Computer Networks 198 (2021) 108413

Contents lists available at ScienceDirect

Computer Networks
journal homepage: www.elsevier.com/locate/comnet

A trust aware security mechanism to detect sinkhole attack in RPL-based

IoT environment using random forest – RFTRUST
K. Prathapchandran, Ph.D a, *, T. Janani, M.C.A., M.Phil b
a
Assistant Professor, Department of Computer Applications, Karpagam Academy of Higher Education (Deemed to be University), Coimbatore-641021, Tamilnadu State,
India
b
Research Scholar, Department of Computer Applications, Karpagam Academy of Higher Education (Deemed to be University), Coimbatore-641021, Tamilnadu State,
India

A R T I C L E I N F O A B S T R A C T

Keywords: The Internet of Things (IoT) plays a vital role in many application domains like battlefield surveillance, wildlife
Internet of Things monitoring, disaster response, medical care, transportation, industry, smart home, smart cities, etc. However,
Security this network is susceptible to various types of attacks due to its special features like sensing, intelligence, large
RPL
scale, self-configuring, connectivity, heterogeneity, open and dynamic environment. It is significant to ensure
Trust
Sinkhole attack
security in the IoT network. In the scalable and dynamic IoT environment, conventional security mechanisms
Random Forest such as cryptography techniques, key management, intrusion detection system, anomaly detection, etc cannot be
Subjective Logic applicable, because it consumes more energy. Therefore, the IoT network requires a lightweight security
mechanism for reliable and secure data transmission. A trust-based security solution solves many security-related
problems. The proposed RFTrust model provides a trust-based lightweight solution for ensuring security in the
IoT network. It is primarily designed to address the sinkhole attack in Routing Protocol for Low power and Lossy
networks (RPL) based IoT environments. It enhances the trusted routing in the IoT environment by finding and
removing sinkhole nodes in the network. The proposed model uses Random Forest (RF) and Subjective Logic (SL)
to improve the network performance by identifying sinkhole attack. The mathematical analysis shows the
applicability of the proposed model. The merits of the proposed work are highlighted by comparing performance
with the existing similar protocols in terms of delivery ratio, throughput, average delay, energy consumption,
false-positive rate, false-negative rate, and detection accuracy.

1. Introduction Although IoT provides influential advantages, it also faces critical

challenges. Some notable challenges are presented here. Devices in the
The IoT makes attention in both application domains and academic IoT environment are usually open to the public and it uses wireless
research because of its unique characteristics. It is an interdisciplinary communication that creates susceptible to system security. The IoT in­
framework in which things surrounding us are associated with the terconnects numerous heterogeneous embedded mobile devices and
internet to provide smart and efficient services [1]. The IoT brings a new applications that make difficulties in scalability, dynamic adaptability,
dimension that connects anyone from any place at any location. It and compatibility [4]. The important component of the IoT is the
combines the physical world with the information world. One of the internet in which most of the attacks have occurred. The IoT devices are
important components of the IoT is the sensor that gathers data from the resource-constrained including limited processing capacity, low mem­
environment and controls the environment, if it requires any changes ory, and energy. Also, a new set of problems will occur because of the
[2]. Many of the application domains use IoT to provide new services or high mobility of smart objects and services [5].
enhance the efficiency of the existing services [1]. Some notable appli­ Traditional security mechanisms are not suitable for IoT devices,
cations include transporting, environmental monitoring, e-health, in­ because they consume more energy and incur computation overhead.
dustrial monitoring, smart agriculture, public safety, military Besides, a large number of interconnected IoT devices create scalability
application, etc [3]. problems [7]. Thus, the distributed and dynamically changed IoT

* Corresponding author.
E-mail addresses: [email protected] (K. Prathapchandran), [email protected] (T. Janani).

https://doi.org/10.1016/j.comnet.2021.108413
Received 29 December 2020; Received in revised form 21 July 2021; Accepted 11 August 2021
Available online 18 August 2021
1389-1286/© 2021 Elsevier B.V. All rights reserved.
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

network and lightweight IoT devices require a trust-based solution to that can repair any disconnected link [11].
ensure the security and reliability of the information [8]. To facilitate The RPL topology is constructed based on the specific Objective
IoT entities to detect malfunctions and establish proper collaboration, Functions (OF). OF can be used with one or more metrics or constraints
Trust Management (TM) is considered a key technique in IoT for to select a preferred parent. So far, the IETF ROLL working group con­
providing qualified services, enhancing user privacy and information tributes two primary OFs: Objective Function Zero (OF0) and Minimum
security [6]. TM plays a very important role in IoT for reliable data Rank with Hysteresis Objective Function (MRHOF). Every node com­
fusion and mining, qualified services with context-aware intelligence, putes its rank by adding positive and indirectly normalized scalar values
and enhanced user privacy and information security [9]. to its preferred parent. The OF0 uses a hop count as a routing metric and
it does not consider Quality of Service (QoS) and load balancing. Simi­
1.1. Contribution larly, the MRHOF is based on the Expected Transmission Count (ETX)
[58].
In this paper, we propose a trust-based secure RPL routing protocol There are two kinds of sensor nodes in the RPL network: one is a
against sinkhole attacks using RF algorithm for the Internet of Things storing mode that can collect and transfer the data packets to neighbor
(IoT) network called RFTrust. The main goal of RFTrust is to ensure nodes, another one is a non-storing mode that can only transfer the data
secure and reliable data transmission between different IoT nodes in the packets to its neighbor. All the root nodes are configured to use storing
massive and distributed IoT networks. modes. They contain the routing tables where routing related informa­
The primary contributions of the RFTrust model are listed below: tion have stored. The root node has the right to provide authority to a
few other nodes to keep the routing details for a certain part of the
• The RFTrust model is embedded with the RPL routing protocol to network. There are four control messages in RPL that are DODAG In­
enhance the security of the IoT network. formation Solicitation (DIS), DODAG Information Object (DIO), DODAG
• This model is primarily designed to detect the sinkhole attack in the Advertisement Object (DAO), and DODAG Advertisement Object
IoT network by using trust metrics such as delivery ratio, delay, Acknowledgement (DAO-ACK). In the initial stage of the DODAG con­
energy consumption, and honesty. The sinkhole nodes are isolated struction process, the DODAG root node broadcasts the DIO control
from the network by using the proposed RFTrust model, by the way, messages to its neighbors and the process is repeated until all the nodes
security can be ensured in the IoT network. in the network join the RPL topology. If the participant nodes do not
• The mathematical analysis is also presented to show the applicability receive any DIO messages, then it may request DIS control messages to
of the proposed RFTrust model. the DODAG root node. The DODAG has trickle-timers. Participant nodes
• The RFTrust model is implemented using Cooja, the Contiki network should broadcast the DAO messages within the interval of time [10].
simulator. The sinkhole attack is one of the most devastating routing attacks in
• The performance evaluation of the RFTrust model is compared with the RPL network. The attacker node attracts most of the network traffic
the existing similar works to show the accuracy and effectiveness of in the network, thus most of the data packets are transferred to the
the RFTrust. attacker node. The main objective of this sinkhole attack is to be a part of
every possible route and to receive the captured data [12].
1.2. Organization It may create severe issues in RPL operation and network services
[13]. It also raises the overhead of the network and reduces the lifetime
The rest of the paper is organized as follows: Section 2 describes the of the network by consuming maximum energy. Finally, it devastates the
background details of the RPL protocol, the RF algorithm, and SL. Sec­ network [14]. It may combine with several other attacks like a black
tion 3 presents related work on security. Section 4 describes the pro­ hole, selective forwarding attack, modification, etc [13]. It becomes
posed RFTrust model with its working methodology and mathematical very powerful when joined with these attacks [15].
analysis. Section 5 presents the simulation and performance evaluation
of the RFTrust using various performance metrics. The conclusion and 2.2. Overview of Random Forest (RF)
future direction of the paper is presented in Section 6.
In the last few decades, Machine Learning (ML) algorithms have been
2. Background popularly used in many application domains such as spam detection,
bioinformatics, speech recognition, intrusion detection, etc [16]. ML
This section presents an overview of the RPL protocol and a brief techniques are used to construct the computing model with
description of the RF algorithm and SL. cost-effectiveness. Besides, it enhances reliability and efficiency. ML
builds the models by analyzing the data rapidly, automatically, and
2.1. RPL Overview accurately. The new advancement of ML also solves many problems in
WSN, IoT, and Cyber-Physical Systems (CPS). ML enhances the perfor­
RPL is a proactive routing protocol and it is based on Destination mance of these networks, reduces human involvement, and re-programs
Oriented Directed Acyclic Graph (DODAG). In the DODAG construction itself. ML helps to access the huge volume of data gathered from the
process, the nodes in the network transfer the data packet to the border sensors and obtain needed information from the collected data [17].
root via the parent node and then the border root discovers the path to Many machine algorithms were developed in the last few years. Some of
transfer the packet to the target node. The data packets are transferred the most commonly used algorithms are Support Vector Machine (SVM),
through either an upward or downward direction. It allows more RPL RF, Decision Tree (DT), Artificial Neural Network (ANN), and Ensemble
instances in the network and every RPL instance consists of several Learning (EL) [18]. The proposed Random Forest Trust (RFTrust) model
DODAG networks, where many sensor nodes are associated with the uses the Random Forest (RF) algorithm for classifying node neighbor.
root. These roots are all linked together with each other through the The reasons for choosing RF compare with other machine learning
internet by a transmit link. The primary attention of the RPL is to create techniques as described in the following section. Besides, the authors
the routing topology to auto-optimize and avoid loops in the network. [57] has witnessed that the RF algorithm is better in classifications to
The rank concept is used to avoid loops in the RPL. Therefore, each node compare with other machine learning algorithms.
in the network should compute rank based on its parent rank, but it In 2001, the RF algorithm was first developed by Breiman from the
should not be less than the parent node [10]. The RPL rank represents algorithm called bagging [19]. It is an ensemble learning and the pre­
the distance between the DODAG root and the parent node. diction depends upon the outcome from the various decision trees [20].
Auto-optimization is managed by a global and local repair mechanism It is a classification method that consists of many decision trees. It is

