Skip to main content
SpringerLink
Log in

A Lightweight Cooperative Intrusion Detection System for RPL-based IoT

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The successful deployment of an Intrusion Detection System (IDS) in the Internet of Things (IoT) is subject to two primary criteria: the detection method and the deployment strategy. IDS schemes should take into account that IoT devices often have limited resources. Thus, IDS should be limited in devices’ memory and power usage. In this paper, we design, implement, and evaluate an effective cross-layer lightweight IDS scheme for the IoT (RPL-IDS). The proposed IDS scheme cooperates with the RPL routing protocol using its selected parents as distributed agents. A lightweight artificial neural network (ANN) model is deployed in these agents to detect malicious traffic and collaborates with a centralized system. According to the topology built by the Routing Protocol for Low-Power and Lossy Networks (RPL), these agents are automatically selected, i.e., the routers (parents) of the topology are chosen to act as IDS agents. We implemented RPL-IDS using the Contiki operating system and then comprehensively evaluated it with the Cooja simulator. Experimental results indicate that RPL-IDS is lightweight and can be deployed on devices with limited resources. Most state-of-the-art IDS schemes do not consider the limitation of resources of IoT devices, making them impractical for deployment in many IoT applications. Furthermore, the proposed RPL-IDS demonstrated one of the highest detection rates in the literature while incurring an insignificant energy overload, allowing for scalability in large-scale networks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Algorithm 1
Algorithm 2
Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data Availibility

The datasets are available from the corresponding author on reasonable request.

Code Availability

Not applicable.

References

  1. Meng, W., Li, W., & Kwok, L. F. (2014). EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Computers & Security, 43, 189–204.

    Article  Google Scholar 

  2. Elazhary, H. (2019). Internet of Things (IoT), mobile cloud, cloudlet, mobile IoT, IoT cloud, fog, mobile edge, and edge emerging computing paradigms: Disambiguation and research directions. Journal of Network and Computer Applications, 128, 105–140.

    Article  Google Scholar 

  3. Azzaoui, H., Boukhamla, A. Z. E., Arroyo, D., & Bensayah, A. (2022). Devel-oping new deep-learning model to enhance network intrusion classification. Evolving Systems, 13, 17–25.

    Article  Google Scholar 

  4. Tahsien, S. M., Karimipour, H., & Spachos, P. (2020). Machine learning based solutions for security of Internet of Things (IoT): A survey. Journal of Network and Computer Applications, 161, 102630.

    Article  Google Scholar 

  5. Nguyen, H. T., Ngo, Q. D., Nguyen, D. H., & Le, V. H. (2020). PSI-rooted subgraph: A novel feature for IoT botnet detection using classifier algorithms. ICT Express., 6(2), 128–138.

    Article  Google Scholar 

  6. Azzaoui, H., & Boukhamla, A. (2020). Two-stages intrusion detec-tion system based on hybrid methods. In Proceedings of the 10th international conference on information systems and technologies (pp. 1–7).

  7. Kumar, S., Andersen, M. P., Kim, H. S., & Culler, D. E. (2020). Performant TCP for low-power wireless networks. In 17th USENIX symposium on networked systems design and implementation (NSDI 20) (pp. 911–932).

  8. Kumar, A., Shridhar, M., Swaminathan, S., & Lim, T. J. (2022). Machine learning-based early detection of IoT botnets using network-edge traffic. Computers & Security, 117, 102693.

    Article  Google Scholar 

  9. da Silva, T. B., Chaib, R. S., Cerqueira, A., Righi, R. D. R., & Alberti, A. M. (2021). Towards Future Internet of Things Experimentation and Evaluation. IEEE Internet of Things Journal., 9(11), 8469–8484.

    Article  Google Scholar 

  10. Lamaazi, H., & Benamar, N. (2018). OF-EC: A novel energy consumption aware objective function for RPL based on fuzzy logic. Journal of Network and Computer Applications, 117, 42–58.

    Article  Google Scholar 

  11. Shukla, P. (2017). Ml-ids: A machine learning approach to detect wormhole attacks in internet of things. In 2017 intelligent systems conference (IntelliSys) (pp. 234–240). IEEE.

  12. Jun, C., & Chi, C. (2014). Design of complex event-processing ids in internet of things. In 2014 sixth international conference on measuring technology and mechatronics automation (pp. 226–229). IEEE.

  13. Otoum, Y., Liu, D., & Nayak, A. (2019). DL-IDS: a deep learning–based intrusion detection framework for securing IoT. Transactions on Emerging Telecommunications Technologies, 33(3), e3803.

    Article  Google Scholar 

  14. Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P.L., Iorkyase, E., Tach-tatzis, C. & Atkinson, R. (2016). Threat analysis of IoT networks using artificial neural network intrusion detection system. In 2016 Interna-tional symposium on networks, computers and communications (ISNCC) (pp. 1–6). IEEE.

