0% found this document useful (0 votes)
28 views6 pages

Addressing DAO Insider Attacks in IPv6-Based Low-P

The paper addresses the issue of DAO Insider attacks in Low-Power and Lossy Networks (LLNs) that utilize the RPL routing protocol. It proposes a lightweight defense solution based on an early blacklisting strategy to mitigate the attack and restore network performance, which has been tested using the Cooja Simulator. The proposed method analyzes node behavior to identify illegitimate nodes and limits the number of DAO messages sent by child nodes to enhance security.

Uploaded by

Faisal Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
28 views6 pages

Addressing DAO Insider Attacks in IPv6-Based Low-P

The paper addresses the issue of DAO Insider attacks in Low-Power and Lossy Networks (LLNs) that utilize the RPL routing protocol. It proposes a lightweight defense solution based on an early blacklisting strategy to mitigate the attack and restore network performance, which has been tested using the Cooja Simulator. The proposed method analyzes node behavior to identify illegitimate nodes and limits the number of DAO messages sent by child nodes to enhance security.

Uploaded by

Faisal Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Addressing DAO Insider Attacks in IPv6-Based

Low-Power and Lossy Networks


Sachin Kumar Verma Abhishek Verma* Avinash Chandra Pandey
Department of CSE Department of CSE Department of CSE
PDPM IIITDM Jabalpur, India PDPM IIITDM Jabalpur, India PDPM IIITDM Jabalpur, India
[email protected] [email protected] [email protected]

Abstract—Low-Power and Lossy Networks (LLNs) run on


resource-constrained devices and play a key role in many
Industrial Internet of Things and Cyber-Physical Systems based
arXiv:2303.00260v1 [cs.CR] 1 Mar 2023

