IEEE Access (Jan 2023)

Passive Rule-Based Approach to Detect Sinkhole Attack in RPL-Based Internet of Things Networks

  • Shadi Al-Sarawi,
  • Mohammed Anbar,
  • Basim Ahmad Alabsi,
  • Mohammad Adnan Aladaileh,
  • Shaza Dawood Ahmed Rihan

DOI
https://doi.org/10.1109/ACCESS.2023.3310242
Journal volume & issue
Vol. 11
pp. 94081 – 94093

Abstract

Read online

An Internet of Things (IoT) refers to a network of smart devices that enable data collection and exchange. RPL is a protocol specifically designed for IPv6 over Low Power Wireless Personal Area Networks (6LoWPAN) to bring the concept of IoT into reality. As a result, RPL has become a standard routing protocol for connecting IPv6 to IoT networks. However, like any other network protocol, RPL is vulnerable to various attacks, including sinkhole attacks, which can disrupt network operations. Sinkhole attacks exploit vulnerabilities in RPL by manipulating routing preferences by disseminating falsified data, leading to an abnormal increase in traffic directed toward the attacker’s node. This paper introduces the Passive Rule-based Approach (PRBA) to detect sinkhole nodes in RPL-based IoT networks. The PRBA approach relies on three proposed behavioral indicators: (I) Bi-Directional behavior, (II) Bi-Directional Frequently behavior, and (III) Power Consumption behavior. The proposed PRBA approach was implemented and evaluated using the COOJA simulator and compared with state-of-the-art approaches. Simulation results demonstrate that the PRBA approach achieves a detection accuracy rate ranging from 90% to 100%, with a false-positive rate ranging from 0% to 0.2%. Additionally, due to its carefully designed deployment strategy, the proposed approach satisfies the power consumption requirements of constrained nodes without causing an increase in power consumption.

Keywords