2
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

characterized as a general basis of the ensemble randomness of the de­ problems in the decision tree, whereas, the RF can limit the over-fitting
cision tree. The fundamental part of the RF is the binary tree which is without substantially reducing prediction accuracy [25].
built with the help of recursive partitioning. It uses the Classification and Naive Bayes works with the concept that all the attributes are in­
Regression Trees (CART) methodology to binary division repeatedly to dependent of each other. But practically, the attributes might depend on
separate the tree into similar or near similar end nodes [21]. In this RF each other. One more issue with this algorithm is conditional indepen­
algorithm, every tree is autonomous. Thus, simultaneously training and dence which may affect its accuracy [26]. RF algorithm overcomes these
testing processes will take place for each tree. It is an enhanced and problems.
extendable ML algorithm to deal with high-level data. It is suitable for In addition to the proof, the authors have also validated with the help
large-scale application domains. In addition to that, it adapts the of Weka 3, an open-source data mining tool [63] where the authors
parameter that reduces the hypothesis of the data. validated and compared the machine learning algorithms with various
In an RF algorithm, there are two essential parameters used for performance metrics. Based on the comparison of many ML algorithms,
tuning: one is Mtry and it is defined as the number of attributes the authors have chosen the RF algorithm since it shows good
randomly chosen for every division of the tree. Another one is Ntree and performance.
it is defined as the total number of decision trees in the random forest. Therefore, we selected a RF algorithm for the distributed IoT
When the number of attributes increases in Mtry, it also raises the cor­ network. It can provide better accuracy and also can handle a large
relation between decision trees. However, it enhances the accuracy of amount of data.
every decision tree [20].
The process of RF is explained as follows: 1) Construct the ‘n’ deci­ 2.3. Subjective Logic (SL)
sion tree bootstrap sample, which is the subset of the original training
data set. 2) Build the decision tree and Mtry variables are randomly The basic idea for SL is derived from the Dempster Shafer theory
picked to divide the decision tree, constructing the tree until it reaches which consolidates the individuality of all examinations. It is based on
the terminal node that cannot be split anymore. 3) Combine the outcome opinion. The party ‘X’ can provide opinion for subject(s) with 4 tuples:
of the ‘n’ decision tree for prediction. Voting or average methods are belief (bX
s ), disbelief(ds ), uncertainty(us ), and relative atomicity(as ).
X X X

used for prediction. 4) Calculate the Out-Of-Bag (OOB) error rate from The sum of bs, ds, and us should be one. It is not mandatory to provide all
the unused data sample in the original data that are not included in any these values for calculation.
bootstrapped. The advantage of a RF is that it can handle a large number The consensus and discount operators are introduced by the SL. The
of variables and also it can handle missing information. When the consensus operator is used to aggregate the opinions and discount op­
number of decision trees becomes high, the RF provides an unbiased erators are used to uphold the faith in the origin of the opinion. The
prediction [21]. consensus rule provides accurate results than the Dempster Shafer the­
The Gini index is used to estimate the impurity that means the ory. The SL is considered as an expansion of the probability calculus and
probability of a certain variable being incorrectly classified. It can be binary logic.
computed by the weighted sum of the resulting partition’s impurity. Assuming notation ωsX and ωsY are two opinions, consensus between
Thus, the minimum Gini index represents the highest purity of the di­ these two is measured as follows.
vision. While constructing the decision tree, the attribute with the small ∑
Gini index will be selected as a root node [22]. K = uXs + uYs − uXs uYs (2)
For instance, let us consider training data set D that consists of ‘n’ ( )/
instances with ‘k’ classes. Gini index is computed using Equation (1). bX,Y
s = bXs uYs + bYs uXs K (3)

∑
k ( )/
Gini(D) = 1 − p2i (1) dX,Y
s = dXs uYs + dYs uXs K (4)
i=1
( )/
uX,Y
s = uXs uYs K (5)
where pi is the probability of a variable being classified into a certain
class [23]. The above-mentioned operations are SL consensus operations. To
represent the consensus operator ‘⊕’ symbol is used.
2.2.1. The Motivation for employing the RF in the RFTrust Model The discount operator is used to combine the opinion provided by the
The recent research work on trust evaluation schemes in IoT uses a source and the opinions about the source. The notation ωYX represents
machine-learning algorithm to predict the node’s future neighbor. This the opinion provided by ‘X’ for ‘Y’. If it is a trust concept that defines
paper considers the RF algorithm to classify and predict the node’s when the trust level is low for the source, then the opinion provided by
neighbor on the IoT network. We find that random forests outperform this source would be discounted highly. To represent the discount
SVM, Naive Bayes, and decision trees in our trust model. There are operator ‘⊗’ symbol is used. The following equation defines the SL dis­
various distinct characteristics noted between such ML algorithms and count operator.
RF. The RF algorithm has several merits over the other ML algorithm.
bX,Y = bxy .bYs (6)
For example, SVM needs a greater number of user-defined parameters s

[24] and it requires more training time for large training data sets [26].
dX,Y = dxy .dYs (7)
Besides, it cannot handle categorical data, missing data, and unbalanced s

data. Whereas the RF needs to set two parameters and it takes less
training time for large training data sets and also it can handle cate­ uX,Y
s = dxy + uxy + bXY uYs (8)
gorical data, missing data, and unbalanced data. Moreover, the accuracy In a heterogeneous network, belief algebra enhances probabilistic
of the RF is higher than the SVM [24]. and evident reasoning [27].
Though the RF is constructed from multiple decision trees, [25] it has
several advantages over the single decision tree. A single decision tree is 3. Related Work
not robust, but a minor modification in the data set makes a considerable
impact on the final prediction. For the large data set, the decision tree With the growing trends in the field of IoT, significant research work
does not work well because of the increase in complexity [26]. When the was developed by the researchers to provide a solution for security in
decision tree is completely grown, it may lose a few generalization ca­ IoT networks. This section presents a summary of existing research work
pacities which are known as over-fitting. Over-fitting is one of the major on IoT that includes cryptography-based security models, anomaly-

3
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

based security models, and trust-based security models. root node. These attacker nodes are detected in the detection phase. In
The authors [28] proposed a Cuckoo-RPL to counter black hole the third phase, the alternative parent is selected as a parent node
attack in smart metering. They used the cuckoo filter to form a hash instead of an attacker node. The authors [37] proposed a neighbor
table that contains all the authorized members of the AMI network. In passive monitoring technique to detect sinkhole attacks. In this model, a
this system, malicious nodes are avoided from the network by blocking new node called passive node is introduced to monitor the behavior of
the DIO control messages from the malicious nodes. The authors [29] the neighbor nodes. This passive node is not a resource constraint de­
developed a cryptography solution for version number and rank attacks. vice. It has enough resources to can handle the information processing
The version number attack makes a load on traffic and it consumes more and analysis. This model consists of two phases: In the first phases, the
energy. To avoid this, a hash chain has been created and with the help of suspicious nodes are identified from the rank inconsistency of the node.
this rank chain, those attacks are eliminated from the network. The From the suspicious node, the sinkhole node is detected in the detection
authors [30] proposed a trust-aware approach for protected routing in phase based on the interaction between two passive nodes.
IoT and CPS. Based on the interaction, this system classified a node as The authors [38] proposed a hybrid monitoring method to identify
trusted, suspicious, or selfish. The output of the performance evaluation the abnormal neighbor in RPL based networks. It includes two phases:
is the primary task of the routing protocol that uses the SCOTRES’s detecting suspicious nodes and identifying sinkhole nodes. This model
metrics to compute direct trust. Then it transfers the direct trust as in­ introduces passive edge nodes and passive intermediate nodes to collect
direct recommendations to the trusted one-hop neighbour when it the information about the neighbor nodes and analyze to detect the
identifies any changes in the inspected node. It excludes the malicious suspicious nodes. The sinkhole node is detected by comparing the data
node in selecting the route path. The metrics used in the system are from the two passive nodes. The authors [39] proposed a Decentralized
energy, topology metric, channel health metric, reputation metric, and and Energy Efficient Method for detecting sinkhole attacks on the IoT.
trust metric. The security characteristics of the system were checked by This model consists of two phases: In the first phase, the information of
the theoretical analysis. The authors [31] proposed a SecTrust-RPL to the neighbor nodes is collected. In the second phase, the sinkhole node is
assure security using trust in RPL protocol. This model resists Sybil and detected. The authors [40] proposed Ensemble Learning-based Network
rank attacks. It calculates and estimates the trustworthiness of the node Intrusion Detection System for RPL based IoT. The classifiers used in this
based on the successful data packets shared between two nodes within a model are Bagged, Boosted, RUS Boosted, and subspace discriminant
particular time and positive acknowledgment from the connected IoT trees. The main reason for selecting this classifier is that it can handle all
nodes. This model is implemented into the routing protocol called RPL in types of data set (balanced, imbalanced). In the testing phase, the model
the IoT network. returns the output of the test instance as an attack or normal class. The
The authors [32] proposed a new centralized mechanism for man­ author concluded that with the use of ensemble learning, the perfor­
aging trust in the IoT. This framework provides trustworthy communi­ mance of the model improves and assists to protect the RPL network
cation between IoT nodes. It contains a dedicated centralized trust from several routing attacks.
manager node also known as Super Node (SN). This system divides the The authors [41] proposed a dynamic and comprehensive trust
IoT network environment into small regions called clusters for trust­ model for IoT to ensure trusted things. This model considers
worthy interaction among the nodes. This cluster contains the Master multi-dimensional trust. This model used several metrics together to
Node (MN), which acts as a local trust manager. Each cluster consists of handle several attacks with the umbrella of trust level computation. The
a lot of Cluster Nodes (CN) that communicate among themselves under authors [42] proposed a trust-aware and the cooperative routing pro­
the supervision of the MN. The SN contains a central warehouse to keep tocol to ensure security in IoT. They used non-zero-sum and
the trust values of master and CN for the complete IoT network. The MN non-cooperative iterated prisoner dilemma game theory concepts to
contains the local warehouse to keep the trust values of CN. The interact with nodes, besides the trust decision-making process for every
centralized trust approach is one of the mechanisms used to provide node. Finally, determines the node as trusted (cooperative) or untrusted
solutions for security issues in IoT. The authors [33] presented a (defection). The cooperative nodes increase the network performance
trust-based situation awareness technique. Where the nodes react to the and defecting nodes are misbehaving nodes which degrade the network
threat depending on the situation awareness knowledge. This system performance. The authors [43] proposed Trust-Based Secure Routing
considers both direct and recommended trust. Each node monitors the Protocol for RPL Attacks for IoT Applications. This model name is
interaction among its surroundings and receives a recommendation SMTrut which is a conceptual design. The trust metrics selected in this
from the trusted nodes. It is used to classify the surrounding nodes and model are in considerations of mobility. This model includes the
identify the intrusion and take action for detecting threats. following phases to detect the malicious nodes: selecting trust metric,
The authors [34] proposed a novel framework for IoT routing pro­ trust index computation, updating trust value, trust rating, re-computing
tocol against wormhole and gray hole attacks. Each node in the network the trust values, identifying malicious nodes, trust recovery, and quar­
monitors their neighbor node’s neighbor and also checks whether the antine the malicious nodes.
nodes follow the pattern of RPL protocol or they depart from it. This The authors [44] presented the INTI system to address the sinkhole
model computes total trust from the direct and indirect trusts, then the attack. This system identifies the sinkhole attack in the IoT when mali­
nodes are placed in the descending order. Then, the placed nodes are cious nodes launch adverse effects. It used a watchdog and reputation
entrenched in the RPL objective function with the ETX and Rank values. mechanism to discover the adversary by evaluating the node’s neighbor.
Each node transfers its data packets through the trusted nodes only and The authors [45] proposed a security mechanism against the sinkhole
misbehaving nodes are isolated from the IoT network. The authors [35] attack in IoT networks using node ranking and rating. This model con­
proposed the multi-link paradigm to detect sinkhole attacks in RPL sists of two parts to detect the sinkhole attack. The first part discussed
based IoT networks. If the link is quiet for more than the threshold value the ranking and rating of the IoT nodes in the RPL network based on
of the latency, then the model is assumed as rank inconsistency between their distance. The second part is to detect the misbehaving nodes based
parent and child node. The root node gets the notification about the on average data packets transmission. The authors [46] proposed an
malicious node. The root node informs the malicious node details to all intrusion detection system in the IoT network. In this model, the IoT
other nodes and also blocks the non-trusted route. nodes are formed into the clusters, and the node with the highest
The authors [36] proposed dynamic detection of sinkhole attacks in probability becomes the cluster head. The cluster head sends a notifi­
IoT. This model consists of three main phases: 1) DODAG construction, cation message to its neighbor nodes. The observer nodes are deployed
2) sinkhole detection, and 3) sinkhole treatment. In the DODAG con­ in the IoT network for monitoring processes that detect the data packet
struction phase, the root node is the head node and initializes the con­ drop count of the neighbor nodes. The observer node uses Dempster
struction process. The attacker node broadcast a false route towards the Shafer’s theory to estimate and assign a rank for every neighbor node.