applications. But, achieving an energy-efficient routing in LLNs


is a major challenge nowadays. This challenge is addressed by
Routing Protocol for Low-power Lossy Networks (RPL), which
is specified in RFC 6550 as a “Proposed Standard” at present.
In RPL, a client node uses Destination Advertisement Object
(DAO) control messages to pass on the destination information
towards the root node. An attacker may exploit the DAO
sending mechanism of RPL to perform a DAO Insider attack
in LLNs. In this paper, it is shown that an aggressive attacker
can drastically degrade the network performance. To address
DAO Insider attack, a lightweight defense solution is proposed.
The proposed solution uses an early blacklisting strategy to
significantly mitigate the attack and restore RPL performance. Fig. 1. Routing attacks against RPL protocol
The proposed solution is implemented and tested on Cooja
Simulator.
Index Terms—IoT, LLNs, IDS, 6LoWPAN, DAO Insider [4]. Although RPL solves major problems faced by LLNs,
Attack, RPL.
there are some LLNs characteristics(i.e., self-healing, self-
I. I NTRODUCTION organization, and resource-constrained behavior of nodes)
which expose RPL to various outsider and insider attacks.
The IoT [1] has a large number of applications which
Theses attacks may compromise user’s privacy and security
make human life better. IoT applications like smart grid,
and limit the growth of IoT drastically. RPL has many
smart healthcare, and smart agriculture require an infras-
discovered and undiscovered vulnerabilities which may be
tructure which has minimum implementation cost [2] and
exploited by the attackers to compromise the network. An
also supports longer operation time. LLNs are the best for
attacker may compromise resource-constrained devices and
such applications as LLNs provide and infrastructure with a
reprogram them to exploit vulnerable RPL features to disrupt
minimum implementation cost [3] and has longer operation
the normal working of other legitimate nodes. In this manner,
time. In LLNs, there are various security and privacy risks
the attacker can continuously degrade the network’s overall
that may put user’s security and privacy at risk. For example,
performance. Fig. 1 indicates various attacks (WSN based
auto-configuration, vulnerabilities of supporting devices and
and RPL specific) that can be performed on RPL based LLNs.
wireless communication may be explored by an attacker to
Many of the attacks on RPL are very difficult to detect and
access the confidential or private information of the users’. In
mitigate. Fig. 1 shows some of the the most common attacks
addition, an attacker may target LLNs with Denial-of-Service
against RPL protocol.
attack and disturb the network’s performance. To achieve
One of the catastrophic attacks against RPL is known as
minimum implementation cost and longer operation time,
DAO Insider attack. In this an attacker node can disrupt
resource-constrained nodes are utilized . These nodes have
the network’s performance by continuously sending DAO
very limited processing, storage, communication, and energy
messages to its preferred parent node. As RPL does not
source capabilities. LLNs require an energy-efficient routing
has any inbuilt functionality to identify illegitimate control
protocol for network layer for supporting longer operation
packets, therefore it becomes victim of such attack. To secure
time. To address the problem of achieving energy-efficient
the network from DAO insider attacks, an Intrusion Detection
routing in LLNs the IETF’s Routing Over Low power
System (IDS) is required. IDS may help RPL to detect the
and Lossy networks i.e. RoLL working group proposed a
attack and mitigate it. Our contributions are summarized
standard the RPL protocol. RPL is specified in RFC 6550
below:
1) A defense solution to address the DAO insider attack
978-1-6654-6658-5/22/$31.00 ©2022 IEEE is proposed.
2) The effectiveness of our proposed solution is analyzed OpenWSN, RIOT, Contiki-NG, OMNeT++, NetSim) choose
on the Cooja simulator. different mechanisms to control DAO transmission rate. We
Further the paper is structured as follows. Section II have considered the most widely used RPL implementation,
overview’s the RPL protocol. Section III discusses the DAO i.e., ContikiRPL in this paper. In ContikiRPL, DAO messages
Insider attack. Related works are discussed in Section IV. are transmitted using Trickle Timer. In RPL, DAO messages
Our proposed defense solution is described in Section V. are unicast by the child node to parent node basically on
Performance evaluation of the proposed solution is depicted three occasions:
in Section VI. Lastly, the Section VII concludes the paper 1) When a node receives DIO message from a parent
and indicates the future work. node.
2) When a node changes its preferred parent.
II. OVERVIEW OF RPL PROTOCOL 3) When a node detects some routing error.
RPL is a proactive routing protocol based on distance An important point related to DAO messages is that when
