A Central Intrusion Detection System for RPL-Based Industrial Internet of Things

AYDOĞAN E., YILMAZ S., Sen S., Butun I., Forsstrom S., Gidlund M.

15th IEEE International Workshop on Factory Communication Systems (WFCS), Sundsvall, Sweden, 27 - 29 May 2019 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume:
  • Doi Number: 10.1109/wfcs.2019.8758024
  • City: Sundsvall
  • Country: Sweden
  • Hacettepe University Affiliated: Yes


Although Internet-of-Things (IoT) is revolutionizing the IT sector, it is not mature yet as several technologies are still being offered to be candidates for supporting the backbone of this system. IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) is one of those promising candidate technologies to be adopted by IoT and Industrial IoT (IIoT). Attacks against RPL have shown to be possible, as the attackers utilize the unauthorized parent selection system of the RLP protocol. In this work, we are proposing a methodology and architecture to detect intrusions against IIoT. Especially, we are targeting to detect attacks against RPL by using genetic programming. Our results indicate that the developed framework can successfully (with high accuracy, along with high true positive and low false positive rates) detect routing attacks in RPL-based Industrial IoT networks.