4
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

The rank value is to check the threshold value to identify the malicious Table 1
nodes. The malicious nodes are isolated from the network. The network Summary of existing solution for securing IoT
was reconstructed with non-malicious nodes. The table 1 presents some S. Author Mechanism/ Attack Research Gap
of the notable existing security solutions for IoT networks. No. Algorithm Addressed
Though other solutions also discard malicious sinkhole nodes from 1 Zhang, et al., Cuckoo Black hole The network is only
participating in the routing operations, the need for an efficient security 2019 [21] filtering attack protected from
model to improve the network performance is always desirable. Algorithm external attacks. In
The proposed work is designed by considering the research gap this model, the DIO
messages from the
mentioned above. This model used a RF machine learning algorithm and unauthenticated
SL evidence theory for trust computation. This model identifies and nodes are blocked,
removes the sinkhole IoT nodes from the network. Only trusted nodes but in the RPL
will be involved in the routing operations and malicious nodes will be network, the node
may change its
removed from the network. In this way, security can be ensured in the
neighbor after the
IoT network. authentication
process. These
4. Random Forest Trust Model (RFTrust Model) nodes are called
internal attacks. The
authors do not
The proposed model uses a RF algorithm and SL theory to construct consider these
the trust model for the IoT application. In a highly distributed battlefield internal attackers.
environment, the IoT nodes that successfully joined the network may 2 Dvir, et al., Crypto-graphy Version number Consumes more
change their neighbor at any time and launch the attack to interrupt the 2011 [29] and rank attack energy. Not suitable
for resource-
mission, because these nodes are seized by the adversary. The proposed
constrained devices.
model intends to identify and remove such IoT nodes from the network. 3 Hatziva-silis, Trust Malicious Additional overhead
In a neighbor-based trust model, trust metrics are fundamental for et al., 2017 Mechanisms neighbor occurs.
evaluating trust. Selecting these trust metrics differs from one context to [30]
another [47]. 4. Airehrour, Trust Rank attack and Significant data
D., et al., Mechanisms Sybil attack packet loss rate; No
Trust metrics selected in this model are suitable for the battlefield 2018 [31] evaluation for
environment and also IoT devices. The IoT nodes make use of the trust energy
metrics to predict the node’s future neighbor. This model is primarily consumption, and
designed to mitigate the sinkhole attack, and trust metrics are selected average delays
5 Alshehri Centralized Malicious Specific RPL routing
based on the impact of this attack.
et al., 2017 Trust neighbor attacks are not
[32] management mentioned.
4.1. Network Model Assumptions Centralized TM is
used. A single point
RFTrust model has been developed with the following underlying of failure will affect
the whole system.
assumptions: 6 Glowacka, Trust Malicious Not specifying any
et al., 2015 Management neighbor security attacks. Not
1 The network model is based on the pure IoT environment. [33] considering Quality
2 Dynamic Topology: IoT nodes can move from one network to another of Service (QoS)
performance
network.
metrics in
3 Heterogeneity: IoT nodes have different capabilities in terms of their evaluation.
energy, memory, processing speed, storage capacity, and 7 Mehta, et al., Trust Worm hole, Consider only a
technologies. 2018 [34] Management Gray hole single trust metric to
4 Each network consists of one high-capacity device which acts as a attacks evaluate the trust
neighbour.
border root. As RPL is used as an underlying routing protocol, by 8 M.Iqbal, Anomaly- Rank and This uses a multi-
default RPL has a root node and it is held by the commander. et al., 2020 Based Sinkhole path, thus increases
Assuming this node is trusted and cannot be compromised by an [35] attacks. the additional
adversary. When the sinkhole attack is found in the network, this overhead. Instead of
blocking the
node broadcasts that malicious node details to all other IoT nodes in
malicious node, this
the network. By the way, other nodes get alert. model blocked the
5 Decentralized Network: There is no centralized authority (trusted non-trusted route.
device) on the battlefield. Therefore, each IoT node should be aware Comparison is not
of its surrounding environment. They have to maintain the trusted done with any state-
of-the-art method.
and malicious IoT node’s list for future communication.
9 Stephen, Anomaly-based Sinkhole No simulation
6 Restricted Resources: IoT nodes are small in size as well as resource- et al., 2016 attack analysis.
constrained. It may get drained due to sensing, monitoring, updating, [36]
and processing. 10 Alzubaidi Hybrid method Sinkhole Additional overhead
et al., 2017 attack occurs due to the
7 The node is considered as malicious if it launches sinkhole attack.
[37] introduction of the
8 Every node can monitor its neighboring node’s forwarding behavior passive node. A
by using passive acknowledgment [59]. single point of
failure degrades the
4.2. Adversary Model network
performance.
11 Sinkhole The introduction of
Sensors embedded in the IoT nodes are susceptible to various kinds attack passive
of attacks because of their remote and open deployment in the battle­ (continued on next page)
field environment. The suspicious nodes may perform both external and

5
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

Table 1 (continued ) internal attacks. Identifying internal attacks is more difficult than
S. Author Mechanism/ Attack Research Gap external attacks because the malicious node acts as a trusted node in the
No. Algorithm Addressed network [48].
Alzubaidi, .Hybrid intermediate nodes
The RPL protocol itself has limited security protection against at­
et al., 2018 Monitoring and passive tacks. The adversary may launch an active or passive attack. In a passive
[38] technique edge nodes occurs attack, the attacker only observes the transmission media. The examples
that leads are eaves dropping and sniffer [49]. In an active attack, the attacker
additional
observes and changes, spoofs, or replays the information in the trans­
overhead.
12 Taghanaki, Anomaly-based Sinkhole This method did not mission media. The examples are wormhole, black hole, and sinkhole
et al., 2019 attack consider [49].
[39] any other QoS Malicious nodes may perform different types of misbehaving activ­
performance metric ities. The proposed model focuses on the sinkhole attack, which is one of
except for energy
consumption.
the devastating routing attacks in IoT networks. In this attack, an ad­
13 A.Verma, Ensemble The sinkhole, Ensemble learning versary intends to attract many neighbors, and then perform some other
et al., 2019 Learning-based black hole, makes additional malicious activities.
[40] Network Sybil attack, overhead and
Intrusion clone ID attack, energy consumption
4.2.1. Sinkhole Attack
Detection Selective
System Forwarding A sinkhole attack is a routing attack and it is one of the most
attack, Hello destructive attacks in wireless networks. In this kind of attack, an
Flooding attacker broadcasts false information to its neighbors showing that it has
attack, and the shortest path to a targeted destination, [44] by this way it is getting
Local Repair
attack.
attention from the neighbour nodes. Then, it makes most of the neigh­
14 Hashemi, Hierarchical Black hole, Consumes more bors select this node as a preferred parent and maximum data packets
et al., 2018 trust model rank, time and are transferred through the malicious node to the root node. In this way,
[41] and power consumption. the malicious node draws maximum network traffic in itself to the tar­
Sybil attacks
geted node.
15 Djedjig, Trust Black hole Although the
et al., 2020 management and solution presents The fig. 1 illustrates the example of a IoT network with no attackers
[42] rank attacks good performance and fig. 2 illustrates the example of IoT network with a sinkhole attack.
regarding packet In fig. 2, the IoT node N5 is malicious, which attracts its neighbor with
delivery and energy false information, and thus many of the neighbour nodes select this
consumption,
malicious node as a preferred parent, and then this malicious node N5
further evaluation is
required to show performs malicious activities to disturb the mission.
false-positive and
false-negative rates.
16 S.M. Trust Black hole, No simulation 4.3. Trust Management (TM)
Muzammal, management Grey hole, Rank results to show the
et al., 2020 and effectiveness of the
Trust is related to time and trust levels may rise or fall within a
[43] Version model.
Number certain time. It is a mathematical description of a node’s belief about
attacks another node [50].
17 Cervantes, watchdog and Sinkhole A single trust metric TM in IoT is important to make decisions for several actions in the
et al., 2015 reputation and attack is considered for network. When trust is computed based on the node’s trust properties
[44] trust trust computation.
mechanism Simulation results
derived from the direct experience, then trust is called direct trust [51].
only consider Packet It is the first-hand and reliable source of information [52]. If trust is
Delivery Ratio computed from the recommendation collected from the neighbor nodes,
(PDR), false-positive then the trust is called indirect trust [51].
rate, and false-
The proposed RFTrust model uses either direct trust or indirect trust
negative rate, not
consider delay and
energy
consumption.
18 Zaminar, Anomaly-based Sinkhole In this model, the
et al., 2020 attack child node can only
[45] detect the malicious
parent using the DIO
messages by
comparing the rank
value. Malicious
child node detection
is considered in this
model.
19 Surendar, Intrusion Sinkhole Consumes more
et al., 2016 detection attack energy to select the
[46] system leader node. False-
positive and false-
negative rate is not
considered in
performance
evaluation.

