Skip to main content
Springer Nature Link
Log in

HADTF: a hybrid autoencoder–decision tree framework for improved RPL-based attack detection in IoT networks based on enhanced feature selection approach

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) is evolving rapidly, increasing demand for safeguarding data against routing attacks. While achieving complete security for RPL protocols remains an ongoing challenge, this paper introduces an innovative hybrid autoencoder–decision tree framework (HADTF) designed to detect four types of RPL attacks: decreased rank, version number, DIS flooding, and blackhole attacks. The HADTF comprises three key components: enhanced feature extraction, feature selection, and a hybrid autoencoder–decision tree classifier. The enhanced feature extraction module identifies the most pertinent features from the raw data collected, while the feature selection component carefully curates’ optimal features to reduce dimensionality. The hybrid autoencoder–decision tree classifier synergizes the strengths of both techniques, resulting in high accuracy and detection rates while effectively minimizing false positives and false negatives. To assess the effectiveness of the HADTF, we conducted evaluations using a self-generated dataset. The results demonstrate impressive performance with an accuracy of 97.41%, precision of 97%, recall of 97%, and F1-score of 97%. These findings underscore the potential of the HADTF as a promising solution for detecting RPL attacks within IoT networks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Algorithm 1
Algorithm 2
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data Availability

The dataset of this manuscript is under development to add more attacks.

References

  1. Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Comput Netw 57(10):2266–2279. https://doi.org/10.1016/j.comnet.2012.12.018

    Article  Google Scholar 

  2. Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of Things (IoT): a vision, architectural elements, and future directions. Futur Gener Comput Syst 29(7):1645–1660. https://doi.org/10.1016/j.future.2013.01.010

    Article  Google Scholar 

  3. Ge M, Syed NF, Fu X, Baig Z, Robles-Kelly A (2021) Towards a deep learning-driven intrusion detection approach for Internet of Things. Comput Netw 186:107784. https://doi.org/10.1016/j.comnet.2020.107784

    Article  Google Scholar 

  4. Firouzi F, Farahani B, Marinšek A (2022) The convergence and interplay of edge, fog, and cloud in the AI-driven Internet of Things (IoT). Inf Syst 107:101840. https://doi.org/10.1016/j.is.2021.101840

    Article  Google Scholar 

  5. Ogonji MM, Okeyo G, Wafula JM (2020) A survey on privacy and security of Internet of Things. Comput Sci Rev 38:100312. https://doi.org/10.1016/j.cosrev.2020.100312

    Article  MathSciNet  Google Scholar 

  6. Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W (2017) A Survey on Internet of Things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J 4(5):1125–1142. https://doi.org/10.1109/JIOT.2017.2683200

    Article  Google Scholar 

  7. Yang Y, Wu L, Yin G, Li L, Zhao H (2017) A survey on security and privacy issues in Internet-of-Things. IEEE Internet Things J 4(5):1250–1258. https://doi.org/10.1109/JIOT.2017.2694844

    Article  Google Scholar 

  8. MusaddiqZikriaZulqarnainKim AYBSW (2020) Routing protocol for low-power and lossy networks for heterogeneous traffic network. EURASIP J Wirel Commun Netw. https://doi.org/10.1186/s13638-020-1645-4

    Article  Google Scholar 

  9. Vasseur A (2011) RPL the IP routing protocol designed for low power and lossy networks. Internet Protoc Smart Objects ( IPSO ) 36:1–20

    Google Scholar 

  10. Gaddour O, Koubâa A (2012) RPL in a nutshell: a survey. Comput Netw 56(14):3163–3178. https://doi.org/10.1016/j.comnet.2012.06.016

    Article  Google Scholar 

  11. Medjek F, Tandjaoui D, Djedjig N, Romdhani I (2021) Multicast DIS attack mitigation in RPL-based IoT-LLNs. J Inf Secur Appl 61:102939. https://doi.org/10.1016/j.jisa.2021.102939

    Article  Google Scholar 

  12. Mayzaud A, Badonnel R, Chrisment I (2016) A taxonomy of attacks in RPL-based internet of things. Int J Netw Secur 18(3):459–473

    Google Scholar 

  13. Kamgueu PO, Nataf E, Ndie TD (2018) Survey on RPL enhancements: a focus on topology, security and mobility. Comput Commun 120:10–21. https://doi.org/10.1016/j.comcom.2018.02.011

    Article  Google Scholar 

  14. Muzammal SM, Murugesan RK, Jhanjhi NZ (2021) A comprehensive review on secure routing in Internet of Things: mitigation methods and trust-based approaches. IEEE Internet Things J 8(6):4186–4210. https://doi.org/10.1109/JIOT.2020.3031162

