# CoSec-RPL: detection of copycat attacks in RPL based 6LoWPANs using   outlier analysis

**Authors:** Abhishek Verma, Virender Ranga

arXiv: 2302.12443 · 2023-02-27

## TL;DR

This paper introduces CoSec-RPL, an outlier detection-based intrusion detection system that effectively detects and mitigates non-spoofed copycat attacks in RPL-based 6LoWPAN networks, improving network performance without significant overhead.

## Contribution

It presents the first RPL-specific IDS using outlier detection to identify copycat attacks, enhancing security in low-power wireless networks.

## Key findings

- CoSec-RPL effectively detects copycat attacks in static and mobile scenarios.
- The system reduces attack impact on delay and packet delivery ratio.
- No significant overhead added to network nodes.

## Abstract

The IPv6 routing protocol for low-power and lossy networks (RPL) is the standard routing protocol for IPv6 based low-power wireless personal area networks (6LoWPANs). In RPL protocol, DODAG information object (DIO) messages are used to disseminate routing information to other nodes in the network. A malicious node may eavesdrop DIO messages of its neighbor nodes and later replay the captured DIO many times with fixed intervals. In this paper, we present and investigate one of the severe attacks named as a non-spoofed copycat attack, a type of replay based DoS attack against RPL protocol. It is shown that the non-spoofed copycat attack increases the average end-to-end delay (AE2ED) and packet delivery ratio of the network. Thus, to address this problem, an intrusion detection system (IDS) named CoSec-RPL is proposed in this paper. The attack detection logic of CoSec-RPL is primarily based on the idea of outlier detection (OD). CoSec-RPL significantly mitigates the effects of the non-spoofed copycat attack on the network's performance. The effectiveness of the proposed IDS is compared with the standard RPL protocol. The experimental results indicate that CoSec-RPL detects and mitigates non-spoofed copycat attack efficiently in both static and mobile network scenarios without adding any significant overhead to the nodes. To the best of our knowledge, CoSec-RPL is the first RPL specific IDS that utilizes OD for intrusion detection in 6LoWPANs.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/2302.12443/full.md

## Figures

8 figures with captions in the complete paper: https://tomesphere.com/paper/2302.12443/full.md

## References

72 references — full list in the complete paper: https://tomesphere.com/paper/2302.12443/full.md

---
Source: https://tomesphere.com/paper/2302.12443