vectors and source routing concepts. RPL is specified as a a child node sends a DAO message with DODAG root as
“Proposed Standard” in RPL 6550 [4]. RPL is considered as a destination, in response to a single DAO transmission
an energy-efficient protocol because it requires less energy multiple DAO messages are generated by intermediate nodes
to create and maintain network topology [5]. It uses distance that are present along the path. Consider a path from child
vector protocol for routing. RPL runs on top of IEEE node to root node that consists of n intermediate nodes,
802.15.4 MAC. RPL forms Destination Oriented Directed then the total number of DAO messages that are transmitted
Acyclic Graph (DODAG) based topology over LLN devices. along the path is equal to n, as shown in Fig. 2. An
DODAG is loop-free and tree-like structure in which root attacker node may exploit this feature to disrupt the normal
node is assumed as the destination for all the nodes. The network’s performance by simply transmitting malformed or
network may be running several DODAGs at the particu- eavesdropped DAO message frequently to its preferred parent
lar instance of time which together are unidentified as an node. The best case scenario for an attacker will be to launch
RPLInstance. RPLInstance is identified by a unique IPv6 the attack from the edge of the network as this will increase
address, i.e., RPLInstanceID. In RPL, multiple RPLInstance the control packet overhead in terms of DAO messages.
may be concurrently at the same time to support various DAO Insider attack significantly decreases the PDR (packet
services. Each LLN node is assigned a rank value which is delivery ratio), increases AE2ED (average en-to-end delay)
a 16-bit integer and indicates the node’s position relative to and avearge power consumption of the network. There are
DODAG root node. RPL protocol defines a very strict rank multiple ways to launch the DAO Insider attack. One way
rule. According to this rule, the rank of a nodes increases in is to is send malformed DAO packets to the root node (i.e.,
a downward direction and decreases in an upward direction insider attack). Another way is to transmit an eavesdropped
towards DODAG root. The concept of rank is used for DAO captured from legitimate node (i.e., outsider attack).
following reasons: In Fig. 2 it is shown that the attacker with Node Id 10 is
• To recover the broken links. repeatedly transmitting the DAO message to the preferred
• To differentiate between siblings and parents. parent node, i.e., Node Id 7. All intermediate nodes forward
• To detect and resolve the routing loops. the DAO message to their parent until it received by the root
• To create a relationship between parent and child. node.
RPL supports four types of control messages, i.e., DODAG
Information Solicitation (DIS), DODAG Information Object IV. R ELATED W ORK
(DIO), Destination Advertisement Object (DAO), and Desti- Sheibani et al. [8] proposed an algorithm for mitigating
nation Advertisement Object Acknowledgment (DAO-ACK). Dropped DAO (DDAO) attack. They used a watchdog ap-
RF defines Objective Function (OF) for rank calculation [6]. proach to monitor the forwarding behaviour of its parent.
OF is used to select optimal parent that that has shortest path Raza et al. [9] suggested a real-time IDS called SVELTE
towards DODAG root node. To reduce the number of control which is based on Contiki platform. SVELTE detects three
messages transmission RPL uses “Trickle timer” concept [7]. types of attacks, i.e., Sinkhole, Selective Forwarding, and
Spoofing. It uses three different procedures to detect attack
III. DAO I NSIDER ATTACK in real-time: (1) collects traffic information, (2) identifies in-
To enable bi-directional communication, RPL uses DAO trusion, (3) provides a small distributed firewall for blocking
control messages. DAO messages are used to create down- illegitimate traffic coming from outsider networks. Verma et
ward paths so that DODAG root can route packets destined al. [10] carried out a detailed survey on various existing at-
towards leaf nodes. DAOs are forwarded by each intermedi- tacks and countermeasures for RPL. Mayzaud et al. [11] pro-
ate node that lies along the path between child node and posed a distributed monitoring algorithm to secure RPL from
DODAG root. Unicast DAO-ACK message is sent by a version number attacks. In [12], the focused on designing
DAO Recipients that lie along the path. The standard RPL an IDS to protect the network from outsider attackers. They
specification has not provided any information on when and proposed a signature-based intrusion detection approach to
how often these DAO messages must be transmitted. That secure the network from version number modification and
is why different RPL implementations (i.e., ContikiRPL, “Hello” flooding attacks. In [13], an attack classification
Fig. 2. An illustration of DAO Insider Attack

