Enhancing IoT security: A competitive coevolutionary strategy for detecting RPL attacks in challenging attack environments

Internet of Things (IoT) is a recent technology that allows heterogeneous devices to communicate with each other and the Internet. Designed specifically for IoT-enabled networks, the IPv6 Routing Protocol for Low Power Lossy Network (RPL) is adopted as standard routing protocol today. While RPL facilitates efficient routing between IoT devices, it is very susceptible to attacks, leading to numerous threats targeting different aspects of the nodes and network. Consequently, several efforts have been made to develop intrusion detection systems to secure RPL-operated networks. However, many existing solutions are tailored to specific attacks, making them unsuitable for other RPL attacks. Additionally, they depend on fixed simulations with specific scenarios, neglecting the influence of attack environments on detection system performance. The impact of RPL attacks varies with factors such as attacker density and position in the network. Consequently, it is crucial to design IDS that can effectively handle these dynamic conditions. This study addresses these challenges by proposing a competitive coevolution-based intrusion detection system that focuses on the most challenging attack environments. To achieve this, the intrusion detection algorithm and challenging attack environments are competitively evolved. Targeting the network's topology, traffic, and resources through the exploitation of control packets, this study investigates 11 RPL attacks: blackhole, DIS flooding, DAG inconsistency, DAO inconsistency, decreased rank, energy depletion, forwarding misbehavior, increased version, spam DIS, selective forwarding, and worst parent. To assess detection performance, a wide range of evaluation metrics such as accuracy, precision, recall, false alarm rate, and F1-score are used. The findings demonstrate that the proposed system ensures strong detection performance with very low memory and power consumption, suggesting its effectiveness against the attacks threatening the multiple aspects of the network and its applicability on resource-constrained nodes.