiency of networked devices and their implications for battery longevity.The APC is computed using Equation (5) [5]: denotes the energy consumption data retrieved from the Energest module in Contiki, offering insights into the energy usage of components like the CPU, radio, and peripherals.I and V signify the current (in amperes) drawn by the node and the voltage (in volts) supplied to it, respectively.  represents the time (in seconds) recorded by the Rtimer module, a real-time timer component in Contiki."Runtime" indicates the total duration of the simulation (in seconds).

Simulation Scenarios
Each scenario, devoid of attack, comprises three node types: the sink node, legitimate nodes, and malicious nodes.The proportion of malicious nodes ranges from 10% to 40% of the total node population, while legitimate nodes vary from 10 to 60.This range facilitates a thorough examination of the network's behavior across different entity proportions.Each scenario deploys four-group mobility models and strategically embeds an attacker node in the network.This standardized scenario design, consistent across environments with or without attacks, enables comparative analysis.Such an approach elucidates the influence of mobility models and the Hello Flood attack on attack efficacy and network resilience under varying conditions.

Performances Analysis
In this section, we share the insights obtained from our comprehensive experimentation.

Packet Delivery Ratio
Figure 2 provides a comprehensive view of PDR dynamics in a mobile environment using the CMM mobility model, both with and without the Hello Flood attack.The x-axis delineates the number of nodes, ranging from 10 to 60, while the y-axis represents the PDR percentage, spanning from 0% to 100%.The graph is segmented into eight sets of bars, each denoting different percentages (10%, 20%, 30%, 40%) of malicious nodes.These sets are further categorized into two conditions: the mobile environment without the Hello Flood attack and the mobile environment with the attack, with each condition color-coded for clarity and accompanied by corresponding legends.Upon analysis, several trends emerge: Firstly, as the number of nodes increases, there is a noticeable decrease in the PDR across all scenarios, particularly pronounced when nodes are under attack.Secondly, when there are no malicious nodes present, the PDR remains relatively high, indicating efficient packet delivery.However, as the percentage of malicious nodes escalates, the PDR steadily declines, highlighting the adverse impact of attack nodes on overall delivery performance.Lastly, the presence of attack nodes, especially at higher percentages, significantly exacerbates the decline in the PDR, underscoring the detrimental effects of the Hello Flood attack on network reliability.
The CMM imposes constraints on node movement, primarily directing nodes to navigate around a central column.This restricted mobility pattern creates congestion in certain network areas, facilitating opportunities for malicious nodes to disrupt communication and interfere with packet delivery.Moreover, in the CMM, nodes synchronize their movement with the central column, rendering the network susceptible to coordinated attacks such as the studied attack, the Hello Flood attack, where multiple malicious nodes flood the network with excessive traffic.This synchronized movement amplifies the impact of such attacks, resulting in increased packet loss and a decline in the Packet Delivery Ratio (PDR).Additionally, malicious nodes can exploit the CMM's boundary handling mechanism, which reverses direction upon reaching simulation area boundaries, to further disrupt communication and interfere with packet delivery.For instance, strategically positioned malicious nodes near the simulation area's edges can intercept and manipulate packets, exacerbating the decrease in the PDR.Furthermore, the structured movement pattern of the CMM, with nodes collectively advancing towards specific targets, heightens the network's vulnerability to targeted attacks like the Hello Flood attack.Malicious nodes can strategically position themselves along the column's path or near the target destination, launching coordinated attacks that significantly decrease the PDR.Overall, CMM networks are very likely to be interrupted because of their limited mobility patterns, synchronized movement, boundary handling mechanisms, and vulnerability to targeted attacks.

End-to-End Delay
Figure 3 provides a comprehensive analysis of E2ED in a mobile environment using the CMM, comparing scenarios with and without the Hello Flood attack.The x-axis depicts the number of nodes, ranging from 0 to 60, while the y-axis represents E2ED in milliseconds (ms), spanning from 0 to 2 ms.Distinct lines, color-coded for clarity and labeled with corresponding legends, illustrate different percentages (10%, 20%, 30%, 40%) of mobile nodes under two conditions: the mobile environment without the Hello Flood attack and with the attack.The higher E2ED shown by lines representing "attacker nodes" compared to those representing "mobile nodes" at similar percentages of malicious nodes is a consistent finding.This shows that the Hello Flood attack has a negative effect on network performance, especially when it comes to delay.Notably, as the number of nodes increases, there is a noticeable trend of escalating E2E Delay, particularly pronounced under the "attacker" condition.In scenarios devoid of malicious nodes, E2ED escalates with an increasing number of nodes, peaking at its highest value with 60 nodes, where 40% of nodes are mobile.This finding underscores the disruptive influence of the attack on data transmission efficiency.Overall, the graph provides valuable insights into the interplay between the CMM mobility model and the Hello Flood attack on E2ED in mobile networks, emphasizing the critical consideration of both mobility patterns and security threats in evaluating network performance.
Through a variety of mechanisms, the CMM exerts a notable influence on E2ED within network environments.Structured mobility patterns introduced by the CMM, such as nodes moving in columns or groups, can lead to congestion in specific network areas where nodes cluster or compete for communication channels.This congestion prolongs the transmission time for data packets, contributing to increased E2ED.Furthermore, the constant change that comes with the CMM causes frequent changes in the structure of the network, which requires constant route recalculations and makes routing paths less stable.Consequently, this routing instability elongates the time taken for data packets to reach their destinations, further elevating E2ED.Additionally, as nodes converge within columns, resource utilization escalates, affecting network bandwidth and processing power.Heightened resource consumption lengthens queuing times for data packets and amplifies delays in packet transmission, augmenting E2ED.Moreover, the boundary handling mechanisms employed by the CMM, where nodes reverse direction or wrap around simulation area boundaries, introduce additional delays in packet transmission, particularly as nodes navigate boundary transitions.In conjunction with the CMM, the Hello Flood attack intensifies E2ED by flooding the network with excessive traffic, saturating communication channels, and depleting network resources.This inundation amplifies congestion and contention for resources, prolonging packet transmission times and increasing E2ED.Additionally, the attack disrupts routing protocols and introduces instability, further impeding data packet delivery.