    Article  Google Scholar 

  15. Pasikhani AM, Clark JA, Gope P, Alshahrani A (2021) Intrusion detection systems in RPL-based 6LoWPAN: a systematic literature review. IEEE Sens J 21(11):12940–12968. https://doi.org/10.1109/JSEN.2021.3068240

    Article  Google Scholar 

  16. Mayzaud A, Badonnel R, Chrisment I (2017) A distributed monitoring strategy for detecting version number attacks in RPL-based networks. IEEE Trans Netw Serv Manag 14(2):472–486. https://doi.org/10.1109/TNSM.2017.2705290

    Article  Google Scholar 

  17. Aris A, Oktug SF, Yalcin SBO (Apr. 2016) “RPL version number attacks: In-depth study,” In: NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE, pp. 776–779. https://doi.org/10.1109/NOMS.2016.7502897.

  18. Yavuz FY, Ünal D, Gül E (2018) Deep learning for detection of routing attacks in the internet of things. Int J Comput Intell Syst 12(1):39–58. https://doi.org/10.2991/ijcis.2018.25905181

    Article  Google Scholar 

  19. Osman M, He J, Mahiuob F, Mokbal M, Zhu N (2021) Artificial neural network model for decreased rank attack detection in RPL based on IoT networks. Int J Netw Secur 23(3):496–503. https://doi.org/10.6633/IJNS.20210523(3).15

    Article  Google Scholar 

  20. Çakir S, Yalçin N (2021) Detection of DIS flooding attacks in IoT networks using machine learning methods. Eur J Sci Technol. https://doi.org/10.31590/ejosat.1014917

    Article  Google Scholar 

  21. Verma A, Ranga V (2020) Mitigation of DIS flooding attacks in RPL-based 6LoWPAN networks. Trans Emerg Telecommun Technol 31(2):e3802

    Article  Google Scholar 

  22. Airehrour D, Gutierrez J, Ray SK (Dec. 2016) “Securing RPL routing protocol from blackhole attacks using a trust-based mechanism,” In: 2016 26th International Telecommunication Networks and Applications Conference (ITNAC), IEEE, pp. 115–120. https://doi.org/10.1109/ATNAC.2016.7878793.

  23. Airehrour D, Gutierrez JA, Ray SK (2017) A trust-aware RPL routing protocol to detect blackhole and selective forwarding attacks. J Telecommun Digit Econ 5(1):50–69. https://doi.org/10.18080/jtde.v5n1.88

    Article  Google Scholar 

  24. Verma A, Ranga V (2019) Evaluation of network intrusion detection systems for RPL based 6LoWPAN networks in IoT. Wirel Pers Commun 108(3):1571–1594. https://doi.org/10.1007/s11277-019-06485-w

    Article  Google Scholar 

  25. Agiollo A, Conti M, Kaliyar P, Lin TN, Pajola L (2021) DETONAR: detection of routing attacks in RPL-based IoT. IEEE Trans Netw Serv Manag 18(2):1178–1190. https://doi.org/10.1109/TNSM.2021.3075496

    Article  Google Scholar 

  26. Momand MD, Mohsin MK, Ihsanulhaq (Jan. 2021) “Machine learning-based multiple attack detection in RPL over IoT,” In: 2021 International Conference on Computer Communication and Informatics (ICCCI), IEEE, pp. 1–8. https://doi.org/10.1109/ICCCI50826.2021.9402388.

  27. Almusaylim ZA, Jhanjhi N, Alhumam A (2020) Detection and mitigation of RPL rank and version number attacks in the Internet of Things: SRPL-RP. Sensors 20(21):5997. https://doi.org/10.3390/s20215997

    Article  Google Scholar 

  28. Reshi IA, Sholla S, Najar ZA (2024) Safeguarding IoT networks: mitigating black hole attacks with an innovative defense algorithm. J Eng Res. https://doi.org/10.1016/j.jer.2024.01.014

    Article  Google Scholar 

  29. Al-Amiedy TA et al (2023) A systematic literature review on attacks defense mechanisms in RPL-based 6LoWPAN of Internet of Things. Internet of Things 22:100741. https://doi.org/10.1016/j.iot.2023.100741

    Article  Google Scholar 

  30. Al-Amiedy TA, Anbar M, Belaton B, Kabla AHH, Hasbullah IH, Alashhab ZR (2022) A systematic literature review on machine and deep learning approaches for detecting attacks in RPL-based 6LoWPAN of Internet of Things. Sensors 22(9):3400. https://doi.org/10.3390/s22093400

    Article  Google Scholar 

  31. Babu MR, Veena KN (May 2021) “A survey on attack detection methods for IOT using machine learning and deep learning,” In: 2021 3rd International Conference on Signal Processing and Communication, ICPSC 2021, IEEE, pp. 625–630. https://doi.org/10.1109/ICSPC51351.2021.9451740.

