CID‐RPL: Clone ID Attack Detection Using Deep Neural Network for RPL‐Based IoT Networks

Fatima Al‐Quayed; Sana Rauf Awan; Noshina Tariq; Mamoona Humayun; Thanaa S Alnusairi; Tayyab Rehman

doi:10.1049/cmu2.70067

CID‐RPL: Clone ID Attack Detection Using Deep Neural Network for RPL‐Based IoT Networks

Fatima Al‐Quayed
, Sana Rauf Awan
, Noshina Tariq
, Mamoona Humayun
, Thanaa S Alnusairi
, Tayyab Rehman

University of Roehampton

Research output: Contribution to journal › Article › peer-review

Abstract

The proliferation of the Internet of Things (IoT) has reshaped industries based on seamless connectivity. However, it has also brought about immense security challenges, especially in the communication protocol of routing protocol for low‐power and lossy networks (RPL). One of these security threats vital to the RPL‐based IoT networks includes the Clone ID attack on malicious nodes when they clone the identity of legitimate nodes to access their sensitive data without authorization. Detecting Clone ID attacks in RPL‐based IoT networks is complex because network traffic data has high dimensions and substantial data imbalances while facing limited resources in these environments. The unmanaged control message system and insufficient identity authentication methods within the RPL protocol directly expose networks to state‐of‐the‐art cyber security threats. This paper proposes a new edge layer‐based deep neural network (DNN) approach to detect Clone ID attacks from IoT sensor networks by network traffic pattern analysis. The proposed method is based on deep data features to distinguish legitimate nodes from cloned nodes and improve the overall security, resilience, and operational efficiency of RPL‐based IoT networks. To check the efficiency of our proposed method, we designed a synthetic dataset called CID‐RPL. The CID‐RPL dataset consists of 25 attributes and 2,131,328 samples. The experimental results are best to describe that our proposed approach outperformed the previously designed methods by offering an accuracy improvement of 5.06%, precision improvement of 7.60%, recall increment of 7.0%, and F1 score enhancement of 11.0%. Similarly, residual energy at the network level increased by 32.84%, which infers that the lifetime of the network will be extended and its energy efficiency increased under attack situations. Thus, the results testify to the effectiveness of the DL‐based solution proposed herein to detect Clone ID attacks in dynamic and evolving network environments.

Original language	English
Journal	IET Communications
Volume	19
Issue number	1
DOIs	https://doi.org/10.1049/cmu2.70067
Publication status	Published - 6 Aug 2025

Keywords

internet of things
computer networks

Access to Document

10.1049/cmu2.70067

Cite this

@article{d3e3d135e5d04724aad97be3c4aea3b8,

title = "CID‐RPL: Clone ID Attack Detection Using Deep Neural Network for RPL‐Based IoT Networks",

abstract = "The proliferation of the Internet of Things (IoT) has reshaped industries based on seamless connectivity. However, it has also brought about immense security challenges, especially in the communication protocol of routing protocol for low‐power and lossy networks (RPL). One of these security threats vital to the RPL‐based IoT networks includes the Clone ID attack on malicious nodes when they clone the identity of legitimate nodes to access their sensitive data without authorization. Detecting Clone ID attacks in RPL‐based IoT networks is complex because network traffic data has high dimensions and substantial data imbalances while facing limited resources in these environments. The unmanaged control message system and insufficient identity authentication methods within the RPL protocol directly expose networks to state‐of‐the‐art cyber security threats. This paper proposes a new edge layer‐based deep neural network (DNN) approach to detect Clone ID attacks from IoT sensor networks by network traffic pattern analysis. The proposed method is based on deep data features to distinguish legitimate nodes from cloned nodes and improve the overall security, resilience, and operational efficiency of RPL‐based IoT networks. To check the efficiency of our proposed method, we designed a synthetic dataset called CID‐RPL. The CID‐RPL dataset consists of 25 attributes and 2,131,328 samples. The experimental results are best to describe that our proposed approach outperformed the previously designed methods by offering an accuracy improvement of 5.06\%, precision improvement of 7.60\%, recall increment of 7.0\%, and F1 score enhancement of 11.0\%. Similarly, residual energy at the network level increased by 32.84\%, which infers that the lifetime of the network will be extended and its energy efficiency increased under attack situations. Thus, the results testify to the effectiveness of the DL‐based solution proposed herein to detect Clone ID attacks in dynamic and evolving network environments.",

keywords = "internet of things, computer networks",

author = "Fatima Al‐Quayed and Awan, \{Sana Rauf\} and Noshina Tariq and Mamoona Humayun and Alnusairi, \{Thanaa S\} and Tayyab Rehman",

year = "2025",

month = aug,

day = "6",

doi = "10.1049/cmu2.70067",

language = "English",

volume = "19",

journal = "IET Communications",

issn = "1751-8628",

publisher = "John Wiley \& Sons Inc.",

number = "1",

}

TY - JOUR

T1 - CID‐RPL: Clone ID Attack Detection Using Deep Neural Network for RPL‐Based IoT Networks