Throughput
Figure 4 provides a comprehensive depiction of how varying numbers and percentages of mobile and malicious nodes influence throughput in mobile networks using the CMM mobility model, both with and without the Hello Flood attack conditions.Each line on the graph represents a specific percentage of mobile nodes, ranging from 10% to 40%, and delineates the impact on throughput.A consistent observation is the trend of decreasing throughput as the number of nodes increases, indicating diminished data transmission efficiency with higher network density.Additionally, the presence of attacker nodes exacerbates this decline, resulting in even lower throughput values.Notably, the highest throughput is observed in scenarios without the attack, characterized by 10% mobile nodes and 10 total nodes.Conversely, the lowest throughput is observed in scenarios with the Hello Flood attack, particularly with 40% mobile attacker nodes and 60 total nodes.This disparity underscores the significant influence of both network size and malicious activity on throughput performance in mobile networks.
The CMM has a notable impact on decreasing throughput in network environments due to various factors.The CMM's structured mobility patterns, where nodes move in columns or groups, can lead to congestion in specific areas as nodes converge, intensifying competition for communication resources and resulting in increased packet collisions and retransmissions, ultimately diminishing throughput.Moreover, the dynamic movement inherent to the CMM induces frequent changes in network topology, necessitating continual route recalculations that destabilize routing paths, leading to suboptimal routing and prolonged packet delivery times, further reducing throughput.Additionally, as nodes converge within columns, network resources like bandwidth and processing power may become strained, leading to bottlenecks and queuing delays that hamper overall throughput.Furthermore, the boundary handling mechanisms used by the CMM add extra delays to packet transmission, especially when nodes move between boundary transitions, which makes the drop in throughput even worse.Along with the CMM's effects, the Hello Flood attack makes the drop in throughput even worse by flooding the network with too much traffic, oversaturating communication channels, and using up all of the network's resources.This makes congestion, routing instability, and delays worse, ultimately lowering throughput even more.

Expected Transmission Count
Figure 5 provides a thorough examination of the ETX metric within a mobile network environment employing the CMM mobility model, with a focus on variations in node count and the inclusion of attacker nodes.Both scenarios with and without the Hello Flood attack are considered, with mobile nodes representing unaffected nodes and attacker nodes representing those subjected to the attack.Across different node counts, there is a consistent trend of increasing ETX values, indicating a heightened transmission count required for successful packet delivery as the network size grows.This trend persists regardless of changes in the percentage of attacker nodes, suggesting that network size strongly influences transmission efficiency.Additionally, the presence of attacker nodes correlates with higher ETX values, signaling a decline in overall link quality and reliability.Notably, the graph shows that at the maximum node count, with 40% attacker nodes, the ETX peaks, reflecting the highest transmission count requirement under such conditions.These observations highlight the significant impact of both network density and attacker presence on ETX values, emphasizing the importance of considering these factors in mobile network design and optimization.
The relationship between the CMM and the Hello Flood attack on increasing the ETX metric is intricate and significant.The structured movement patterns introduced by the CMM can lead to congestion in network areas, causing packet collisions and retransmissions, thus elevating the ETX metric.Similarly, the Hello Flood attack inundates the network with excessive traffic, leading to interference and further exacerbating packet loss and retransmissions, consequently increasing the ETX values.Furthermore, the CMM's dynamic movement patterns can destabilize routing paths, leading to suboptimal routing decisions and higher ETX values.The attack also disrupts routing protocols, introducing instability and exacerbating routing inefficiencies, thus contributing to elevated ETX metrics.Additionally, as nodes converge within columns in the CMM, resource consumption increases, leading to bottlenecks and queuing delays that further elevate the ETX metric.The attack compounds this by consuming network resources and exacerbating resource contention, thus increasing ETX values.In addition, the CMM's boundary handling mechanisms cause packet transmission delays.These delays, along with possible Hello Flood attack exploits, cause more packet loss and retransmissions, which ultimately leads to higher ETX metrics.

Average Power Consumption
Figure 6 depicts a comprehensive examination of APC dynamics in a network environment employing the CMM mobility model, particularly under various conditions involving the Hello Flood attack.A crucial distinction lies in the categorization of nodes: mobile nodes denote scenarios devoid of the attack, while attack nodes signify the presence of the Hello Flood attack within the same mobility model.Across different percentages of mobile nodes, ranging from 10% to 40%, the APC remains relatively stable in the absence of the attack.However, when the network contends with the Hello Flood attack, a notable surge in APC becomes evident, nearly doubling compared to scenarios without the attack.This substantial increase highlights the significant impact of the Hello Flood attack on energy consumption within the network.
Within a network environment, the interaction between the CMM and the Hello Flood attack has a significant impact on the APC.The CMM's structured mobility patterns lead to increased energy consumption as nodes converge, resulting in higher contention for communication resources and heightened transmission power to maintain connectivity.Also, the constant movement in CMM causes the topology of the network to change often, which means that devices in the network have to keep recalculating routes and using more energy to adapt.Concurrently, the Hello Flood attack inundates the network with excessive traffic, saturating communication channels and consuming network resources, further elevating energy consumption.Moreover, the structured movement patterns of CMM can exacerbate the impact of the Hello Flood attack by concentrating nodes, intensifying its effects on energy consumption.Conversely, the increased energy consumption caused by the attack can strain network resources, amplifying the effects of the CMM on APC.

