Detection of malicious packet dropping attacks in RPL-based internet of things

Sooyeon Shin, Kyounghoon Kim, Taekyoung Kwon

Research output: Contribution to journalArticlepeer-review

6 Citations (Scopus)


The routing protocol for low-power and lossy networks (RPL) is an IPv6-based routing protocol optimised for internet of things (IoT) environments. However, it is susceptible to malicious packet dropping attacks. If a node with a lower rank that is closer to the root node attempts a malicious packet dropping, it may disrupt basic data transmission or even the entire IoT application service. In this paper, we present a novel detection method for malicious packet dropping attacks against RPL-based networks. The proposed method is based on the anomaly intrusion detection system and detects malicious packet dropping in the presence of normal packet losses. We evaluate the performance of the method on Contiki’s network simulator, Cooja. The evaluation results show that the method has good performance in detecting malicious packet dropping attacks. In every case, the successful detection rate is greater than 94% and the false alarm rate is less than 3%.

Original languageEnglish
Pages (from-to)133-141
Number of pages9
JournalInternational Journal of Ad Hoc and Ubiquitous Computing
Issue number2
Publication statusPublished - 2019

Bibliographical note

Funding Information:
This work was partly supported by the National Research Foundation of Korea (NRF-2016-R1C1B2011095, NRF-2015-R1A2A2A01004792) and also partly supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2017-2016-0-00304) supervised by the IITP (Institute for Information and communications Technology Promotion).

Publisher Copyright:
© 2019 Inderscience Enterprises Ltd.

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'Detection of malicious packet dropping attacks in RPL-based internet of things'. Together they form a unique fingerprint.

Cite this