model based on Gated Recurrent Unit network is developed and victim node in order to minimize false positives. The
for identification of “Hello Flooding” attack. Ghaleb et al. proposed solution is based on distributed detection strategy
[14] proposed and addressed the DAO Insider attack. The in which every individual node maintains two tables, i.e.,
authors implemented a defense mechanism named SecRPL a neighbor table for storing information about neighbors,
to secure the LLNs. Verma et al. [15] proposed a lightweight a blacklist table to store information about blacklisted or
security scheme for the defending RPL against DIS flooding attacker nodes. The usage of blacklist table helps in energy
attacks. They analyzed the network and put a safety threshold saving because attack is mitigated quickly without additional
on the RPL protocol. In this [16] paper Farzaneh et al. processing of illegitimate DAO packet. A threshold, i.e.,
proposed an anomaly based IDS based on threshold values DAO recv threshold is used to put a cap on the maximum
for detection of attacks in RPL. Ariehrour et al. [17] proposed allowed DAO transmissions by any child node. The value of
SecTrust-RPL solution to secure RPL against Sybil and rank DAO recv threshold is chosen based on the analysis of mul-
attacks. AN IDS named SIEWE is proposed by Patel et tiple non-attack scenarios. The detection algorithm starts with
al. by Patel et al. [18]. In [19], the authors proposed a the initialization of DAO recv threshold, Neighbor Table,
lightweight mechanism that adjusts thresholds value to detect and Blacklist Table. The parent node, upon receiving a
and mitigate DIS attacks. From the literature, we identified DAO message from a child node or DAO sender checks
that various RPL based attacks have been countered using whether the DAO sender’s address is already present in the
different types of security solutions. As far as the literature Blacklist Table or not. If DAO sender’s address matches with
is concerned there is only one solution for defending DAO any blacklisted node’s address, this means that parent had
Insider attacks [14], this leave a lot of scope. In this paper already detected that DAO sender as an attacker node earlier,
we have addressed DAO Insider attack using Blacklisting and it simply discards received DAO message without any
technique. further processing. This not only saves energy of nodes but
also helps in quick mitigation of attack. In case the DAO
V. P ROPOSED S OLUTION sender’s address is not present in Blacklist Table, then the
The proposed defense solution is based on the idea of algorithm starts checking the Neighbor Table to find out the
analyzing node’s behavior to identify whether it is legitimate DAO sender’s address. If DAO sender’s address is not present
or illegitimate. We performed multiple experiments consid- in the Neighbor Table, then it means that DAO sender is a
ering different non-attack and attack scenarios to analyze new child node which has sent the DAO message first time.
the illegitimate node behavior. The behavior of the node is Then, a new node entry in the Neighbor Table is created and
analyzed in form of the number of DAO messages being DAO sender’s information is added to the Neighbor Table.
transmitted and received by the nodes across the network. In this case the Neighbor Table stores three values:
With a detailed analysis, we come to a conclusion that each
1) DAO sender address(Node[source id])
node in RPL based LLNs receives and transmits similar
2) Child’s Global address or
number of DAOs messages in the network under non-attack
DAO Prefix(Node[global id])
scenarios. Whereas, in case of attack, victim node receives
3) Child’s DAO counter
large amount of DAOs from a malicious node as compared
to neighbor legitimate nodes. To address DAO Insider attack, Based on these entries, the detection algorithm decides
we proposed a defense solution that puts limits on the the whether a DAO sender node is an attacker or not. It is
number of DAOs messages sent by any child node. The important to note that whenever a node generates a DAO
key idea is to distinguish between original attacker node message, it also transfers the global ID in the DAO message.
In RPL, DAO sender’s global ID is represented as the DAO
prefix. In our solution, we use the DAO prefix to increment
the DAO counter value (i.e., DAO count). Whenever any
parent node receives a DAO message from its child node
there are two cases which are handled differently. In first
case, if DAO sender or child is the DAO originator (i.e.,
DAO Prefix equals child’s global id), then DAO count value
corresponding to that child node is incremented, and the DAO
message is forwarded. In second case, when the child is
not the DAO originator (i.e., DAO Prefix not equals child’s
global id), the value of DAO count is not incremented, and
DAO message is forwarded to the preferred parent. With this
approach, the algorithm detects attacker node present in the Fig. 3. Simulation Parameters
network without blacklisting legitimate nodes. If any node
is sending a lot of DAO message, then the parent of that
child node will increment the DAO Counter corresponding tem for resource constrained nodes. The popular ContikiRPL
to that child node. After reaching the DAO recv threshold, is modified and the proposed solution is integrated with it.
the parent blocks the abnormally behaving child and add its The performance of the proposed solution is evaluated on
information in the Blacklist Table (i.e., blacklisting). The Cooja simulator [21]. Further part of this section provides
main benefit of this approach is that it does not involve the details of experimental setup, performance indicators, and
usage of any resource consuming methods like encryption, experimental results.
decryption, hashing, or key management. The detection logic
simply puts thresholds of RPL parameters which makes A. Experimental Setup
it lightweight and suitable for LLNs. Pseudocode of the
proposed solution is depicted in Algorithm 1. The proposed solution is implemented by modifying the
core files of ContikiRPL. We performed the experiments for
Algorithm 1 Pseudocode of proposed solution evaluation of proposed solution on Cooja Simulator. Z1 mote
1: procedure I NITIALIZATION platform is used for running Contiki. The simulation param-
2: set DAO recv threshold eters mentioned in Fig 3 are considered for experiments.
3: create empty Neighbor Table ⊲ To create a neighbor table In all the experiments, the Unit Disk Graph Radio Medium
on node start
4: create empty Blacklist Table ⊲ To create a blacklist table (UDGM) is considered. To mount the DAO insider attack, an
on node start attacker node can compromise the legitimate node and repro-
5: end procedure grammed it to capture the DAO message and then transmit
6: procedure O N DAO R ECEIVE the captured DAO message in a fixed time of interval. The
7: if (DAO sender address is present in Blacklist Table) then DAO attack is launched after receiving a DIO message from
8: return ⊲ In case the sender node was already
blacklisted any parent node. The detection approach of the proposed
9: end if solution is activated upon network initialization. The mean
10: for Each Node in Neighbor Table do values of PDR and AE2ED have been used for analysis
11: if (DAO sender address equals Node.source id) then to eliminate the effect the biased results. We performed 10
12: if (DAO Prefix equals Node.global id) then independent experiments with different random seed values
13: if (Node.DAO count is less than
DAO recv threshold) then and computed the errors at a 95 percent confidence interval.
14: Node.DAO count++
15: Forward DAO to preferred parent B. Performance Indicators
16: else
17: Add DAO sender in Blacklist Table 1) Packet Delivery Ratio (PDR): Represents ratio of the
18: end if total amount of data packets received to the total
19: else
amount of data packets sent by any node to the
20: Forward DAO to preferred parent
21: end if DODAG root node.
22: else 2) Average End-to-End Delay (AE2ED): The average
23: Add new DAO sender’s information in Neigh- time taken to deliver all the data packet from source
bor Table to DODAG node.
24: end if 3) Throughput: It indicates the amount of data moved
25: end for
26: end procedure successfully from sender to receiver in a given period
of time. It is expressed in terms of bits per second
(bps).
VI. P ERFORMANCE E VALUATION 4) Implementation Overhead: It represents total RAM and
We implemented our proposed defense solution in Contiki ROM usage by the proposed solution over resource
[20] which is one of the widely used embedded operating sys- constraints nodes.
C. Simulation Results scenario as compared to RP L. The reason is that the parent
We have considered three cases for making comparisons, node receives a lot of DAO messages from the attacker node
i.e., RP L, RP LUnderAttack , and RP LSecure . Where, RP L and this keeps them busy. Busy parent nodes take a lot of time
represents standard RPL without defense mechanism imple- to process data packets, therefore AE2ED increases. Like,
mented on it, RP LUnderAttack is the scenario in which PDR results in this case also, it can also be analyzed that
standard RP L is under attack, and RP LSecure represents the aggressive DAO attacker have major impact on AE2ED
the secure version of standard RP L which has our defense of the network as compared to non-aggressive attackers .
solution incorporated in it. In this section, the simulation Our proposed solution (RP LSecure ) is able to decrease the
results are discussed. impact of attack and this is clearly visible in Fig. 5. This
is because the proposed solution discards malicious DAOs,
D. Impact on PDR which consequently reduces processing time of data packets.
Fig. 4 represents the impact of PDR on RP L,
RP LUnderAttack , RP LSecure . It has been observed from RPL

