ARM: A hybrid specification-based intrusion detection system for rank attacks in 6TiSCH networks

6TiSCH network architecture has recently been introduced to combine the high reliability and low-power consumption of the TSCH (Time-Slotted Channel Hopping) mode of IEEE 802.15.4e MAC with the ease of integration offered by the IP-enabled upper layer protocols. 6TiSCH network uses RPL (Routing Protocol for Low Power and Lossy Networks) as its routing protocol to manage the network layer functionalities. RPL however is vulnerable to internal routing attacks such as Rank attack where a malicious node multicasts a fake position (Rank) or a fake path cost toward the sink node to lure nearby nodes to forward their packets through it. In this paper, we propose a hybrid specification-based intrusion detection system (IDS) that consists of centralized and distributed modules installed on the sink and RPL nodes respectively to prevent nodes from selecting an intruder as their successors. The proposed method also eliminates intruders' chances of becoming a time source and disrupt the synchronization of 6TiSCH networks. The results from our extensive simulations show that compared with existing countermeasures, the proposed IDS can effectively protect RPL topologies while only incurring limited network management overhead.