Computer Communications 197 (2023) 12–22

Contents lists available at ScienceDirect

Computer Communications
journal homepage: www.elsevier.com/locate/comcom

Performance evaluation of mobile RPL-based IoT networks under version

number attack
Girish Sharma a,b ,∗, Jyoti Grover a , Abhishek Verma c
a Department of Computer Science & Engineering, Malaviya National Institute of Technology, Jaipur, JLN Marg, 302017, Rajasthan, India
b Manipal University Jaipur, Jaipur Dehmi Kalan, 303007, Rajasthan, India
c
Computer Science & Engineering Discipline, PDPM, Indian Institute of Information Technology, Design and Manufacturing, Jabalpur, Airport
Road, 482005, Madhya Pradesh, India

ARTICLE INFO ABSTRACT

Keywords: The Internet of Things (IoT) has a vital role in communication and has many cross-platform applications
IoT which generate a massive volume of data. IoT interconnects various devices from small to big without the
RPL direct intervention of humans. The resource-constrained environment poses a significant problem in IoT
Version attack
applications, and it is challenging to develop secure applications. The Internet community endeavours to cope
Security
with such challenges by developing different internet protocols. IETF ROLL working group standardized a
6LoWPAN
IPv6
mechanism called IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN) to carry IPv6 packets
PDR over IEEE 802.15.4. 6LoWPAN which supports the constrained environment uses the Routing Protocol for
Low Power and Lossy Networks (RPL) as a routing protocol. It is essential to secure such applications since
the malicious attacker can breach the privacy and security of humans through a small device. Traditional
security mechanisms are not prominent in a resource-constrained context. Version attack is one of the most
common attacks in RPL based 6LoWPAN. The network becomes unstable due to the version attack, which
results in a Denial of Service attack. The integrity of the version number is not provided by RPL specifications,
leading to threats for IoT applications. The impact of a version number attack on an RPL-based network is
demonstrated in this study. The implications on the constrained network when the nodes are mobile is the
main objective of this paper. In many IoT applications nodes move and it is vital to address the impact of
mobility in a constrained environment. This paper investigates the network’s performance in terms of packet
delivery, delay, and power consumption in RPL based IoT when there is version attack. Version attacks must
be prevented as quickly as possible since they have the potential to significantly disrupt mobile networks. The
main contribution of this research is a performance metric-based analysis of mobile RPL-based IoT networks
under attack.

1. Introduction architecture is an example that run over resource-constrained nodes

IoT has enabled ubiquitous computing in small devices and con-
nected these devices to the internet. Nowadays, developers are develop-
ing applications that could sustain in low power and lossy networks [1].
The resource-constrained in terms of power, energy and memory is
a big challenge for the developer to make efficient and secure IoT
applications. Devices could communicate in multiple ways, and there
should be a secure way for transferring the data [2] to the high
end machines or the sinks. This proliferation of data demands fast
perspective analysis and decisions for real-world applications.
There are many resource-constrained devices deployed in the in
IoT applications which demands lightweight, secure and mobile
solutions. 6LoWPAN which serves as an adaption layer in the IoT
or devices [2,3]. IoT demands to develop lightweight applications
where the constrained nodes could communicate in the constrained
networks. 6LoWPAN works between network and data link layer to
optimize IPv6 packets in resource-constrained networks. Because of the
overhead involved, traditional routing techniques such as Adhoc On-
Demand Distance Vector (AODV), Open Shortest Path First (OSPF), and
Dynamic Source Routing (DSR) are not recommended in constrained
networks [4].
RPL, which was proposed by Internet Engineering Task Force (IETF)
ROLL group, provided a lightweight routing solution for smart IP
devices in 6LoWPAN [5]. Many IoT resource-constrained applications
like agriculture, remote areas monitoring, military applications and the
health care industry use RPL protocol [6]. RPL has become a de-facto

∗ Corresponding author at: Department of Computer Science & Engineering, Malaviya National Institute of Technology, Jaipur, JLN Marg, 302017, Rajasthan,
India.
E-mail addresses: 2020rcp9012@mnit.ac.in (G. Sharma), jgrover.cse@mnit.ac.in (J. Grover), abhiverma@iiitdmj.ac.in (A. Verma).