Fig. 1. Example of Network Scenario with no Attacks.

6
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

selected in this model are based on the impact of the sinkhole attack on
the IoT environment. Therefore, these metrics are used to identify the
malicious IoT nodes that launch the sinkhole attack. The trust metrics
used in this model are described below.

4.3.1.1. Packet Delivery Ratio (PDR). It is a proportion between the

total amount of data packets forwarded by the source node and the total
amount of data packets received by the destination node. It is an
important metric to identify the sinkhole attack. In this model, a PDR is
greater than the specified threshold value and is represented as good
otherwise bad.
Equation (9) is used to compute the delivery ratio of the data packet.
TPR(t)
PDR(t) = (9)
TPF(t)

where TPR means the total amount of data packets received by the target
node at time ‘t’ and TPF is the total amount of the data packet forwarded
by the origin node at time ‘t’.
Fig. 2. Example Network Scenario with Sinkhole Attack.

4.3.1.2. Average Delay. It includes every potential delay that occurred

for trust computation. When the node has direct experience and enough during path detection, propagation, re-transmission, and relay time. A
details to evaluate the node’s trustworthiness, then it will use its data for sinkhole attack creates huge traffic around the malicious node; thus, the
trust computation otherwise it will receive a recommendation from its average delay will be increased. In this model, when the average delay
neighbors. In direct trust calculation, the RF algorithm is used to identify exceeds the specified threshold value, and then it is represented as ‘high’
the node’s trustworthiness in this model. In indirect trust calculation, otherwise ‘low’. It can be calculated as follows.
the Subjective Logic(SL) operation is used to identify the node’s ∑n ( )
neighbor using various sources of information. This model does not use j=1 PRTj − PSTj
EED(t) = (10)
both direct and indirect trust for trust computation at the same time. TNP
Besides, this model will not aggregate direct and indirect trust for total
trust computation. Thus, the proposed RFTrust model reduces the where PRTj denotes Packet Receive Time and it is defined as the time
additional computation overhead. However, this model may be taken by the ‘j’ th packet to reach the destination node. PSTj denotes
vulnerable to bad-mouthing and good-mouthing attacks as nodes could Packet Sent Time and it is defined as the time taken by the ‘j’th packet
rely only on direct observation. Because malicious nodes could falsify deliver by the source node. TNP represents the Total Number of Packets
the direct trust values of other nodes. To overcome this issue, an RF forwarded [53].
algorithm has been used to evaluate the node’s trustworthiness in the
direct trust calculation phase itself. Hence, such malicious nodes could 4.3.1.3. Energy Consumption (EC). EC is an important trust metric
identify and eliminate. Afterward, only trusted nodes could give rec­ because it determines the node’s neighbor. Generally, the sinkhole node
ommendations in the indirect trust calculation phase. consumes more energy in the network. It falsely broadcasts information
When the node does not get enough information to compute the to attract its neighbors, thus many of its neighbors select this node as the
direct trust computation, then it receives a recommendation to compute parent node. Due to the heavy traffic load near this sinkhole node, it
indirect trust. In indirect trust computation calculation, SL is used to consumes more energy than the required energy [54]. In this model,
avoid biased or incorrect recommendations which avoid bad-mouthing when the node consumes more energy than the required energy, then
and good-mouthing attacks. In either case, the identified malicious node the node consumes extra energy and it is referred to as heavy energy
details are transferred to the root node, and then the root node informs consumption. If the energy consumption exceeds the specified threshold
the malicious node details to all other nodes in the DODAG instance. value, represented as ‘heavy’. Otherwise it represented as ‘normal’.
In the IoT environment, Quality of Service(QoS) trust metric is not Energy consumption is a summation of Low Power Mode (LPM), CPU
enough to evaluate the trustworthiness of the node. The social trust power, radio listening, and radio transmission. The equation (11) is used
metrics are also required since it is depending on the network’s envi­ to compute the energy consumption of the node.
ronment. Therefore, the RFTrust model considers both QoS and social Energy (mJ) = (Transmit * 19.5 mA + Listen * 21.5 mA + CPU time
trust to compute the trustworthiness of the node. * 1.8 mA + LPM * 0.0545 mA) * 3 V / (32768) (11)
The QoS trust refers to a belief of the node concerning the various The Powertrace mechanism [61] is used to estimate the energy
performance metrics such as Packet Delivery Ratio (PDR), average consumption of the node. It uses power state tracking that records the
delay, etc. These trust metrics can be calculated when communication energy consumption of local node in the energy capsule. The energy for
occurs in the networking environment [48]. Social trust refers to the node level activities (such as data packet transmission, data packet
social relationship between the owners of the IoT nodes, which are reception) and network level activities (such as routing, forwarding) are
measured in terms of intimacy, honesty, centrality, etc [49]. The pro­ captured in energy capsules. Powertrace enables both inspection of
posed model considers honesty to estimate the social trust of a node. node-level and network level energy behavior. A routing protocol can
PDR, average delay, and energy consumption to estimate QoS trust of a get the information about the energy costs of transferring data to a
node. particular neighbor. This information can be stored in routing table for
routing decisions that enables the routing protocols to be more
4.3.1. Direct Trust energy-efficient [60].
The proposed model uses the RF algorithm to classify the node’s
neighbor into two classes such as trusted and malicious. In direct trust 4.3.1.4. Honesty. It is social trust to estimate the node’s trustworthi­
calculation, the following trust metrics are used in this trust model: PDR, ness. This metric is used to detect an attacker by analyzing the abnormal
average delay, energy consumption, and honesty. The trust metrics neighbour of the node. It can be measured using the total count of

7
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

positive and negative communications of the nodes. Positive and nega­ Table 2
tive communication means, if the transaction becomes a success, it is Training Data Set
called positive. Otherwise, it is negative. The beta function is used to S.NO PDR Delay EC Honesty Node Neighbor
estimate the honesty between two nodes. The honesty trust metric is
1. Good Low Normal Yes Trusted
defined as in Equation (12). 2. Good High Normal No Malicious
3. Bad Low Normal Yes Trusted
αi,j (t)
Hi,j (t) = ( ) (12) 4. Bad Low Heavy No Malicious
αi,j (t) + βi,j (t) 5. Good High Heavy Yes Trusted
6. Good Low Normal No Trusted
7. Bad High Heavy No Malicious
αi,j(t) = Total count of positive communications. 8. Bad Low Heavy Yes Malicious
βi,j(t) = Total count of failure communications.
αi,j(t)+βij(t) = Total count of positive and negative communications.
i = Evaluated node Table 3
j = Evaluating node Bootstrap Sample 1
Hi,j(t) = Honesty [55]
S.NO PDR Delay Honesty Node Neighbor

1. Good Low Yes Trusted

When the node transfers the data packets successfully, then it con­
2. Good High No Malicious
siders it as positive communications. Otherwise, it is negative commu­ 3. Bad Low Yes Trusted
nication. Based on the PDR, the communication between two nodes is 4. Bad Low No Malicious
concluded as positive or negative. 5. Good High Yes Trusted
6. Good Low No Trusted

4.3.1.5. Identifying Malicious Nodes. In the initial stage of RPL, a com­

parison has been made between nodes based on the rank values. The selected and Instances 1 to 6 are selected.
proposed model uses the modified default Objective Function OF0 that Table 4 presents the second bootstrap sample where trust metrics
selects the optimal path based on the lowest hop count towards the root PDR, EC, and Honesty are selected and Instances 1, 3, 4, 5, 6, and 8 are
node. Contiki OS uses 16 bits to store rank values with units of 256 and selected.
has a maximum of 255 hops. Each child node computes its rank using the Table 5 presents the third bootstrap sample where trust metrics PDR,
rank of the parent node. It is calculated as the sum of the parent rank Delay, and EC are selected and Instances 1, 2, 3, 5, 7, and 8 are selected.
value and the default_min_hop_rank_increase. Initially, the preferred Step 2: Training Phase: Construct a decision tree for every bootstrap
parent is selected based on the rank value. After an interaction with the sample.
preferred parent, trust metrics are observed and also identified the trust The Gini Index is used to split the attributes (trust metrics) of the
behavior. decision tree (CART) until reaching the terminal node. For simplicity,
Every node stores the trust metrics and its corresponding node’s trust metrics are represented in the nominal value. The construction of
behavior based on the experience. This information is derived from the decision tree for Bootstrap Sample 1 is as follows.
various IoT nodes and it will serve as a training data in the RF algorithm. PDR
During the training phase, the node learns the node neighbor from The trust metric ‘PDR’ can be either good or bad, which is measured
the various set of nodes, besides any of the nodes is identified as mali­ based on the forwarding neighbor of the node. Table 6 summarizes the
cious in the training phase, and then that node IDs are stored in blacklist neighbor of the nodes for the PDR trust metric.
to prevent further communication. After some set of interactions, the The PDR’s trust metric Gini index is calculated using Equation (1) as
node learns the neighbor of the other node. In the detection phase, nodes follows: Gini(PDR=Good) = 1-(3/4)2-(1/4)2 =>0.38
interact with the new node, based on these experience trust metrics are Gini(PDR=Bad) = 1-(1/2)2-(1/2)2 =>0.5
computed. These trust metrics are given as input to the trained model to Gini(PDR) = 4/6*(.38)+2/6*(0.5) => 0.41
predict the node’s neighbor. If the node is identified as malicious, then it The Gini index of PDR is 0.41. Similarly, the Gini index is calculated
stores in the blacklist and also broadcast to its neighbor nodes. for trust metrics delay and honesty.
In the training phase of the RF algorithm, several decision trees are Table 7 shows the Gini index of different trust metrics.
constructed from the subset of the original data. The number of trust As mentioned earlier, the minimum Gini index trust metric is
metrics and the number of instances are randomly selected for each tree. selected as the root node. In this example, PDR and Delay have the same
Each tree classifies the node’s neighbor from the sample data set. Gini index. We can select either PDR or Delay as the root node. Here, we
In the testing phase, the testing node’s information is passed to every select the PDR as the root. The decision tree is partition based on the
decision tree. From the majority of the voting from the decision tree, RF PDR as the root node.
predicts the IoT node’s future neighbor. The Fig. 3 shows the decision tree with PDR as a root node:
Now, the decision tree is classified into two sub-trees.
4.3.1.6. Identifying the Node’s Neighbor using the RF Algorithm - An Selecting the splitting attribute for the left sub-trees
Example. The following sections describe the implementation of the RF Gini index should be calculated for the trust metric Delay and
algorithm with examples. Honesty of ‘good’ PDR. The attribute with minimum value will be
Assuming, the IoT node ‘N10’ in Figs. 1 had 8 direct experiences with
other nodes in the network. The trust metrics and its corresponding
node’s neighbor are presented in Table 2. Table 4
Bootstrap Sample 2
Step 1: Bootstrap samples (subset) are chosen from the original
training data set. S.NO PDR EC Honesty Node Neighbor
In this example, three bootstrap samples are selected from the orig­ 1. Good Normal Yes Trusted
inal training data set (from Table 2). 3. Bad Normal Yes Trusted
Table 3 presents the first bootstrap sample. As already mentioned, 4. Bad Heavy No Malicious
5. Good Heavy Yes Trusted
the attributes and instances can be randomly selected. In this first
6. Good Normal No Trusted
bootstrap sample, trust metrics such as PDR, Delay, and Honesty are 8. Bad Heavy Yes Malicious