Packet Delivery Ratio
In Figure 7, a detailed depiction of PDR dynamics within a mobile environment using the RPGM mobility model is provided, both with and without the Hello Flood attack.The x-axis illustrates the number of nodes, ranging from 10 to 60, while the y-axis represents the PDR percentage, spanning from 0% to 100%.The graph comprises eight sets of bars, each representing different percentages (10%, 20%, 30%, 40%) of malicious nodes.These sets are further divided into two conditions: the mobile environment without the Hello Flood attack and with the attack, color-coded for clarity and accompanied by corresponding legends.Notably, the lowest PDR values are observed when the network is under the Hello Flood attack, particularly with 50 and 60 nodes, and when 30% and 40% of nodes are dynamic and malicious.Several trends emerge upon analysis: Firstly, there is a discernible decrease in the PDR as the number of nodes increases, especially pronounced when nodes are under attack.Secondly, in the absence of malicious nodes, the PDR remains relatively high, indicating efficient packet delivery.However, as the percentage of malicious nodes increases, the PDR steadily declines, highlighting the negative impact of attack nodes on overall delivery performance.Lastly, the presence of attack nodes, particularly at higher percentages, significantly worsens the decline in the PDR, emphasizing the detrimental effects of the Hello Flood attack on network reliability.
The RPGM model, when coupled with the Hello Flood attack, significantly diminishes the PDR within a network environment through several interconnected mechanisms.Firstly, the structured movements of nodes in the RPGM can lead to congestion in specific network areas as nodes move together within groups, increasing the likelihood of packet collisions and retransmissions, thus reducing the PDR.This congestion is further intensified by the Hello Flood attack, which floods the network with excessive traffic, saturating communication channels, and disrupting packet delivery.Secondly, the movement patterns defined by the RPGM introduce instability in routing paths, leading to suboptimal routing decisions and increased packet loss, further decreasing the PDR.The Hello Flood attack exacerbates this instability by overwhelming routing protocols and disrupting packet delivery.Thirdly, as nodes compete for communication resources within RPGM groups, more resources are used.This causes bottlenecks and waiting times, which hurts network performance and lowers the PDR.The Hello Flood attack exacerbates resource consumption by flooding the network with excessive traffic, straining network re-sources further.Lastly, the RPGM's mechanisms for handling node movement at boundaries introduce additional delays in packet transmission, which, when exploited by the Hello Flood attack, further interfere with packet delivery, ultimately decreasing the PDR.

End-to-End Delay
In Figure 8, which illustrates the E2ED, the x-axis represents the number of nodes ranging from 0 to 60, while the y-axis measures the E2ED in milliseconds (ms) from 0 to 4.5 ms.The graph depicts eight distinct lines representing different combinations of mobile and attack nodes in simulations conducted in a mobile environment using the RPGM mobility model, with and without the Hello Flood attack.Here, mobile nodes denote those in the mobile environment without the attack, while attacker nodes represent malicious nodes within the same environment.Notably, there is a consistent trend of increased E2ED as the number of nodes rises across all scenarios.For example, configurations with no attack nodes and 10% mobile nodes have the lowest E2ED.On the other hand, configurations with more mobile and attack nodes have the highest E2ED.As the percentage of mobile and attack nodes increases, E2ED tends to escalate, with the highest values likely associated with scenarios featuring a significant proportion of both mobile and attack nodes in the network.It is also observed that as the proportion of mobile nodes increases, E2ED similarly rises.
The combination of the RPGM model and the Hello Flood attack contributes to increasing the E2ED within a network environment through several interconnected mechanisms.Firstly, the structured movements of RPGM nodes cause network areas to become crowded, especially when nodes move together in groups.This causes packet collisions and retransmissions, which slow down packet delivery and raise E2ED.This congestion is exacerbated by the Hello Flood attack, which floods the network with excessive traffic, saturating communication channels, and causing interference that further delays packet delivery.Secondly, the movement patterns defined by the RPGM introduce instability in routing paths, leading to suboptimal routing decisions and increased packet loss, further contributing to elevated E2ED.The Hello Flood attack exacerbates routing instability by overwhelming routing protocols and disrupting packet delivery, adding to the delay.Thirdly, the increased resource consumption within RPGM groups, as nodes contend for communication resources, leads to bottlenecks and queuing delays, further degrading network performance and contributing to increase E2ED.The Hello Flood attack intensifies resource consumption by flooding the network with excessive traffic, straining network resources even further.Lastly, the RPGM's mechanisms for handling node movement at boundaries introduce additional delays in packet transmission, which, when exploited by the Hello Flood attack, further interfere with packet delivery, ultimately increasing E2ED.

Throughput
Figure 9 depicts a line chart illustrating the throughput performance under various conditions, where throughput, measured in megabits per second (Mbps), is plotted against the number of nodes (ranging from 0 to 60) on the x-axis and Mbps on the y-axis (ranging from 0.00 to 0.07).Eight lines represent different scenarios involving combinations of mobile and attacker nodes.The first set of scenarios portrays the mobile environment utilizing the RPGM mobility model, ranging from 10 to 60 nodes, without an attack, with mobile node percentages varying from 10% to 40%.Conversely, the second set of scenarios illustrates the mobile environment with the same mobility model, node numbers, and percentages, but with the Hello Flood attack.Analysis reveals that the mobile environment without the attack has higher throughput values than those with the attack.Additionally, throughput tends to decrease as network size increases.Moreover, networks with a higher proportion of attacker nodes experience a more significant reduction in throughput, indicating the adverse impact of malicious activity on network performance.Furthermore, node mobility, which is represented by varying percentages of mobile nodes, influences throughput, implying that it plays a role in shaping network performance metrics.
The interaction between the RPGM model and the Hello Flood attack severely diminishes throughput in network environments due to a variety of interconnected factors.Firstly, the organized movements of nodes within the RPGM can trigger congestion in specific network zones, heightening packet collisions and retransmissions, which directly harm throughput.The Hello Flood attack's flooding of excessive traffic, saturating channels, and worsening interference, thereby obstructing packet transmission and reducing throughput, compounds this congestion.Secondly, the inherent movement patterns in the RPGM introduce routing instability, leading to suboptimal routing decisions and increased packet loss, adversely impacting throughput.The Hello Flood attack exacerbates this instability by overwhelming routing protocols and disrupting packet delivery, resulting in a further decline in throughput.Additionally, the heightened resource consumption within RPGM groups, along with the influx of malicious traffic from the attack, strains network resources, causing bottlenecks and queuing delays that degrade performance and decrease throughput.Moreover, the RPGM's management of node movement at boundaries introduces extra delays in packet transmission, exploited by the Hello Flood attack to further hinder throughput.

