A Lightweight Cooperative Intrusion Detection System for RPL-based IoT

The successful deployment of an Intrusion Detection System (IDS) in the Internet of Things (IoT) is subject to two primary criteria: the detection method and the deployment strategy. IDS schemes should take into account that IoT devices often have limited resources. Thus, IDS should be limited in devices’ memory and power usage. In this paper, we design, implement, and evaluate an effective cross-layer lightweight IDS scheme for the IoT (RPL-IDS). The proposed IDS scheme cooperates with the RPL routing protocol using its selected parents as distributed agents. A lightweight artificial neural network (ANN) model is deployed in these agents to detect malicious traffic and collaborates with a centralized system. According to the topology built by the Routing Protocol for Low-Power and Lossy Networks (RPL), these agents are automatically selected, i.e., the routers (parents) of the topology are chosen to act as IDS agents. We implemented RPL-IDS using the Contiki operating system and then comprehensively evaluated it with the Cooja simulator. Experimental results indicate that RPL-IDS is lightweight and can be deployed on devices with limited resources. Most state-of-the-art IDS schemes do not consider the limitation of resources of IoT devices, making them impractical for deployment in many IoT applications. Furthermore, the proposed RPL-IDS demonstrated one of the highest detection rates in the literature while incurring an insignificant energy overload, allowing for scalability in large-scale networks.