https://doi.org/10.1016/j.comcom.2022.10.014
Received 25 July 2022; Received in revised form 25 September 2022; Accepted 21 October 2022
Available online 1 November 2022
0140-3664/© 2022 Elsevier B.V. All rights reserved.
G. Sharma, J. Grover and A. Verma
Table 1
List of abbreviations.
Abbreviations Definition
6LoWPAN IPv6 over Low-powered Wireless Personal Area Network.
IoT Internet of Things
RPL Routing Protocol for Low Power and Lossy Networks
AODV Adhoc On-Demand Distance Vector
OSPF Open Shortest Path First
DSR Dynamic Source Routing
IETF Internet Engineering Task Force
DODAG Destination Oriented Direction Acyclic Graph
DIO Destination information object
DIS DODAG Information Solicitation
DAO Destination Advertisement Object
MRHOF Minimum Rank with Hysteresis Objective Function
OF0 Objective Function Zero
VA Version Attack with static sensor node
VAM Version Attack with mobile sensor node
protocol for the network layer and has become one of the prominent
protocols for routing in low power and lossy networks (LLNs) [7,8]
As IoT connects billions of devices [9] and it is increasing every
year, so it has become vital to address different attacks in IoT. The
significant number of resource-constrained devices and lossy networks
makes the expanded threat surface in the IoT. In recent years attackers
have been targeting IoT networks. The attackers are exploiting the
IoT not only through communication medium but also through small
devices [4,10]. In a research by Eyal Itkin et al. infected a network
using a Fax Machine [11]. 6LoWPAN is also not secure, and attackers
try to exploit it too which could have drastic implication in lossy
networks. This paper focuses on the routing attacks specifically version
number attack in RPL based 6LoWPAN. RPL has its own set of attacks
based on network topology, traffic and resource based. Due to the ad-
hoc nature of IoT, detecting routing attacks in RPL-based 6LoWPAN
is extremely difficult. In RPL based 6LoWPAN attacker tries to flood
the network with the unnecessary packets which impacts a lot in
terms of performance, energy consumption and delay [12]. Ahmed
et al. [13] have presented a review of different attacks in RPL based
IoT networks and also discussed different IDS systems for the attacks
like signature-based, anomaly-based and specification-based systems to
detect attacks.
Many researchers around the world have proposed light-weight
security solutions for RPL [14–17]. However, attackers can attack
constrained networks and devices due to expanded vulnerabilities. This
research aims to intensive impact analysis of version number attacks on
the RPL based 6LoWPAN where the nodes are static and mobile. This
attack is implemented by modifying the control message packet and
multicasting the modified packet in the network which is explained in
the Section 2.2. Table 1 shows the abbreviations used in this paper.
1.1. Contributions
This research contributes the following:
1. The analysis of version attack in RPL based 6LoWPAN while
considering the mobility of the sensor nodes.
2. This approach shows attack’s impact on different metrics like
Packet Delivery Ratio (PDR), Power Consumption and Average
End to End Delay (AE2ED).
3. Intensive analysis is shown by varying the percentage of attacker
nodes in mobile IoT at different hops.
4. The authors found that despite devices mobility being an im-
portant feature of the IoT, it has received remarkably little
attention in the research on RPL networks. The study considers
the mobility of the nodes in the network.
5. To examine the effect of attacks on devices and networks, most
researchers have adopted a small network scenario. We in-
creased the number of experimental nodes to 50 and examined
various performance metrics using Contiki Cooja.
13
Computer Communications 197 (2023) 12–22
Fig. 1. IoT network architecture with adaptation layer.
Analysing IoT efficiency in a resource-constrained context is the
aim of this study. This research helps in figuring out how the system
reacts in dynamic network scenarios. This will be useful for developing
a network of endangered animal species and for military applications.
Security is a top concern for these kinds of applications because they
are so crucial. IoT 4.0 is a growing industry, and it is a new revolution,
this increases the scope of our contribution. We need to address attacks
on IoT and their consequences on the network.
The remaining paper is organized as follows: Section 2 presents the
details of RPL protocol and version number attack. The related work
and the security methods devised by different researchers specifically
for RPL based attacks is summarized in Section 3. Further, Section 4
shows the metrics used for the performance analysis. Section 5 depicts
the impact of the version attack with static and mobile nodes. Section 6
discusses the impact of the version attack and why it is important
to detect and Section 7 concludes the paper with some insights of
implementation and future research directions.
2. Background
This section discusses about the RPL protocol which is one of the de-
facto protocol for low power and lossy networks. This part also provides
the overview of version number attack in RPL based 6LoWPAN.
2.1. Overview of RPL protocol
Routing protocol for Low Power and Lossy Networks in short RPL
was designed to deal with lossy networks which suffers from commu-
nication delay and constrained resources. RPL has become very useful
protocol in resource constrained environments like agriculture, remote
areas monitoring, military applications and many more [6].
RPL was designed to perform energy-efficient routing in 6LoWPAN,
which suffers from the lossy link, delay and varying convergence of the
networks. Fig. 1 shows embedding of RPL which is the distance vector
routing algorithm with adaptation layer 6LoWPAN.
RPL forms a loop-free topology based on Destination Oriented Di-
rected Acyclic Graph (DODAG) and specifies routes between the nodes
as shown in Fig. 2. The destination node of the DODAG is known
as border router or sink. RPLInstanceID, DODAGID, and DODAGVer-
sion are used to identify a DODAG. RPL characteristics include auto-
configuration, self-healing, loop avoidance and detection, link quality,
establishing node rank and support for multiple sinks.
RPL ICMPv6 control messages are four types which creates and
maintains loop free topology and DODAG: (i) Destination information
object (DIO), (ii) DODAG Information Solicitation (DIS), (iii) Desti-
nation Advertisement Object (DAO), and (iv) Destination Advertise-
ment Object Acknowledgment (DAO-ACK). In RPL, an objective func-
tion (OF) defines how to establish node’s rank and to select the path.
Various OFs in RPL include ETX Objective function (ETXOF) [18],
Minimum Rank with Hysteresis Objective Function (MRHOF) [19],
and Objective Function Zero (OF0) [20]. The DIS message is used
G. Sharma, J. Grover and A. Verma Computer Communications 197 (2023) 12–22

Fig. 2. RPL network.

for finding of the DODAG nodes. The DIO and DAO control messages forces the re-formation of DODAG. The Fig. 3 depicts that most of the
which run above the IPv6 advertise the downward and upward routing time network tries to stabilizes itself but because attacker changes the
information between the nodes and sink. The DAO message is used version number every time, the nodes recomputes the DAG and the
for bi-directional communication in order to keep track of the nodes server node does not receive the packet which decreases the packet
visited on the way up. Except for the root node, every node unicasts the delivery ratio. Further it increases the power consumption and end to
DAO message to send their descendants’ routing tables and advertise end delay since the packets received by the attacker forwards them with
their addresses and prefixes to their parents. In response to a unicast some delay or may not forward at all.
DAO message, a DAO recipient sends a unicast DAO-ACK message [21]. This routing attack has lot of impact on the network which sig-
The DIO message is used to create a DAG and the message multicast nificantly drops the PDR, increases power consumption. The impact
through the DODAG. In RPL, rank of a node helps in loop free rout- can be increased by increasing the number of attackers and adequately
ing and resolves count to infinity problem. When nodes receive DIO positioning the attackers [24]. It is vital to address this attack as it is
messages with a higher version number, they can raise their rank. The very easy to implement and adversely affects the network.
‘‘Trickle timer’’ is used for limiting the control message and the timer This research takes internal node as an adversary node that par-
is increased or decreased depending on whether the DODAG is stable ticipates in the creation of the network topology. After the topology
or inconsistent [22]. has been established, the node will begin attacking once the network
has stabilized. We analysed the attack in different scenarios taking the
2.2. Version attack attacker node at different hops i.e. at one hop, two hop or hop from the
sink node which provides extensive results that we have shown through
RPL which was primarily suggested for the low power and lossy
different graphs.
networks maintains the DODAG which comprises of the RPLInstanceD,
The attack model shown in Fig. 3 is implemented as shown in
DODAGID. DODAGID is a unique identifier for the DODAG root. When
Algorithm 1.
the network is formed each DODAG has a unique Version which shows
the current iteration of the DODAG and this number increments over
the time when the root forms a new version of the DODAG to recon- Algorithm 1 Version Attack
figure the network when there are lots of inconsistencies occur. This 1: 𝑁𝑜𝑑𝑒𝑁 , 𝑁𝑜𝑑𝑒𝐴 , 𝑉 𝑒𝑟𝑁𝑢𝑚 ⊳ Legitimate, Attacker Node, Version
global repairs happens when there is no parent for the node, links bro- Number
ken or the timer triggers for the repair to maintain the integrity of the 2: procedure Version Attack
network. To maintain the network topology, RPL uses different control 3: Time 𝑡 the 𝑁𝑜𝑑𝑒𝐴 joins network ⊳ Attacker Node joins IoT
messages DIO (DODAG Information Object, DIS(DODAG Information 4: 𝑁𝑜𝑑𝑒𝐴 ← 𝐷𝐼𝑂𝑀
Solicitation), DAO (Destination Advertisement Object), DAO-ACK(DAO 5: 𝑉 𝑒𝑟𝑁𝑢𝑚 ← 𝐷𝐼𝑂𝑀
Acknowledgement) and depending on the objective function sensors ⊳ Attacker extract version number from DIO Message
select the parent node and this forms the optimal path to the root 6: 𝑉 𝑒𝑟𝑁𝑢𝑚 ← 𝑉 𝑒𝑟𝑁𝑢𝑚 + + ⊳ Attacker changes the version
node [23].
number of DAG
The root node is responsible to increment the version number but if
7: 𝑁𝑜𝑑𝑒𝐴 𝑚𝑢𝑙𝑡𝑖𝑐𝑎𝑠𝑡 𝐷𝐼𝑂
there is an attacker in the network then it could increment the version
8: 𝑁𝑒𝑖𝑔ℎ𝑏𝑜𝑢𝑟𝑖 ← 𝐷𝐼𝑂𝑀 ⊳ Neighbours receive DIO with changed
number when it receives the DIO message and the attacker sends the
version number
modified DIO message in the network which enforces the DODAG
9: 𝑁𝑒𝑖𝑔ℎ𝑏𝑜𝑢𝑟𝑖 𝑚𝑢𝑙𝑡𝑖𝑐𝑎𝑠𝑡 𝐷𝐼𝑂 ⊳ Whole network becomes unstale
reconfiguration and re-computation. This makes inconsistency in the
10: 𝑅𝑒𝑝𝑒𝑎𝑡 𝑡ℎ𝑒 𝑝𝑟𝑜𝑐𝑒𝑑𝑢𝑟𝑒 𝑎𝑓 𝑡𝑒𝑟 𝑡𝑖𝑚𝑒 𝑡′ ⊳ The attacker does not
network since most of the time root generates the control messages to
allow to network to become stable
maintain the network with no throughput. Apart from this, the packets
11: end procedure
generated by different nodes do not reach the sink since the nodes do
not have the current parent list because of inconsistency.
The attacker node joins the network by transmitting DIS and re- Algorithm 1 shows how we implemented the version by changing
ceiving DIO from the DODAG node. DODAG may become inconsistent Contiki Operating Systems file. Every time the attacker receives the DIO
when an attacker joins a network, depending on the type of attack, message, it changes the version number and multicast it. The neighbour
as in the case of a version attack. This scenario is depicted in Fig. 3. nodes do the same. The root thinks that network has become unstable
The attacker changes the version number in the DIO message which and resets the trickle timer to reform the network. The attack repeats

