Addressing DAO Insider Attacks in IPv6-Based

Low-Power and Lossy Networks

Sachin Kumar Verma Abhishek Verma* Avinash Chandra Pandey
Department of CSE Department of CSE Department of CSE
PDPM IIITDM Jabalpur, India PDPM IIITDM Jabalpur, India PDPM IIITDM Jabalpur, India
[email protected] [email protected] [email protected]

Abstract—Low-Power and Lossy Networks (LLNs) run on

resource-constrained devices and play a key role in many
Industrial Internet of Things and Cyber-Physical Systems based
arXiv:2303.00260v1 [cs.CR] 1 Mar 2023

applications. But, achieving an energy-efficient routing in LLNs

is a major challenge nowadays. This challenge is addressed by
Routing Protocol for Low-power Lossy Networks (RPL), which
is specified in RFC 6550 as a “Proposed Standard” at present.
In RPL, a client node uses Destination Advertisement Object
(DAO) control messages to pass on the destination information
towards the root node. An attacker may exploit the DAO
sending mechanism of RPL to perform a DAO Insider attack
in LLNs. In this paper, it is shown that an aggressive attacker
can drastically degrade the network performance. To address
DAO Insider attack, a lightweight defense solution is proposed.
The proposed solution uses an early blacklisting strategy to
significantly mitigate the attack and restore RPL performance. Fig. 1. Routing attacks against RPL protocol
The proposed solution is implemented and tested on Cooja
Simulator.
Index Terms—IoT, LLNs, IDS, 6LoWPAN, DAO Insider [4]. Although RPL solves major problems faced by LLNs,
Attack, RPL.
there are some LLNs characteristics(i.e., self-healing, self-
I. I NTRODUCTION organization, and resource-constrained behavior of nodes)
which expose RPL to various outsider and insider attacks.
The IoT [1] has a large number of applications which
Theses attacks may compromise user’s privacy and security
make human life better. IoT applications like smart grid,
and limit the growth of IoT drastically. RPL has many
smart healthcare, and smart agriculture require an infras-
discovered and undiscovered vulnerabilities which may be
tructure which has minimum implementation cost [2] and
exploited by the attackers to compromise the network. An
also supports longer operation time. LLNs are the best for
attacker may compromise resource-constrained devices and
such applications as LLNs provide and infrastructure with a
reprogram them to exploit vulnerable RPL features to disrupt
minimum implementation cost [3] and has longer operation
the normal working of other legitimate nodes. In this manner,
time. In LLNs, there are various security and privacy risks
the attacker can continuously degrade the network’s overall
that may put user’s security and privacy at risk. For example,
performance. Fig. 1 indicates various attacks (WSN based
auto-configuration, vulnerabilities of supporting devices and
and RPL specific) that can be performed on RPL based LLNs.
wireless communication may be explored by an attacker to
Many of the attacks on RPL are very difficult to detect and
access the confidential or private information of the users’. In
mitigate. Fig. 1 shows some of the the most common attacks
addition, an attacker may target LLNs with Denial-of-Service
against RPL protocol.
attack and disturb the network’s performance. To achieve
One of the catastrophic attacks against RPL is known as
minimum implementation cost and longer operation time,
DAO Insider attack. In this an attacker node can disrupt
resource-constrained nodes are utilized . These nodes have
the network’s performance by continuously sending DAO
very limited processing, storage, communication, and energy
messages to its preferred parent node. As RPL does not
source capabilities. LLNs require an energy-efficient routing
has any inbuilt functionality to identify illegitimate control
protocol for network layer for supporting longer operation
packets, therefore it becomes victim of such attack. To secure
time. To address the problem of achieving energy-efficient
the network from DAO insider attacks, an Intrusion Detection
routing in LLNs the IETF’s Routing Over Low power
System (IDS) is required. IDS may help RPL to detect the
and Lossy networks i.e. RoLL working group proposed a
attack and mitigate it. Our contributions are summarized
standard the RPL protocol. RPL is specified in RFC 6550
below:
1) A defense solution to address the DAO insider attack
978-1-6654-6658-5/22/$31.00 ©2022 IEEE is proposed.
 2) The effectiveness of our proposed solution is analyzed
on the Cooja simulator.
Further the paper is structured as follows. Section II
overview’s the RPL protocol. Section III discusses the DAO
Insider attack. Related works are discussed in Section IV.
Our proposed defense solution is described in Section V.
Performance evaluation of the proposed solution is depicted
in Section VI. Lastly, the Section VII concludes the paper
and indicates the future work.
II. OVERVIEW OF RPL PROTOCOL
RPL is a proactive routing protocol based on distance
vectors and source routing concepts. RPL is specified as a
“Proposed Standard” in RPL 6550 [4]. RPL is considered as