8
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

Table 5 The final decision tree for bootstrap Sample 1 is as follows:

Bootstrap Sample 3 Fig. 5 shows the classification of node neighbor using the Bootstrap
S.NO PDR Delay EC Node Neighbor Sample 1 data set. This decision tree classifies the node with good PDR
and low Delay as trusted. Then it classifies the node with good PDR, high
1 Good Low Normal Trusted
2 Good high Normal Malicious delay, and honesty neighbor as trusted and bad PDR and honesty
3 Bad Low Normal Trusted neighbor as trusted. Then it classifies the node with good PDR, high
5 Good high Heavy Trusted Delay, and dishonest neighbor as malicious. Finally, it classifies bad PDR
7 Bad High Heavy Malicious and dishonest neighbor as malicious.
8 Bad Low Heavy Malicious
Similarly, the decision trees are constructed for Bootstrap Samples 2
and 3. The decision tree for Bootstrap Sample 2 is as follows:
Fig. 6 shows the classification of node neighbor using the Bootstrap
Table 6 Sample 2 data set. This Decision tree classifies the node with good PDR
Node Neighbor for the PDR trust metric as trusted. It classifies the noe with Bad PDR and normal EC as trusted
PDR Trusted Malicious Number of Nodes and further it classifies the nodes with Bad PDR and heavy EC as
Good 3 1 4 malicious.
Bad 1 1 2 The decision tree for Bootstrap Sample 3 is as follows:
Fig. 7 shows the classification of node neighbor using the bootstrap
sample data set. This Decision tree classifies the node with good PDR and
Table 7 low delay as trusted. It classifies the node with good PDR, high Delay,
Gini Index of PDR, Delay, EC and heavy EC as trusted and Good PDR, high delay, and normal EC as
malicious. It classifies the node with Bad PDR, low delay, and normal EC
Trust Metric Gini Index
as trusted. It further classifies the node with Bad PDR and high Delay as
PDR 0.41
malicious and Bad PDR, low Delay, and heavy EC as malicious.
Delay 0.41
Honesty 0.45 Step 3: Majority Voting (Testing Phase)
For example, the IoT node ‘N10’ in Fig. 2 interacts with the parent
IoT Node N5. From this interaction, the child node observes the trust
selected as the splitting attribute. metrics of the parent node. Assuming, the following trust metrics are
Computing Gini index of Delay for good PDR observed by the IoT node N10 for node N5. PDR=Bad, Delay=Low,
The trust metric Delay can be either ‘low’ or ‘high’. Table 8 sum­ EC=heavy, Honesty=No.
marizes the neighbor of the nodes for the trust metric delay of ‘good’ These trust metrics are passed into three decision trees. The outcome
PDR. of these decision trees is presented in Table 10.
Trust metric of Delay Gini index for good PDR is calculated as Table 10 shows the node neighbor of the different decision trees. It
follows; can be observed that the decision trees DT1, DT2, and DT3 return the
Gini(Delay=low) = 1-(2/2)2-(0/2)2 =>0
Gini(Delay=high) = 1-(1/2)2-(1/2)2 =>0.5
Gini(Delay) = 2/4*(0)+2/4*(0.5) =>0.25 Table 8
The Gini index of Delay for ‘good’ PDR is 0.25. Similarly, the Gini Node Neighbor for the Trust Metric Delay of ‘Good’ PDR
index is calculated for trust metric honesty for ‘good’ PDR. Delay Trusted Malicious Number of Nodes
Table 9 shows the Gini index of Delay and Honesty for good PDR:
Low 2 0 2
Both Delay and Honesty Gini indexes are the same. We can select High 1 1 2
either delay or honesty to split the tree. Here, we select the delay as the
splitting attribute. Now, the decision tree looks as follows:
In Fig. 4, the splitting attribute of the left sub-tree is selected as Table 9
Delay. Further, the decision tree is a partition into two sub-trees. The left Gini Index of Delay and Honesty for Good PDR.
sub-tree of the delay has only a trusted node neighbor. It cannot be
Trust Metric Gini Index
further classified.
The above-mentioned process is applied for the right sub-tree of Delay 0.25
Honesty 0.25
delay and also the right sub-tree of the PDR.

Fig. 3. Splits the decision tree with PDR as a root node.

9
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

Fig. 4. splits the left sub-tree with Delay as a root node.

Fig. 5. Decision tree for Bootstrap Sample 1.

Fig. 6. Decision Tree of Bootstrap Sample 2.

node neighbor as malicious. The majority voting of the decision tree is In indirect trust computation, each IoT node receives various opin­
malicious. Thus, the IoT node ‘N10’ determines that its parent node is ions from its neighbor nodes for the particular node. Different IoT nodes
malicious. The table 6.2 represents the node’s behavior and its trust may provide dissimilar or conflicting opinions about certain IoT nodes.
value. It disconnects the link from the malicious node. Similarly, all The consensus combination is used to aggregate these opinions. It de­
other child nodes of the sinkhole node disconnect the link. By this, the creases the uncertainty of the node’s opinion. The source node computes
sinkhole nodes are isolated from the network. Indirect Trust (IT) for every adjacent node. These IT values are arranged
in descending order. The selected node’s IT value should be highest than
4.3.2. Indirect Trust the other adjacent nodes and also greater than the threshold value. That
Indirect trust is also known as second-hand information that is node is only selected for routing operation.
particularly helpful in certain cases when no direct experiences between The discount combination is used to combine the opinion provided
nodes or insufficient communication between nodes to decide the node’s by the source and the opinion about the source. For example, Nodes N1,
trustworthiness [56]. N2, N3 are three IoT nodes. Node N1 receives an opinion for Node N3

10
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

Fig. 7. Decision tree for Bootstrap Sample 3

Table 10
Node Neighbor from Different Decision Tree
Decision Tree Node Neighbor

DT1 Malicious
DT2 Malicious
DT3 Malicious

from Node N2. Assuming Node N1 has its own opinion about node N2.
To compute the final opinion, a discounting operator combines the
opinions about Node N1 to Node N2 and Node N2 to N3.
To determine the node’s neighbor based on the opinions, both dis­
counting and consensus combination are used in indirect trust
calculation.

4.3.2.1. Identifying Malicious IoT Nodes from Indirect Trust Calculation.

Table 11 shows the threshold for Indirect Trust (IT) that is computed
using subjective logic. When IT is above the threshold value, then the
IoT nodes are trusted otherwise malicious. The SL returns the values
from the range 0 to 1. The threshold value is determined based on the
criticality of the application. If the application is sensitive where the
security is much important, we set a high threshold value. Otherwise, we
can set it as low. In the following example, the threshold value is fixed as
0.7 Fig. 8. Example Network for Indirect Trust Computation.
Fig. 8 illustrates the simple network scenario, where ‘N’ refers to the
nodes. Assuming N6 wants to select N4 as a preferred parent and transfer Each opinion is independent, so these opinions have to aggregate
the data through this node. N6 has no direct experience with N4 and with the help of the consensus operator (⊕). The final value is an indirect
therefore it receives a recommendation from neighbor nodes (N3, N7, trust value evaluated by the N6 for N4. The mathematical notation is
and N8). The node N6 computed direct trust about N3, N7, N8 which is represented as follows:
represented as ωN3N6, ωN7N6, and ωN8N6. The opinion collected from ωN6(N3,N7,N8) = ωN6,N3 ⊕ ωN6,N7 ⊕ ωN6,N8
these nodes for N4 is represented as ωN4N3, ωN4N7and ωN4N8.
N4 N4 N4 N4

The impact of individual opinion on N4 can be calculated with the

4.3.2.2. Mathematical Analysis for Indirect Trust Computation.
help of a discount operator ‘⊗’. For example, N3 opinion in N4 is dis­
Assuming, N6 opinion about N3, N7, N8 is:
counted by the N6. It makes the N6 build the opinion about N4 from the
N3. The mathematical notation is represented as follows.
N3 = (0.8, 0.0, 0.2)
ωN6

ωN6, N7 = (0.9, 0.0, 0.1)

ωN6
N3
N4 = ωN6 N3
N3 ⊗ ωN4

ωN6, N7
= ωN6 N7 N8 = (0.7, 0.0, 0.3)
ωN6
N4 N7 ⊗ ωN4

ωN6,
N4
N8
= ωN6 N8
N8 ⊗ ωN4 Where (0.8, 0.9, 0.7) are beliefs that are direct trust values and
evaluated by the N6 for N3, N7, N8. (0, 0, 0) are disbelief and (0.2, 0.1,
0.3) uncertainty.
Table 11
The Threshold for Indirect Trust Assume N3, N7, N8 about N4 are:

Level Threshold Description

N4 = (0.6, 0.0, 0.4)
ωN3
1 If IT >= Threshold Trusted Node
2 If IT <Threshold Malicious Node N4 = (0.8, 0.0, 0.2)
ωN7

11
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

N4 = (0.8, 0.0, 0.2)

ωN8 model is to compute the trust value for every node in the RPL network.
These trust values can be embedded in the OF0 for routing decisions. It
where (0.6, 0.8, 0.8) are beliefs that are direct trust value and evaluated could be achieved with the help of[62] . As it is open-source, the authors
by the N3, N7, N8 for N4. (0, 0, 0) are disbelief and (0.4, 0.2, 0.2) un­ could embed the trust value in the OF0.
certainty.
Now, the discounting operator is used to compute the individual 5. Simulation Results and Discussion
opinion about BT4 using Equations (6), (7), and (8).
The following section discusses the simulation results.
bN6,N3 N4 . bN4 => 0.8*0.6=> 0.48
= bN6 N3
N4
5.1. Performance Evaluation Metrics
dN6,N3 N3 . dN4 = > 0
= dN6 N3
N4

uN6,N3 N3 + uN3 + bN3 .uN4 = > 0 + 0.2 + 0.8 ∗ 0.4 = > 0.52
= dN6 N6 N6 N3
N4 The RFTrust model is evaluated in the Contiki 3.0 OS and the Cooja
ωN6,N3 = (0.48, 0.0, 0.42) simulator. Besides, SoS-RPL, INTI, and InDReS models are also evaluated
N4
in the Cooja simulator. The RFTrust model uses TMote Sky (Sensor
Similarly, the remaining opinions are computed as follows: nodes) as a mote type. Table 12 shows the simulation parameters of the
proposed RFTrust model. We ran our simulation for each experiment in
10 rounds with an increasing number of nodes by 10. We then selected
ωN6,N7 = (0.72, 0.0, 0.38)
N4
the average value to represent the final experimental result. The confi­
ωN6,N8
N4 = (0.56, 0.0, 0.44) dence interval of the RFTrust model is 95%.

