The IPv6 routing protocol for low-power and lossy networks (RPL) is the standard routing protocol for IPv6 based low-power wireless personal area networks (6LoWPANs). In RPL protocol, DODAG information object (DIO) messages are used to disseminate routing information to other nodes in the network. A malicious node may eavesdrop DIO messages of its neighbor nodes and later replay the captured DIO many times with fixed intervals. In this paper, we present and investigate one of the severe attacks named as a non-spoofed copycat attack, a type of replay based DoS attack against RPL protocol. It is shown that the non-spoofed copycat attack increases the average end-to-end delay (AE2ED) and packet delivery ratio of the network. Thus, to address this problem, an intrusion detection system (IDS) named CoSec-RPL is proposed in this paper. The attack detection logic of CoSec-RPL is primarily based on the idea of outlier detection (OD). CoSec-RPL significantly mitigates the effects of the non-spoofed copycat attack on the network’s performance. The effectiveness of the proposed IDS is compared with the standard RPL protocol. The experimental results indicate that CoSec-RPL detects and mitigates non-spoofed copycat attack efficiently in both static and mobile network scenarios without adding any significant overhead to the nodes. To the best of our knowledge, CoSec-RPL is the first RPL specific IDS that utilizes OD for intrusion detection in 6LoWPANs.

低功耗有损网络（RPL）的IPv6路由协议是基于IPv6的低功耗无线个人局域网（6LoWPAN）的标准路由协议。在RPL协议中，DODAG信息对象（DIO）消息用于将路由信息传播到网络中的其他节点。恶意节点可能会窃听其邻居节点的DIO消息，并随后以固定间隔多次重播捕获的DIO。在本文中，我们提出并研究了一种称为非欺骗性的模仿攻击的严重攻击，这是一种针对RPL协议的基于重放的DoS攻击。结果表明，非欺骗性的模仿攻击会增加网络的平均端到端延迟（AE2ED）和数据包传输率。因此，为了解决这个问题，本文提出了一种名为CoSec-RPL的入侵检测系统（IDS）。CoSec-RPL的攻击检测逻辑主要基于离群值检测（OD）的思想。CoSec-RPL大大减轻了非欺骗性模仿攻击对网络性能的影响。提议的IDS的有效性与标准RPL协议进行了比较。实验结果表明，CoSec-RPL在静态和移动网络情况下都可以有效地检测和缓解非欺骗性的模仿攻击，而不会增加节点的开销。据我们所知，CoSec-RPL是第一个将OD用于6LoWPAN中入侵检测的RPL特定IDS。提议的IDS的有效性与标准RPL协议进行了比较。实验结果表明，CoSec-RPL在静态和移动网络情况下都可以有效地检测和缓解非欺骗性的模仿攻击，而不会增加节点的开销。据我们所知，CoSec-RPL是第一个将OD用于6LoWPAN中入侵检测的RPL特定IDS。提议的IDS的有效性与标准RPL协议进行了比较。实验结果表明，CoSec-RPL在静态和移动网络情况下都可以有效地检测和缓解非欺骗性的模仿攻击，而不会增加节点的开销。据我们所知，CoSec-RPL是第一个将OD用于6LoWPAN中入侵检测的RPL特定IDS。