an energy-efficient protocol because it requires less energy
to create and maintain network topology [5]. It uses distance
vector protocol for routing. RPL runs on top of IEEE
802.15.4 MAC. RPL forms Destination Oriented Directed
Acyclic Graph (DODAG) based topology over LLN devices.
DODAG is loop-free and tree-like structure in which root
node is assumed as the destination for all the nodes. The
network may be running several DODAGs at the particu-
lar instance of time which together are unidentified as an
RPLInstance. RPLInstance is identified by a unique IPv6
address, i.e., RPLInstanceID. In RPL, multiple RPLInstance
may be concurrently at the same time to support various
services. Each LLN node is assigned a rank value which is
a 16-bit integer and indicates the node’s position relative to
DODAG root node. RPL protocol defines a very strict rank
rule. According to this rule, the rank of a nodes increases in
a downward direction and decreases in an upward direction
towards DODAG root. The concept of rank is used for
following reasons:
• To recover the broken links.
• To differentiate between siblings and parents.
• To detect and resolve the routing loops.
• To create a relationship between parent and child.
RPL supports four types of control messages, i.e., DODAG
Information Solicitation (DIS), DODAG Information Object
(DIO), Destination Advertisement Object (DAO), and Desti-
nation Advertisement Object Acknowledgment (DAO-ACK).
RF defines Objective Function (OF) for rank calculation [6].
OF is used to select optimal parent that that has shortest path
towards DODAG root node. To reduce the number of control
messages transmission RPL uses “Trickle timer” concept [7].
III. DAO I NSIDER ATTACK
To enable bi-directional communication, RPL uses DAO
control messages. DAO messages are used to create down-
ward paths so that DODAG root can route packets destined
towards leaf nodes. DAOs are forwarded by each intermedi-
ate node that lies along the path between child node and
DODAG root. Unicast DAO-ACK message is sent by a
DAO Recipients that lie along the path. The standard RPL
specification has not provided any information on when and
how often these DAO messages must be transmitted. That
is why different RPL implementations (i.e., ContikiRPL,
OpenWSN, RIOT, Contiki-NG, OMNeT++, NetSim) choose
different mechanisms to control DAO transmission rate. We
have considered the most widely used RPL implementation,
i.e., ContikiRPL in this paper. In ContikiRPL, DAO messages
are transmitted using Trickle Timer. In RPL, DAO messages
are unicast by the child node to parent node basically on
three occasions:
1) When a node receives DIO message from a parent
node.
2) When a node changes its preferred parent.
3) When a node detects some routing error.
An important point related to DAO messages is that when
a child node sends a DAO message with DODAG root as
a destination, in response to a single DAO transmission
multiple DAO messages are generated by intermediate nodes
that are present along the path. Consider a path from child
node to root node that consists of n intermediate nodes,
then the total number of DAO messages that are transmitted
along the path is equal to n, as shown in Fig. 2. An
attacker node may exploit this feature to disrupt the normal
network’s performance by simply transmitting malformed or
eavesdropped DAO message frequently to its preferred parent
node. The best case scenario for an attacker will be to launch
the attack from the edge of the network as this will increase
the control packet overhead in terms of DAO messages.
DAO Insider attack significantly decreases the PDR (packet
delivery ratio), increases AE2ED (average en-to-end delay)
and avearge power consumption of the network. There are
multiple ways to launch the DAO Insider attack. One way
is to is send malformed DAO packets to the root node (i.e.,
insider attack). Another way is to transmit an eavesdropped
DAO captured from legitimate node (i.e., outsider attack).
In Fig. 2 it is shown that the attacker with Node Id 10 is
repeatedly transmitting the DAO message to the preferred
parent node, i.e., Node Id 7. All intermediate nodes forward
the DAO message to their parent until it received by the root
node.
IV. R ELATED W ORK
Sheibani et al. [8] proposed an algorithm for mitigating
Dropped DAO (DDAO) attack. They used a watchdog ap-
proach to monitor the forwarding behaviour of its parent.
Raza et al. [9] suggested a real-time IDS called SVELTE
which is based on Contiki platform. SVELTE detects three
types of attacks, i.e., Sinkhole, Selective Forwarding, and
Spoofing. It uses three different procedures to detect attack
in real-time: (1) collects traffic information, (2) identifies in-
trusion, (3) provides a small distributed firewall for blocking
illegitimate traffic coming from outsider networks. Verma et
al. [10] carried out a detailed survey on various existing at-
tacks and countermeasures for RPL. Mayzaud et al. [11] pro-
posed a distributed monitoring algorithm to secure RPL from
version number attacks. In [12], the focused on designing