Now, the Consensus operator is used to aggregate all these opinions 5.2. Simulation Results
and it forms an indirect trust value by using Equations (2), (3), (4), and
(5). The performance evaluation of the RFTrust model is analyzed with
the following test cases.
ωN6(N3,N7,N8)
N4 = (0.811, 0.1, 0.189)
1 The proposed model aims to identify the malicious nodes that
The indirect trust computed for BT4 by BT6 is 0.81. Assuming 0.7 is perform the sinkhole attack. Therefore, it is necessary to know the
the threshold value where 0.81 is above the threshold value. Therefore, impact of the sinkhole attack. To analyze the impact, increase the
N4 is a trusted node. In the same way, N6 computes other node’s IT, percentage of sinkhole nodes (malicious nodes), and measure the
those values are arranged in descending order. The nodes with the packet dropping ratio in traditional RPL.
highest IT value and greater than the threshold value will be selected for 2 The performance of the RFTrust model is compared with SoS-RPL
routing. [45], INTI [44], and InDReS [46] models in terms of PDR, average
delay, throughput, and energy consumption.
4.3.3. Trust Update 3 Increase the percentage of malicious nodes and compare the false-
The trust values will be updated based on the satisfaction degree of positive rate, false-negative rate, and detection accuracy of RFTrust
the IoT nodes. This degree ensures the smooth functioning of a network. with SoS-RPL [45], INTI [44], and InDReS [46] models.
Satisfaction degree ensures whether the network operations are going
smoothly or not. If any node personally feels that the performance of the Scenario 1: The analysis is performed with varying the number of
network is degrading over time, the satisfaction degree is low in its malicious nodes under the traditional RPL routing protocol. The obser­
points. If all the nodes feel similarly, the entire network may be in vations in Fig. 9 show that when the number of sinkhole attackers
trouble. A node can observe the satisfaction degree of its own in the (malicious nodes) increases, data dropping has also increased.
following way; When the IoT node behaves well with the neighbor nodes Scenario 2: In this simulation, the performance evaluation of the
that transfer the data packets successfully without any packet loss and proposed RFTrust model is compared with the SoS-RPL [45], INTI [44],
delay, then the node is considered as a well-behaved node hence satis­ and InDReS [46] models in terms of delivery ratio, average delay,
faction degree is high according to it. Besides, satisfaction degree is also throughput, and energy consumption.
measured as the total number of successful interactions from the total PDR: It is a proportion of the total amount of data packets forwarded
number of interactions by a node concerning other nodes. Trust values by the source node and the total amount of data packets received by the
will not be updated if the satisfactory degree is high. Otherwise, it will destination node. It is one of the significant metrics for evaluating the
be updated by invoking the RFTrust model. In the presence of sinkhole performance of the proposed model. This metric is used to analyze the
nodes, the satisfaction degree will low. Any of the IoT nodes in the IoT
network detect a sinkhole attack, and then the information about the Table 12
malicious node is informed to the root node. Then, the root node The Simulation parameters of the proposed RFTrust Model
broadcasts the malicious details to all other nodes in the network. Thus, System Parameters Values
the other IoT nodes can be aware of the malicious nodes.
Number of Nodes 100
Mote Type TMote Sky
4.3.4. Integrating RFTrust into RPL Simulation Time 3600 S
In RPL, the Objective Function (OF) defines how routing metrics and Network Coverage Area 300 m x 300 m
constraints are used to calculate the rank value of the node. Data Rate 3072bps
Data Packet Size 64 byte
As discussed in the article, two primary DAG’s OFs such as Minimum
Traffic UDP
Rank with Hysteresis Objective Function (MRHOF) and Objective Mac Layer IEEE 802.15.4
Function Zero (OF0) are available. OF0 and MRHOF cannot guarantee Communication Range 50 m
the QoS in complex and dynamic networks like RPL-based IoT networks. RPL Parameter MinHopRankIncrease = 256
Besides, various attacks have been ignored in traditional DAG’s OFs. Indirect Trust (Threshold 0.7
Value)
Therefore, the proposed model modifies the OF function based on the Routing Protocol RFTrust, SoS-RPL [23], INTI [44], and InDReS
requirement of the RFTrust model. The main objective of the proposed [46]

12
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

Fig. 9. .Impact of Malicious Nodes under Normal RPL Routing Protocol

delivery ratio for individual nodes and also for the whole network. The PDR, Delay, EC, and Honesty for evaluating node neighbour. Thus, the
RFTrust, SoS-RPL [45], INTI [44], and InDReS [46] models are evalu­ proposed model can detect and remove the sinkhole node efficiently.
ated by varying percentages of the malicious nodes. The malicious nodes Hence, the trusted nodes will be involved in the routing operation that
are increased from 10 to 50%. increases the PDR of the proposed RFTrust model, whereas, the INTI
Figure 10 shows the PDR of RFTrust, SoS-RPL [45], INTI [44], and model considers only single trust metrics such as forwarding ratio to
InDReS [46] models. Results depict the proposed model has a higher estimate the trustworthiness of the node. The InDReS [46] model only
PDR than the other three protocols. The proposed model gives a 72% considers the packet drop count to identify a sinkhole node. Due to the
delivery ratio even with the 50% of malicious nodes in the network, single trust metric, the identification of the sinkhole node may be
whereas the SoS-RPL [45], INTI [44], and InDReS [46] model can delayed in INTI [44] and InDReS [46]. Thus, the PDR also decreased in
achieve 63%, 60 %, and 47% of delivery ratio respectively. The reason is INTI [44] and InDReS [46]. The SoS-RPL [23] model used rank metric to
that the proposed RFTrust model uses multiple trust metrics such as identify the sink-hole node, by this way, the parent node can easily

Fig. 10. PDR vs. % of malicious nodes.

13
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

detect the misrepresented rank of its child. But, for the child node, it is decreases. Because of the high density, the network consumes limited
difficult as it does not have a rank metric. Thus, it takes more time to energy for data packet routing. However, the proposed RFTrust model
identify the sinkhole node. The presence of the sinkhole node decreases energy consumption is lower than the other models. The RFTrust model
the PDR in this model. consumed 115.8 J for 50 nodes in the network. While the other models
Average Delay: It is measured as the average time needed to send a SoS-RPL [45], INTI [44], and InDReS [46] consumed 120.1J, 122.7J,
packet from the origin node to the target node. It is an essential metric to and 123.8J respectively. Because the proposed RFTrust model does not
measure the functionality of the proposed protocols. The existence of aggregate the direct and indirect trust for total trust computation. The
misbehaving devices in the network increases the delay. Fig. 11 depicts RFTrust model uses either direct or indirect trust, not both. Thus, it
the impact on the delay of the different protocols (RFTrust, SoS-RPL reduces the computation overhead and energy consumption of the in­
[45], INTI [44], and InDReS [46]) with varying the percentage of ma­ dividual node.
licious nodes. It can be observed that the average delay of the proposed Scenario 3: In this simulation, the effectiveness of the proposed
RFTrust model is less than the other models. Because, the Proposed RFTrust model is compared with the SoS-RPL [45], INTI [44], and
RFTrust model effectively identifies and removes the sinkhole node at InDReS [46] models in terms of false-positive rate, false-negative rate,
the initial stage than the other models, thus the average delay of the and detection accuracy.
proposed RFTrust model is reduced. False Positive Rate
Average Throughput: The total amount of data packets transferred The number of legitimate nodes is incorrectly predicted as malicious
per time unit or the average number of successful information trans­ nodes from the total number of legitimate nodes are known as the false-
ferred per second over a communicating transmission channel is called positive rate. It is calculated using Equation (13).
throughput. In general, it is represented in bits per second (bits/s or
FP
bps). FPR = (13)
FP + TN
Fig. 12, shows the average throughput of the proposed RFTrust
model is higher than the SoS-RPL [45], INTI [44], and InDReS [46] Fig. 14 shows the false positive rate of RFTrust, SoS-RPL [45], INTI
models. The presence of the sinkhole node decreases the average [44], and InDReS [46] models under the various percentages of mali­
throughput. However, the proposed RFTrust model provides high cious nodes. The malicious nodes have increased from 5% to 25%. The
throughput when compared to other models (SoS-RPL [45], INTI [44], average false positive rate of the proposed RFTrust model is 1.4% while
and InDReS [46]) because the proposed RFTrust model uses a the other models SoS-RPL [45], INTI [44], and InDReS [46] are 3.6%,
machine-learning algorithm for direct trust calculation and SL evidence 8.2%, and 10.8% respectively. The proposed RFTrust model has Low
theory for indirect trust calculation. The accuracy of identifying mali­ false positive rate when compared to SoS-RPL [45], INTI [44], and
cious nodes is high in the proposed RFTrust model, thus the sinkhole InDReS [46].
nodes are effectively removed from the network. Therefore, the pro­ False Negative Rate
posed RFTrust model average throughput is high. The number of malicious nodes is incorrectly predicted as legitimate
Energy Consumption: The proposed RFTrust model is compared with nodes from the total number of malicious nodes are known as the false-
the SoS-RPL [45], INTI [44], and InDReS [46] models in terms of energy negative rate. It is calculated using Equation (14).
consumption. It is one of the most essential and effective factors in the FN
IoT network because the IoT devices are all battery powered which have FNR = (14)
TP + FN
restricted energy. Fig. 13 shows the energy consumption of different
models with varying numbers of nodes. It can be observed that when the Fig. 15 shows the false-negative rate of RFTrust, SoS-RPL [45], INTI
number of nodes increases, the energy utilization of all models [44], and InDReS [46] model under the various percentage of malicious

Fig. 11. Average Delay vs. % of Malicious Nodes.

