Incremental hybrid intrusion detection for 6LoWPAN

• Published in: Computers & security Vol. 135; p. 103447
• Main Authors: Pasikhan, Aryan Mohammadi, Clark, John A., Gope, Prosanta
• Format: Journal Article
• Language: English
• Published: Elsevier Ltd 01.12.2023
• Subjects: 6LoWPAN; DIO suppression attack; Increase rank attack; Intrusion Detection System (IDS); RPL; 6LoWPAN; Increase rank attack; DIO suppression attack; RPL; Intrusion Detection System (IDS)
• ISSN: 0167-4048
• DOI: 10.1016/j.cose.2023.103447

IPv6 over Low-powered Wireless Personal Area Networks (6LoWPAN) has grown in importance in recent years, with the Routing Protocol for Low Power and Lossy Networks (RPL) emerging as a major enabler. However, RPL can be subject to attack, with severe consequences. Most proposed IDSs have been limited to specific RPL attacks and typically assume a stationary environment. In this article, we propose the first adaptive hybrid IDS to efficiently detect and identify a wide range of RPL attacks (including DIO Suppression, Increase Rank, and Worst Parent attacks, which have been overlooked in the literature) in evolving data environments. We apply our framework to networks under various levels of node mobility and maliciousness. We experiment with several incremental machine learning (ML) approaches and various ‘concept-drift detection’ mechanisms (e.g. ADWIN, DDM, and EDDM) to determine the best underlying settings for the proposed scheme. •The first adaptive hybrid IDS to detect internal and external RPL attacks.•An efficient concept-drift-based ML-IDS, maintaining effectiveness in the face of environmental change.•An effective approach to identifying a wide range of RPL attacks, including less researched ones.•An IDS which is resilient against known and previously unseen RPL intrusions.