{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T23:12:27Z","timestamp":1773097947731,"version":"3.50.1"},"reference-count":17,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2016,5,12]],"date-time":"2016-05-12T00:00:00Z","timestamp":1463011200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Routing Protocol for Low power and Lossy network (RPL) topology attacks can downgrade the network performance significantly by disrupting the optimal protocol structure. To detect such threats, we propose a RPL-specification, obtained by a semi-auto profiling technique that constructs a high-level abstract of operations through network simulation traces, to use as reference for verifying the node behaviors. This specification, including all the legitimate protocol states and transitions with corresponding statistics, will be implemented as a set of rules in the intrusion detection agents, in the form of the cluster heads propagated to monitor the whole network. In order to save resources, we set the cluster members to report related information about itself and other neighbors to the cluster head instead of making the head overhearing all the communication. As a result, information about a cluster member will be reported by different neighbors, which allow the cluster head to do cross-check. We propose to record the sequence in RPL Information Object (DIO) and Information Solicitation (DIS) messages to eliminate the synchronized issue created by the delay in transmitting the report, in which the cluster head only does cross-check on information that come from sources with the same sequence. Simulation results show that the proposed Intrusion Detection System (IDS) has a high accuracy rate in detecting RPL topology attacks, while only creating insignificant overhead (about 6.3%) that enable its scalability in large-scale network.<\/jats:p>","DOI":"10.3390\/info7020025","type":"journal-article","created":{"date-parts":[[2016,5,12]],"date-time":"2016-05-12T10:18:45Z","timestamp":1463048325000},"page":"25","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":163,"title":["A Specification-Based IDS for Detecting Attacks on RPL-Based Network Topology"],"prefix":"10.3390","volume":"7","author":[{"given":"Anhtuan","family":"Le","sequence":"first","affiliation":[{"name":"School of Electroic Engineering and Computer Science, Queen Mary University of London, London E1 4NS, UK"}]},{"given":"Jonathan","family":"Loo","sequence":"additional","affiliation":[{"name":"School of Science and Technology, Middlesex University, London NW4 4BT, UK"}]},{"given":"Kok","family":"Chai","sequence":"additional","affiliation":[{"name":"School of Electroic Engineering and Computer Science, Queen Mary University of London, London E1 4NS, UK"}]},{"given":"Mahdi","family":"Aiash","sequence":"additional","affiliation":[{"name":"School of Science and Technology, Middlesex University, London NW4 4BT, UK"}]}],"member":"1968","published-online":{"date-parts":[[2016,5,12]]},"reference":[{"key":"ref_1","unstructured":"Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, J.P., and Alexander, R. (2012). RPL: IPv6 Routing Protocol for Low-Power and Lossy Network, Internet Engineering Task Force (IETF)."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.1002\/dac.2356","article-title":"6LoWPAN: A study on QoS security threats and countermeasures using intrusion detection system approach","volume":"25","author":"Le","year":"2012","journal-title":"Int. J. Commun. Syst."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"3685","DOI":"10.1109\/JSEN.2013.2266399","article-title":"The impact of rank attack on network topology of routing protocol for low-power and lossy networks","volume":"13","author":"Le","year":"2013","journal-title":"IEEE Sens. J."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Le, A., Loo, J., Luo, Y., and Lasebae, A. (2011, January 10\u201312). Specification-based IDS for securing RPL from topology attacks. Proceedings of the 2011 IFIP Wireless Days (WD), Niagara Falls, ON, Canada.","DOI":"10.1109\/WD.2011.6098218"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Le, A., Loo, J., Luo, Y., and Lasebae, A. (2013, January 7\u201310). The impacts of internal threats towards Routing Protocol for Low power and lossy network performance. Proceedings of the 2013 IEEE Symposium on Computers and Communications (ISCC), Split, Croatia.","DOI":"10.1109\/ISCC.2013.6755045"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"2661","DOI":"10.1016\/j.adhoc.2013.04.014","article-title":"SVELTE: Real-time intrusion detection in the Internet of Things","volume":"11","author":"Raza","year":"2013","journal-title":"Ad Hoc Netw."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Tang, J., Huang, X., Qian, J., and Viho, C. (2013, January 20\u201323). A FSM-based test sequence generation method for RPL conformance testing. Proceedings of the Green Computing and Communications (GreenCom), 2013 IEEE and Internet of Things (iThings\/CPSCom), IEEE International Conference on and IEEE Cyber, Physical and Social Computing, Beijing, China.","DOI":"10.1109\/GreenCom-iThings-CPSCom.2013.111"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"794326","DOI":"10.1155\/2013\/794326","article-title":"Routing attacks and countermeasures in the RPL-based Internet of Things","volume":"2013","author":"Wallgren","year":"2013","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"ref_9","unstructured":"Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., and Richardson, M. A Security Threat Analysis for Routing Protocol for Low-Power and Lossy Networks (RPL). Available online: https:\/\/tools.ietf.org\/html\/draft-ietf-roll-security-threats-06."},{"key":"ref_10","unstructured":"Panos, C., Xenakis, C., and Stavrakakis, I. (2010, January 26\u201328). A novel intrusion detection system for MANETs. Proceedings of the 2010 International Conference on Security and Cryptography (SECRYPT), Athens, Greece."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Tseng, C.-Y., Balasubramanyam, P., Ko, C., Limprasittiporn, R., Rowe, J., and Levitt, K. (2003, January 27\u201330). A specification-based intrusion detection system for AODV. Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, Washington, DC, USA.","DOI":"10.1145\/986858.986876"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Stakhanova, N., Basu, S., Wensheng, Z., Wang, X., and Wong, J.S. (2007, January 21\u201323). Specification synthesis for monitoring and analysis of MANET protocols. Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops, AINAW \u203207, Niagara Falls, ON, Canada.","DOI":"10.1109\/AINAW.2007.342"},{"key":"ref_13","unstructured":"Contiki. Available online: http:\/\/www.contiki-os.org\/."},{"key":"ref_14","unstructured":"Lopez, J., and Zhou, J. (2008). Wireless Sensor Network Security, IOS press."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Matsunaga, T., Toyoda, K., and Sasase, I. (2014, January 26\u201329). Low false alarm rate RPL network monitoring system by considering timing inconstancy between the rank measurements. Proceedings of the 2014 11th International Symposium on Wireless Communications Systems (ISWCS), Barcelona, Spain.","DOI":"10.1109\/ISWCS.2014.6933391"},{"key":"ref_16","unstructured":"Libelium Wireless Interfaces Supported in Waspmote. Available online: http:\/\/www.libelium.com\/products\/waspmote\/interfaces\/."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1145\/1721654.1721672","article-title":"A view of cloud computing","volume":"53","author":"Armbrust","year":"2010","journal-title":"Commun. ACM"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/7\/2\/25\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T19:23:45Z","timestamp":1760210625000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/7\/2\/25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,5,12]]},"references-count":17,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2016,6]]}},"alternative-id":["info7020025"],"URL":"https:\/\/doi.org\/10.3390\/info7020025","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,5,12]]}}}