A Defense Solution to Secure Low-Power and Lossy Networks Against DAO Insider Attacks

The Low-Power and Lossy Network (LLN) is the most important building block in the Internet of Things (IoT), comprising numerous tiny sensor nodes connected together. The Routing Protocol for Low-Power and Lossy Networks (RPL) is an IPv6-based protocol developed by the Internet Engineering Task Force (IETF) to facilitate routing for LLN devices. The Destination Advertisement Objects (DAOs) are transmitted from RPL nodes in the network toward the root node to construct downward routes. The malicious node exploits the DAO transmission mechanism to replay the DAO with a fixed time interval in the network in order to launch the DAO Insider attack. The DAO Insider attack causes a large number of DAO, which contributes to network congestion; as a result, data packets are delayed, and network performance is degraded. This paper proposes a defense solution that monitors DAO timestamps between child and parent nodes, flagging suspicious nodes that exceed a threshold within a time interval, blacklisting, and discarding DAOs from identified malicious nodes. Moreover, it limits the number of DAO transmitted by a child node within a specified time interval to mitigate the impact of an attack. The experiments show that the DAO insider attack has a negative impact on network performance (packet delivery ratio, average end-to-end delay, and throughput) at various DAO replay intervals. The proposed defense solution restores optimal network performance with a high detection rate.