RPL
the figure that the attacker lowers the network’s performance. 3.5

RPL
Under Attack

Secure

Under RP LUnderAttack scenario, the attacker node is pro- 3.0

Average End-to-End Delay (seconds)


grammed to transmit a large number of DAO messages to 2.5

the preferred parent node. The attacker node increases the


control packet overhead of the network. upon receiving a 2.0

DAO message a parent must processes all DAOs and sends 1.5

acknowledgement in DAO-ACK message to the DAO sender


1.0

node. In RP LUnderAttack case the processing overhead


increases drastically which consequently leads to data packet 0.5

loss. Fig. 4 clearly indicates how the PDR is affected in 0.0

RP LUnderAttack scenario. Moreover, it can also be analyzed 1 2 4 8

Replay Interval (seconds)

that the aggressive DAO attacker (i.e., attacker sending DAO


at 1, 2 second replay interval) have high impact on PDR as Fig. 5. AE2ED values obtained in different scenarios
compared to non-aggressive attackers ((i.e., attacker sending
DAO at 4, 8 second replay interval)). In case of RP LSecure , F. Impact on Throughput
whenever a parent node receives DAO messages greater than It can be observed from the results shown in Fig. 6 that
threshold value, the parent node will block the DAO sender RP LSecure is able to improve the throughout (data packet
node and discard the further received DAOs from that node. bits delivered) of the network which is decreased due to effect
RP LSecure is able to improve the network performance and of attack (RP LUnderAttack ). The proposed solution reduces
reduces the impact of attack. The effectiveness of proposed the effect of DAO insider attack and therefore the number
solution is clearly visible from the values achieved in case of data packets successfully delivered are increases which
of RP LSecure as shown in the Fig. 4. consequently increases throughput of the network.
RPL

