Spoofing Attack Detection in RPL over IoT Environment

Abstract
The Internet of Things (IoT) is emerging as a wireless communication technology. The Routing Protocol
for Low-Power and Lossy Networks (RPL) is a popular routing protocol in the Internet of Things. Routing
attacks are possible with the RPL routing protocol. Spoofing attacks target legitimate nodes' IP addresses and
credentials, paving the path for additional routing attacks. For RPL security, several trust and cryptography-
based security solutions have been developed. However, the majority of them detect malicious actions by
utilising the unique properties of routing assaults. To detect such assaults, the proposed methodology intends to
use machine learning schemes to distinguish between normal routing activities and malicious activity. For
feature reduction and attack classification, the proposed methodology employs Principal Component Analysis
(PCA) and Support Vector Machines (SVM). The PCA evaluates the features and selects the best set of features
based on information gain and biassing factor. The proposed methodology employs a rapid and uncomplicated
learning that classifies the attacks into the proper groups by utilising the optimal set of features.
Keywords: RPL, Routing Attacks, Information gain, Spoofing attack Detection, Support vector machine
(SVM), Principal component analysis (PCA).

I. Introduction
Because of the prospective uses, the Internet of Things (IoT) has recently gained significant interest from
the research community [1]. Because of substantial advancements in modern communication technology,
wireless devices connected to the internet are utilised in a variety of potential applications, including military
sensing, environmental monitoring, object tracking, healthcare monitoring, and so on. The IoT environment is
made up of a large number of small sensor devices with limited resources connected to one or more gateway
nodes. IoT devices rely on the gateway to route messages to the server because the processing power and
computational capacity of the sensors are constrained. It is presumable that once the data has been retrieved
from the sensors, subsequent clients can only access it via contacting the server. However, it can be challenging
to determine if the authorised client is a machine or a human sending and receiving the data generated by the
tiny sensors [2]. This is so that clients can read the felt data from anywhere in the world thanks to IoT sensor
devices. Every year, the market sells billions of microcontroller-equipped sensor devices. The Internet Protocol
(IP) is used to connect these devices and to support a variety of clients and applications. Applications ranging
from transportation to healthcare are supported by the IoT. In other words, IoT is employed in a variety of
applications, including network control technologies, security management, residential and industrial
automation, object tracking, and military, healthcare, and intelligent transportation systems.
Intelligent Transportation System: The intelligent transportation system makes it possible for vehicles to
provide the following services, including receiving, sending, sorting, and transportation, among others.
Industry of the Smart Home: Thanks to the Internet of Things, there are many opportunities for growth in
the global market for smart homes. The smart home industry uses wireless communication among gadgets to
reduce the complexity of wired connections and to simplify building maintenance.
Structural Monitoring: Structural monitoring is one of the probable examples for identifying potential building
breaks and resolving them utilising vibration and sound emissions as sensing modalities.
In 2020, more than 50 billion devices will connect to the internet and become smarter, according to a Cisco
estimate. Recent wireless communication research has shifted its attention to IoT communication as a result of
the expansion of IoT network deployment. The radio range, computing power, and battery life of wireless
Internet of Things devices are constrained. In an IoT system, dead sensors cannot be replaced right away.
Energy conservation while ensuring the service level in the routing is thus a major concern of tiny sensors.

