Abstract
Routing Protocol for Low Power and Lossy Networks (RPL) is characterized by a reliable routing functionality compared with traditional protocols in IoT domains. However, it has basic security functionalities; therefore, many hackers exploit this characteristic to make various attacks. Extending RPL security presents a challenge, mainly due to the constrained devices and connectivity to unsecured Internet. In this paper, several routing attacks in RPL such as hello flood, decreased rank, and version number modification have been analyzed in different scenarios. In addition, an anomaly-based intrusion detection system using the XGBoost algorithm has been proposed. Several simulations have been conducted to generate normal and attack data. Results demonstrate a high detection accuracy of the XGBoost for the three considered types of attacks compared to Naive Bayes, Stochastic Gradient Descent, Multilayer Perceptron, and Support Vector Machines.