14
G. Sharma, J. Grover and A. Verma
Fig. 3. Version attack by multicasting DIO.
the procedure due to this network cannot become stable. In constant
time the attacker changes the version number. So, this algorithm takes
O(1) time to perform version attack.
3. Related work
This Section 3 discusses recent research that has shown the impact
and analysis in terms of packet delivery ratio, end to end delay, power
consumption specifically for version attack. The latest study by Ahmet
Arış et al. showed in their paper [25] impact of multiple attackers
on the performance of the network by taking into account different
metrics like PDR, attacker position, average delay, average power
consumption. Their paper showed that multiple attackers only affect
the packet delivery ratio and the attack adversely affects the network
if the malicious node is closer to the root node.
We start our discussion with the paper by Congu Pu et al. [26] who
used the Gini Index model to mitigate the Sybil attack. This technique
uses Gini impurity to detect the DIS attacker nodes, and the control
message impurity increase when there is a Sybil attack. The defence
mechanism discards the DAO messages if it exceeds the threshold limit.
Although this solution is capable of identifying Sybil Attack but not able
to identify the attacker node.
par Sharma et al. [27] have proposed a technique for simulating
attacks for generating the dataset for multiple attacks. They generated
a dataset for Version attack, Hello Flood attack, and decreased rank at-
tack and identified 58 features to apply the machine learning algorithm
to classify attacks. Sarumathi et al. [28] have proposed an IDS system
for Sybil attack using the Artificial Bee Colony (ABC) inspired algorithm
when the nodes are mobile. The IDS system counts the number of
control messages in the stipulated period and calculates the timestamp
between the message; if it exceeds, the flag is set to check whether
the event is malicious or legitimate. Wadhaj et al. [29] have proposed
mitigation of the DAO attack in RPL based IoT networks which restrict
the number of DAO messages received from the child node. If the limit
crosses the threshold, no DAO will be forwarded until the next time slot.
This mitigation technique can increase the PDR and reduce the effect
of the attack. The paper by Zahrah A. Almusaylim et al. [30] proposed
a new RPL protocol named SRPL-RP and analysed the network by
taking parameters like control packets, PDR, time, energy consumption.
They also proposed the mitigation of the version and rank attack. Their
proposed approach provides the 98.48% high PDR as compared to other
techniques like SRPL [31], VeRA [32] and it also provides 1231.778
joules of average power consumption, which is less as compared to
15
Computer Communications 197 (2023) 12–22
other techniques. The approach takes the rank of nodes and neighbours
list of the nodes to check the behaviour and depicts whether there is
an attack.
A paper by Ahmet Aris et al. [25] provided some study related to
version attack with only four mobile nodes and showed that PDR and
control packet overhead depends on how far the attacker node is and
similar results when the nodes are moving.
In this continuation Anthéa Mayzaud et al. [24] proposed a dis-
tributed mechanism based on RPL to detect the version attack and
found that the average FPR rate decreases with the increase in mon-
itoring node [24]. In the paper Ahmet Arıs et al. [54] a lightweight
mitigation technique for identifying the Version attack. In this mit-
igation technique, they proposed that version number change could
not be reflected by the nodes which have a lower rank. Another more
generalized mitigation technique proposed irrespective of the attacker’s
position is based on the neighbours with better rank claiming the
version number change. There proposed approach does not consider
the mobility of nodes where topology dynamically changes.
A distributed approach is proposed by Ahmed et al. [55] to mitigate
the version attack for the dense networks in RPL. The node that receives
the changed version number sends verification procedures to nodes
2-hop far away from it. Cooperatively, all the nodes involved in the
detection process send their version number to the source. Collectively,
it decides to change or not to change the version number.
Osman et al. [56] proposed a machine learning based version attack
in RPL using Gradient Boosted Machines. The approach generates the
data-sets by simulating the scenarios with and without attackers in
Contiki cooja and generating the .pcap files. After pre-processing the
data, the Gradient Boosted Machines (GBM) is applied to know whether
the data is malicious or benign.
In his dissertation by Raoof [57] discusses mitigation of different
attacks in RPL based networks. The proposed approach is based on
trust-based solutions using Chained Secure Mode (CSM) without mo-
bility in the network. In the paper [58] by A. Arul Anitha discusses
mitigation of version attack by comparing the version number with the
root node’s version. If there is a mismatch, it invokes the validation
phase where the node’s version is compared with neighbours. The
attacker node is identified by comparing the version number and causes
initiation of global repair. Again it does not consider mobility in the
network. The paper [50] by Ruben et al. discusses a cryptography-based
solution for the Sybil attack. This mechanism uses trusted third parties
and the nodes responsible for accessing the IEEE 802.15.4 network.
But The lightweight hash generation without using trusted third parties
makes the system vulnerable.
G. Sharma, J. Grover and A. Verma Computer Communications 197 (2023) 12–22

