HaKAN-6T: Hybrid algorithm for DIS attack detection and mitigation using CoJP in RPL-based 6TiSCH networks

The Internet of Things relies on robust networking protocols like the Routing Protocol for Low-Power and Lossy Networks (RPL) to enable efficient communication in resource-constrained environments, particularly in 6TiSCH networks combining IEEE 802.15.4e TSCH with IPv6. However, RPL remains vulnerable to control message attacks, such as DIS flooding and rank manipulation, which degrade network stability, increase energy consumption, and disrupt performance. To address these challenges, this study introduces HaKAN-6T, a hybrid security framework designed to enhance RPL-based 6TiSCH networks through integrated detection and mitigation mechanisms. HaKAN-6T combines the Constrained Join Protocol (CoJP) for secure device authentication with a Network Analyzer for real-time anomaly detection. CoJP ensures only authorized devices join the network, preventing unauthorized access, while the Network Analyzer monitors node behavior to identify attacks like DIS flooding, increased rank, and decreased rank attacks. The performance of HaKAN-6T is evaluated through extensive simulations in grid and random topologies with 30 and 40 nodes, measuring key metrics such as packet delivery ratio (PDR), end-to-end delay (E2ED), control packet overhead, average power consumption (APC), processing overhead, and average detection latency. The results demonstrate that HaKAN-6T significantly mitigates the impact of DIS flooding attacks, reducing control packet overhead by up to 28.5% and improving PDR from 82.7% to 88.45% in 30-node scenarios. Against increased rank attacks, it minimizes E2ED, reducing delays by 19.3% while maintaining a stable network topology. For decreased rank attacks, it prevents excessive topology changes and lowers APC by up to 10.5%, enhancing energy efficiency.