The remaining task has been set up as follows. The updated related work is discussed in this article's II section.
The RPL Routing and Security concerns are discussed in Section III, and the importance of RPL Security is
discussed in Section IV. The proposed solution for detecting spoofing attacks in an RPL over IoT environment
will be covered in the following section. The paper finally came to an end.
II. Related Works
The routing protocol needs to be built to meet the essential requirements of the routing layer. Attacks on
the IoT's routing layer have a big impact on how well network layer operations perform. Numerous attacks
target the routing layer's internal workings. The nodes with the attack configuration try to fake or change the
data in an effort to obstruct regular networking processes.In order to accomplish this, the attackers purposely
prolong the delivery of messages and cause packet loss, needless packet flooding, route discovery interruption,
false alert creation, and false alarm generation [3] [4]. The message authentication code is used by a number of
defence mechanisms to identify spoofing and data integrity attacks. In such circumstances, the nodes must
confirm both the sender's and the message's integrity. Control message recurrence in the network is prevented
through the use of packet counts and timestamps.
For the purpose of enhancing the functionality of IoT protocols, several traditional schemes have done a
survey on IoT authentication and data integrity. However, there isn't much attention paid to machine learning
techniques for IoT security. The survey on IoT security published in [5–10] examines the difficulties with IoT
system network security, application security, access control, encryption, and authentication. The difficulties in
implementing machine learning algorithms for IoT security are covered in the research of machine learning
techniques in [11] for preserving data privacy and security. The provision of a vast volume of data is the main
obstacle to IoT security. Several works [12–15] use various techniques for combining data analytical
methodologies with IoT architecture in order to glean insights from these data. Only machine learning
algorithms, as opposed to conventional techniques, can efficiently and with little help from humans extract
unobserved insights from data.
Decision trees, Support Vector Machines (SVMs), Bayesian algorithms, random forests, association rules,
ensemble learning, K-Means clustering, k-nearest neighbour, and Principal Component Analysis (PCA) are
examples of commonly used machine learning methods for ensuring IoT security. Based on the feature values,
the decision tree-based algorithms classify the messages. The terms "tree" and "edge" in decision tree algorithms
refer to a feature and the value that feature has in a message, respectively. In a message, the samples are
classified according to their feature values by machine learning algorithms. Information gain and the Gini index
are two of the metrics used to choose the appropriate feature set for dividing the training messages [16]. The
building or induction and classification or inference are the two basic procedures used in decision tree-based
techniques [17]. Utilising vacant nodes and branches, the induction process creates the decision tree. Different
metrics are used in the inference process to choose the features. However, the sampling, global optimum, and
quantity of features in a message have an impact on the decision tree algorithms.
 In the data features, the SVMs construct a splitting hyperplane. It is appropriate for IoT since it manages
numerous feature properties with a limited number of test features [18]. The statistical learning is used to create
the SVMs. Due to the constant updating of training patterns, SVMs' key benefit is scalability [19]. However, to
recognise the attacks in RPL, labelled data is necessary. Additionally, the naïve Bayesian algorithm manages the
features separately with success. The links and interactions between characteristics cannot be extracted, though.
The best k value should be chosen by the k-nearest neighbour algorithm in order to optimise performance, but
this is a time-consuming procedure for IoT applications. K-Means clustering, an unsupervised learning
technique, recognises message clusters based on feature similarity. However, it performs worse than supervised
learning techniques, particularly when it comes to identifying known assaults. The number of features is
decreased via the PCA technique. To develop a successful security strategy, however, it is necessary to apply
additional machine learning algorithms [20]. As a result, a strong security strategy must be put out to protect IoT
devices from spoofing and integrity attacks in RPL.
III. RPL Routing and Security Issues
The Routing Protocol for Low-Power and Lossy Networks (RPL) is a widely used routing protocol in the
Internet of Things. The RPL adheres to the Distance Vector Internet Protocol version 6 (IPv6) routing protocol,
which is primarily used for a number of IoT applications [21][22]. The IPv6 and low-power sensor device are
integrated by the 6LoWPAN standard for IPv6 over low power wireless personal area networks. Building
routing paths and correctly forwarding messages to the IoT gateway are the responsibilities of the routing layer
protocol, or RPL.RPL security is the top concern in IoT applications, and as servers are connected to
homogenous or heterogeneous sensor devices, additional security challenges emerge [23]. The IoT's core
component, the sensor, is crucial to addressing security concerns while designing routing protocols. RPL, the
routing layer protocol, makes it possible for many types of attacks to access IoT communication [24]. User
authentication and data integrity are the two key areas of security concern in IoT communication. An effective
authentication strategy enables IoT devices to distinguish between sender and unauthorised nodes, as well as
successfully counter identity-based assaults like as spoofing and Sybil attacks. Furthermore, ensuring the
confidentiality of IoT messages is crucial, since attackers seek to intercept traffic flows and divulge sensitive
information. Some malicious nodes save communications that are routed via them and then replay the same
message in the network after a period of time. As a result, implementing a defence mechanism to ensure
authentication and avoid spoofing attacks in IoT communication is critical.
3.1 Role of Machine Learning Algorithms in RPL Security
Several cryptography techniques have been proposed for the security of IoT connectivity. They do, however,
detect harmful actions by utilising the peculiarities of certain security assaults. However, attackers with updated
features or new forms of assaults swiftly overcome defence measures against a specific security threat. For
example, a more serious threat to IoT connectivity is a Distributed Denial of Service (DDoS) assault, which
traditional defence techniques cannot detect if it uses spoofed source IP addresses to initiate malicious actions.
Machine learning approaches are thus a powerful tool for identifying attackers [25].It investigates network data
in order to learn the normal and abnormal behaviour of nodes depending on how IoT devices participate in IoT
communication. Machine learning-based defence solutions take input data from each component of the IoT
network and analyse it to distinguish between normal communication patterns and malicious behaviour.
Furthermore, machine learning-based defence systems are critical in recognising new assaults. As a result, IoT
defence systems should evolve from just supporting secure connectivity to intelligent, secure communication
based on machine learning techniques.
IV. The significance of RPL Security