Table 2
Defence mechanisms: IDS for RPL based IoT networks.
S.No Reference Mechanism Description Limitations
1. Amin et al. [33] Hybrid IDS (RIDES) Detects DoS attack in WSN. Signature part detects using distributed Energy consumption is not
2009 (Signature and pattern matching utilizing bloom filters. Anomaly part utilizes studied.
Anomaly) CUSUM (Cumulative Sum Control charts) to detect the network
anomalies.
2. Kasinathan et al. Signature based To detect DoS attacks using Suricata open source IDS. Uses No performance study of the
[34] 2013 (DEMO) Frequency Agility Manager to operate in different channels. IDS. No mobility considered.
3. Raza et al. [35] Anomaly based Detects Spoofed Information, Sinkhole and Selective forwarding Do not consider mobility of
2013 (SVELTE) attacks. Based on Mapper, Analyser and Detector. Nodes sends the nodes.
RPL information to Gateway. Involves network graph inconsistency
in IDS. Provides less computational overhead
4. Zhang et al. [36] Specification based Detects routing choice intrusion. Uses FSM for monitoring nodes to Only homogeneous nodes are
2015 implement normal and malicious states. Detects attack if any node considered.
sends DIO message with lower ETX value.
5. Pongle and Chavan Anomaly based Detects Wormhole attacks. Uses node’s and neighbour’s information Lot of computation and
[37] 2015 to detect attack. Uses RSSI to detect attacker nodes. communication overhead
6. Surendar and Specification based To detect Sinkhole attack in RPL. Cluster head acts as monitoring Considers only homogeneous
Umamakeswari [38] (InDReS) node and counts the packet drops of the adjacent nodes. Compare nodes
2016 the ranks of the neighbouring nodes with the threshold value and
detects the malicious node.
7. Le et al. [39] 2011, Specification based Lacks in implementation and performance analysis. Extends works No mobility considered.
Le et al. [16] 2016 in their next paper by proposing EFSM which detects Rank, Local
Repair, DIS, Sinkhole attacks. EFSM created using Integer Linear
Programming. By generating RPL trace files shows the legitimate
states with transitions
8. Lai [40] 2016 Specification based Detects Wormhole attacks. Uses hop count to find rank metric and PDR, E2ED, Power
sees any node having unacceptable rank. Make DIO message is consumption not analysed.
considered malicious if rank increases the threshold.
9. Mayzaud et al. [41] Anomaly based Detects DODAG inconsistency attacks. Two types of node: Considers only single attacker.
2016 monitoring and monitored. Monitoring nodes collect data and Uses high order devices which
detects attacks in distributes manner. adds cost overhead.
10. Mayzaud et al. [42] Anomaly based Extends previous work by detecting Version attack. Collaboration of Only one attacker is assumed
2016 monitoring nodes to transfer information using multi instance
network.
11. Mayzaud et al. [24] Anomaly based Extends previous work by allowing monitoring nodes to send No mobility considered.
2017 information to the root about who changed the Version number
called Local Assessment. The Localization algorithm deployed on
the sink detects the attacker.
12. Mayzaud et al. [24] Anomaly based To detect Selective forwarding attack. Uses two types of nodes: Implementation overhead. No
2017 Gateway (Centralized node), Node (Distributed Module). Identifies mobility considered.
probability of number of dropped packets. Decision step identifies
the malicious node and minimize FPR by utilizing Sequential
Probability Ratio Test.
13. Shreenivas et al. Anomaly based Extension to SVELTE. ETX metric for detecting ETX manipulation No mobility considered.
[43] 2017 attacks by using node’s location and transmission limits.
14. Bostani and Hybrid IDS Detects Sinkhole, Selective forwarding and Wormhole attacks. Not suitable for the energy
Sheikhan [44] 2017 Specification module deployed on the router nodes analyse their constrained environment.
child nodes and sends the information to the Gateway. Gateway
uses anomaly approach uses the Optimum path Forest Clustering on
the incoming packets from the router nodes.
15. Napiah et al. [15] Signature based Detects HELLO flood, Sinkhole and Wormhole attacks. Extracts the Technique require high end
2018 (CHA-IDS) header data to detect attacks. Apply ML algorithms. machine. No mobility
considered.
16. Ioulianou et al. [45] Signature based Detects DIS and Version Number attacks. Uses IDS routers and IDS Framework is not validated.
2018 detectors (Sends malicious info to routers). No mobility considered.
17. Shafique et al. [46] Specification based Detects rank attack. Uses the node current rank, parent rank, Accuracy decreases with
2018 (SBIDS) previous rank for detecting the malicious node by using the DAO mobile nodes. Considers
message. mobile nodes.
18. Verma and Ranga Anomaly based Uses the dataset CIDDS-001 and apply K-Means and KNN ML No real time solution.
[47] 2018 techniques.
19. Kfoury et al. [48] Signature based Detects Sinkhole, Version Number and HELLO flooding attacks. Lot of implementation
2019 (SOMIDS) Perform clustering of traffic classes using Pcap files. Data overhead. No mobility
aggregation on DIS, DAO, DIO, rank, version number change and considered.
mote power.

(continued on next page)

Researchers have come up with a lot of solutions to detect and proposed cryptography based, trust-based solutions but these solutions
mitigate version number attacks and other RPL specific attacks using are not prominent in the resource limited networks. Some of the IDS
behaviour based and anomaly-based approaches. Some researchers also proposed by the researchers is summarized in the Table 2. But most of

16
G. Sharma, J. Grover and A. Verma Computer Communications 197 (2023) 12–22

Table 2 (continued).
S.No Reference Mechanism Description Limitations
20. Verma and Ranga Anomaly based DetectsSinkhole, Blackhole, Sybil, Clone ID, Selective Forwarding, Approach does not consider
[17] 2019 Hello Flooding and Local Repair attacks on RPL using NIDDS17 mobility of nodes
dataset. It uses ensemble classifiers.
21. Abhishek and Anomaly based Uses the datasets CIDDS-001, UNSW-NB15, and NSL-KDD to detect No real time solution. No
Virender [49] 2020 the attack DoS attack. Implements several ML algorithms and mobility considered
measures the performance in terms of accuracy, FPR, AUC etc.
22 Pu [26] 2020 Gini Index model EThis technique uses Gini impurity to detect the DIS attacker Unable to identify the attacker
nodes, and the control message impurity increase when there is a node
Sybil attack.
23. Agiollo et al. [6] Hybrid IDS Uses dataset RADAR to detect around 14 routing attacks using No real time solution.
2021 NetSim. Anomaly part detects the malicious node since it knows
how node behaves when there is no attacker. It uses AutoRegressive
Integrated Moving Average (ARIMA) model. Signature part sees the
specific patterns in the data. It uses Clone Identity, Change in
DODAG, Change in Version or Rank etc.
24 Stenhuis [50] 2021 Cryptography based Stores encrypted keys of the members. This mechanism uses trusted No proper performance
third parties and the nodes responsible for accessing the IEEE analysis is depicted.
802.15.4 network. Lightweight hash generation
without using trusted third
parties makes the system
vulnerable.
25 Savva et al. [51] Behaviour based Identifies Jamming attack using PDR, ETX, Packets Drop per Analyses whether there is
2022 terminal (PDPT) metrics as input to the fuzzy system. Defuzzified Jamming attack. Does not find
output provides the percentage of jamming of a node. the attacker node. Mobility is
not addressed
26 Kiran [52] 2022 Anomaly based Extension to SVELTE. DWA-IDS uses the Nmapper and IDS module. Mobility is not addressed
27 Sharma et al. [53] Behaviour based Analysis and mitigation of blackhole attack using suspect Do not consider mobile nodes.
2022 identification and verification. Only accuracy metrics.
28 This paper Analysis of version Analysis of version attack in mobile and static environment. Very Considers mobile nodes.
attack useful in healthcare, military and species-tracking applications Intensive analysis through
metrics PDR, AE2ED, Energy.

