NADSA: a novel approach for detection of sinkhole attacks based on RPL protocol in 6LowPAN network

The sinkhole attack is one of the most damaging threats in the Internet of Things (IoT). It deceptively attracts neighboring nodes and initiates malicious activity, often disrupting the network when combined with other attacks. This study proposes a novel approach, named NADSA, to detect and isolate sinkhole attacks. NADSA is based on the RPL protocol and consists of two detection phases. In the first phase, the minimum possible hop count between the sender and receiver is calculated and compared with the sender’s reported hop count. The second phase utilizes the number of DIO messages to identify suspicious nodes and then applies a fuzzification process using RSSI, ETX, and distance measurements to confirm the presence of a malicious node. The proposed method is extensively simulated in highly lossy and sparse network environments with varying numbers of nodes. The results demonstrate that NADSA achieves high efficiency, with PDRs of 68%, 70%, and 73%; E2EDs of 81, 72, and 60 ms; TPRs of 89%, 83%, and 80%; and FPRs of 24%, 28%, and 33%. NADSA outperforms existing methods in challenging network conditions, where traditional approaches typically degrade in effectiveness.