Submitted:
30 October 2025
Posted:
31 October 2025
You are already at the latest version
Abstract
Keywords:
1. Introduction
2. Technical Background
2.1. RPL and LLN Architectures
2.2. IEEE 802.15.4e and 6TiSCH
2.3. CoAP
3. Related Work
4. System Model and Assumptions
- Distributed IDS model - Each node individually monitors neighbor behavior and makes local decisions.
- Hybrid IDS model - Local detection nodes generate alerts that are then processed by a subset of designated global nodes responsible for security decisions (e.g., isolation of suspicious nodes).
4.1. Attacker Model
- Decreased Rank Attack - Malicious nodes advertise artificially low rank values to attract child nodes, thereby disrupting the routing structure and potentially intercepting traffic.
- Increased Rank Attack - Attackers announce artificially high ranks to avoid participation in forwarding, effectively reducing network reliability.
- Worst Parent Selection (WPS) - Attackers continuously advertise poor link metrics to legitimate nodes, causing them to make suboptimal parent selections.
4.2. Trust Metric Composition
- Historical Success Rate (HSR) - Ratio of successfully forwarded packets.
- Current Energy Level (CEL) - Remaining energy level as a percentage.
- Stability (STB) - Frequency of parent changes in recent time windows.
- Mobility (MOB) - Variation in node position over time (only in mobile scenarios).
- Recommendation (REC) - Trust information received from neighboring nodes.
- Link Quality (LQ) - Communication metrics such as ETX and RSSI derived from DIO exchanges.
4.3. Parent Selection
- DIO (DODAG Information Object) messages remain the main vehicle for disseminating topology information. In the proposed approach, whenever the preferred parent changes due to trust index variations, the Trickle Timer is reset, prompting the immediate dissemination of updated DIOs. The Rank field contained in the DIO continues to serve its original role, but it is now subordinated to the trust index in the decision-making process. Additionally, before accepting a DIO, the receiving node checks whether the sender is present in the blacklist, discarding its information if so.
- DAO (Destination Advertisement Object) messages are not directly modified. However, the downward routes they establish naturally reflect the trusted parent relationships, as only nodes surpassing the trust threshold are allowed to propagate routing information.
- DIS (DODAG Information Solicitation) messages also remain unchanged. Their role in requesting new DIOs is preserved, while the trust-based filtering is exclusively applied during the processing of the received DIOs.
5. Implementation
5.1. Distributed IDS
5.2. Hybrid IDS
6. Evaluation
6.1. Experimental Setup
6.2. Results and Discussion
6.2.1. Energy Consumption
6.2.2. Latency
6.2.3. Detection Performance
6.2.4. Packet Delivery Ratio (PDR)
6.2.5. Communication Overhead
7. Conclusions and Future Work
Author Contributions
Funding
Conflicts of Interest
References
- Shelby, Z.; Hartke, K.; Bormann, C. (2014). The Constrained Application Protocol (CoAP). RFC 7252, RFC Editor. Available online: https://www.rfc-editor.org/info/rfc7252 (accessed on 10 October 2024). [CrossRef]
- BonnMotion. (2016). A Mobility Scenario Generation and Analysis Tool. Available online: https://sys.cs.uos.de/bonnmotion/ (accessed on 10 October 2024).
- Watteyne, T.; Palattella, M.R.; Grieco, L.A. (2015). Using IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the Internet of Things (IoT): Problem Statement. RFC 7554, RFC Editor. Available online: https://www.rfc-editor.org/info/rfc7554 (accessed on 10 October 2024). [CrossRef]
- Alfriehat, N.; Anbar, M.; Aladaileh, M.; Hasbullah, I.; Shurbaji, T.A.; Karuppayah, S.; Almomani, A. (2024). RPL-based attack detection approaches in IoT networks: review and taxonomy. Artificial Intelligence Review, 57(9), 248. Springer. [CrossRef]
- Althubaity, A.; Gong, T.; Raymond, K.-K.; Nixon, M.; Ammar, R.; Han, S. (2020). Specification-based distributed detection of rank-related attacks in RPL-based resource-constrained real-time wireless networks. In 2020 IEEE Conference on Industrial Cyberphysical Systems (ICPS), 1, 168–175. IEEE.
- Ambarkar, S.S.; Shekokar, N. (2021). Impact Analysis of RPL Attacks on 6Lo WPAN based Internet of Things network. In 2021 IEEE International Conference on Electronics, Computing and Communication Technologies (CONECCT), 1–5. IEEE.
- Hkiri, A.; Karmani, M.; Bahri, O.B.; Murayr, A.M.; Alasmari, F.H.; Machhout, M. (2024). RPL-Based IoT Networks under Decreased Rank Attack: Performance Analysis in Static and Mobile Environments. Computers, Materials & Continua, 78(1). [CrossRef]
- Bang, A.; Rao, U.P. (2023). Impact analysis of rank attack on RPL-based 6LoWPAN networks in Internet of Things and aftermaths. Arabian Journal for Science and Engineering, 48(2), 2489–2505. Springer. [CrossRef]
- Nandhini, P.S.; Kuppuswami, S.; Malliga, S. (2023). Energy efficient thwarting rank attack from RPL based IoT networks: a review. Materials Today: Proceedings, 81, 694–699. Elsevier. [CrossRef]
- Bang, A.O.; Rao, U.P. (2022). EMBOF-RPL: Improved RPL for early detection and isolation of rank attack in RPL-based internet of things. Peer-to-Peer Networking and Applications, 15(1), 642–665. Springer. [CrossRef]
- Verma, A.; Ranga, V. (2020). Security of RPL based 6LoWPAN Networks in the Internet of Things: A Review. IEEE Sensors Journal, 20(11), 5666–5690. IEEE. [CrossRef]
- Ioulianou, P.P.; Vassilakis, V.G.; Shahandashti, S.F. (2022). A trust-based intrusion detection system for RPL networks: Detecting a combination of rank and blackhole attacks. Journal of Cybersecurity and Privacy, 2(1), 124–153. MDPI. [CrossRef]
- Remya, S.; Pillai, M.J.; Arjun, C.; Subbareddy, S.R.; Cho, Y. (2024). Enhancing Security in LLNs using a Hybrid Trust-Based Intrusion Detection System for RPL. IEEE Access. IEEE.
- Mohajerani, J.; Ghanatghestani, M.M.; Hashemipour, M. (2024). MCTE-RPL: A Multi-Context Trust-based Efficient RPL for IoT. Journal of Network and Computer Applications, 103937. Elsevier.
- Muzammal, S.M.; Murugesan, R.K.; Jhanjhi, N.Z.; Humayun, M.; Ibrahim, A.O.; Abdelmaboud, A. (2022). A trust-based model for secure routing against RPL attacks in internet of things. Sensors, 22(18), 7052. MDPI.
- Alexander, R.; Brandt, A.; Vasseur, J.P.; Hui, J.; Pister, K.; Thubert, P.; Levis, P.; Struik, R.; Kelsey, R.; Winter, T. (2012). RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks. RFC 6550, RFC Editor, 157 pages. Available online: https://www.rfc-editor.org/info/rfc6550.






| Parameter | Value |
|---|---|
| Output file name (-f) | randomwaypoint-ids |
| Number of mobile nodes () | 7 |
| Simulation duration () | 600 s |
| Simulation area (, ) | 100 m × 100 m |
| Node distribution () | Uniform random |
| Pause time () | 0 (continuous movement) |
| Mobility model | Random Waypoint |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).