  32. Salloum SA, Alshurideh M, Elnagar A, Shaalan K (2020) “Machine learning and deep learning techniques for cybersecurity: a review,” In: Advances in Intelligent Systems and Computing, vol. 1153 AISC, pp. 50–57. https://doi.org/10.1007/978-3-030-44289-7_5.

  33. Zantalis F, Koulouras G, Karabetsos S, Kandris D (2019) A review of machine learning and IoT in smart transportation. Futur Internet 11(4):94. https://doi.org/10.3390/fi11040094

    Article  Google Scholar 

  34. Verma A, Ranga V (Apr. 2019) “ELNIDS: Ensemble learning based network intrusion detection system for RPL based Internet of Things,” In: Proceedings - 2019 4th International Conference on Internet of Things: Smart Innovation and Usages, IoT-SIU 2019, IEEE, pp. 1–6. https://doi.org/10.1109/IoT-SIU.2019.8777504.

  35. Choukri W, Lamaazi H, Benamar N (Dec. 2020) “RPL rank attack detection using deep learning,” In: 2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies, 3ICT 2020, IEEE, pp. 1–6. https://doi.org/10.1109/3ICT51146.2020.9311983.

  36. Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Futur Gener Comput Syst 82:761–768. https://doi.org/10.1016/j.future.2017.08.043

    Article  Google Scholar 

  37. Sahay R, Geethakumari G, Mitra B, Sahoo I (2020) “Efficient framework for detection of version number attack in Internet of Things,” in Advances in Intelligent Systems and Computing, vol. 941, pp. 480–492. https://doi.org/10.1007/978-3-030-16660-1_47.

  38. Bokka R, Sadasivam T (2021) “Deep learning model for detection of attacks in the Internet of Things based smart home environment,” In: Advances in Intelligent Systems and Computing, vol. 1245, pp. 725–735. https://doi.org/10.1007/978-981-15-7234-0_69.

  39. Mohy-eddine M, Guezzaz A, Benkirane S, Azrour M (2023) An efficient network intrusion detection model for IoT security using K-NN classifier and feature selection. Multimed Tools Appl 82(15):23615–23633. https://doi.org/10.1007/s11042-023-14795-2

    Article  Google Scholar 

  40. Albishari M, Li M, Zhang R, Almosharea E (2023) Deep learning-based early stage detection (DL-ESD) for routing attacks in Internet of Things networks. J Supercomput 79(3):2626–2653. https://doi.org/10.1007/s11227-022-04753-4

    Article  Google Scholar 

  41. Nayak S, Ahmed N, Misra S (2021) Deep learning-based reliable routing attack detection mechanism for industrial Internet of Things. Ad Hoc Netw 123:102661. https://doi.org/10.1016/j.adhoc.2021.102661

    Article  Google Scholar 

  42. Ahmadi K, Javidan R (2024) A novel RPL defense mechanism based on trust and deep learning for internet of things. J Supercomput. https://doi.org/10.1007/s11227-024-06118-5

    Article  Google Scholar 

  43. Kumar V, Malik N (Mar. 2024) “Machine learning-based attacks detection in loT networks routing protocols,” In: 2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), IEEE, pp. 1–6. https://doi.org/10.1109/ICRITO61523.2024.10522321.

  44. Thirimanne SP, Jayawardana L, Yasakethu L, Liyanaarachchi P, Hewage C (2022) Deep neural network based real-time intrusion detection system. SN Comput Sci 3(2):145. https://doi.org/10.1007/s42979-022-01031-1

    Article  Google Scholar 

  45. Qu K, Xu J, Hou Q, Qu K, Sun Y (2023) Feature selection using Information gain and decision information in neighborhood decision system. Appl Soft Comput 136:110100. https://doi.org/10.1016/j.asoc.2023.110100

    Article  Google Scholar 

  46. Brezocnik L (Jul. 2017) “Feature selection for classification using particle swarm optimization,” In: 17th IEEE International Conference on Smart Technologies, EUROCON 2017 - Conference Proceedings, IEEE, pp. 966–971. https://doi.org/10.1109/EUROCON.2017.8011255.