the solutions do not include the mobility of nodes in the network. This Table 3
paper focuses on version number attack by considering nodes’ mobility Simulation parameters.

and shows the efficiency metrics by varying the number of attacker Parameters Value

nodes. Simulator Cooja (Contiki 3.0)

Simulation time 1800 s
There are many critical applications of IoT that run over resource-
DODAG root rank 1
constrained networks and need lightweight, secure, scalable, and mo- Scenario dimension 200 ∗ 200 m2
bility supported solutions to maintain user’s security and privacy [59– Number of sensor nodes 10, 20, 30, 40, 50
61]. 6LoWPAN is one such example that run over resource-constrained Gateway nodes 1
devices or nodes [2,3]. In most of the proposed solutions, we could Mote type Z1
Transport layer protocol UDP
see that there is a lack of analysis where the nodes are mobile. But in
RaDIO medium Unit disk graph medium
today’s world, IoT consists of mobile nodes. These mobile nodes may PHY and MAC layer IEEE 802.15.4
drastically impact the network’s performance in a constrained environ- Transmission range 50 m
ment. This paper takes a set of mobile nodes and multiple attackers Number of attacker nodes 10%, 20%, 30%
and evaluates performance using parameters like Packet delivery ratio, Number of mobile nodes 50%
Speed of node 1 to 2 m/s
Delay and power consumption.
Data packet size 30 bytes
Data packet sending interval 60 s
4. Performance metrics

This study primarily focuses on the behaviour of the network with

mobility and version attack for RPL in 6LoWPAN. This analysis was
performed using Contiki [62] Cooja [63] which is one of the open
source tool to emulate the network and primarily built for IoT based
networks i.e. for constrained environments. Contiki has gained lot of
attention in the research community since it is lightweight and gives
lots of possibilities to make changes in the existing code and rebuild
the operating system with better algorithms.
Table 3 depicts the simulation parameters on which the network
behaviour analysis is carried out. Experimental results show that there
is significant impact of mobility in 6LoWPAN networks. This study
which aims to analyse the network behaviour when there are attackers
in the network have the following objectives
1. Performance analysis using parameters such as Packet Delivery
Ratio, End to End Delay, Power Consumption etc. in non attacking
mode
2. Impact of Version Attack on the PDR, Delay and Power Con-
sumption
3. Analysis of network with mobility and Version attack which is
the main objective of this paper.
All the simulations were carried out for 15 min so that real impact
on the network could be traced. We assume that 50% of the nodes
are mobile and rest are static. We therefore thoroughly examined a
hybrid network. We also assume that attacker node is static which
compromises the nodes sitting around it.
4.1. Performance evaluation parameters
This simulation uses the metrics such as Packet Delivery Ratio,
Power Consumption and End to End delay to see the impact of mobility

17
G. Sharma, J. Grover and A. Verma
Fig. 4. Packet delivery ratio: Static nodes.
with version attack on the performance. Formulae for these metrics is
explained as below.
• Packet Delivery Ratio is calculated as:
𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑃 𝑎𝑐𝑘𝑒𝑡𝑠 𝑅𝑒𝑐𝑒𝑖𝑣𝑒𝑑 𝑎𝑡 𝑆𝑖𝑛𝑘
𝑃 𝐷𝑅 = ∑𝑁
𝑖=1 𝑃 𝑎𝑐𝑘𝑒𝑡𝑠_𝑆𝑒𝑛𝑡_𝐵𝑦_𝑁𝑜𝑑𝑒𝑖
This is the fraction of packets received by the Gateway and the
total number of packets sent by sensor nodes.
• Average end to end delay is calculated as:
∑𝑁
𝑖=1 𝑃 𝑎𝑐𝑘𝑒𝑡𝐷𝑒𝑙𝑎𝑦𝑖
𝐸2𝐸𝐷 =
𝑇 𝑜𝑡𝑎𝑙_𝑃 𝑎𝑐𝑘𝑒𝑡𝑠𝑅𝑒𝑐𝑒𝑖𝑣𝑒𝑑 𝑆𝑢𝑐𝑐𝑒𝑠𝑠𝑓 𝑢𝑙𝑙𝑦
This depicts the ratio of the time taken by each successfully
delivered packet to the Gateway to the number of packets without
considering the unsuccessful packets.
• Power Consumption
𝐸𝑛𝑒𝑟𝑔𝑦𝑐 = (𝐶𝐶𝑃 𝑈 + 𝐶𝐿𝑃 𝑀 + 𝐶𝑇 𝑋 + 𝐶𝑅𝑋 ) 𝑚𝐽 (1)
𝐸𝑛𝑒𝑟𝑔𝑦𝑐
𝑃 𝑜𝑤𝑒𝑟 = 𝑚𝑊 (2)
𝑇 𝑜𝑡𝑎𝑙𝑡𝑖𝑚𝑒
The power consumption is calculated for different states of the
node i.e. radio is on/off, micro-controller is receiving or trans-
mitting signals or micro-controller is in low power mode
5. Results analysis
This section describes the performance evaluation and analysis with
and without version attack and also describes how much impact on
the performance of the network when the nodes are mobile. The
Contiki Operating System’s files were modified to implement the version
attack primarily the rpl-icmp6.c file. The experiments were done using
different number of nodes.
The Zoletia Z1 mote, which we used to build the IoT, contains
92 kB of ROM and 8 kB of RAM [64]. The version attack we have
implemented fits comfortably inside the capabilities of the Z1 mote.
In order to function, this implementation makes changes to the files
used by the Contiki OS. We build a network with both good legitimate
and malicious nodes. Increasing the percentage of malicious nodes
illustrates the implications. The findings are described in greater de-
tail in Sections 5.1 5.2 5.3. These findings demonstrate a significant
effect on Packet delivery Ratio, Average End-to-End Delay, and Power
Consumption as the number of attacker nodes increases.
5.1. Result analysis: Packet delivery ratio
Fig. 4 shows the average PDR when all nodes are static w.r.t varying
the number of nodes. The impact of the attack can be seen clearly
when the percentage of attacker node increases, the PDR goes down
drastically. This also proves that the attacker position and number of
18
Computer Communications 197 (2023) 12–22
legitimate nodes in its proximity impacts the PDR. When an attacker
node compromise the legitimate nodes, there is a significant change
in PDR. Most of the time network tries to reconfigure itself since
attacker node changes the version number. The root node has to rebuild
the network by resetting the trickle timer. As a result, the packets
transmitted by the sensor nodes to the root node are not received,
which lowers the PDR.
Fig. 4 also shows that as the number of nodes increases in the
network, the PDR drops significantly since the network becomes more
congested and if the attacker node is closer to the root node, it will
change the version number and forcefully lets the root node to recon-
figure the network. The mobility of the nodes itself could reduce the
PDR. Fig. 5 shows that mobility with the attacker node reduces the
PDR significantly and the graph also reflects the increase in the PDR in
certain cases for e.g. when 𝑁 = 40 there is increase in PDR which is
due to random moves of the nodes and sometimes it is quite possible
that while moving if the nodes are closer to the root then they will be
surely able to deliver packets to the root node. Apart from this, it also
depends on the random scattering of the nodes and distance from the
root node.
The above result analysis is satisfied by Fig. 6. This histogram
depicts the PDR by combining the results of the static and mobile
scenarios. There is a significant drop in the PDR when the nodes
are moving. In the figure the abbreviations VA and VAM are for
Version Attack with Static Nodes and Version Attack with Mobile Nodes
respectively.
5.2. Result analysis: Average end to end delay
Another important parameter to analyse the impact of attackers is
end to end delay. Fig. 7 shows the change in the delay w.r.t increase
in number of nodes. When there is no attack, the delay is very low but
when the % of attacker node increases at the different hops, the latency
increases and it is more prominent at the 1-Hop distance. If the attacker
is close to the root, most of the packets are not delivered successfully
since the attacker changes the Version Number of the DODAG and
root becomes busy in re-configuring the network. As illustrated in the
figure, at 2-Hop and 3-Hop distances from the attacker node, the latency
decreases because more packets reach the Gateway, hence reducing the
end-to-end delay.
This explanation is further extended as shown in Fig. 8 when the
nodes are mobile. For the same random seed of the network, there is a
notable increase in the delay which is more than 50%.
5.3. Result analysis: Power consumption
In the constraint environment like IoT, the network resources in-
cluding power consumption should be managed efficiently and effec-
tively. Power consumption analysis shown in the graphs 9 shows that
when the nodes are static and the % of the attacker node is increased,
the power consumption also increases and it is very significant when
G. Sharma, J. Grover and A. Verma Computer Communications 197 (2023) 12–22