RPL
RPL
Under Attack

RPL 80 RPLUnder Attack


Secure

1.0
RPLSecure
0.9

0.8
Packet Delivery Ratio

0.7 60

0.6
Throughput (bps)

0.5

0.4
40
0.3

0.2

0.1

0.0 20
1 2 4 8

Replay Interval (seconds)

0
Fig. 4. PDR values obtained in different scenarios 1 2 4 8

Fig. 6. ThroughputReplay
values Interval
obtained(seconds)
in different scenarios
E. Impact on AE2ED
The impact of AE2ED in different scenarios (RP L, G. Implementation Overhead
RP LUnderAttack , RP LSecure ) is indicated in Fig. 5. It can Fig. 7 shows the memory requirements of proposed de-
be observed that AE2ED is severely affected under attack fense solution. The proposed solution requires very little
amount of memory hence it becomes a lightweight defense R EFERENCES
solution. The standard Z1 motes have 92 KB of ROM, and [1] K. Ashton et al., “That ‘internet of things’ thing,” RFID journal,
8 KB of RAM. Fig. 7 shows that Contiki with our proposed vol. 22, no. 7, pp. 97–114, 2009.
solution implemented on it easily fits into Z1 motes without [2] P. Sethi and S. R. Sarangi, “Internet of things: architectures, protocols,
and applications,” Journal of Electrical and Computer Engineering,
imposing significant overhead. Thus, the implementation vol. 2017, 2017.
overhead of proposed solution makes it lightweight solution. [3] J. V. Sobral, J. J. Rodrigues, R. A. Rabêlo, J. Al-Muhtadi, and
V. Korotaev, “Routing protocols for low power and lossy networks
in internet of things applications,” Sensors, vol. 19, no. 9, p. 2144,
2019.
ROM

RAM
[4] R. Alexander, A. Brandt, J. Vasseur, J. Hui, K. Pister, P. Thubert,
100
P. Levis, R. Struik, R. Kelsey, and T. Winter, “RPL: IPv6 Routing
Protocol for Low-Power and Lossy Networks,” RFC 6550, Mar. 2012.
80
[Online]. Available: https://rfc-editor.org/rfc/rfc6550.txt
[5] O. Gaddour and A. Koubâa, “RPL in a nutshell: A survey,” Computer
Memory size in Kilobytes (kB)

Networks, vol. 56, no. 14, pp. 3163–3178, 2012.