14
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

Fig. 12. Throughput vs. % of malicious nodes.

Fig. 13. Energy Consumption vs. Number of Nodes.

nodes. The malicious nodes have increased from 5% to 25%. The models degrades with the increasing percentage of the malicious nodes.
average false-negative rate of the proposed RFTrust model is 1.8% while However, the accuracy of the RFTrust model is higher than the other
the other models SoS-RPL [45], INTI [44], and InDReS [46] are 4%, models (SoS-RPL [45], INTI [44], and InDReS [46]). The proposed
12%, and 14.8% respectively. The proposed RFTrust model has a low RFTrust model can achieve 85% accuracy with 50% of malicious nodes
false-negative rate when compared to other models. while the others SoS-RPL [45], INTI [44], and InDReS [46] can achieve
Detection Accuracy 82%,79%, and 72% respectively. The accuracy of the proposed RFTrust
Fig. 16 depicts the detection accuracy between the RFTrust model model is higher than the SoS-RPL [45], INTI [44], and InDReS [46]
and SoS-RPL [45], INTI [44], and InDReS [46]. The accuracy of all models.

15
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

Fig. 14. False Positive rate vs. Malicious Nodes in %.

Fig. 15. False Negative rate vs. Malicious Nodes in %.

The proposed RFTrust model provides high accuracy, low false- RFTrust model has high detection accuracy and low false-positive and
positive, and false-negative rates. The reason is that the proposed false-negative rate.
model RFTrust model uses the RF machine-learning algorithm to detect
node neighbor. The machine learning algorithm can accurately predict 6. Conclusion
the node neighbor with a minimum false-positive rate and false-negative
rates. Whereas the INTI [44] model uses the Beta Probability Density The implementation of the IoT in several applications gives consid­
function for trust computation, InDReS [46] uses Dempster Shafer’s erable advantages. Along with the benefits of IoT, it also brings attacks
evidence theory to identify malicious nodes and SoS-RPL [45] only uses against the IoT network. Therefore, security is essential to improve the
the rank value to identify the malicious node. But the proposed model network performance. The proposed model is specially developed for
uses the RF and SL to compute the trust calculation, thus the proposed open and remote IoT applications to enhance the secure data transfer

16
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

Fig. 16. Detection Accuracy vs. Malicious Nodes in %.

between the source IoT node and the destination IoT node. This model is [5] J. Deogirikar, A. Vidhate, Security attacks in IoT: A survey, in: 2017 International
Conference on I-SMAC (IoT in Social, Mobile, Analytics, and Cloud) (I-SMAC),
embedded with RPL to enhance the RPL protocol and to mitigate the
2017, https://doi.org/10.1109/i-smac.2017.8058363.
sinkhole attack. The proposed model assures security in the IoT network [6] XieYinan, “A study on trust management algorithms for the social internet of
against the sinkhole attack. The mathematical analysis has also proven things,” Published in 2016.
the effectiveness of the RFTrust model. The proposed RFTrust model [7] S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini, Security, privacy and trust in
internet of things: the road ahead, Comput. Netw. 76 (2015) 146–164, https://doi.
does not aggregate direct trust and indirect trust for trust computation org/10.1016/j.comnet.2014.11.008.
and it uses either direct trust or indirect trust for identifying the node’s [8] D.K. Tosh, S. Shetty, P. Foytik, L. Njilla, C.A. Kamhoua, Blockchain-empowered
neighbor. Moreover, the RFTrust model is only invoked, when a satis­ secure Internet -of- Battlefield Things (IoBT) Architecture, in: MILCOM 2018 –2018
IEEE Military Communications Conference (MILCOM), 2018, https://doi.org/
factory degree of the neighbor nodes will get low. Thus, it reduces the 10.1109/milcom.2018.8599758.
additional overhead and energy consumption. The performance of the [9] Neeraj Amitpal Singh, “Internet of things and trust management In IoT–Review, in:
RFTrust model is evaluated using a Cooja simulator. It has a high PDR, International Research Journal of Engineering and Technology (IRJET)e-ISSN:
2395 -0056, 2016, p. 06. Volume03IssueJune.
high throughput, low average delay, low energy consumption. Besides, [10] T. Winter, “RPL: IPv6 routing protocol for low-power and Lossy Networks,” https:
the RFTrust model provides high accuracy (85%), low false-positive rate //tools.ietf.org/html/rfc6550, 2012.
(1.4%), and low false-negative rate (1.8%) in comparison with the SoS- [11] A. Le, J. Loo, Y. Luo, A. Lasebae, Specification-based IDS for securing RPL from
topology attacks. 2011 IFIP Wireless Days (WD), 2011, https://doi.org/10.1109/
RPL [45], INTI [44], and InDReS [46] models. The performance evalu­ wd.2011.6098218.
ation shows the effectiveness of the RFTrust model. As future work, we [12] Karen Avila, Daladier Jabba, Javier Gomez, Security aspects for RPL-based
extend our work to detect other security attacks in the IoT network. protocols: a systematic review in IoT, Appl. Sci. 10 (18) (2020) 6472, https://doi.
org/10.3390/app10186472.
[13] V.B. Salve, L. Ragha, N. Marathe, AODV Based Secure Routing Algorithm Against
Declaration of Competing Interest Sinkhole Attack In Wirelesses Sensor Networks, in: 2015 IEEE International
Conference on Electrical, Computer and Communication Technologies (ICECCT),
2015, https://doi.org/10.1109/icecct.2015.7226170.
We have no conflict of interest to declare. [14] N. Gandhewar, R. Patel, Detection and prevention of sinkhole attack on AODV
protocol in mobile Ad Hoc Network, in: 2012 Fourth International Conference on
Computational Intelligence and Communication Networks, 2012 doi:10.1109/
Acknowledgment
cicn.2012.96.
[15] P. Pongle, G. Chavan, in: A Survey: Attacks on RPL and 6LoWPAN in IoT. 2015
This research work is supported by Karpagam Academy of Higher International Conference on Pervasive Computing (ICPC), 2015 doi:10.1109/
Education (Deemed to be University), Coimbatore - 641021, Tamilnadu pervasive .2015.7087034.
[16] M.A. Alsheikh, S. Lin, D. Niyato, H.-P Tan, Machine learning in wireless sensor
State, India through a Seed Project. networks: algorithms, strategies, and applications, IEEE Commun. Surv. Tutor. 16
(4) (2014) 1996–2018, https://doi.org/10.1109/comst.2014.2320099.
References [17] D. Praveen Kumar, T. Amgoth, C.S.R. Annavarapu, Machine learning algorithms
for wireless sensor networks: a survey, Inform. Fusion (2018) doi:10.1016/j.
inffus.2018.09.013.
[1] F. Samie, L. Bauer, J. Henkel, IoT technologies for embedded computing, in: [18] V. Rodriguez-Galiano, M. Sanchez-Castillo, M. Chica-Olmo, M. Chica-Rivas,
Proceedings of the Eleventh IEEE/ACM/IFIP International Conference on Machine learning predictive models for mineral prospectivity: an evaluation of
Hardware/Software Codesign and System Synthesis - CODES ’16, 2016, https:// neural networks, random forest, regression trees and support vector machines, Ore
doi.org/10.1145/2968456.2974004. Geol. Rev. 71 (2015) 804–818, doi:10.1016/j.oregeorev.2015.01.001.
[2] H. Suo, J. Wan, C. Zou, J. Liu, Security in the internet of things: a review, in: 2012 [19] Y. Dong, B. Du, L. Zhang, Target detection based on RM metric learning, IEEE J.
International Conference on Computer Science and Electronics Engineering, 2012, Selected Top. Appl. Earth Observ. Remote Sens. 8 (4) (2015) 1830–1838, https://
https://doi.org/10.1109/iccsee.2012.373. doi.org/10.1109/jstars.2015.2416255.
[3] W.-T. Sung, Y.-C. Chiang, Improved particle swarm optimization algorithm for [20] P.A.A. Resende, A.C. Drummond, A survey of random forest based methods for
android medical care IoT using modified parameters, J. Med. Syst. 36 (6) (2012) intrusion detection systems, ACM Comput. Surv. 51 (3) (2018) 1–36, https://doi.
3755–3763, https://doi.org/10.1007/s10916-012-9848-9. org/10.1145/3178582.
[4] A. Sharma, E.S. Pilli, A.P. Mazumdar, M.C. Govil, A framework to manage Trust in [21] C. Nguyen, Y. Wang, H. Nguyen, Random forest classifier combined with feature
the Internet of Things, in: 2016 International Conference on Emerging Trends in selection for breast cancer diagnosis and prognostic, J. Biomed. Sci. Eng. 6 (2013)
Communication Technologies (ETCT), 2016, https://doi.org/10.1109/ 551–560.
etct.2016.7882970.