Expected Transmission Count
Figure 10 presents the ETX metric within a mobile network environment utilizing the RPGM mobility model, with a specific focus on variations in node count and the integration of attacker nodes.The scenarios encompass both instances with and without the Hello Flood attack, where mobile nodes represent unaffected entities and attacker nodes denote those subjected to the assault.The node count, reflecting network density, ranges from 10 to 60, while the percentage of mobile nodes and mobile attacker nodes spans from 10% to 40%.Across diverse node counts, a consistent trend of increasing ETX values emerges, indicating a heightened transmission count necessary for successful packet delivery as the network size expands.This trend persists regardless of alterations in the percentage of attacker nodes, suggesting that network size significantly affects transmission efficiency.Furthermore, the presence of attacker nodes correlates with higher ETX values, indicating a decline in overall link quality and reliability.Notably, in scenarios without attack, ETX maintains stability, whereas in attacked scenarios, ETX escalates, peaking at 60 nodes, with 40% of these nodes being both malicious and mobile.These peak ETX values denote the highest transmission count requirement under such circumstances.These observations underscore the substantial influence of both network density and attacker presence on ETX values.
The RPGM mobility model, when coupled with the Hello Flood attack, engenders an increase in the ETX metric through a multifaceted interplay of factors.The RPGM mobility model causes congestion in certain parts of the network due to how nodes move, leading to more packet collisions and retransmissions.This congestion gets worse when the Hello Flood attack floods the network with extra traffic, making interference worse and increasing the ETX value.In addition, the RPGM's movement patterns can make routing less stable, resulting in less efficient routing and more lost packets.The Hello Flood attack makes this instability worse by messing with routing protocols, making it harder to deliver packets, and raising the ETX.Moreover, the RPGM model uses up more network resources, especially when combined with the flood of malicious traffic from the attack, which slows down performance and raises ETX.Additionally, the RPGM's way of handling nodes at the network's edges adds more delays to sending packets, which the Hello Flood attack takes advantage of to make problems worse and increase ETX.In summary, the RPGM model and the Hello Flood attack together increase the ETX by causing congestion, unstable routing, resource usage, and delays at the network's edges.

Average Power Consumption
Figure 11 provides a detailed analysis of the APC dynamics within a network environment utilizing the RPGM mobility model, particularly under varying conditions involving the Hello Flood attack.A critical differentiation lies in the classification of nodes: mobile nodes represent scenarios without the attack, while attack nodes indicate the presence of the Hello Flood attack within the same mobility model.Across different percentages of mobile nodes, ranging from 10% to 40%, the APC remains relatively consistent in the absence of the attack.However, when the network encounters the Hello Flood attack, a notable increase in APC is observed, nearly doubling compared to scenarios without the attack.This significant rise underscores the substantial impact of the Hello Flood attack on energy consumption within the network.
The RPGM mobility model, coupled with the Hello Flood attack, contributes to an increase in APC through several interconnected mechanisms.Firstly, the structured movements of nodes within the RPGM framework can lead to increased activity and resource utilization, resulting in higher energy consumption.This effect is further exacerbated by the Hello Flood attack, which inundates the network with excessive traffic, causing network nodes to work harder to process and transmit data, thus consuming more power.Secondly, the increased network activity and resource utilization induced by the RPGM and the Hello Flood attack can lead to higher contention for limited network resources, such as bandwidth and processing power.This contention increases the workload on network components, leading to higher power consumption as they strive to handle the increased demand.Additionally, the Hello Flood attack may introduce additional overhead in the form of malicious traffic processing, further increasing power consumption.Overall, the combination of the RPGM mobility model and the Hello Flood attack results in increased Average Power Consumption by intensifying network activity, resource contention, and processing overhead.

Packet Delivery Ratio
Figure 12 depicts the PDR as a percentage across diverse scenarios distinguished by different node quantities and the inclusion of mobile and attacker nodes.In the initial scenario, the network operates under mobile conditions, utilizing the NCM without the Hello Flood attack.Conversely, the second scenario mirrors the same mobility conditions but incorporates the Hello Flood attack.As the total number of nodes increases from 10 to 60, there is a noticeable downward trend in the PDR, highlighting the negative impact of higher node density on delivery reliability.The inclusion of attacker nodes, particularly at higher percentages (30% and 40%), exacerbates this decline, emphasizing the detrimental effects of malicious activity on network reliability.The graph clearly shows how the presence of the Hello Flood attack in the mobile environment leads to a decrease in the PDR compared to scenarios without the attack.Specifically, scenarios with the Hello Flood attack exhibit significantly lower PDR values, indicating a substantial decline in packet delivery reliability.
The integration of the NCM model with the Hello Flood attack leads to a decrease in the PDR through various interrelated mechanisms.Firstly, the NCM model, which simulates group-based node movements, can create congestion hotspots within the network as nodes transition collectively from one location to another.This congestion can lead to packet collisions and delays, consequently reducing the PDR.Additionally, the Hello Flood attack floods the network with excessive packets, exacerbating congestion and further congesting network channels, which can significantly impair packet delivery and lower the PDR.Secondly, the structured movements of nodes in the NCM may introduce routing instabilities, resulting in suboptimal routing decisions and increased packet loss.When combined with the Hello Flood attack, which disrupts routing protocols and increases packet loss, the overall impact on the PDR is amplified.Moreover, the increased network activity caused by both the NCM and the Hello Flood attack can lead to heightened contention for network resources, such as bandwidth and processing power.This contention increases the likelihood of packet loss and degradation of packet delivery performance, contributing to a decrease in the PDR.Additionally, the Hello Flood attack may introduce additional processing overhead and network congestion, further reducing the efficiency of packet delivery and lowering the PDR.When the NCM mobility model and the Hello Flood attack are used together, they lower the PDR by causing congestion, routing instabilities, resource contention, and extra processing overhead.All of these things make it harder for packets to be delivered within the network.

