Intent-Based Networking with Deep Reinforcement Learning for Detecting Decreased Rank Attacks in Low-Power and Lossy IoT Networks

The routing protocol for low-power and lossy networks (RPL) is a specialized routing protocol designed for optimized data routing, specifically for resource-constrained Internet of Things (IoT) networks with unreliable links and high packet loss. However, RPL is highly vulnerable to significant security challenges, particularly the decrease rank attack (DRA), in which malicious nodes attract child nodes by falsely advertising lower ranks, leading to routing inefficiencies, unnecessary retransmissions, and increased energy consumption. To address this problem, we propose a novel intent-based networking-driven centralized real-time reinforced detection scheme (CRRDS), which translates high-level security intents into policy-driven automated control strategies for DRA detection. In the proposed CRRDS, a resource-rich root node acts as a deep reinforcement learning agent that collects critical information from the child nodes, including the node ID, end-to-end delay, received signal strength indicator, and hop count, to detect suspicious behavior accurately and intelligently. Initially, we implemented a deep Q-network (DQN)-assisted CRRDS in detecting DRA. Subsequently, we utilized double DQN (DDQN) and dueling DDQN due to their enhanced capabilities in value estimation and policy learning. The dueling DDQN performed optimally because of its deeper architecture. Simulation results demonstrate that the proposed dueling DDQN-assisted CRRDS achieves the highest detection accuracy of 98% with notable gains in true positive and false positive rates, even in complex scenarios with up to 30% malicious nodes.