{"title":"Enhancing IoT security: A competitive coevolutionary strategy for detecting RPL attacks in challenging attack environments","authors":"Selim Yılmaz","doi":"10.1016/j.comnet.2025.111185","DOIUrl":null,"url":null,"abstract":"<div><div>Internet of Things (IoT) is a recent technology that allows heterogeneous devices to communicate with each other and the Internet. Designed specifically for IoT-enabled networks, the IPv6 Routing Protocol for Low Power Lossy Network (RPL) is adopted as standard routing protocol today. While RPL facilitates efficient routing between IoT devices, it is very susceptible to attacks, leading to numerous threats targeting different aspects of the nodes and network. Consequently, several efforts have been made to develop intrusion detection systems to secure RPL-operated networks. However, many existing solutions are tailored to specific attacks, making them unsuitable for other RPL attacks. Additionally, they depend on fixed simulations with specific scenarios, neglecting the influence of attack environments on detection system performance. The impact of RPL attacks varies with factors such as attacker density and position in the network. Consequently, it is crucial to design IDS that can effectively handle these dynamic conditions. This study addresses these challenges by proposing a competitive coevolution-based intrusion detection system that focuses on the most challenging attack environments. To achieve this, the intrusion detection algorithm and challenging attack environments are competitively evolved. Targeting the network’s topology, traffic, and resources through the exploitation of control packets, this study investigates 11 RPL attacks: blackhole, DIS flooding, DAG inconsistency, DAO inconsistency, decreased rank, energy depletion, forwarding misbehavior, increased version, spam DIS, selective forwarding, and worst parent. To assess detection performance, a wide range of evaluation metrics such as accuracy, precision, recall, false alarm rate, and F1-score are used. The findings demonstrate that the proposed system ensures strong detection performance with very low memory and power consumption, suggesting its effectiveness against the attacks threatening the multiple aspects of the network and its applicability on resource-constrained nodes.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"262 ","pages":"Article 111185"},"PeriodicalIF":4.6000,"publicationDate":"2025-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625001537","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
Internet of Things (IoT) is a recent technology that allows heterogeneous devices to communicate with each other and the Internet. Designed specifically for IoT-enabled networks, the IPv6 Routing Protocol for Low Power Lossy Network (RPL) is adopted as standard routing protocol today. While RPL facilitates efficient routing between IoT devices, it is very susceptible to attacks, leading to numerous threats targeting different aspects of the nodes and network. Consequently, several efforts have been made to develop intrusion detection systems to secure RPL-operated networks. However, many existing solutions are tailored to specific attacks, making them unsuitable for other RPL attacks. Additionally, they depend on fixed simulations with specific scenarios, neglecting the influence of attack environments on detection system performance. The impact of RPL attacks varies with factors such as attacker density and position in the network. Consequently, it is crucial to design IDS that can effectively handle these dynamic conditions. This study addresses these challenges by proposing a competitive coevolution-based intrusion detection system that focuses on the most challenging attack environments. To achieve this, the intrusion detection algorithm and challenging attack environments are competitively evolved. Targeting the network’s topology, traffic, and resources through the exploitation of control packets, this study investigates 11 RPL attacks: blackhole, DIS flooding, DAG inconsistency, DAO inconsistency, decreased rank, energy depletion, forwarding misbehavior, increased version, spam DIS, selective forwarding, and worst parent. To assess detection performance, a wide range of evaluation metrics such as accuracy, precision, recall, false alarm rate, and F1-score are used. The findings demonstrate that the proposed system ensures strong detection performance with very low memory and power consumption, suggesting its effectiveness against the attacks threatening the multiple aspects of the network and its applicability on resource-constrained nodes.
物联网(IoT)是一项新技术,它允许异构设备相互通信并与互联网通信。IPv6低功耗网络路由协议(IPv6 Routing Protocol for Low Power Lossy Network, RPL)是专为物联网网络设计的标准路由协议。虽然RPL促进了物联网设备之间的高效路由,但它非常容易受到攻击,导致针对节点和网络不同方面的众多威胁。因此,已经作出了一些努力来开发入侵检测系统,以保护rpl操作的网络。然而,许多现有的解决方案都是针对特定的攻击量身定制的,因此不适合其他RPL攻击。此外,它们依赖于特定场景的固定模拟,忽略了攻击环境对检测系统性能的影响。RPL攻击的影响与攻击者的密度、在网络中的位置等因素有关。因此,设计能够有效处理这些动态条件的IDS至关重要。本研究通过提出一种竞争性的基于协同进化的入侵检测系统来解决这些挑战,该系统专注于最具挑战性的攻击环境。为了实现这一目标,入侵检测算法和具有挑战性的攻击环境都在竞争中发展。针对网络的拓扑结构、流量和资源,通过控制数据包的利用,本研究调查了11种RPL攻击:黑洞、DIS洪水、DAG不一致、DAO不一致、降低等级、能量消耗、转发不当行为、增加版本、垃圾DIS、选择性转发和最坏父端。为了评估检测性能,使用了广泛的评估指标,如准确性、精密度、召回率、误报率和f1分数。研究结果表明,该系统以极低的内存和功耗保证了较强的检测性能,表明该系统能够有效抵御威胁网络多个方面的攻击,适用于资源受限的节点。
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