End-to-End Delay
Figure 13 conducts a thorough investigation of the E2ED in a mobile setting using the NCM mobility model, contrasting scenarios with and without the Hello Flood attack.The x-axis delineates the number of nodes, ranging from 0 to 60, while the y-axis portrays E2ED in milliseconds (ms), spanning from 0 to 8 ms.Distinct lines depict different percentages (10%, 20%, 30%, 40%) of malicious nodes, categorized under two conditions: the mobile environment without the Hello Flood attack and with it.Each line is color-coded for clarity and accompanied by corresponding legends.A consistent observation emerges: lines representing "attacker nodes" exhibit higher E2ED compared to those representing "mobile nodes" at similar percentages of malicious nodes.This discrepancy underscores the detrimental impact of the Hello Flood attack on network performance, particularly in terms of delay.Notably, there is a noticeable trend of increasing E2ED as the number of nodes rises, particularly pronounced in scenarios with "attacker" nodes.In scenarios devoid of malicious nodes, E2ED remains relatively low.However, the introduction of malicious nodes notably influences E2ED, peaking when the mobile network is subjected to the Hello Flood attack, especially evident with 60 nodes and a 40% mobile node composition.This observation underscores the disruptive impact of the attack on data transmission efficiency.Overall, the graph offers valuable insights into how the NCM mobility model and the Hello Flood attack affect E2ED in mobile networks, stressing the importance of considering both mobility patterns and security threats when evaluating network performance.
Combining the NCM model with the Hello Flood attack causes the E2ED to increase through various interconnected factors.Firstly, the organized movement of nodes in the NCM model can create congestion points in the network, leading to packet collisions and longer transmission times, thus raising E2ED.Additionally, the Hello Flood attack floods the network with excessive data, worsening congestion and interference, further delaying packet transmission, and increasing E2ED.Secondly, the movement patterns of NCM nodes may destabilize routing, resulting in suboptimal routing decisions and increased packet loss, compounded by the disruption caused by the Hello Flood attack on routing protocols.Furthermore, increased network activity from both the NCM model and the Hello Flood attack can lead to contention for network resources, such as bandwidth and processing power, heightening transmission delays and elevating E2ED.Moreover, the Hello Flood attack can introduce additional processing overhead and network congestion, further impeding packet transmission and increasing E2ED.

Throughput
Figure 14 presents an overview of throughput in a mobile network environment utilizing the NCM model, comparing scenarios with and without the Hello Flood attack.The x-axis represents the number of nodes, ranging from 0 to 60, while the y-axis indicates throughput as a percentage.Eight lines depict different combinations of mobile and attacker nodes, with varying percentages ranging from 10% to 40%.Mobile nodes represent scenarios without an attack, whereas attacker nodes represent those subjected to it.As depicted in the following figure, there is a consistent trend of throughput decreasing as the number of nodes rises, suggesting a possible congestion issue.Furthermore, networks without attack nodes typically maintain higher throughput levels compared to those with attackers.Additionally, a rise in the percentage of mobile nodes tends to coincide with a decline in throughput, indicating the impact of mobility on data transmission efficiency.Notably, the inclusion of attacker nodes intensifies the decline in throughput, underscoring the negative effect of malicious activity on network performance.
Through various mechanisms, the NCM model and the Hello Flood attack collaborate to reduce throughput.Firstly, the structured movement patterns in the NCM model can create congestion in specific areas of the network as nodes travel together, leading to packet collisions and increased retransmissions, thus slowing down throughput.Secondly, the Hello Flood attack floods the network with excessive traffic, saturating channels and causing interference, which further delays packet transmission and reduces throughput.Additionally, the movement patterns of nodes in the NCM model may introduce routing instabilities, resulting in suboptimal routing decisions and increased packet loss, which, when combined with the disruption caused by the Hello Flood attack on routing protocols, amplifies the decrease in throughput.Moreover, both the NCM model and the Hello Flood attack can cause more activity on the network, which can make it harder to share limited resources like bandwidth and processing power.This can cause transmission delays and lower throughput even more.Additionally, the Hello Flood attack may introduce additional processing overhead and network congestion, contributing to the reduction in throughput.

Expected Transmission Count
Figure 15 shows the ETX metric in a mobile network environment using the NCM mobility model, emphasizing variations in node count and the inclusion of attacker nodes.It compares scenarios with and without the Hello Flood attack, with mobile nodes representing unaffected nodes and attacker nodes indicating those under attack.The node count ranges from 10 to 60, and the percentage of mobile nodes and attacker nodes spans from 10% to 40%.Across different node counts, there is a consistent increase in ETX values, reflecting a higher transmission count required for successful packet delivery as the network size grows.This trend persists regardless of changes in the percentage of attacker nodes, highlighting the significant impact of network size on transmission efficiency.Additionally, the presence of attacker nodes is associated with higher ETX values, indicating a decrease in overall link quality and reliability.Notably, in scenarios without an attack, ETX remains stable, whereas in attacked scenarios, it rises, reaching its peak at 60 nodes, with 40% of them being both malicious and mobile.These peak ETX values signify the highest transmission count requirement under such conditions, underscoring the substantial influence of network density and attacker presence on ETX values.
The NCM model and the Hello Flood attack work together to boost the ETX through various mechanisms.Firstly, the NCM model's structured movement patterns can cause congestion in some network areas when many nodes move at once.This can cause packet collisions and longer transmission times, which directly lead to higher ETX values.Secondly, the Hello Flood attack inundates the network with excessive traffic, saturating network channels and exacerbating interference, thus causing further delays in packet transmission and increasing ETX.Additionally, the movement patterns of nodes in the NCM model may introduce routing instabilities, leading to suboptimal routing decisions and increased packet loss.When combined with the disruption caused by the Hello Flood attack on routing protocols and increased packet loss, the overall impact on ETX is amplified.Moreover, the increased network activity from both the NCM model and the Hello Flood attack can lead to contention for limited network resources, such as bandwidth and processing power, resulting in higher transmission delays and contributing to an increase in ETX.Additionally, the Hello Flood attack may introduce additional processing overhead and network congestion, further delaying packet transmission and increasing ETX values.Overall, the collaboration between the NCM mobility model and the Hello Flood attack results in a notable increase in ETX, driven by congestion, routing instability, resource depletion, and increased network activity.

