A resource-efficient ensemble machine learning framework for detecting rank attacks in RPL-based IoT networks

Abstract

The Internet of Things (IoT) links intelligent devices across various sectors, including healthcare, smart cities, and industrial systems, aiming to improve everyday experiences. Despite its benefits, RPL-based routing is commonly adopted in IoT networks operating under low-power and lossy network conditions, which are susceptible to security vulnerabilities, most notably Rank attacks, which distort the routing structure and reduce network performance. Traditional rule-based defenses struggle to scale with dynamic traffic and complex attack patterns, necessitating more adaptive solutions. This paper presents a lightweight, ensemble-based Intrusion Detection System (IDS) that integrates Support Vector Machine (SVM) and XGBoost algorithms to detect Rank attacks in RPL-based IoT environments. A comprehensive dataset was generated by simulating both static and dynamic Rank attack scenarios. Mutual Information and Recursive Feature Elimination (RFE) methods were employed for feature selection. The developed ensemble model exhibited robust performance, reaching an average accuracy of 98.4 %, a precision of 98.2 %, a recall of 97.1 %, an F1-score of 0.97, and a False Positive Rate (FPR) is 1.8 %, an Area Under the Curve (AUC) greater than 0.96 when evaluated using 5-fold cross-validation. Comparative experiments were conducted with traditional machine learning algorithms such as Support Vector Machine (SVM), Decision Tree (DT), and Random Forest (RF), alongside advanced deep learning architectures including Long Short-Term Memory (LSTM) networks and hybrid models like CNN-LSTM, to effectively demonstrate the superior efficiency and detection capabilities of the proposed approach. Unlike deep models, the proposed solution is resource-efficient and well-suited for deployment on constrained IoT devices. Practical considerations such as latency, computational overhead, and model interpretability are discussed to support real-world applicability. This work introduces one of the initial ensemble learning frameworks tailored for Rank attack detection in RPL, offering both academic insights and engineering relevance for secure IoT deployments.