An intelligent security model for defence against routing attacks on the Internet of-Things

Abstract

The Internet of Things (IoT) is fundamentally revolutionising diverse sectors such as agriculture, smart cities, and health, enabling critical applications such as environmental monitoring, military surveillance, and efficient waste management. These pervasive deployments often rely on Low-power and Lossy Networks (LLNs). The network caters for resource-constrained devices which rely on the Routing Protocol for Low-power and Lossy Networks (RPL) to facilitate efficient routing decisions. RPL is a widely used routing protocol designed for LLNs. Its operational integrity hinges on control messages like DODAG Advertisement Object (DAO), DODAG Information Object (DIO), and DODAG Information Solicitation (DIS) control messages, which collectively establish and maintain network topology. However, the limitations of IoT devices, including battery, processing capacity, and memory, as well as the complexities of RPL, make these networks particularly susceptible and vulnerable to various threats. Routing attacks pose a severe challenge to network stability and data integrity. Among these routing attacks, the DIS flooding attack stands out as the most destructive and resource-consuming threat. The attack specifically exploits RPL's DIS mechanism by overwhelming the network with an excessive volume of DIS messages. Such a disruption can lead to severe resource exhaustion, network congestion, and ultimately, a denial-of-service condition, significantly undermining the reliability of IoT network operations. The urgent need to counteract these sophisticated routing attacks is paramount to safeguarding the functionality of modern RPL-based IoT networks. Despite the proliferation of security models in the literature for general IoT environments, there remains a significant gap in the implementation of lightweight intelligent security models specifically tailored for RPL-based IoT. Existing solutions often struggle to balance detection efficacy with the stringent resource constraints of LLN devices. This research study's primary objective is to address this critical gap by implementing a novel, lightweight and intelligent security model designed to effectively detect the DIS-flooding attack with a high detection rate, low false alarm and minimum program flash memory utilisation of the IoT devices. To achieve this, the study adopted a simulation-based quantitative approach. A robust experimental setup was created within the Cooja simulation tool, utilising nodes running the Contiki 3.x operating system. This environment allowed for the precise implementation of the routing attacks that the study addresses and the generation of a comprehensive dataset under two distinct scenarios: a baseline normal operation and a DIS-flooding attack scenario. This dataset was then meticulously used to build, train, and test six(6) distinct machine learning (ML) algorithms, including Support Vector Machine (SVM), Random Forest (RF), Decision Tree (DT), Multilayer Perceptron (MLP), K-Nearest Neighbours (KNN), and Naive Bayes (NB). This study contributes three key advancements to the field: a theoretical contribution highlighting the imperative for intelligent and resource-efficient security models in RPLbased IoT; a methodological contribution presenting a robust framework for implementing and evaluating routing attacks within the Cooja simulation environment; and a significant practical contribution underscoring the real-world applicability of the proposed DT-based lightweight and intelligent security model to detect anomalies in IoT networks. The results of this study demonstrate that a tree-based algorithm, the Decision Tree model, performed significantly well as compared to other evaluated models, showcasing its higher performance with below threshold False Negatives (FN), and a remarkably small model size. Specifically, the DT model achieved an outstanding 98.21% Matthews Correlation Coefficient (MCC), 99.12% accuracy, 99.12% recall, and 98.86% precision, coupled with an exceptionally low 3.79% FN rate. Furthermore, the model required only 4.17 KB of program memory, confirming its suitability for deployment on resourceconstrained IoT device. The novelty of this study lies in the integrated implementation and evaluation of a memory-efficient intelligent detection model directly tailored to RPL-based IoT, validated within a realistic LLN simulation framework. Unlike prior approaches that prioritise detection performance without resource considerations, this work demonstrates that high detection accuracy and minimal memory footprint can be simultaneously achieved in RPL-based IoT environments. The findings provide a practical and scalable pathway toward securing LLNs against DIS-flooding attack, thereby enhancing the resilience of modern IoT networks.