Document Type: Research/Original/Regular Article


1 Department of Computer Engineering, Babol Branch, Islamic Azad University, Babol, Iran.

2 Department of Computer Engineering, Mazandaran Institute of Technology, Babol, Iran.



The Internet of Things (IoT) is a novel paradigm in computer networks which is capable to connect things to the internet via a wide range of technologies. Due to the features of the sensors used in IoT networks and the unsecured nature of the internet, IoT is vulnerable to many internal routing attacks. Using traditional IDS in these networks has its own challenges due to the resource constraint of the nodes, and the characteristics of the IoT network. A sinkhole attacker node, in this network, attempts to attract traffic through incorrect information advertisement. In this research, a distributed IDS architecture is proposed to detect sinkhole routing attack in RPL-based IoT networks, which is aimed to improve true detection rate and reduce the false alarms. For the latter we used one type of post processing mechanism in which a threshold is defined for separating suspicious alarms for further verifications. Also, the implemented IDS modules distributed via client and router border nodes that makes it energy efficient. The required data for interpretation of network’s behavior gathered from scenarios implemented in Cooja environment with the aim of Rapidminer for mining the produces patterns. The produced dataset optimized using Genetic algorithm by selecting appropriate features. We investigate three different classification algorithms which in its best case Decision Tree could reaches to 99.35 rate of accuracy.


[1] Zarpelão, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, vol. 84, pp. 25–37. 

[2] Cervantes, C., Poplade, D., Nogueira, M., & Santos, A. (2015, May). Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for Internet of Things. 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM). 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[3] Airehrour, D., Gutierrez, J., & Ray, S. K. (2016). Secure routing for internet of things: A survey. Journal of Network and Computer Applications, vol. 66, pp. 198–213.

[4] Raza, S., Wallgren, L., & Voigt, T. (2013). SVELTE: Real-time intrusion detection in the Internet of Things. Ad Hoc Networks, vol. 11, no. 8, pp. 2661–2674.

[5] Bostani, H., & Sheikhan, M. (2017). Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach. Computer Communications, vol. 98, pp. 52–71.

[6] Zhou H. (2013). The internet of things in the cloud: A middleware perspective. Boca Raton: CRC Press, Taylor & Francis Group.

[7] Sheng, Z., Yang, S., Yu, Y., Vasilakos, A., Mccann, J., & Leung, K. (2013). A survey on the ietf protocol suite for the internet of things: standards, challenges, and opportunities. IEEE Wireless Communications, vol. 20, no. 6, pp. 91–98.

[8] Ahmadi Livani, M., Abadi, M., Alikhany, M., & Yadollahzadeh Tabari, M. (2013). Outlier detection in wireless sensor networks using distributed principal component analysis. Journal of AI and Data Mining, vol. 1, no. 1, pp. 1-11.‏

[9] Sathish Kumar, J., & R. Patel, D. (2014). A Survey on Internet of Things: Security and Privacy Issues. International Journal of Computer Applications, vol. 90, no. 11, pp. 20--26.

[10] Pongle, P., & Chavan, G. (2015). Real Time Intrusion and Wormhole Attack Detection in Internet of Things. International Journal of Computer Applications, vol. 121, no. 9, pp.1–9.

[11] Le, A., Loo, J., Luo, Y., & Lasebae, A. (2011, October). Specification-based IDS for securing RPL from topology attacks. 2011 IFIP Wireless Days (WD). 2011 IFIP Wireless Days (WD).

[12] Anthea Mayzaud, Remi Badonnel, & Isabelle Chrisment. (2016). A Taxonomy of Attacks in RPL-based Internet of Things. International Journal of Network Security, vol. 18, no. 3.

[13] Le, A., Loo, J., Chai, K., & Aiash, M. (2016). A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology. Information, vol. 7, no. 2, 25.

[14] Wallgren, L., Raza, S., & Voigt, T. (2013). Routing Attacks and Countermeasures in the RPL-Based Internet of Things. International Journal of Distributed Sensor Networks, vol. 9, no. 8, 794326.

[15] Krimmling, J., & Peter, S. (2014, October). Integration and evaluation of intrusion detection for CoAP in smart city applications. 2014 IEEE Conference on Communications and Network Security. 2014 IEEE Conference on Communications and Network Security (CNS).

[16] Van Poucke, S., Zhang, Z., Roest, M., Vukicevic, M., Beran, M., Lauwereins, B., Zheng, M.-H., Henskens, Y., Lancé, M., & Marcus, A. (2016). Normalization methods in time series of platelet function assays. Medicine, vol. 95, no. 28, e4188. doi: 10.1097/MD.0000000000004188.


[17] Pham, B. T., Jaafari, A., Prakash, I., & Bui, D. T. (2018). A novel hybrid intelligent model of support vector machines and the MultiBoost ensemble for landslide susceptibility modeling. Bulletin of Engineering Geology and the Environment, vol. 78, no. 4, pp. 2865–2886.

[18] Mukherjee, A., Mondal, S., Chaki, N., & Khatua, S. (2018). Naive Bayes and Decision Tree Classifier for Streaming Data Using HBase. In Advances in Intelligent Systems and Computing (pp. 105–116). Springer Singapore.

[19] Kugler, P., Nordhus, P., & Eskofier, B. (2013, May). Shimmer, Cooja and Contiki: A new toolset for the simulation of on-node signal processing algorithms. 2013 IEEE International Conference on Body Sensor Networks. 2013 IEEE International Conference on Body Sensor Networks (BSN).

[20] Molisch, A. F., Balakrishnan, K., Chong, C. C., Emami, S., Fort, A., Karedal, J & Siwiak, K. (2004). IEEE 802.15. 4a channel model-final report. IEEE P802, vol. 15, no. 04, 0662.‏

[21] Cavanaugh, J. E., & Neath, A. A. (2019). The Akaike information criterion: Background, derivation, properties, application, interpretation, and refinements. Wiley Interdisciplinary Reviews: Computational Statistics, vol. 11, no. 3, e1460.‏

[22] Pham, B. T., Prakash, I., Singh, S. K., Shirzadi, A., Shahabi, H., & Bui, D. T. (2019). Landslide susceptibility modeling using Reduced Error Pruning Trees and different ensemble techniques: Hybrid machine learning approaches. Catena, vol. 175, pp. 203-218.‏

[23] El-Azouzi, R., Menasche, D. S., Sabir, E., De Pellegrini, F., & Benjillali, M. (Eds.). (2016). Advances in Ubiquitous Networking 2: Proceedings of the UNet’16 (vol. 397). Springer.‏