Detecting Sinkhole Attack in RPL-based Internet of Things Routing Protocol

The Internet of Things (IoT) is a novel paradigm in computer networks which is capable to connect things to the internet via a wide range of technologies. Due to the features of the sensors used in IoT networks and the unsecured nature of the internet, IoT is vulnerable to many internal routing attacks. Using traditional IDS in these networks has its own challenges due to the resource constraint of the nodes, and the characteristics of the IoT network. A sinkhole attacker node, in this network, attempts to attract traffic through incorrect information advertisement. In this research, a distributed IDS architecture is proposed to detect sinkhole routing attack in RPL-based IoT networks, which is aimed to improve true detection rate and reduce the false alarms. For the latter we used one type of post processing mechanism in which a threshold is defined for separating suspicious alarms for further verifications. Also, the implemented IDS modules distributed via client and router border nodes that makes it energy efficient. The required data for interpretation of network’s behavior gathered from scenarios implemented in Cooja environment with the aim of Rapidminer for mining the produces patterns. The produced dataset optimized using Genetic algorithm by selecting appropriate features. We investigate three different classification algorithms which in its best case Decision Tree could reaches to ۹۹.۳۵ rate of accuracy.