an IDS to protect the network from outsider attackers. They
proposed a signature-based intrusion detection approach to
secure the network from version number modification and
“Hello” flooding attacks. In [13], an attack classification
 Fig. 2. An illustration of DAO Insider Attack
model based on Gated Recurrent Unit network is developed
for identification of “Hello Flooding” attack. Ghaleb et al.
[14] proposed and addressed the DAO Insider attack. The
authors implemented a defense mechanism named SecRPL
to secure the LLNs. Verma et al. [15] proposed a lightweight
security scheme for the defending RPL against DIS flooding
attacks. They analyzed the network and put a safety threshold
on the RPL protocol. In this [16] paper Farzaneh et al.
proposed an anomaly based IDS based on threshold values
for detection of attacks in RPL. Ariehrour et al. [17] proposed
SecTrust-RPL solution to secure RPL against Sybil and rank
attacks. AN IDS named SIEWE is proposed by Patel et
al. by Patel et al. [18]. In [19], the authors proposed a
lightweight mechanism that adjusts thresholds value to detect
and mitigate DIS attacks. From the literature, we identified
that various RPL based attacks have been countered using
different types of security solutions. As far as the literature
is concerned there is only one solution for defending DAO
Insider attacks [14], this leave a lot of scope. In this paper
we have addressed DAO Insider attack using Blacklisting
technique.
V. P ROPOSED S OLUTION
The proposed defense solution is based on the idea of
analyzing node’s behavior to identify whether it is legitimate
or illegitimate. We performed multiple experiments consid-
ering different non-attack and attack scenarios to analyze
the illegitimate node behavior. The behavior of the node is
analyzed in form of the number of DAO messages being
transmitted and received by the nodes across the network.
With a detailed analysis, we come to a conclusion that each
node in RPL based LLNs receives and transmits similar
number of DAOs messages in the network under non-attack
scenarios. Whereas, in case of attack, victim node receives
large amount of DAOs from a malicious node as compared
to neighbor legitimate nodes. To address DAO Insider attack,
we proposed a defense solution that puts limits on the the
number of DAOs messages sent by any child node. The
key idea is to distinguish between original attacker node
and victim node in order to minimize false positives. The
proposed solution is based on distributed detection strategy
in which every individual node maintains two tables, i.e.,
a neighbor table for storing information about neighbors,
a blacklist table to store information about blacklisted or
attacker nodes. The usage of blacklist table helps in energy
saving because attack is mitigated quickly without additional
processing of illegitimate DAO packet. A threshold, i.e.,
DAO recv threshold is used to put a cap on the maximum
allowed DAO transmissions by any child node. The value of
DAO recv threshold is chosen based on the analysis of mul-
tiple non-attack scenarios. The detection algorithm starts with
the initialization of DAO recv threshold, Neighbor Table,
and Blacklist Table. The parent node, upon receiving a
DAO message from a child node or DAO sender checks
whether the DAO sender’s address is already present in the
Blacklist Table or not. If DAO sender’s address matches with
any blacklisted node’s address, this means that parent had
already detected that DAO sender as an attacker node earlier,
and it simply discards received DAO message without any
further processing. This not only saves energy of nodes but
also helps in quick mitigation of attack. In case the DAO
sender’s address is not present in Blacklist Table, then the
algorithm starts checking the Neighbor Table to find out the
DAO sender’s address. If DAO sender’s address is not present
in the Neighbor Table, then it means that DAO sender is a
new child node which has sent the DAO message first time.
Then, a new node entry in the Neighbor Table is created and
DAO sender’s information is added to the Neighbor Table.
In this case the Neighbor Table stores three values:
1) DAO sender address(Node[source id])
2) Child’s Global address or
DAO Prefix(Node[global id])
3) Child’s DAO counter
Based on these entries, the detection algorithm decides
whether a DAO sender node is an attacker or not. It is
important to note that whenever a node generates a DAO
message, it also transfers the global ID in the DAO message.
In RPL, DAO sender’s global ID is represented as the DAO
prefix. In our solution, we use the DAO prefix to increment
the DAO counter value (i.e., DAO count). Whenever any
parent node receives a DAO message from its child node
there are two cases which are handled differently. In first
case, if DAO sender or child is the DAO originator (i.e.,
DAO Prefix equals child’s global id), then DAO count value
corresponding to that child node is incremented, and the DAO
message is forwarded. In second case, when the child is
not the DAO originator (i.e., DAO Prefix not equals child’s