The number of networked devices in the Internet of Things architecture is rapidly expanding. The RPL has
received a lot of attention in recent research on IoT communication security because it fulfils the resource limits
of the IoT network. To send messages without disclosing private information to others, secure RPL routing must
be extremely intelligent. Several applications use RPL to establish secure IoT connection.The following RPL
features attract the majority of real-time applications. 1) It effectively handles a large number of clients by
utilising the DODAG structure and a small amount of control messages. 2) Another advantage is that it uses
rank value to design the shortest path to the server. When the RPL client configures the rank value to be the
lowest among neighbouring clients, it connects to the server in the fewest number of hops. 3) The RPL enables
clients to update the topology when there is a change in the network topology.
However, the fundamental difficulty in the enormous rise of IoT applications is security. As a result,
new intelligent security measures, such as machine learning algorithms, are required in the RPL protocol to
improve the performance of IoT applications.

V. Proposed Method

The basic purpose of the IoT system is to make the network accessible to anyone, everywhere, and at any
time. As a result of advancements in wireless communication, possible dangers in IoT grow more likely. In IoT,
the network layer is in charge of creating and forwarding messages to the server. RPL is commonly used as a
network layer protocol in IoT communication protocols. Furthermore, it is in charge of providing a ubiquitous
access environment to IoT devices, including data communication and storage capabilities. IoT devices
exchange messages through wireless networks, where an attacker attempts to eavesdrop on the communication
channel in order to expose private information. An attacker takes use of an RPL's security flaws to degrade
routing performance. Numerous routing layer threats, such as passive eavesdropping and active spoofing, Sybil,
man-in-the-middle, malicious inputs, and denial of service, have an impact on RPL performance. As a result,
providing security for an RPL protocol should be a top priority. However, due to limited computing and battery
resources, IoT devices cannot handle complicated security algorithms. As a result, a sophisticated data
exploration strategy for learning about typical and anomalous routing behaviour is required.

The following are the primary goals and objectives of the proposed technique.
 Using SVM in IoT to learn from existing messages and forecast future unknown assaults in RPL
 To adapt the machine learning algorithm to resource-constrained IoT devices by reducing features
using PCA.
 To identify unexpected attacks in RPL by allowing the security system to perform the learning
module frequently.
The suggested defence system employs an SVM classifier as a detector with a limited feature set. The proposed
approach involves phases of training and testing to learn standard RPL features and to recognise intruders. Data
packets are collected over time by following the RPL protocol.

