Enhancing IoT security: A competitive coevolutionary strategy for detecting RPL attacks in challenging attack environments

IF 4.4 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-03-13 DOI:10.1016/j.comnet.2025.111185

Selim Yılmaz

{"title":"Enhancing IoT security: A competitive coevolutionary strategy for detecting RPL attacks in challenging attack environments","authors":"Selim Yılmaz","doi":"10.1016/j.comnet.2025.111185","DOIUrl":null,"url":null,"abstract":"<div><div>Internet of Things (IoT) is a recent technology that allows heterogeneous devices to communicate with each other and the Internet. Designed specifically for IoT-enabled networks, the IPv6 Routing Protocol for Low Power Lossy Network (RPL) is adopted as standard routing protocol today. While RPL facilitates efficient routing between IoT devices, it is very susceptible to attacks, leading to numerous threats targeting different aspects of the nodes and network. Consequently, several efforts have been made to develop intrusion detection systems to secure RPL-operated networks. However, many existing solutions are tailored to specific attacks, making them unsuitable for other RPL attacks. Additionally, they depend on fixed simulations with specific scenarios, neglecting the influence of attack environments on detection system performance. The impact of RPL attacks varies with factors such as attacker density and position in the network. Consequently, it is crucial to design IDS that can effectively handle these dynamic conditions. This study addresses these challenges by proposing a competitive coevolution-based intrusion detection system that focuses on the most challenging attack environments. To achieve this, the intrusion detection algorithm and challenging attack environments are competitively evolved. Targeting the network’s topology, traffic, and resources through the exploitation of control packets, this study investigates 11 RPL attacks: blackhole, DIS flooding, DAG inconsistency, DAO inconsistency, decreased rank, energy depletion, forwarding misbehavior, increased version, spam DIS, selective forwarding, and worst parent. To assess detection performance, a wide range of evaluation metrics such as accuracy, precision, recall, false alarm rate, and F1-score are used. The findings demonstrate that the proposed system ensures strong detection performance with very low memory and power consumption, suggesting its effectiveness against the attacks threatening the multiple aspects of the network and its applicability on resource-constrained nodes.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111185"},"PeriodicalIF":4.4000,"publicationDate":"2025-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625001537","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Internet of Things (IoT) is a recent technology that allows heterogeneous devices to communicate with each other and the Internet. Designed specifically for IoT-enabled networks, the IPv6 Routing Protocol for Low Power Lossy Network (RPL) is adopted as standard routing protocol today. While RPL facilitates efficient routing between IoT devices, it is very susceptible to attacks, leading to numerous threats targeting different aspects of the nodes and network. Consequently, several efforts have been made to develop intrusion detection systems to secure RPL-operated networks. However, many existing solutions are tailored to specific attacks, making them unsuitable for other RPL attacks. Additionally, they depend on fixed simulations with specific scenarios, neglecting the influence of attack environments on detection system performance. The impact of RPL attacks varies with factors such as attacker density and position in the network. Consequently, it is crucial to design IDS that can effectively handle these dynamic conditions. This study addresses these challenges by proposing a competitive coevolution-based intrusion detection system that focuses on the most challenging attack environments. To achieve this, the intrusion detection algorithm and challenging attack environments are competitively evolved. Targeting the network’s topology, traffic, and resources through the exploitation of control packets, this study investigates 11 RPL attacks: blackhole, DIS flooding, DAG inconsistency, DAO inconsistency, decreased rank, energy depletion, forwarding misbehavior, increased version, spam DIS, selective forwarding, and worst parent. To assess detection performance, a wide range of evaluation metrics such as accuracy, precision, recall, false alarm rate, and F1-score are used. The findings demonstrate that the proposed system ensures strong detection performance with very low memory and power consumption, suggesting its effectiveness against the attacks threatening the multiple aspects of the network and its applicability on resource-constrained nodes.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.