AU - Al‐Quayed, Fatima

AU - Awan, Sana Rauf

AU - Tariq, Noshina

AU - Humayun, Mamoona

AU - Alnusairi, Thanaa S

AU - Rehman, Tayyab

PY - 2025/8/6

Y1 - 2025/8/6

N2 - The proliferation of the Internet of Things (IoT) has reshaped industries based on seamless connectivity. However, it has also brought about immense security challenges, especially in the communication protocol of routing protocol for low‐power and lossy networks (RPL). One of these security threats vital to the RPL‐based IoT networks includes the Clone ID attack on malicious nodes when they clone the identity of legitimate nodes to access their sensitive data without authorization. Detecting Clone ID attacks in RPL‐based IoT networks is complex because network traffic data has high dimensions and substantial data imbalances while facing limited resources in these environments. The unmanaged control message system and insufficient identity authentication methods within the RPL protocol directly expose networks to state‐of‐the‐art cyber security threats. This paper proposes a new edge layer‐based deep neural network (DNN) approach to detect Clone ID attacks from IoT sensor networks by network traffic pattern analysis. The proposed method is based on deep data features to distinguish legitimate nodes from cloned nodes and improve the overall security, resilience, and operational efficiency of RPL‐based IoT networks. To check the efficiency of our proposed method, we designed a synthetic dataset called CID‐RPL. The CID‐RPL dataset consists of 25 attributes and 2,131,328 samples. The experimental results are best to describe that our proposed approach outperformed the previously designed methods by offering an accuracy improvement of 5.06%, precision improvement of 7.60%, recall increment of 7.0%, and F1 score enhancement of 11.0%. Similarly, residual energy at the network level increased by 32.84%, which infers that the lifetime of the network will be extended and its energy efficiency increased under attack situations. Thus, the results testify to the effectiveness of the DL‐based solution proposed herein to detect Clone ID attacks in dynamic and evolving network environments.

AB - The proliferation of the Internet of Things (IoT) has reshaped industries based on seamless connectivity. However, it has also brought about immense security challenges, especially in the communication protocol of routing protocol for low‐power and lossy networks (RPL). One of these security threats vital to the RPL‐based IoT networks includes the Clone ID attack on malicious nodes when they clone the identity of legitimate nodes to access their sensitive data without authorization. Detecting Clone ID attacks in RPL‐based IoT networks is complex because network traffic data has high dimensions and substantial data imbalances while facing limited resources in these environments. The unmanaged control message system and insufficient identity authentication methods within the RPL protocol directly expose networks to state‐of‐the‐art cyber security threats. This paper proposes a new edge layer‐based deep neural network (DNN) approach to detect Clone ID attacks from IoT sensor networks by network traffic pattern analysis. The proposed method is based on deep data features to distinguish legitimate nodes from cloned nodes and improve the overall security, resilience, and operational efficiency of RPL‐based IoT networks. To check the efficiency of our proposed method, we designed a synthetic dataset called CID‐RPL. The CID‐RPL dataset consists of 25 attributes and 2,131,328 samples. The experimental results are best to describe that our proposed approach outperformed the previously designed methods by offering an accuracy improvement of 5.06%, precision improvement of 7.60%, recall increment of 7.0%, and F1 score enhancement of 11.0%. Similarly, residual energy at the network level increased by 32.84%, which infers that the lifetime of the network will be extended and its energy efficiency increased under attack situations. Thus, the results testify to the effectiveness of the DL‐based solution proposed herein to detect Clone ID attacks in dynamic and evolving network environments.

KW - internet of things

KW - computer networks

U2 - 10.1049/cmu2.70067

DO - 10.1049/cmu2.70067

M3 - Article

SN - 1751-8628

VL - 19

JO - IET Communications

JF - IET Communications

IS - 1

ER -