Figure 1: Block Diagram of Proposed Method

The data is divided into training and testing RPL messages in the proposed technique. RPL packets include a
plethora of features, resulting in increased learning time and computing complexity. All RPL characteristics
offer nothing to boosting attack detection accuracy. Thus, the suggested scheme system employs the PCA to
extract the most relevant features with the highest frequency of attacks, and the SVM to appropriately categorise
the RPL particular offenders. The impurity level in each feature is measured by an information gain. However,
focusing just on information gain is not always efficient in feature reduction. Because information gain is
skewed when the feature has distinct values. Instead of evaluating information gain, the suggested approach
incorporates information gain bias in terms of breaking point and lowers feature reduction errors. The
normalised gain is calculated by dividing the information gain by the breakpoint information. The proposed
approach makes use of classifiers to precisely distinguish between normal routing activity and malicious
behaviour. It employs the SVM classifier to identify attack packets because the SVM is an efficient tool for
learning high-dimensional data and can arbitrarily change the training patterns when a new assault is introduced
into the network.
As a result, the proposed methodology effectively detects attackers launched via IP address spoofing and
increases routing efficiency in the IoT environment.
 The samples for RPL routing operations must be collected in order to evaluate the performance of the
proposed methodology, which includes SVM classification and PCA. The training dataset is generated using the
Cooja simulator on the Contiki operating system. The harmful activity data collection is developed by modelling
spoofing and data integrity related threats in RPL. This dataset was created by monitoring the RPL routing
protocol for 8 minutes, during which time the attack-free IoT traffic lasted 5 minutes and the attack-containing
IoT traffic lasted 3 minutes. The proposed approach is initially implemented in Java utilising the Java Machine
Learning Library to reduce the characteristics. Waikato Environment for Knowledge Analysis (WEKA) is used
to classify the reduced feature set and its values. Second, the attack categorization exercise is carried out in
WEKA utilising the SVM classifier.
The proposed scheme is evaluated using the following metrics.
Detection Accuracy: The ratio of the total number of detected malicious messages and the total number of
malicious messages transmitted over the wireless medium.
Throughput: Total number of delivered bits to the server.
Delay: Total time taken by a packet to reach the server node in the network.
Overhead: Total number of control messages used for providing the security in RPL.

VI. Conclusion
This paper examines various existing RPL routing attack defences for safe IoT routing. The routing and security
concerns related with RPL are discussed, as well as the necessity of machine learning algorithms in RPL
security. This paper presents solutions to security challenges in IoT, such as SVM classification and PSA-based
secure RPL. The clustering approach is built around an ideal set of network layer features that are reduced using
PCA. The evaluation of performance and metrics are also mentioned.