  47. Rostami M, Forouzandeh S, Berahmand K, Soltani M (2020) Integration of multi-objective PSO based feature selection and node centrality for medical datasets. Genomics 112(6):4370–4384. https://doi.org/10.1016/j.ygeno.2020.07.027

    Article  Google Scholar 

  48. Kurniawati I, Pardede HF (Oct. 2018) Hybrid method of information gain and particle swarm optimization for selection of features of SVM-based sentiment analysis. In: 2018 International Conference on Information Technology Systems and Innovation, ICITSI 2018 - Proceedings, IEEE, pp.1–5 https://doi.org/10.1109/ICITSI.2018.8695953.

  49. Lin TH, Jiang JR (Dec. 2020) “Anomaly Detection with Autoencoder and Random Forest,” In: Proceedings - 2020 International Computer Symposium, ICS 2020, IEEE, pp. 96–99. https://doi.org/10.1109/ICS51289.2020.00028.

  50. Petscharnig S, Lux M, Chatzichristofis S (Jun. 2017) “Dimensionality reduction for image features using deep learning and autoencoders,” in ACM International Conference Proceeding Series, New York, NY, USA: ACM, pp. 1–6. https://doi.org/10.1145/3095713.3095737.

  51. Hastie T, Tibshirani R, James G, Witten D (2006) An Introduction to Statistical Learning Second Edition, vol. 102. in Springer Texts in Statistics, vol. 102. New York, NY: Springer US, https://doi.org/10.1007/978-1-0716-1418-1.

  52. Mokbal FMM, Dan W, Imran A, Jiuchuan L, Akhtar F, Xiaoxi W (2019) MLPXSS: an integrated XSS-based attack detection scheme in web applications using multilayer perceptron technique. IEEE Access 7:100567–100580. https://doi.org/10.1109/ACCESS.2019.2927417

    Article  Google Scholar 

  53. Mokbal FMM, Dan W, Xiaoxi W, Wenbin Z, Lihua F (2021) XGBXSS: an extreme gradient boosting detection framework for cross-site scripting attacks based on hybrid feature selection approach and parameters optimization. J Inf Secur Appl 58:102813. https://doi.org/10.1016/j.jisa.2021.102813

    Article  Google Scholar 

  54. Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Secur J 25(1–3):18–31. https://doi.org/10.1080/19393555.2015.1125974

    Article  Google Scholar 

  55. Ashiku L, Dagli C (2021) Network intrusion detection system using deep learning. Procedia Comput Sci 185:239–247. https://doi.org/10.1016/j.procs.2021.05.025

    Article  Google Scholar 

  56. Tama BA, Comuzzi M, Rhee K-H (2019) TSE-IDS: a two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access 7:94497–94507. https://doi.org/10.1109/ACCESS.2019.2928048

    Article  Google Scholar 

Download references

Acknowledgements

Not Applicable

Funding

The work reported in this paper has been supported by Beijing Natural Science Foundation (IS23054).

Author information

Authors and Affiliations

  1. College of Computer Science, Beijing University of Technology, Beijing, 100124, China

    Musa Osman, Jingsha He, Nafei Zhu & Asaad Ahmed

  2. Faculty of Engineering and Smart Computing, Modern Specialized University, Sana’a, Yemen

    Fawaz Mahiuob Mohammed Mokbal

  3. Faculty of Education, Humanities and Applied Science-Al-Jouf. Sana’a University, Sana’a, Yemen

    Fawaz Mahiuob Mohammed Mokbal

Authors
  1. Musa Osman
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Jingsha He
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Nafei Zhu
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Fawaz Mahiuob Mohammed Mokbal
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Asaad Ahmed
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

Musa Osman likely led the development of the proposed framework (HADTF) and conducted experiments. He contributed to the paper’s technical content and analysis. Jingsha He (PhD supervisor) provided guidance and expertise in machine learning and autoencoder models. He played a mentorship role in the research and paper writing. Nafei Zhu (corresponding author) coordinated the research efforts and communication. She contributed to the research design, objectives, and manuscript preparation. Fawaz Mahiuob Mohammed Mokbal was involved in data collection and experiment design. He contributed to results analysis and practical implications. Asaad Ahmed provided domain-specific knowledge in IoT security. He contributed to defining threat models and background information.

Corresponding author

Correspondence to Nafei Zhu.

Ethics declarations

Conflict of interest

The authors declare no competing interests.

Ethical Approval

The manuscript does not contain human or animal studies.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Osman, M., He, J., Zhu, N. et al. HADTF: a hybrid autoencoder–decision tree framework for improved RPL-based attack detection in IoT networks based on enhanced feature selection approach. J Supercomput 80, 26333–26362 (2024). https://doi.org/10.1007/s11227-024-06453-7

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-024-06453-7

Keywords