NADSA: a novel approach for detection of sinkhole attacks based on RPL protocol in 6LowPAN network

Atena Shiranzaei; Emad Alizadeh; Mahdi Rabbani; Sajjad Bagheri Baba Ahmadi; Mohsen Tajgardan

doi:10.32604/cmc.2025.064414

NADSA: a novel approach for detection of sinkhole attacks based on RPL protocol in 6LowPAN network

Atena Shiranzaei^*, Emad Alizadeh, Mahdi Rabbani, Sajjad Bagheri Baba Ahmadi^*, Mohsen Tajgardan

^*Corresponding author for this work

School of Computing, Engineering and Physical Sciences

Research output: Contribution to journal › Article › peer-review

5 Downloads (Pure)

Abstract

The sinkhole attack is one of the most damaging threats in the Internet of Things (IoT). It deceptively attracts neighboring nodes and initiates malicious activity, often disrupting the network when combined with other attacks. This study proposes a novel approach, named NADSA, to detect and isolate sinkhole attacks. NADSA is based on the RPL protocol and consists of two detection phases. In the first phase, the minimum possible hop count between the sender and receiver is calculated and compared with the sender’s reported hop count. The second phase utilizes the number of DIO messages to identify suspicious nodes and then applies a fuzzification process using RSSI, ETX, and distance measurements to confirm the presence of a malicious node. The proposed method is extensively simulated in highly lossy and sparse network environments with varying numbers of nodes. The results demonstrate that NADSA achieves high efficiency, with PDRs of 68%, 70%, and 73%; E2EDs of 81, 72, and 60 ms; TPRs of 89%, 83%, and 80%; and FPRs of 24%, 28%, and 33%. NADSA outperforms existing methods in challenging network conditions, where traditional approaches typically degrade in effectiveness.

Original language	English
Number of pages	22
Journal	Computers, Materials & Continua
Early online date	4 Jul 2025
DOIs	https://doi.org/10.32604/cmc.2025.064414
Publication status	E-pub ahead of print - 4 Jul 2025

Keywords

internet of things
security
RPL
intrusion detection
sinkhole attack detection
RSSI

Access to Document

10.32604/cmc.2025.064414Licence: CC BY 4.0

2025 06 19 Shiranzaei et al NADSA finalFinal published version, 1.2 MBLicence: CC BY 4.0

Cite this

@article{05beb84a8c6a4a7bbd4abd3cd4e3936b,

title = "NADSA: a novel approach for detection of sinkhole attacks based on RPL protocol in 6LowPAN network",

abstract = "The sinkhole attack is one of the most damaging threats in the Internet of Things (IoT). It deceptively attracts neighboring nodes and initiates malicious activity, often disrupting the network when combined with other attacks. This study proposes a novel approach, named NADSA, to detect and isolate sinkhole attacks. NADSA is based on the RPL protocol and consists of two detection phases. In the first phase, the minimum possible hop count between the sender and receiver is calculated and compared with the sender{\textquoteright}s reported hop count. The second phase utilizes the number of DIO messages to identify suspicious nodes and then applies a fuzzification process using RSSI, ETX, and distance measurements to confirm the presence of a malicious node. The proposed method is extensively simulated in highly lossy and sparse network environments with varying numbers of nodes. The results demonstrate that NADSA achieves high efficiency, with PDRs of 68\%, 70\%, and 73\%; E2EDs of 81, 72, and 60 ms; TPRs of 89\%, 83\%, and 80\%; and FPRs of 24\%, 28\%, and 33\%. NADSA outperforms existing methods in challenging network conditions, where traditional approaches typically degrade in effectiveness.",

keywords = "internet of things, security, RPL, intrusion detection, sinkhole attack detection, RSSI",

author = "Atena Shiranzaei and Emad Alizadeh and Mahdi Rabbani and \{Bagheri Baba Ahmadi\}, Sajjad and Mohsen Tajgardan",

year = "2025",

month = jul,

day = "4",

doi = "10.32604/cmc.2025.064414",

language = "English",

journal = "Computers, Materials \& Continua",

issn = "1546-2218",

publisher = "Tech Science Press",

}

TY - JOUR

T1 - NADSA

T2 - a novel approach for detection of sinkhole attacks based on RPL protocol in 6LowPAN network

AU - Shiranzaei, Atena

AU - Alizadeh, Emad

AU - Rabbani, Mahdi

AU - Bagheri Baba Ahmadi, Sajjad

AU - Tajgardan, Mohsen

PY - 2025/7/4

Y1 - 2025/7/4

N2 - The sinkhole attack is one of the most damaging threats in the Internet of Things (IoT). It deceptively attracts neighboring nodes and initiates malicious activity, often disrupting the network when combined with other attacks. This study proposes a novel approach, named NADSA, to detect and isolate sinkhole attacks. NADSA is based on the RPL protocol and consists of two detection phases. In the first phase, the minimum possible hop count between the sender and receiver is calculated and compared with the sender’s reported hop count. The second phase utilizes the number of DIO messages to identify suspicious nodes and then applies a fuzzification process using RSSI, ETX, and distance measurements to confirm the presence of a malicious node. The proposed method is extensively simulated in highly lossy and sparse network environments with varying numbers of nodes. The results demonstrate that NADSA achieves high efficiency, with PDRs of 68%, 70%, and 73%; E2EDs of 81, 72, and 60 ms; TPRs of 89%, 83%, and 80%; and FPRs of 24%, 28%, and 33%. NADSA outperforms existing methods in challenging network conditions, where traditional approaches typically degrade in effectiveness.

AB - The sinkhole attack is one of the most damaging threats in the Internet of Things (IoT). It deceptively attracts neighboring nodes and initiates malicious activity, often disrupting the network when combined with other attacks. This study proposes a novel approach, named NADSA, to detect and isolate sinkhole attacks. NADSA is based on the RPL protocol and consists of two detection phases. In the first phase, the minimum possible hop count between the sender and receiver is calculated and compared with the sender’s reported hop count. The second phase utilizes the number of DIO messages to identify suspicious nodes and then applies a fuzzification process using RSSI, ETX, and distance measurements to confirm the presence of a malicious node. The proposed method is extensively simulated in highly lossy and sparse network environments with varying numbers of nodes. The results demonstrate that NADSA achieves high efficiency, with PDRs of 68%, 70%, and 73%; E2EDs of 81, 72, and 60 ms; TPRs of 89%, 83%, and 80%; and FPRs of 24%, 28%, and 33%. NADSA outperforms existing methods in challenging network conditions, where traditional approaches typically degrade in effectiveness.

KW - internet of things

KW - security

KW - RPL

KW - intrusion detection

KW - sinkhole attack detection

KW - RSSI

U2 - 10.32604/cmc.2025.064414

DO - 10.32604/cmc.2025.064414

M3 - Article

SN - 1546-2218

JO - Computers, Materials & Continua

JF - Computers, Materials & Continua

ER -

NADSA: a novel approach for detection of sinkhole attacks based on RPL protocol in 6LowPAN network

Abstract

Keywords

Access to Document

Fingerprint

Cite this