  15. Eskandari, M., Janjua, Z. H., Vecchio, M., & Antonelli, F. (2020). Passban IDS: An intelligent anomaly-based intrusion detection system for IoT edge devices. IEEE Internet of Things Journal, 7(8), 6882–6897.

    Article  Google Scholar 

  16. Alhowaide, A., Alsmadi, I., & Tang, J. (2021). Ensemble detection model for IoT IDS. Internet of Things, 16, 100435.

    Article  Google Scholar 

  17. Le, A., Loo, J., Chai, K. K., & Aiash, M. (2016). A specification-based IDS for detecting attacks on RPL-based network topology. Information, 7(2), 25.

    Article  Google Scholar 

  18. Sforzin, A., M´armol, F. G., Conti, M., & Bohli, J. M. (2016). RPiDS: Raspberry Pi IDS—A fruitful intrusion detection system for IoT. In 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld) (pp. 440–448). IEEE.

  19. Soe, Y. N., Feng, Y., Santosa, P. I., Hartanto, R., & Sakurai, K. (2019). Implementing lightweight IoT-IDS on raspberry Pi using correlation-based feature selection and its performance evaluation. In International Conference on Advanced Information Networking and Applications (pp. 458–469). Springer, Cham.

  20. Mehmood, A., Mukherjee, M., Ahmed, S. H., Song, H., & Malik, K. M. (2018). NBC-MAIDS: Na¨ıve Bayesian classification technique in multi-agent system-enriched IDS for securing IoT against DDoS attacks. The Journal of Supercomputing, 74(10), 5156–5170.

    Article  Google Scholar 

  21. Canbalaban, E., & Sen, S. (2020). A cross-layer intrusion detection system for RPL-based Internet of Things. In International conference on Ad-hoc networks and wireless (pp. 214–227). Springer, Cham.

  22. Aloul, F., Zualkernan, I., Abdalgawad, N., Hussain, L., & Sakhnini, D. (2021). Network intrusion detection on the IoT edge using Adver-sarial autoencoders. In 2021 International conference on information technology (ICIT) (pp. 120–125). IEEE

  23. Nimbalkar, P., & Kshirsagar, D. (2021). Feature selection for intrusion detection system in Internet-of-Things (IoT). ICT Express, 7(2), 177–181.

    Article  Google Scholar 

  24. Mbarek, B., Ge, M., & Pitner, T. (2021). Proactive trust classification for detection of replication attacks in 6LoWPAN-based IoT. Internet of Things, 16, 100442.

    Article  Google Scholar 

  25. Violettas, G., Simoglou, G., Petridou, S., & Mamatas, L. (2021). A Soft-warized intrusion detection system for the RPL-based Internet of Things networks. Future Generation Computer Systems, 125, 698–714.

    Article  Google Scholar 

  26. Sapre, S., Islam, K., & Ahmadi, P. (2021). A comprehensive data sampling analysis applied to the classification of rare IoT network intrusion types. In 2021 IEEE 18th annual consumer communications & networking conference (CCNC) (pp. 1–2). IEEE

  27. Khaldi, Y., & Benzaoui, A. (2020). A new framework for grayscale ear images recognition using generative adversarial networks under uncon-strained conditions. Evolving Systems, 12(4), 1–12.

    Google Scholar 

  28. Khaldi, Y., & Benzaoui, A. (2020). Region of interest synthesis using image-to-image translation for ear recognition. In 2020 international conference on advanced aspects of software engineering (ICAASE) (pp. 1–6). IEEE

  29. Atul, D. J., Kamalraj, R., Ramesh, G., Sankaran, K. S., Sharma, S., & Khasim, S. (2021). A machine learning based IoT for providing an intru-sion detection system for security. Microprocessors and Microsystems, 82, 103741.

    Article  Google Scholar 

  30. Raza, S., Wallgren, L., & Voigt, T. (2013). SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc Networks, 11(8), 2661–2674.

    Article  Google Scholar 

  31. Seo, S. H., Won, J., Sultana, S., & Bertino, E. (2014). Effective key management in dynamic wireless sensor networks. IEEE Transactions on Information Forensics and Security, 10(2), 371–383.

    Google Scholar 

  32. Shreenivas, D., Raza, S., & Voigt, T. (2017). Intrusion detection in the RPL-connected 6LoWPAN networks. In Proceedings of the 3rd ACM international workshop on IoT privacy, trust, and security (pp. 31–38)

  33. Amouri, A., Morgera, S. D., Bencherif, M. A., & Manthena, R. (2018). A cross-layer, anomaly-based IDS for WSN and MANET. Sensors, 18(2), 651.

