With increasingly prevalent wireless sensors and devices, low power and lossy networks (LLNs) play an essential role in the realization of ubiquitous computing and communication infrastructure, which, in turn, leads to enhanced data accessibility and availability. A multicast protocol for LLNs (MPL), has been standardized to provide both efficient and reliable multicast communication. Due to the shared wireless medium, lack of tamper resistance, and inherent resource constraints, MPL-based LLNs are undoubtedly vulnerable to various Denial-of-Service (DoS) attacks. In this paper, we propose a heuristic-based detection scheme, called HED, against the suppression attack in MPL-based LLNs, where a malicious node multicasts a series of spoof data messages with continuous sequence numbers to prevent normal nodes from accepting valid data messages and cause them to delete cached data messages. In the HED, each node maintains an increment rate of the minimum sequence number in the Seed Set to detect the potential malicious node by comparing the recent increment of sequence numbers with the heuristically calculated increment threshold of sequence numbers. We evaluate the proposed scheme through extensive simulation experiments using OMNeT++ and compare its performance with original MPL with and without adversary, respectively. The simulation results show high detection rate and packet reception rate but low false detection rate, and indicate that the proposed scheme is a potentially viable approach against the suppression attack in MPL-based LLNs.
Keywords: Denial-of-Service attack; low power and lossy networks; multicast protocol; suppression attack.