global id), the value of DAO count is not incremented, and
DAO message is forwarded to the preferred parent. With this
approach, the algorithm detects attacker node present in the Fig. 3. Simulation Parameters
network without blacklisting legitimate nodes. If any node
is sending a lot of DAO message, then the parent of that
child node will increment the DAO Counter corresponding tem for resource constrained nodes. The popular ContikiRPL
to that child node. After reaching the DAO recv threshold, is modified and the proposed solution is integrated with it.
the parent blocks the abnormally behaving child and add its The performance of the proposed solution is evaluated on
information in the Blacklist Table (i.e., blacklisting). The Cooja simulator [21]. Further part of this section provides
main benefit of this approach is that it does not involve the details of experimental setup, performance indicators, and
usage of any resource consuming methods like encryption, experimental results.
decryption, hashing, or key management. The detection logic
simply puts thresholds of RPL parameters which makes A. Experimental Setup
it lightweight and suitable for LLNs. Pseudocode of the
proposed solution is depicted in Algorithm 1. The proposed solution is implemented by modifying the
core files of ContikiRPL. We performed the experiments for
Algorithm 1 Pseudocode of proposed solution evaluation of proposed solution on Cooja Simulator. Z1 mote
1: procedure I NITIALIZATION platform is used for running Contiki. The simulation param-
2: set DAO recv threshold eters mentioned in Fig 3 are considered for experiments.
3: create empty Neighbor Table ⊲ To create a neighbor table In all the experiments, the Unit Disk Graph Radio Medium
on node start
4: create empty Blacklist Table ⊲ To create a blacklist table (UDGM) is considered. To mount the DAO insider attack, an
on node start attacker node can compromise the legitimate node and repro-
5: end procedure grammed it to capture the DAO message and then transmit
6: procedure O N DAO R ECEIVE the captured DAO message in a fixed time of interval. The
7: if (DAO sender address is present in Blacklist Table) then DAO attack is launched after receiving a DIO message from
8: return ⊲ In case the sender node was already
blacklisted any parent node. The detection approach of the proposed
9: end if solution is activated upon network initialization. The mean
10: for Each Node in Neighbor Table do values of PDR and AE2ED have been used for analysis
11: if (DAO sender address equals Node.source id) then to eliminate the effect the biased results. We performed 10
12: if (DAO Prefix equals Node.global id) then independent experiments with different random seed values
13: if (Node.DAO count is less than
DAO recv threshold) then and computed the errors at a 95 percent confidence interval.
14: Node.DAO count++
15: Forward DAO to preferred parent B. Performance Indicators
16: else
17: Add DAO sender in Blacklist Table 1) Packet Delivery Ratio (PDR): Represents ratio of the
18: end if total amount of data packets received to the total
19: else
amount of data packets sent by any node to the
20: Forward DAO to preferred parent
21: end if DODAG root node.
22: else 2) Average End-to-End Delay (AE2ED): The average
23: Add new DAO sender’s information in Neigh- time taken to deliver all the data packet from source
bor Table to DODAG node.
24: end if 3) Throughput: It indicates the amount of data moved
25: end for
26: end procedure successfully from sender to receiver in a given period
of time. It is expressed in terms of bits per second
(bps).
VI. P ERFORMANCE E VALUATION 4) Implementation Overhead: It represents total RAM and
We implemented our proposed defense solution in Contiki ROM usage by the proposed solution over resource
[20] which is one of the widely used embedded operating sys- constraints nodes.
C. Simulation Results
We have considered three cases for making comparisons,
i.e., RP L, RP LUnderAttack , and RP LSecure . Where, RP L
represents standard RPL without defense mechanism imple-
mented on it, RP LUnderAttack is the scenario in which
standard RP L is under attack, and RP LSecure represents
the secure version of standard RP L which has our defense
solution incorporated in it. In this section, the simulation
results are discussed.
D. Impact on PDR
Fig. 4 represents the impact of PDR on RP L,
RP LUnderAttack , RP LSecure . It has been observed from
scenario as compared to RP L. The reason is that the parent
node receives a lot of DAO messages from the attacker node
and this keeps them busy. Busy parent nodes take a lot of time
to process data packets, therefore AE2ED increases. Like,
PDR results in this case also, it can also be analyzed that
the aggressive DAO attacker have major impact on AE2ED
of the network as compared to non-aggressive attackers .
Our proposed solution (RP LSecure ) is able to decrease the
impact of attack and this is clearly visible in Fig. 5. This
is because the proposed solution discards malicious DAOs,
which consequently reduces processing time of data packets.
RPL