Average Power Consumption
Figure 16 depicts the APC in a mobile environment utilizing the NCM model, with and without the Hello Flood attack.Mobile nodes denote scenarios that are free from attack, whereas attack nodes represent its presence within the same model.The percentage of mobile nodes ranges from 10% to 40%, and the node count varies from 10 to 60.Interestingly, APC remains relatively stable in the absence of attack, despite fluctuations in node count and mobile node percentage.However, when the network faces the Hello Flood attack, APC notably escalates, nearly doubling compared to non-attack scenarios.This substantial increase underscores the significant impact of the Hello Flood attack on energy consumption within the network.
The NCM model, when coupled with the Hello Flood attack, contributes to an increase in Average Power Consumption within the network.This escalation in power consumption can be attributed to several interconnected factors.Firstly, the structured movement patterns inherent in the NCM model may cause congestion points within the network as nodes collectively navigate between different locations.This congestion results in more packet collisions and transmission delays, which demand higher energy consumption.Secondly, the Hello Flood attack inundates the network with excessive traffic, saturating network channels and exacerbating interference.This flood of malicious traffic intensifies the workload on network components, necessitating more energy for processing and transmission tasks.Additionally, the increased activity caused by the attack strains network resources, such as bandwidth and processing power, leading to higher energy consumption.Furthermore, the disruption caused by the attack may introduce additional processing overhead, further escalating energy usage.Overall, the combination of the NCM mobility model and the Hello Flood attack amplifies the network's energy demands, resulting in increased Average Power Consumption.Figure 17 presents the PDR as a percentage in a mobile environment utilizing the PMM mobility model.It depicts a variety of scenarios characterized by different node counts and the presence of mobile and attacker nodes.The x-axis ranges from 10 to 60 nodes, reflecting changes in network density, while each bar on the graph represents a specific network configuration.Mobile nodes represent those unaffected by the Hello Flood attack, while attacker nodes signify the presence of malicious activity.The graph distinguishes between scenarios with varying percentages of mobile and attacker nodes, both with and without the attack in the mobile environment.As the total number of nodes increases from 10 to 60, there is a noticeable drop in the Packet Delivery Ratio (PDR), highlighting how higher node density adversely affects packet delivery reliability.The presence of attacker nodes, particularly at higher percentages, including 30% and 40%, significantly diminishes the PDR, underscoring the negative impact of malicious activity on network reliability.The graph illustrates that the Hello Flood attack in the mobile environment leads to a decreased PDR compared to scenarios without the attack.Specifically, instances of the Hello Flood attack exhibit lower PDR values, indicating a considerable decrease in packet delivery reliability.
Through various mechanisms, the PMM mobility model and the Hello Flood attack collaborated to decrease the PDR.Firstly, the structured movement pattern of nodes in the PMM model, where nodes pursue a target, can lead to congestion in specific areas as the nodes converge on the target.This congestion can result in increased packet collisions and retransmissions, thereby reducing the overall PDR.Secondly, the Hello Flood attack floods the network with excessive traffic, saturating network channels and causing interference, which further disrupts packet delivery and lowers the PDR.Additionally, the movement patterns in the PMM may introduce routing instabilities, leading to suboptimal routing decisions and increased packet loss.When combined with the disruption caused by the Hello Flood attack on routing protocols, the overall impact on the PDR is compounded.Furthermore, the increased network activity resulting from both the PMM and the Hello Flood attack can lead to increased contention for network resources, such as bandwidth and processing power.This contention further reduces the PDR by increasing packet transmission delays and causing additional packet loss.In summary, the collaboration between the PMM mobility model and the Hello Flood attack reduces the PDR by introducing congestion, interference, routing instabilities, and resource contention in the network.

End-to-End Delay
In Figure 18, which illustrates E2ED, the x-axis represents the number of nodes ranging from 0 to 60, while the y-axis measures E2ED in milliseconds (ms) from 0 to 7 ms.The graph depicts eight distinct lines, each representing different combinations of mobile and attack nodes.The simulations are conducted in a mobile environment using the PMM mobility model, with and without the Hello Flood attack.Here, mobile nodes denote those operating in the mobile environment without the attack, while attacker nodes represent malicious nodes within the same environment.Notably, in all scenarios, there is a consistent pattern of E2ED rising as the number of nodes increases.For instance, setups without attack nodes and with only 10% mobile nodes exhibit minimal E2ED, contrasting with the highest E2ED observed in configurations featuring a larger proportion of both mobile and attack nodes.As the percentage of mobile and attack nodes grows, E2ED tends to increase, with the highest values likely linked to scenarios with a significant proportion of both types of nodes in the network.Moreover, it is notable that as the proportion of mobile nodes increases, E2ED follows a similar upward trend.
Through a variety of interconnected mechanisms, the PMM mobility model and the Hello Flood attack contribute to an increase in E2ED.Firstly, the PMM model's pursuitbased movement pattern can cause network congestion as nodes chase a target.This can cause packet collisions and longer transmission times.Concurrently, the Hello Flood attack floods the network with excessive traffic, saturating network channels and exacerbating interference, further delaying packet transmission and increasing E2ED.Secondly, the pursuit-based movement pattern may introduce routing instabilities, leading to suboptimal routing decisions and increased packet loss.When combined with the disruption caused by the Hello Flood attack to routing protocols, the overall impact on E2ED is amplified.Additionally, the heightened network activity caused by both the PMM model and the Hello Flood attack increases contention for limited network resources, such as bandwidth and processing power.This contention increases the workload on network components, leading to higher transmission delays and contributing to an increase in E2ED.Moreover, the Hello Flood attack may introduce additional processing overhead and network congestion, further delaying packet transmission and increasing E2ED.The combination of the PMM mobility model and the Hello Flood attack results in a significant increase in E2ED, driven by congestion, routing instability, resource contention, and increased network activity.