Fig. 5. Packet delivery ratio: 50% of the mobile nodes.

Fig. 6. Impact on PDR with and without mobility.

Fig. 7. Average end to end delay: Static nodes.

Fig. 8. Average end to end delay: Mobile nodes.

19
G. Sharma, J. Grover and A. Verma Computer Communications 197 (2023) 12–22

Fig. 9. Average power consumption: Static nodes.

Fig. 10. Average power consumption: Mobile nodes.

the attackers are close to the sink node i.e at 1-hop. Another impor-
tant conclusion from the graph is that as the density of the network
increases, power consumption reduces which is obvious since there are
many neighbours which could forward the packets with the shortest
path, thereby reducing the power consumption.
We can also observe the impact on the power consumption when the
nodes are mobile as shown in Fig. 10. In general for the same scenarios,
power consumption increases for the mobile network as compared to
the static ones. It is maximum when the attacker is at 1-hop distance

6. Discussions

The results that we achieved experimentally in these scenarios

shows that mobility results in lot of consumption of resources in terms
of power, number of hops to reach the destination for the packets (de-
lay). The nodes were moved using the random waypoint model [65].
The purpose of this paper was to analyse version attacks using various
attack scenarios. Version attack is simple to carry out but challenging Fig. 11. RPL specific attacks in 6LoWPAN.
to identify in RPL-based IoT. Therefore, it is crucial to comprehend how
this attack behaves, which mostly results in an increase in the network’s
control message.
6.1. Implementation overhead
The impact of version attacks with varying proportions of attacker
nodes that are mobile and static is also demonstrated in this research,
Zolertia Z1 mote has 8 kB of RAM and 92 kB of ROM [64]. We
illustrating the hybrid network. PDR drops significantly when nodes
incorporated an attack on ContikiRPL and performed analysis of the
are mobile and its impact will depend on the attacker position of the attack. It can be observed in Fig. 12 that we are able to attack the
attacker as well. End to end delay is very high when the nodes are network within the constrained of gateway and client Z1 mote. With
mobile and the figures shows that at it is quite large at 1-hop with this significantly less overhead, we can implement the version number
the increase in number of attackers. Similarly we can also conclude for attack easily in both static and mobile networks.
power consumption which increase with the mobility of nodes. This pa-
per tries to show the intensive analysis for different metrics in the RPL 7. Conclusion and future work
based mobile networks and provide suggestions that any IDS should
include mobility in their solutions, since in the real world practical In this study, we showed the impact on different metrics when there
applications include mobile devices. As a future work we would work is version attack. The results show that there is a drastic drop in PDR.
upon implementing an IDS which addresses and mitigates multiple RPL When the mobile nodes are introduced, some scenarios show high PDR,
specific attacks. The RPL specific attacks are shown in Fig. 11. We also and it is quite intuitive because of mobility of nodes. Similarly, the
intend to implement various attacks to create a dataset. This dataset average end to end delay increases with mobility of nodes. Similarly, as
will be useful in determining the network’s behaviour and detecting we increased the number of nodes in the network, power consumption
the particular attack. decreases because the network becomes dense and the nodes are near