RPL
the figure that the attacker lowers the network’s performance. 3.5

RPL
Under Attack

Secure

Under RP LUnderAttack scenario, the attacker node is pro- 3.0

Average End-to-End Delay (seconds)

grammed to transmit a large number of DAO messages to 2.5

the preferred parent node. The attacker node increases the

control packet overhead of the network. upon receiving a 2.0

DAO message a parent must processes all DAOs and sends 1.5

acknowledgement in DAO-ACK message to the DAO sender

1.0

node. In RP LUnderAttack case the processing overhead

increases drastically which consequently leads to data packet 0.5

loss. Fig. 4 clearly indicates how the PDR is affected in 0.0

RP LUnderAttack scenario. Moreover, it can also be analyzed 1 2 4 8

Replay Interval (seconds)

that the aggressive DAO attacker (i.e., attacker sending DAO

at 1, 2 second replay interval) have high impact on PDR as
compared to non-aggressive attackers ((i.e., attacker sending
DAO at 4, 8 second replay interval)). In case of RP LSecure ,
whenever a parent node receives DAO messages greater than
threshold value, the parent node will block the DAO sender
node and discard the further received DAOs from that node.
RP LSecure is able to improve the network performance and
reduces the impact of attack. The effectiveness of proposed
solution is clearly visible from the values achieved in case
of RP LSecure as shown in the Fig. 4.
RPL
Fig. 5. AE2ED values obtained in different scenarios
F. Impact on Throughput
It can be observed from the results shown in Fig. 6 that
RP LSecure is able to improve the throughout (data packet
bits delivered) of the network which is decreased due to effect
of attack (RP LUnderAttack ). The proposed solution reduces
the effect of DAO insider attack and therefore the number
of data packets successfully delivered are increases which
consequently increases throughput of the network.

