Exploring and Enhancing Placement of IDS in RPL: A Federated Learning-based Approach

Abstract

In RPL security, intrusion detection (ID) plays a vital role, especially given its susceptibility to attacks, particularly those carried out by insider threats. While numerous studies in the literature have proposed intrusion detection systems (IDS) utilizing diverse techniques, the placement of such systems within RPL topology remains largely unexplored. This study aims to address this gap by rigorously evaluating three intrusion detection architectures, considering central and distributed placement, across multiple criteria including effectiveness, cost, privacy, and security. The findings underscore the significant impact of attacker position and the proximity of IDS to attackers on detection outcomes. Hence, alongside the evaluation of traditional intrusion detection architectures, this study explores the use of federated learning (FL) for improving intrusion detection within RPL networks. FL's decentralized model training approach effectively addresses the impact of attacker position on IDS performance by ensuring the collection of relevant information from nodes regardless of their proximity to potential attackers. Moreover, this approach not only mitigates security concerns but also minimizes communication overhead among ID nodes. Consequently, FL reduces the need for extensive data transfer, thus mitigating the impact of packet loss and latency inherent in lossy networks. Additionally, the study investigates the effect of local data sharing on FL performance, clarifying the balance between effectiveness and security.