20
G. Sharma, J. Grover and A. Verma
Fig. 12. Memory requirement: Version attack.
to each other. This makes nodes to have multiple neighbours to route a
packet. This work can be extended for other different types of attacks
like Rank Attack, Hello Flood attack, Hatchetman attack with mobility.
As a future work, different attack with mobility will be implemented
and data will be used for implementing the Intrusion Detection System. In
the 6LoWPAN based IoT, the defence mechanism should be lightweight
to be incorporated within the Contiki-RPL which is lossy in nature. The
future work also aims for mitigating the attacks keeping the mobility
scenario in the RPL based networks.
CRediT authorship contribution statement
Girish Sharma: Conceptualization, Methodology, Writing – orig-
inal draft, Software. Jyoti Grover: Data curation, Writing – review
& editing. Abhishek Verma: Visualization, Investigation, Supervision,
Writing – review & editing.
Declaration of competing interest
The authors declare that they have no known competing finan-
cial interests or personal relationships that could have appeared to
influence the work reported in this paper.
Data availability
No data was used for the research described in the article.
References
[1] Anthea Mayzaud, Remi Badonnel, Isabelle Chrisment, A Taxonomy of Attacks in
RPL-based Internet of Thing, Int. J. Netw. Secur. 18 (3) (2016) 459–473.
[2] Ankur O Bang, Udai Pratap Rao, Pallavi Kaliyar, Mauro Conti, Assessment of
Routing Attacks and Mitigation Techniques with RPL Control Messages: A Survey,
ACM Comput. Surv. 55 (2) (2022) 1–36.
[3] Geoff Mulligan, The 6LoWPAN architecture, in: Proceedings of the 4th Workshop
on Embedded Networked Sensors, 2007, pp. 78–82.
[4] Abhishek Verma, Virender Ranga, The impact of copycat attack on RPL based
6LoWPAN networks in Internet of Things, Computing (2020) 1–22.
[5] Tim Winter, Pascal Thubert, Anders Brandt, Jonathan W Hui, Richard Kelsey,
Philip Levis, Kris Pister, Rene Struik, Jean-Philippe Vasseur, Roger K Alexander,
et al., RPL: IPv6 routing protocol for low-power and lossy networks, Rfc 6550
(2012) 1–157.
[6] Andrea Agiollo, Mauro Conti, Pallavi Kaliyar, TsungNan Lin, Luca Pajola,
DETONAR: Detection of routing attacks in RPL-based IoT, IEEE Trans. Netw.
Serv. Manag. (2021).
[7] Abhishek Verma, Virender Ranga, Security of RPL based 6LoWPAN networks in
the internet of things: A review, IEEE Sens. J. 20 (11) (2020) 5666–5690.
[8] Syeda M. Muzammal, Raja Kumar Murugesan, N.Z. Jhanjhi, A comprehensive re-
view on secure routing in Internet of Things: Mitigation methods and trust-based
approaches, IEEE Internet Things J. (2020).
[9] Erdem Canbalaban, Sevil Sen, A cross-layer intrusion detection system for RPL-
based Internet of Things, in: International Conference on Ad-Hoc Networks and
Wireless, Springer, 2020, pp. 214–227.
21
Computer Communications 197 (2023) 12–22
[10] CISOMAG, 10 IoT security incidents that make you feel less secure, 2020,
https://cisomag.eccouncil.org/10-iot-security-incidents-that-make-you-feel-less-
secure/, Accessed: 2020-01-10.
[11] Yannay Livneh Eyal Itkin, Yaniv Balmas, Faxploit: Sending fax back to the
dark ages, 2018, https://research.checkpoint.com/2018/sending-fax-back-to-the-
dark-ages/, Accessed: 2018-08-12.
[12] Ismail Butun, Patrik Österberg, Houbing Song, Security of the Internet of Things:
Vulnerabilities, attacks, and countermeasures, IEEE Commun. Surv. Tutor. 22 (1)
(2019) 616–644.
[13] Ahmed Raoof, Ashraf Matrawy, Chung-Horng Lung, Routing attacks and mitiga-
tion methods for RPL-based Internet of Things, IEEE Commun. Surv. Tutor. 21
(2) (2018) 1582–1606.
[14] Abhishek Verma, Virender Ranga, CoSec-RPL: detection of copycat attacks in RPL
based 6LoWPANs using outlier analysis, Telecommun. Syst. 75 (2020) 43–61.
[15] Mohamad Nazrin Napiah, Mohd Yamani Idna Bin Idris, Roziana Ramli, Ismail
Ahmedy, Compression header analyzer intrusion detection system (CHA-IDS) for
6LoWPAN communication protocol, IEEE Access 6 (2018) 16623–16638.
[16] Anhtuan Le, Jonathan Loo, Kok Keong Chai, Mahdi Aiash, A specification-based
IDS for detecting attacks on RPL-based network topology, Information 7 (2)
(2016) 25.
[17] Abhishek Verma, Virender Ranga, ELNIDS: Ensemble learning based network
intrusion detection system for RPL based Internet of Things, in: 2019 4th
International Conference on Internet of Things: Smart Innovation and Usages
(IoT-SIU), IEEE, 2019, pp. 1–6.
[18] O. Gnawali, P. Levis, The ETX objective function for RPL,’’ draft-gnawali-
roll-etxof-01, 2010, URL https://tools.ietf.org/html/draft-gnawali-roll-etxof-
00.
[19] Gnawali, Levis, The Minimum Rank with Hysteresis Objective Function
(MRHOF), RFC, 6719, IETF, CA, USA, 2012.
[20] Pascal Thubert, Objective Function Zero for the Routing Protocol for Low-Power
and Lossy Networks (RPL), Technical report, 2012.
[21] Olfa Gaddour, Anis Koubâa, RPL in a nutshell: A survey, Comput. Netw. (ISSN:
1389-1286) 56 (14) (2012) 3163–3178.
[22] J Vasseur, Navneet Agarwal, Jonathan Hui, Zach Shelby, Paul Bertrand, Cedric
Chauvenet, RPL: The IP routing protocol designed for low power and lossy
networks, Internet Protocol Smart Obj. (IPSO) Alliance 36 (2011) 1–20.
[23] Zahrah A. Almusaylim, N.Z. Jhanjhi, Abdulaziz Alhumam, Detection and mitiga-
tion of RPL rank and version number attacks in the internet of things: SRPL-RP,
Sensors 20 (21) (2020) 5997.
[24] Anthéa Mayzaud, Rémi Badonnel, Isabelle Chrisment, A distributed monitoring
strategy for detecting version number attacks in RPL-based networks, IEEE Trans.
Netw. Serv. Manag. 14 (2) (2017) 472–486.
[25] Ahmet Arış, Sema F. Oktuğ, Analysis of the RPL version number attack with
multiple attackers, in: 2020 International Conference on Cyber Situational
Awareness, Data Analytics and Assessment (CyberSA), IEEE, 2020, pp. 1–8.
[26] Cong Pu, Sybil attack in RPL-based internet of things: analysis and defenses,
IEEE Internet Things J. 7 (6) (2020) 4937–4949.
[27] Mridula Sharma, Haytham Elmiligi, Fayez Gebali, Abhishek Verma, Simulating
attacks for rpl and generating multi-class dataset for supervised machine learning,
in: 2019 IEEE 10th Annual Information Technology, Electronics and Mobile
Communication Conference (IEMCON), IEEE, 2019, pp. 0020–0026.
[28] Sarumathi Murali, Abbas Jamalipour, A lightweight intrusion detection for sybil
attack under mobile RPL in the internet of things, IEEE Internet Things J. 7 (1)
(2019) 379–388.
[29] Isam Wadhaj, Baraq Ghaleb, Craig Thomson, Ahmed Al-Dubai, William J
Buchanan, Mitigation mechanisms against the DAO attack on the routing protocol
for low power and lossy networks (RPL), IEEE Access 8 (2020) 43665–43675.
[30] Zahrah A Almusaylim, Abdulaziz Alhumam, Wathiq Mansoor, Pushpita Chatter-
jee, Noor Zaman Jhanjhi, Detection and mitigation of RPL rank and version
number attacks in smart internet of things, 2020.
G. Sharma, J. Grover and A. Verma
