Implementing and evaluating variations of the Blackhole attack on RPL

Abstract: The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL) is the most used routing protocol for resource constrained Internet-of-Things (IoT) networks. With the massive increase in number of Internet-connected IoT devices and the fact that they are becoming more common in safety-critical environments such as in health-care and in the industry, security in these networks are of a big concern. A promising approach for threat detection in these networks is the use of intrusion detection systems (IDS) based on machine learning. This thesis focuses on two things: designing new attack variations based on the Blackhole attack which is an attack on RPL and evaluating these variations on an IDS that has been trained on regular blackhole attacks. The attacks that we have implemented are being run in the Cooja network simulator with the Multi trace extension and the data obtained from these simulations are processed and used to train a Random Forest Classifier machine learning model for the IDS. The attack variations that we implemented managed to impact the recall of the Random Forest classifier but not so other metrics such as accuracy and precision which are often used to evaluate machine learning models. The results show that variations on the blackhole attack can be used to avoid detection by an IDS and still be able to reduce the performance of the network.