RPL
RPL
Under Attack

RPL 80 RPLUnder Attack

Secure

1.0
RPLSecure
0.9

0.8
Packet Delivery Ratio

0.7 60

0.6
Throughput (bps)

0.5

0.4
40
0.3

0.2

0.1

0.0 20
1 2 4 8

Replay Interval (seconds)

0
Fig. 4. PDR values obtained in different scenarios 1 2 4 8

Fig. 6. ThroughputReplay
values Interval
obtained(seconds)
in different scenarios
E. Impact on AE2ED
The impact of AE2ED in different scenarios (RP L, G. Implementation Overhead
RP LUnderAttack , RP LSecure ) is indicated in Fig. 5. It can Fig. 7 shows the memory requirements of proposed de-
be observed that AE2ED is severely affected under attack fense solution. The proposed solution requires very little
amount of memory hence it becomes a lightweight defense
solution. The standard Z1 motes have 92 KB of ROM, and
8 KB of RAM. Fig. 7 shows that Contiki with our proposed
solution implemented on it easily fits into Z1 motes without
imposing significant overhead. Thus, the implementation
overhead of proposed solution makes it lightweight solution.
100
80
Memory size in Kilobytes (kB)
60
40
20
0
Standard Z1 Node
Fig. 7. Memory requirements of proposed solution
H. Time complexity of Proposed Approach
• The time complexity of the INITIALIZATION proce-
dure is O(1) as it defines the neighbor and blacklist
table.
• ON DAO Receive procedure explores the blacklist ta-
ble to determine whether unauthorized senders are al-
ready blacklisted or not. If the size of the blacklist
table is Bt and unauthorized senders are present in
the blacklist table, then the time taken to explore the
entire blacklist table will be O(Bt ). The neighbor table
is explored to discover the unauthorized senders if the
senders are not present in the blacklist table. After
identifying the unauthorized senders, it is added to
the blacklist table. If the size of the neighbor table
is Nt , then the time complexity to discover and add
an unauthorized sender to the blacklist table will be
O(Bt ) + O(Nt ) because the neighbor table is explored
after examining the entire blacklist table.
The time complexity of the proposed approach will be
O(Bt ) + O(Nt ) + O(1), i.e., O(Bt ) + O(Nt ), since the
time taken by the initialization procedure is O(1), and
ON DAO Receive procedure is O(Bt ) + O(Nt ).
VII. C ONCLUSION
In this paper, we have proposed a lightweight defense
solution to address DAO Insider attacks in LLNs. The exper-
imental results indicate that our proposed solution effectively
detects and mitigates the attack while taking care of the
resource nature of LLN nodes. In future, we aim to test
our proposed approach in dynamic network scenarios and
perform tested experiments.
R EFERENCES
[1] K. Ashton et al., “That ‘internet of things’ thing,” RFID journal,
vol. 22, no. 7, pp. 97–114, 2009.
[2] P. Sethi and S. R. Sarangi, “Internet of things: architectures, protocols,
and applications,” Journal of Electrical and Computer Engineering,
vol. 2017, 2017.
[3] J. V. Sobral, J. J. Rodrigues, R. A. Rabêlo, J. Al-Muhtadi, and
V. Korotaev, “Routing protocols for low power and lossy networks
in internet of things applications,” Sensors, vol. 19, no. 9, p. 2144,
2019.
ROM
RAM
[4] R. Alexander, A. Brandt, J. Vasseur, J. Hui, K. Pister, P. Thubert,
P. Levis, R. Struik, R. Kelsey, and T. Winter, “RPL: IPv6 Routing
Protocol for Low-Power and Lossy Networks,” RFC 6550, Mar. 2012.