[31] Ghada Glissa, Abderrezak Rachedi, Aref Meddeb, A secure routing protocol based
on RPL for Internet of Things, in: 2016 IEEE Global Communications Conference
(GLOBECOM), IEEE, 2016, pp. 1–7.
[32] Amit Dvir, Levente Buttyan, et al., VeRA-version number and rank authentication
in RPL, in: 2011 IEEE Eighth International Conference on Mobile Ad-Hoc and
Sensor Systems, IEEE, 2011, pp. 709–714.
[33] Syed Obaid Amin, Muhammad Shoaib Siddiqui, Choong Seon Hong, Sungwon
Lee, RIDES: Robust intrusion detection system for IP-based ubiquitous sensor
networks, Sensors 9 (5) (2009) 3447–3468.
[34] Prabhakaran Kasinathan, Gianfranco Costamagna, Hussein Khaleel, Claudio Pas-
trone, Maurizio A Spirito, An IDS framework for internet of things empowered
by 6LoWPAN, in: Proceedings of the 2013 ACM SIGSAC Conference on Computer
& Communications Security, 2013, pp. 1337–1340.
[35] Shahid Raza, Linus Wallgren, Thiemo Voigt, SVELTE: Real-time intrusion
detection in the Internet of Things, Ad Hoc Netw. 11 (8) (2013) 2661–2674.
[36] Lan Zhang, Gang Feng, Shuang Qin, Intrusion detection system for RPL from rout-
ing choice intrusion, in: 2015 IEEE International Conference on Communication
Workshop (ICCW), IEEE, 2015, pp. 2652–2658.
[37] Pavan Pongle, Gurunath Chavan, Real time intrusion and wormhole attack
detection in internet of things, Int. J. Comput. Appl. 121 (9) (2015).
[38] M. Surendar, A. Umamakeswari, Indres: An intrusion detection and response
system for internet of things with 6lowpan, in: 2016 International Conference on
Wireless Communications, Signal Processing and Networking (WiSPNET), IEEE,
2016, pp. 1903–1908.
[39] Anhtuan Le, Jonathan Loo, Yuan Luo, Aboubaker Lasebae, Specification-based
IDS for securing RPL from topology attacks, in: 2011 IFIP Wireless Days (WD),
IEEE, 2011, pp. 1–3.
[40] Gu-Hsin Lai, Detection of wormhole attacks on IPv6 mobility-based wireless
sensor network, EURASIP J. Wireless Commun. Networking 2016 (1) (2016)
1–11.
[41] Anthéa Mayzaud, Anuj Sehgal, Rémi Badonnel, Isabelle Chrisment, Jürgen
Schönwälder, Using the RPL protocol for supporting passive monitoring in the
Internet of Things, in: NOMS 2016-2016 IEEE/IFIP Network Operations and
Management Symposium, IEEE, 2016, pp. 366–374.
[42] Anthéa Mayzaud, Rémi Badonnel, Isabelle Chrisment, Detecting version number
attacks in RPL-based networks using a distributed monitoring architecture,
in: 2016 12th International Conference on Network and Service Management
(CNSM), IEEE, 2016, pp. 127–135.
[43] Dharmini Shreenivas, Shahid Raza, Thiemo Voigt, Intrusion detection in the RPL-
connected 6LoWPAN networks, in: Proceedings of the 3rd ACM International
Workshop on IoT Privacy, Trust, and Security, 2017, pp. 31–38.
[44] Hamid Bostani, Mansour Sheikhan, Hybrid of anomaly-based and specification-
based IDS for internet of things using unsupervised OPF based on MapReduce
approach, Comput. Commun. 98 (2017) 52–71.
[45] Philokypros Ioulianou, Vasileios Vasilakis, Ioannis Moscholios, Michael Logo-
thetis, A signature-based intrusion detection system for the Internet of Things,
Inf. Commun. Technol. Form (2018).
[46] Usman Shafique, Abid Khan, Abdur Rehman, Faisal Bashir, Masoom Alam,
Detection of rank attack in routing protocol for low power and lossy networks,
Ann. Telecommun. 73 (7) (2018) 429–438.
[47] Abhishek Verma, Virender Ranga, Statistical analysis of CIDDS-001 dataset for
network intrusion detection systems using distance-based machine learning,
Procedia Comput. Sci. 125 (2018) 709–716.
22
Computer Communications 197 (2023) 12–22
[48] Elie Kfoury, Julien Saab, Paul Younes, Roger Achkar, A self organizing map in-
trusion detection system for rpl protocol attacks, Int. J. Interdiscip. Telecommun.
Netw. (IJITN) 11 (1) (2019) 30–43.
[49] Verma Abhishek, Ranga Virender, Machine learning based intrusion detec-
tion systems for IoT applications, Wirel. Pers. Commun. 111 (4) (2020)
2287–2310.
[50] Ruben Stenhuis, RPL attack analysis: Evaluation of a cryptography-based sybil
defence in IEEE 802.15. 4, 2021.
[51] Michael Savva, Iacovos Ioannou, Vasos Vassiliou, Fuzzy-logic based IDS for
detecting jamming attacks in wireless mesh IoT networks, 2022, arXiv preprint
arXiv:2205.03797.
[52] Usha Kiran, IDS To Detect Worst Parent Selection Attack In RPL-Based IoT
Network, in: 2022 14th International Conference on COMmunication Systems
& NETworkS (COMSNETS), IEEE, 2022, pp. 769–773.
[53] Deepak Kumar Sharma, Sanjay K Dhurandher, Shubham Kumaram, Koyel Datta
Gupta, Pradip Kumar Sharma, Mitigation of black hole attacks in 6LoWPAN RPL-
based wireless sensor network for cyber physical systems, Comput. Commun. 189
(2022) 182–192.
[54] Ahmet Arış, Sıddıka Berna Örs Yalçın, Sema F Oktuğ, New lightweight miti-
gation techniques for RPL version number attacks, Ad Hoc Netw. 85 (2019)
81–91.
[55] Firoz Ahmed, Young-Bae Ko, A distributed and cooperative verification mecha-
nism to defend against DODAG version number attack in RPL., in: PECCS, 2016,
pp. 55–62.
[56] Musa Osman, Jingsha He, Fawaz Mahiuob Mohammed Mokbal, Nafei Zhu,
Sirajuddin Qureshi, ML-LGBM: A machine learning model based on light gradient
boosting machine for the detection of version number attacks in RPL-based
networks, IEEE Access (2021).
[57] Ahmed Mohammed Raoof, Secure Routing and Forwarding in RPL-based Internet
of Things: Challenges and Solutions (Ph.D. thesis), Carleton University, 2021.
[58] A. Arul Anitha, L. Arockiam, VeNADet: Version number attack detection for RPL
based internet of things, Solid State Technol. 64 (2) (2021) 2225–2237.
[59] Sandip Roy, Santanu Chatterjee, Ashok Kumar Das, Samiran Chattopadhyay,
Neeraj Kumar, Athanasios V Vasilakos, On the design of provably secure
lightweight remote user authentication scheme for mobile cloud computing
services, IEEE Access 5 (2017) 25808–25825.
[60] Sandip Roy, Ashok Kumar Das, Santanu Chatterjee, Neeraj Kumar, Samiran
Chattopadhyay, Joel JPC Rodrigues, Provably secure fine-grained data access
control over multiple cloud servers in mobile cloud computing based healthcare
applications, IEEE Trans. Ind. Inform. 15 (1) (2018) 457–468.
[61] Aparna Kumari, Sudeep Tanwar, Sudhanshu Tyagi, Neeraj Kumar, Reza M Parizi,
Kim-Kwang Raymond Choo, Fog data analytics: A taxonomy and process model,
J. Netw. Comput. Appl. 128 (2019) 90–104.
[62] Adam Dunkels, Bjorn Gronvall, Thiemo Voigt, Contiki-a lightweight and flexible
operating system for tiny networked sensors, in: 29th Annual IEEE International
Conference on Local Computer Networks, IEEE, 2004, pp. 455–462.
[63] Fredrik Österlind, A Sensor Network Simulator for the Contiki OS, Swedish
Institute of Computer Science, 2006.
[64] Zoletria, Z1 Datasheet, URL http://zolertia.sourceforge.net/wiki/images/e/e8/
Z1_RevC_Datasheet.pdf.
[65] Christian Bettstetter, Hannes Hartenstein, Xavier Pérez-Costa, Stochastic prop-
erties of the random waypoint mobility model, Wirel. Netw. 10 (5) (2004)
555–567.