References
1. L. Atzori, A. Iera, G. Morabito, “The Internet of Things: A Survey,” Computer Networks, Vol. 54, No. 15,
pp. 2787-2805, 2010
2. Tan L, Wang N. “Future Internet: The Internet of Things”. 3rd International Conference on Advanced
Computer Theory and Engineering (ICACTE), Chengdu, China, pp.376–380, 2010
3. Mayzaud A, Sehgal A, Badonnel R, Chrisment I, Schönwälder J. “A study of RPL DODAG version
attacks”, Springer IFIP International Conference on Autonomous Infrastructure, Management and Security,
pp. 92-104, 2014
4. Anhtuan Le, “The Impact of Rank Attack on Network Topology of Routing Protocol for Low-Power”,
IEEE Journal on Sensors, Vol.13, No.10, pp. 3685 - 3692, 2013
5. A. R. Sfar, E. Natalizio, Y. Challal, and Z. Chtourou, "A roadmap for security challenges in the Internet of
Things," Digital Communications and Networks, 2017.
6. S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, "Security, privacy and trust in Internet of
Things: The road ahead," Computer networks, Vol. 76, pp. 146-164, 2015.
7. F. A. Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi, "Internet of Things security: A survey," Journal
of Network and Computer Applications, Vol. 88, pp. 10-28, 2017.
8. K. Zhao and L. Ge, "A survey on the internet of things security," IEEE 9th International Conference on
Computational Intelligence and Security (CIS), pp. 663-667, 2013.
9. J. S. Kumar and D. R. Patel, "A survey on internet of things: Security and privacy issues," International
Journal of Computer Applications, Vol. 90, No. 11, 2014.
10. H. Suo, J. Wan, C. Zou, and J. Liu, "Security in the internet of things: a review," IEEE international
conference on Computer Science and Electronics Engineering (ICCSEE), Vol. 3, pp. 648-651, 2012.
11. P. Mishra, V. Varadharajan, U. Tupakula, and E. S. Pilli, "A Detailed Investigation and Analysis of using
Machine Learning Techniques for Intrusion Detection," IEEE Communications Surveys & Tutorials, 2018.
12. C.-W. Tsai, C.-F. Lai, M.-C. Chiang, and L. T. Yang, "Data mining for Internet of Things: A survey," IEEE
Communications Surveys and Tutorials, Vol. 16, No. 1, pp. 77-97, 2014.
13. D. Gil, A. Ferrández, H. Mora-Mora, and J. Peral, "Internet of things: A review of surveys based on context
aware intelligent services," Sensors, Vol. 16, No. 7, pp. 1069, 2016.
14. F. Alam, R. Mehmood, I. Katib, N. N. Albogami, and A. Albeshri, "Data fusion and IoT for smart
ubiquitous environments: A survey," IEEE Access, Vol. 5, pp. 9533- 9554, 2017.
15. O. B. Sezer, E. Dogdu, and A. M. Ozbayoglu, "Context Aware Computing, Learning, and Big Data in
Internet of Things: A Survey," IEEE Internet of Things Journal, Vol. 5, No. 1, pp. 1-27, 2018.
16. W. Du and Z. Zhan, "Building decision tree classifier on private data," in Proceedings of the IEEE
international conference on Privacy, security and data mining, Vol. 14, pp. 1-8, 2002
17. S. B. Kotsiantis, "Decision trees: a recent overview," Artificial Intelligence Review, Vol. 39, No. 4, pp.
261-283, 2013
18. A. L. Buczak and E. Guven, "A survey of data mining and machine learning methods for cyber security
intrusion detection," IEEE Communications Surveys & Tutorials, Vol. 18, No. 2, pp. 1153-1176, 2015
19. M. Ozay, I. Esnaola, F. T. Y. Vural, S. R. Kulkarni, and H. V. Poor, "Machine learning methods for attack
detection in the smart grid," IEEE Transactions on Neural Networks and Learning Systems, Vol. 27, No. 8,
pp. 1773-1786, 2016
20. H.-b. Wang, Z. Yuan, and C.-d. Wang, "Intrusion detection for wireless sensor networks based on multi-
agent and refined clustering," IEEE International Conference on Communications and Mobile Computing,
Vol. 3, pp. 450-454, 2009
21. E. Kim, D. Kaspar, C. Gomez, and C. Bormann. “Problem Statement and Requirements for IPv6 over
Low-Power Wireless Personal Area Network (6LoWPAN) Routing”, RFC 6606 (Informational), 2012.
22. Olfa Gaddoura and Anis Koubâa, “RPL in a nutshell: A Survey”, Computer Networks, Elsevier, Vol.56,
No.14, pp. 3163–3178, 2012
23. Dhumane A, Prasad R, Prasad J. “Routing Issues in Internet of Things: A Survey”. In Proceedings of the
International MultiConference of Engineers and Computer Scientists, Vol. 1, pp. 16-18, 2016.
24. Grgic K, Krizanovic Cik V, Mandrić Radivojevic, V. “Security Aspects of IPv6-based Wireless Sensor
Networks”, International Journal of Electrical and Computer Engineering Systems, Vol.7, No.1, pp.29-37,
2016
25. J. Cañedo and A. Skjellum, "Using machine learning to secure IoT systems," IEEE 14th Annual
Conference on Privacy, Security and Trust (PST), pp. 219-222, 2016.