[Online]. Available: https://rfc-editor.org/rfc/rfc6550.txt
[5] O. Gaddour and A. Koubâa, “RPL in a nutshell: A survey,” Computer
Networks, vol. 56, no. 14, pp. 3163–3178, 2012.
[6] H. Lamaazi and N. Benamar, “A comprehensive survey on enhance-
ments and limitations of the RPL protocol: A focus on the objective
function,” Ad Hoc Networks, vol. 96, p. 102001, 2020.
[7] P. Levis, T. Clausen, J. Hui, O. Gnawali, and J. Ko, “The trickle
algorithm,” Internet Engineering Task Force, RFC6206, pp. 1–13,
2011.
[8] M. Sheibani, B. Barekatein, and E. Arvan, “A lightweight distributed
detection algorithm for ddao attack on rpl routing protocol in internet
of things,” Pervasive and Mobile Computing, p. 101525, 2022.
[9] S. Raza, L. Wallgren, and T. Voigt, “SVELTE: Real-time intrusion
IDS-Z1 node IDS-Z1 6BR
detection in the Internet of Things,” Ad hoc networks, vol. 11, no. 8,
pp. 2661–2674, 2013.
[10] A. Verma and V. Ranga, “Security of RPL based 6LoWPAN Networks
in the Internet of Things: A Review,” IEEE Sensors Journal, vol. 20,
no. 11, pp. 5666–5690, 2020.
[11] A. Mayzaud, R. Badonnel, and I. Chrisment, “A distributed monitoring
strategy for detecting version number attacks in RPL-based networks,”
IEEE transactions on network and service management, vol. 14, no. 2,
pp. 472–486, 2017.
[12] P. Ioulianou, V. Vasilakis, I. Moscholios, and M. Logothetis, “A
signature-based intrusion detection system for the Internet of Things,”
Information and Communication Technology Form, 2018.
[13] S. Cakir, S. Toklu, and N. Yalcin, “Rpl attack detection and prevention
in the internet of things networks using a gru based deep learning,”
IEEE Access, vol. 8, pp. 183 678–183 689, 2020.
[14] B. Ghaleb, A. Al-Dubai, E. Ekonomou, M. Qasem, I. Romdhani, and
L. Mackenzie, “Addressing the DAO insider attack in RPL’s Internet
of Things networks,” IEEE Communications Letters, vol. 23, no. 1,
pp. 68–71, 2018.
[15] A. Verma and V. Ranga, “Mitigation of DIS flooding attacks in RPL-
based 6LoWPAN networks,” Transactions on emerging telecommuni-
cations technologies, vol. 31, no. 2, p. e3802, 2020.
[16] B. Farzaneh, M. A. Montazeri, and S. Jamali, “An anomaly-based
ids for detecting attacks in rpl-based internet of things,” in 2019 5th
International Conference on Web Research (ICWR), 2019, pp. 61–66.
[17] D. Airehrour, J. A. Gutierrez, and S. K. Ray, “SecTrust-RPL: A
secure trust-aware RPL routing protocol for Internet of Things,” Future
Generation Computer Systems, vol. 93, pp. 860–876, 2019.
[18] H. B. Patel and D. C. Jinwala, “Blackhole detection in 6LoWPAN
based internet of things: an anomaly based approach,” in TENCON
2019-2019 IEEE Region 10 Conference (TENCON). IEEE, 2019, pp.
947–954.
[19] G. Guo, “A Lightweight Countermeasure to DIS Attack in RPL
Routing Protocol,” in 2021 IEEE 11th Annual Computing and Com-
munication Workshop and Conference (CCWC). IEEE, 2021, pp.
0753–0758.
[20] A. Dunkels, B. Gronvall, and T. Voigt, “Contiki-a lightweight and
flexible operating system for tiny networked sensors,” in 29th annual
AND F UTURE S COPE IEEE international conference on local computer networks. IEEE,
2004, pp. 455–462.
[21] F. Osterlind, A. Dunkels, J. Eriksson, N. Finne, and T. Voigt, “Cross-
level sensor network simulation with cooja,” in Proceedings. 2006 31st
IEEE conference on local computer networks. IEEE, 2006, pp. 641–
648.