Throughput
Figure 19 provides an overview of throughput in a mobile network environment utilizing the PMM model, highlighting scenarios both with and without the Hello Flood attack.It features eight lines representing different combinations of mobile and attacker nodes, with percentages varying from 10% to 40%.Mobile nodes represent scenarios free of attack, whereas attacker nodes represent those exposed to it.As observed in the figure, there is a consistent trend of throughput decreasing with the increase in the number of nodes, hinting at a potential congestion issue.Moreover, networks lacking attack nodes generally sustain higher throughput levels compared to those with attackers.Additionally, an increase in the percentage of mobile nodes typically coincides with a decrease in throughput, indicating that mobility has an impact on data transmission efficiency.Notably, the inclusion of attacker nodes exacerbates the decline in throughput, highlighting the adverse impact of malicious activity on network performance.
The integration of the PMM with the Hello Flood attack leads to a notable decrease in network throughput through several interconnected mechanisms.Firstly, the structured movement patterns inherent in the PMM model can create congestion points within the network as nodes pursue a target node.This congestion can lead to packet collisions and increased transmission delays, thereby reducing overall throughput.Additionally, the Hello Flood attack inundates the network with excessive traffic, saturating network channels and exacerbating interference, which further slows down packet transmission and diminishes throughput.Secondly, the movement patterns introduced by the PMM model may introduce routing instabilities, leading to suboptimal routing decisions and increased packet loss.When combined with the disruption caused by the Hello Flood attack to routing protocols, the impact on throughput is magnified.Moreover, the increased network activity resulting from both the PMM model and the Hello Flood attack may lead to heightened contention for limited network resources such as bandwidth and processing power.This conflict increases the workload on network components, resulting in higher transmission delays and reduced throughput.Additionally, the Hello Flood attack may introduce additional processing overhead and network congestion, further impeding packet transmission and reducing throughput.

Expected Transmission Count
Figure 20 offers a detailed examination of the ETX metric in a mobile network environment utilizing the PMM model, particularly focusing on variations in node count and the presence of attacker nodes.Notably, as the number of nodes increases, there is a corresponding increase in ETX values, indicating an augmented transmission count is required for successful packet delivery as the network expands.This pattern persists regardless of changes in the percentage of attacker nodes, emphasizing the consistent influence of network size on transmission count.Moreover, the presence of attacker nodes amplifies ETX values, signaling a decline in overall link quality and reliability.The graph shows how network density and attacker presence have a big effect on ETX values.It also shows how the PMM model changes network behavior, which makes it clear how important it is to think about mobility factors when evaluating and improving network performance.
The PMM mobility model and the Hello Flood attack collaborate in various ways to raise the ETX (Expected Transmission Count).First, the PMM's structured movement patterns may cause the network to get crowded as nodes chase a target.This can cause more packet collisions and transmission delays, which raises the ETX.Additionally, the Hello Flood attack floods the network with excessive traffic, saturating channels and exacerbating interference, further delaying packet transmission and raising ETX.Secondly, the PMM's movement patterns may introduce routing instabilities, resulting in suboptimal routing decisions and increased packet loss.This is compounded by the attack's disruption of routing protocols, further amplifying ETX.Both the PMM and the attack can also cause more activity on the network, which can make it harder to obtain resources like bandwidth and processing power.This can cause transmission delays and raise ETX.Additionally, the attack may introduce additional processing overhead and congestion, further delaying packet transmission and raising ETX.

Average Power Consumption
Figure 21 presents a bar chart illustrating the correlation between APC, measured in watts, and the number of nodes in a mobile network employing the PMM mobility model, both with and without the Hello Flood attack.In this context, mobile nodes represent scenarios without attack, whereas attacker nodes denote those subjected to attack.The network density ranges from 10 to 60 nodes, with the percentage of mobile and attacker nodes varying from 10% to 40%.In a mobile environment without attack, changes in the number of nodes and the percentage of mobile nodes have a gradual effect on Average Power Consumption (APC).Conversely, in the presence of the Hello Flood attack, APC shows a gradual increase as the number of nodes and the percentage of attacker nodes change.Notably, the figure highlights the significant impact of the Hello Flood attack on the mobile network, with the introduction of the attack leading to a notable rise in APC from approximately 5 watts in the mobile environment without attack to 10 watts in the mobile network with attack.
The combination of the PMM and the Hello Flood attack significantly raises the Average Power Consumption within the network environment.This increase in power usage stems from several interconnected factors.Firstly, the structured movement patterns inherent in the PMM model can precipitate congestion hotspots within the network as nodes pursue a target, leading to heightened packet collisions and transmission delays.Simultaneously, the Hello Flood attack inundates the network with an overflow of traffic, escalating interference and necessitating increased power consumption to manage the surge in data volume.Secondly, the movement patterns introduced by the PMM model may disrupt routing stability, resulting in suboptimal routing decisions and heightened packet loss, further exacerbating power consumption.When combined with the disruptive effects of the Hello Flood attack, these routing instabilities exacerbate the strain on network resources and intensify power usage.Lastly, the heightened network activity induced by both the PMM model and the Hello Flood attack intensifies competition for limited resources, such as bandwidth and processing power, thereby driving up power consumption as network components contend to meet the heightened demands.In essence, combining the PMM mobility model with the Hello Flood attack results in a significant increase in Average Power Consumption due to congestion, routing instabilities, heightened network activity, and resource contention.