    Article  Google Scholar 

  34. Pongle, P., & Chavan, G. (2015). Real time intrusion and wormhole attack detection in internet of things. International Journal of Computer Applications, 121(9), 1–9.

    Article  Google Scholar 

  35. Medjek, F., Tandjaoui, D., Djedjig, N., & Romdhani, I. (2021). Multicast DIS attack mitigation in RPL-based IoT-LLNs. Journal of Information Security and Applications, 61, 102939.

    Article  Google Scholar 

  36. Winter, T., Thubert, P., Brandt, A., Hui, J.W., Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, J.P. and Alexander, R.K., 2012. RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. rfc, 6550, pp.1–157.

  37. Iova, O., Picco, P., Istomin, T., & Kiraly, C. (2016). Rpl: The routing standard for the internet of things… or is it? IEEE Communications Magazine, 54(12), 16–22.

    Article  Google Scholar 

  38. Tsvetkov, T., & Klein, A. (2011). RPL: IPv6 routing protocol for low power and lossy networks. Network, 59, 59–66.

    Google Scholar 

  39. Clausen, T., Herberg, U. & Philipp, M. (2011). A critical eval-uation of the IPv6 routing protocol for low power and lossy networks (RPL). In 2011 IEEE 7th international conference on wireless and mobile computing, networking and communications (WiMob) (pp. 365–372). IEEE

  40. Ancillotti, E., Bruno, R., & Conti, M. (2013). The role of the RPL routing protocol for smart grid communications. IEEE Communications Magazine, 51(1), 75–83.

    Article  Google Scholar 

  41. Maind, S. B., & Wankar, P. (2014). Research paper on basic of artificial neural network. International Journal on Recent and Innovation Trends in Computing and Communication, 2(1), 96–100.

    Google Scholar 

  42. Sharafaldin, I., Lashkari, A.H. & Ghorbani, A.A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. In ICISSP (pp. 108–116)

  43. Gharib, A., Sharafaldin, I., Lashkari, A.H. & Ghorbani, A.A. (2016). An evaluation framework for intrusion detection dataset. In 2016 International conference on information science and security (ICISS) (pp. 1–6). IEEE

  44. Eriksson, J., Osterlind, F., Voigt, T., Finne, N., Raza, S., Tsiftes, N., & Dunkels, A. (2009). Demo abstract: Accurate power profiling of sensornets with the COOJA/MSPsim simulator. In 2009 IEEE 6th inter-national conference on mobile adhoc and sensor systems (pp. 1060–1061). IEEE

  45. Tmote Sky Datasheet. Available online: https://insense.cs.st-andrews.ac.uk/files/2013/04/tmote-sky-datasheet.pdf, (Accessed on 17 January 2020).

  46. Fatani, A., Abd Elaziz, M., Dahou, A., Al-Qaness, M. A., & Lu, S. (2021). IoT intrusion detection system using deep learning and enhanced transient search optimization. IEEE Access, 9, 123448–123464.

    Article  Google Scholar 

  47. Khaldi, Y., Benzaoui, A., Ouahabi, A., Jacques, S., & Taleb-Ahmed, A. (2021). Ear recognition based on deep unsupervised active learning. IEEE Sensors Journal, 21(18), 20704–20713.

    Article  Google Scholar 

Download references

Funding

No funds, grants, or other support was received.

Author information

Authors and Affiliations

  1. Laboratoire d’INtelligence Artificielle et des Technologies de l’Information (LINATI), University of Kasdi Merbah, 30000, Ouargla, Algeria

    Hanane Azzaoui & Akram Zine Eddine Boukhamla

  2. Department of Information Engineering, University of Pisa, 56122, Pisa, Largo Lucio Lazzarino, Italy

    Pericle Perazzo

  3. Charles Darwin University, Ellengowan Dr, Casuarina, NT, 0810, Australia

    Mamoun Alazab

  4. Center for Artificial Intelligence, Prince Mohammad Bin Fahd University, Khobar, Saudi Arabia

    Vinayakumar Ravi

Authors
  1. Hanane Azzaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Akram Zine Eddine Boukhamla
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pericle Perazzo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mamoun Alazab
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Vinayakumar Ravi
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Conceptualization: HA, AZE, MA, and VR; Methodology: HA, AZE, PP, MA, and VR; Writing original draft preparation: HA; Writing review and editing: AZE, PP, MA, and VR; Supervision: AZE.

Corresponding author

Correspondence to Hanane Azzaoui.

Ethics declarations

Conflict of interest

The authors have no relevant financial or non-financial interests to disclose.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Azzaoui, H., Boukhamla, A.Z.E., Perazzo, P. et al. A Lightweight Cooperative Intrusion Detection System for RPL-based IoT. Wireless Pers Commun 134, 2235–2258 (2024). https://doi.org/10.1007/s11277-024-11009-2

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-024-11009-2

Keywords

Search

Navigation