60
[6] H. Lamaazi and N. Benamar, “A comprehensive survey on enhance-
ments and limitations of the RPL protocol: A focus on the objective
function,” Ad Hoc Networks, vol. 96, p. 102001, 2020.
40 [7] P. Levis, T. Clausen, J. Hui, O. Gnawali, and J. Ko, “The trickle
algorithm,” Internet Engineering Task Force, RFC6206, pp. 1–13,
2011.
20 [8] M. Sheibani, B. Barekatein, and E. Arvan, “A lightweight distributed
detection algorithm for ddao attack on rpl routing protocol in internet
of things,” Pervasive and Mobile Computing, p. 101525, 2022.
0
[9] S. Raza, L. Wallgren, and T. Voigt, “SVELTE: Real-time intrusion
Standard Z1 Node IDS-Z1 node IDS-Z1 6BR
detection in the Internet of Things,” Ad hoc networks, vol. 11, no. 8,
pp. 2661–2674, 2013.
Fig. 7. Memory requirements of proposed solution [10] A. Verma and V. Ranga, “Security of RPL based 6LoWPAN Networks
in the Internet of Things: A Review,” IEEE Sensors Journal, vol. 20,
no. 11, pp. 5666–5690, 2020.
[11] A. Mayzaud, R. Badonnel, and I. Chrisment, “A distributed monitoring
H. Time complexity of Proposed Approach strategy for detecting version number attacks in RPL-based networks,”
IEEE transactions on network and service management, vol. 14, no. 2,
• The time complexity of the INITIALIZATION proce- pp. 472–486, 2017.
[12] P. Ioulianou, V. Vasilakis, I. Moscholios, and M. Logothetis, “A
dure is O(1) as it defines the neighbor and blacklist signature-based intrusion detection system for the Internet of Things,”
table. Information and Communication Technology Form, 2018.
• ON DAO Receive procedure explores the blacklist ta- [13] S. Cakir, S. Toklu, and N. Yalcin, “Rpl attack detection and prevention
in the internet of things networks using a gru based deep learning,”
ble to determine whether unauthorized senders are al- IEEE Access, vol. 8, pp. 183 678–183 689, 2020.
ready blacklisted or not. If the size of the blacklist [14] B. Ghaleb, A. Al-Dubai, E. Ekonomou, M. Qasem, I. Romdhani, and
table is Bt and unauthorized senders are present in L. Mackenzie, “Addressing the DAO insider attack in RPL’s Internet
of Things networks,” IEEE Communications Letters, vol. 23, no. 1,
the blacklist table, then the time taken to explore the pp. 68–71, 2018.
entire blacklist table will be O(Bt ). The neighbor table [15] A. Verma and V. Ranga, “Mitigation of DIS flooding attacks in RPL-
is explored to discover the unauthorized senders if the based 6LoWPAN networks,” Transactions on emerging telecommuni-
cations technologies, vol. 31, no. 2, p. e3802, 2020.
senders are not present in the blacklist table. After [16] B. Farzaneh, M. A. Montazeri, and S. Jamali, “An anomaly-based
identifying the unauthorized senders, it is added to ids for detecting attacks in rpl-based internet of things,” in 2019 5th
the blacklist table. If the size of the neighbor table International Conference on Web Research (ICWR), 2019, pp. 61–66.
[17] D. Airehrour, J. A. Gutierrez, and S. K. Ray, “SecTrust-RPL: A
is Nt , then the time complexity to discover and add secure trust-aware RPL routing protocol for Internet of Things,” Future
an unauthorized sender to the blacklist table will be Generation Computer Systems, vol. 93, pp. 860–876, 2019.
O(Bt ) + O(Nt ) because the neighbor table is explored [18] H. B. Patel and D. C. Jinwala, “Blackhole detection in 6LoWPAN
based internet of things: an anomaly based approach,” in TENCON
after examining the entire blacklist table. 2019-2019 IEEE Region 10 Conference (TENCON). IEEE, 2019, pp.
The time complexity of the proposed approach will be 947–954.
[19] G. Guo, “A Lightweight Countermeasure to DIS Attack in RPL
O(Bt ) + O(Nt ) + O(1), i.e., O(Bt ) + O(Nt ), since the Routing Protocol,” in 2021 IEEE 11th Annual Computing and Com-
time taken by the initialization procedure is O(1), and munication Workshop and Conference (CCWC). IEEE, 2021, pp.
ON DAO Receive procedure is O(Bt ) + O(Nt ). 0753–0758.
[20] A. Dunkels, B. Gronvall, and T. Voigt, “Contiki-a lightweight and
flexible operating system for tiny networked sensors,” in 29th annual
VII. C ONCLUSION AND F UTURE S COPE IEEE international conference on local computer networks. IEEE,
2004, pp. 455–462.
[21] F. Osterlind, A. Dunkels, J. Eriksson, N. Finne, and T. Voigt, “Cross-
In this paper, we have proposed a lightweight defense level sensor network simulation with cooja,” in Proceedings. 2006 31st
solution to address DAO Insider attacks in LLNs. The exper- IEEE conference on local computer networks. IEEE, 2006, pp. 641–
imental results indicate that our proposed solution effectively 648.
detects and mitigates the attack while taking care of the
resource nature of LLN nodes. In future, we aim to test
our proposed approach in dynamic network scenarios and
perform tested experiments.

You might also like