17
K. Prathapchandran and T. Janani Computer Networks 198 (2021) 108413

[22] F. Li, X. Zhang, X. Zhang, C. Du, Y. Xu, Y.-C. Tian, Cost-sensitive and hybrid- [46] M. Zaminkar, R. Fotohi, SoS-RPL: Securing Internet of Things against Sinkhole
attribute measure multi-decision tree over imbalanced data sets, Inform. Sci. 422 attack using RPL protocol-based node rating and ranking mechanism, Wireless
(2018) 242–256, https://doi.org/10.1016/j.ins.2017.09.013. Person.Commun. (2020) doi:10.1007/s11277-020-07421-z.
[23] Wang Aiping, Wan Guowei, Zhiquan Cheng, Sikun Li., An incremental extremely [47] M. Surendar, A. Uma Makeswari, InDReS: An intrusion detection and response
random forest classifier for online learning and tracking, in: 2009 16th IEEE system for internet of things with 6LoWPAN, in: 2016 International Conference on
International Conference on Image Processing (ICIP), 2009 doi:10.1109/ Wireless Communications, Signal Processing and Networking (WiSPNET), 2016
icip.2009.5414559. doi:10.1109/wispnet.2016.7566473.
[24] M. Pal, Random forest classifier for remote sensing classification, Int. J. Remote [48] M. Yin, J. Feng, Y. An, Overview on node neighbor trust evaluation in Ad Hoc
Sens. 26 (1) (2005) 217–222, doi:10.1080/01431160412331269698. network. advances in wireless sensor networks, Commun. Comput. Inform. Sci.
[25] X. Zhou, P. Lu, Z. Zheng, D. Tolliver, A. Keramati, Accident prediction accuracy (2021), https://doi.org/10.1007/978-3-642-36252-1.
assessment for highway-rail grade crossings using random forest algorithm [49] R. Rani, S. Kumar, U. Dohare, Trust evaluation for light weight security in sensor
compared with decision tree, Reliab. Eng. Syst. Saf. (2020), 106931. doi:10.1016/j. enabled internet of things: game theory oriented approach, IEEE Internet of Things
ress.2020.106931. J. (2019), 1–1doi:10.1109/jiot.2019.2917763.
[26] Larabi-Marie-Sainte, Aburahmah, Almohaini, & Saba, Current techniques for [50] Jin Qi, Tang Hong, Kuang Xiaohui, Liu Qiang, Detection and defense of Sinkhole
diabetes prediction: review and case study, Applied (2019). attack in Wireless Sensor Network, in: 2012 IEEE 14th International Conference on
[27] Larabi-Marie-Sainte, Aburahmah, Almohaini, & Saba, Current Techniques for Communication Technology, 2012, https://doi.org/10.1109/icct.2012.6511315.
Diabetes Prediction: Review and Case Study, Applied, 2019. [51] S.S. Babu, A. Raha, M.K. Naskar, A Direct Trust Dependent Link State Routing
[28] S. O’Hara, M. Simon, Q. Zhu, Towards distributed ATR using SL combination rules Protocol Using Route Trusts for WSNs (DTLSRP), Wireless Sens. Netw. J., USA
with a swarm of UAVs, Unmanned Syst. Technol. IX (2007), https://doi.org/ (April 2011) 125–134.
10.1117/12.718321. [52] W. Abdelghani, C.A. Zayani, I. Amous, F Sèdes, Trust management in social
[29] T. Zhang, X. Ji, W. Xu, Cuckoo-RPL: Cuckoo filter based RPL for defending AMI internet of things: a survey, Lect. Notes Comput. Sci. (2016) 430–441, https://doi.
network from black hole attacks, in: 2019 Chinese Control Conference (CCC), org/10.1007/978-3-319-45234-0_39Xia.
2019, https://doi.org/10.23919/chicc.2019.8866139. [53] H., Jia, Z., Li, X., Ju, L., & Sha, E. H.-M., Trust prediction and trust-based source
[30] A. Dvir, T. Holczer, L. Buttyan, Vera - version number and rank authentication in routing in Mobile Ad Hoc Networks, Ad Hoc Netw. 11 (7) (2013) 2096–2114,
RPL, in: IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor 10.1016/j.adhoc.2012.02.009.
Systems, 2011. [54] Y. Wang, Y. Tian, R. Miao, W. Chen, Heterogeneous IoTs routing strategy based on
[31] G. Hatzivasilis., I. Papaefstathiou, C Manifavas, SCOTRES: secure routing for IoT cellular address, in: 2018 IEEE International Conference on Smart Internet of
and CPS, IEEE Intern Things J. 4 (6) (2017) 2129–2141. Things (SmartIoT), 2018, https://doi.org/10.1109/smartiot.2018.00021.
[32] D Airehrour, J.A. Gutierrez, SK Ray, SecTrust-RPL: a secure trust-aware RPL [55] X. Zhong, R. Lu, L. Li, S. Zhang, ETOR: Energy and Trust Aware Opportunistic
Routing protocol for Internet of Things, Future Gener. Comput. Syst. (2018), Routing in Cognitive Radio Social Internet of Things, in: GLOBECOM 2017 - 2017
https://doi.org/10.1016/j.future.2018.03.021. IEEE Global Communications Conference, 2017, https://doi.org/10.1109/
[33] M.D. Alshehri, F.K. Hussain, A Centralized Trust Management Mechanism for the glocom.2017.8254213.
Internet of Things (CTM-IoT), Lecture Notes on Data Eng. Commun. Technol. [56] A.M. Shabut, M.S. Kaiser, K.P. Dahal, W. Chen, A multidimensional trust
(2017) 533–543, https://doi.org/10.1007/978-3-319-69811-3_48. evaluation model for MANETs, J. Netw. Comput. Appl. (2018), https://doi.org/
[34] J. Glowacka, J. Krygier, M. Amanowicz, A trust-based situation awareness system 10.1016/j.jnca.2018.07.008.
for military applications of the internet of things, in: 2015 IEEE 2nd World Forum [57] S.S. Babu, A. Raha, M.K. Naskar, Geometric mean based trust management system
on Internet of Things (WF-IoT), 2015, https://doi.org/10.1109/wf- for WSNs (GMTMS), in: 2011 World Congress on Information and Communication
iot.2015.7389103. Technologies, 2011 doi:10.1109/wict.2011.6141286.
[35] R. Mehta, M.M. Parmar, Trust based mechanism for Securing IoT Routing Protocol [58] Thomas van Klompenburga, Ayalew Kassahuna, Cagatay Catalb, Crop yield
RPL against Wormhole & Grayhole Attacks, in: 2018 3rd International Conference prediction using machine learning: a systematic literature review, Comput.
for Convergence in Technology (I2CT), 2018, https://doi.org/10.1109/ Electron. Agric. 177 (2020) 1–18.
i2ct.2018.8529426. [59] Seyyed Yasser Hashemi, Fereidoon Shams Aliee, Fuzzy, Dynamic and trust based
[36] M. Iqbal, A. Ahmed, U. Khadam, Sinkhole attack in multi-sink paradigm: detection routing protocol for IoT, J. Netw. Syst. Manage. (2020), https://doi.org/10.1007/
and performance evaluation in RPL based IoT, in: 2020 International Conference s10922-020-09535-y.
on Computing and Information Technology (ICCIT-1441), Tabuk, Saudi Arabia, [60] Asad Amir Pirzada, Chris McDonald, Trust establishment in pure ad-hoc networks,
2020, pp. 1–5, https://doi.org/10.1109/ICCIT-144147971.2020.9213797. Wireless Person. Commun. 37 (1-2) (2006) 139–168.
[37] R. Stephen, D. Vinoth Kumar, Deist: dynamic detection of Sinkhole attack for [61] Adam Dunkels, Joakim Eriksson, Niclas Finne, Nicolas Tsiftes, Powertrace:
Internet of Things, International Journal of Advanced Trends in Computer Science network-level power profiling for low-power wireless networks, in: SICS Technical
and Engineering 5 (12) (2016) 19358–19362. Report T2011:05, 2011, pp. 1–14.
[38] Mahmood Alzubaidi, Mohammed Anbar, Sabri M Hanshi, [ACM Press the 2017 [62] Ashwini Telang. (2014), “RPL objective function & simulation using DGRM model
International Conference - Jakarta, Indonesia (2017.12.05-2017.12.07)], in: in cooja” from http://anrg.usc.edu/contiki/index.php/RPL_objective_function_%
Proceedings of the 2017 International Conference on Computer Science and 26_simulation_using_DGRM_model_in_cooja.
Artificial Intelligence - CSAI 2017 - Neighbor-Passive Monitoring Technique for [63] The University of Waikato, “Weka 3 - Data mining with open-source machine
Detecting Sinkhole Attacks in RPL Networks., 2017, pp. 173–182, https://doi.org/ learning software in Java” access from https://www.cs.waikato.ac.nz/ml/weka/.
10.1145/3168390.3168439.
[39] M. Alzubaidi, M. Anbar, Y.W. Chong, S. Al-Sarawi, Hybrid monitoring technique
Dr.K.Prathapchandran is an Assistant Professor in the Department of Computer Applica­
for detecting abnormal behaviour in RPL-based network, J. Commun. 13 (5)
tions, Karpagam Academy of Higher Education (Deemed to be University), Coimbatore,
(2018).
Tamilnadu, India. He received his B.C.A degree in Computer Applications from Madurai
[40] S.R. Taghanaki, K. Jamshidi, A. Bohlooli, DEEM: a decentralized and energy
Kamaraj University, India in the year 2005, the M.C.A degree from Gandhigram Rural
efficient method for detecting sinkhole attacks on the internet of things, in: 2019
Institute – Deemed University, India in the year 2008 and the M.Phil degree in Computer
9th International Conference on Computer and Knowledge Engineering (ICCKE),
Science from Bharathidasan University, India in the year 2010. He received his Ph.D.
2019, https://doi.org/10.1109/iccke48569.2019.896517.
degree in Network Security from Gandhigram Rural Institute -Deemed University, India in
[41] A. Verma, V. Ranga, ELNIDS: Ensemble Learning based Network Intrusion
the year 2017. He has seven years of experience in teaching and four years’ experience in
Detection System for RPL based Internet of Things, in: 2019 4th International
research. He has more than thirty publications in reputed Journals and Conference pro­
Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU),
ceedings and five publications as book chapters. Besides, he is a reviewer for various in­
Ghaziabad, India, 2019, pp. 1–6, https://doi.org/10.1109/IoT-SIU.2019.8777504.
ternational journals. His areas of interest are Mobile Ad hoc Networks, Internet of Things,
[42] S.Y. Hashemi, Shams Aliee, F. Dynamic and comprehensive trust model for IoT and
Trust Management in self-organized Networks. He is a life member of the Computer So­
its integration into RPL, J. Supercomput. 75 (2019) 3555–3584, https://doi.org/
ciety of India (CSI).
10.1007/s11227-018-2700-3.
[43] N. Djedjig, D. Tandjaoui, F. Medjek, I. Romdhani, Trust-aware and cooperative
routing protocol for IoT security, J. Inform. Secur. Applications 52 (2020), 102467. T. Janani is a research scholar in the Department of Computer Applications, Karpagam
[44] S.M. Muzammal, R.K. Murugesan, N.Z. Jhanjhi, L.T. Jung, SMTrust: proposing Academy of Higher Education (Deemed to be University), Coimbatore, Tamilnadu, India.
trust-based secure routing protocol for RPL attacks for IoT applications, in: 2020 She received his B.Sc Computer Science degree in from Madurai Kamaraj University,
International Conference on Computational Intelligence (ICCI), Bandar Seri Madurai, India in the year 2011, the M.C.A degree from Gandhigram Rural Institute –
Iskandar, Malaysia, 2020, pp. 305–310, https://doi.org/10.1109/ Deemed University, Gandhigram, India in the year 2014 and the M.Phil degree in Com­
ICCI51257.2020.9247818. puter Science from Bharath University, Chennai, India in the year 2016. She has more than
[45] C. Cervantes, D. Poplade, M. Nogueira, A Santos, Detection of sinkhole attacks for ten publications in reputed Journals and Conference Proceedings. She qualified in the
supporting secure routing on 6LoWPAN for Internet of Things, in: 2015 IFIP/IEEE National Eligibility Test (NET) examination conducted by the Government of India in the
International Symposium on Integrated Network Management (IM), 2015, https:// year 2019.
doi.org/10.1109/inm.2015.7140344.

18