Discussion
Table 2's analysis provides valuable insights into the performance of different mobility models under attack and non-attack scenarios within RPL-based IoT networks.Firstly, the PDR demonstrates the CMM's robustness in ensuring efficient data delivery in the absence of attacks, while the PMM excels at tracking moving targets.However, vulnerabilities became apparent with the introduction of the Hello Flood attack, leading to disruptions across all models, particularly in terms of increased packet loss and delays.Secondly, the E2ED metric reveals that under attack conditions, there is a notable increase in E2ED across all models, indicating delays in data transmission and routing decisions.While models like the RPGM and NCM show moderate increases, the CMM and PMM struggle to maintain efficient data delivery, highlighting weaknesses in adapting to attackinduced disruptions.Thirdly, the analysis of throughput demonstrates initial efficiency in data transmission with models like the CMM, but the attack leads to congestion and reduced data transfer, particularly evident in increased APC.The RPGM and NCM also exhibit congestion-related issues under attack conditions, emphasizing the impact on network efficiency and performance.Fourthly, the ETX metric highlights the increased need for packet retransmissions and hops under attack conditions across all models, despite their balanced realism.The RPGM and NCM, however, face challenges with increased packet loss and limited scalability, indicating vulnerabilities to attack-induced disruptions.Finally, the examination of APC emphasizes the efficient energy utilization of the CMM but reveals increased energy consumption across all models with the attack.This makes the effect on power efficiency and network resilience even more clear, which is why strong security measures and custom solutions are needed to prevent disruptions and make sure that RPL-based IoT networks will be resilient in changing environments for a long time.On the other side, among the four-group mobility models analyzed, the CMM and the PMM stand out as the most robust and suitable for IoT applications.The CMM demonstrates efficient data delivery and transmission rates in the absence of attacks, thanks to its structured movement patterns that ensure reliable communication.However, it may face challenges with increased E2ED and ETX in complex scenarios.On the other hand, the PMM excels at tracking moving targets, making it ideal for scenarios requiring dynamic node movements, such as surveillance or tracking applications in IoT networks.Despite its effectiveness, the PMM may introduce overhead and exhibit limited applicability in certain scenarios with stationary or less dynamic node configurations.In conclusion, both the CMM and PMM have their own benefits, but the best one to use depends on the specifics of the deployment.This shows how important it is to think carefully about which mobility model is best for IoT implementations.

Conclusions
This study presents a thorough evaluation of the RPL protocol's performance across diverse scenarios, highlighting its challenges in adapting to dynamic network topologies and mobility constraints.Specifically, we focused on assessing RPL's behavior in mobile environments, utilizing four group mobility models: the Column Mobility Model (CMM), Reference Point Group Mobility Model (RPGM), Nomadic Community Mobility Model (NCM), and Pursue Mobility Model (PMM).We conducted our analysis under two conditions: with and without the Hello Flood attack, to understand its impact on RPL's performance.Our investigation involved varying node quantities and the percentage of malicious nodes in the network, evaluated through key metrics such as Average End-to-End Delay (AE2ED), throughput, the Packet Delivery Ratio (PDR), Expected Transmission Count (ETX), and Average Power Consumption (APC).Without the attack, the CMM demonstrates robust data delivery and transmission rates, although it may experience increased delays and transmission counts in complex scenarios.The RPGM offers a balanced realism but may be vulnerable to attacks, while the NCM reflects migratory behavior effectively but faces scalability issues.The PMM is suitable for tracking moving targets but may introduce overhead.In the presence of a Hello Flood attack across various group mobility models, notable shifts occur in network performance metrics.Firstly, the Packet Delivery Ratio (PDR) diminishes, indicating heightened packet loss or delivery failures.Expected Transmission Count (ETX) values rise, necessitating increased packet retransmissions and routing hops due to attack-induced disruptions.End-to-End Delay (E2ED) increases, introducing delays in routing decisions and data transmission times.Throughput declines as the attack disrupts data flow, leading to more packet loss and retransmissions.Moreover, Average Power Consumption escalates due to increased energy usage on packet transmissions, particularly over extended paths.These findings underscore the disruptive nature of Hello Flood attacks and highlight the urgent need for robust security measures in dynamic and mobile networks to mitigate such disruptions effectively.In summary, this study provides crucial insights into the challenges faced by RPL-based IoT networks and the tangible impact of Hello Flood attacks, essential for devising protective measures and ensuring network resilience against evolving threats.Our future objective is to leverage these findings to develop an anomaly intrusion detection system tailored for mobile environments.This system will continuously monitor specific performance parameters sensitive to internal attacks, enhancing network security and resilience.

Figure 2 .
Figure 2. PDR without and with attack using CMM.

Figure 3 .
Figure 3. E2ED without and with attack using CMM.

Figure 4 .
Figure 4. Throughput without and with attack using CMM.

Figure 5 .
Figure 5. ETX without and with attack using CMM.

Figure 7 .
Figure 7. PDR without and with attack using RPGM mobility model.

Figure 9 .
Figure 9. Throughput without and with attack using RPGM mobility model.

Figure 13 .
Figure 13.E2ED without and with attack using NCM.

Figure 14 .
Figure 14.Throughput without and with attack using NCM.

Figure 15 .
Figure 15.ETX without and with attack using NCM.

Figure 20 .
Figure 20.ETX without and with attack using PMM.

Table 2 .
Mobility models' weak and strong points.