Published September 10, 2020 | Version Accepted pre-print
Conference paper Open

Accurate Detection of Sinkhole Attacks in IoT Networks Using Local Agents

  • 1. Department of Computer Science, University of Cyprus and RISE - Research Center on Interactive Media, Smart Systems and Emerging Technologies, Nicosia, Cyprus


In this paper we explore the feasibility of employing local security agents to detect sinkhole attacks in IoT multihop networks. Sinkhole attacks, which divert traffic towards the compromised node(s), prevent information from reaching their intended destination. Sinkhole attacks are unique in their operation and are often difficult to be recognized locally. We examine three types of local agents and employ thresholds, binary logistic regression (BLR) and support vector machines (SVM) as anomaly detectors. The local security agents’ deployment and evaluation is done both in a simulated environment and in a real network of resource-constrained nodes. We have concluded that threshold-based detection is not suitable for deployment in local agents. During the evaluation phase, the BLR and SVM detection modules for the Sinkhole attack are found to be able to detect the presence of the Sinkhole attack, with exceptionally high accuracy.


This work has been partly supported by the project that has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 739578 (RISE – Call: H2020-WIDESPREAD-01-2016-2017-TeamingPhase2) and the Government of the Republic of Cyprus through the Deputy Ministry of Research, Innovation and Digital Policy.



Files (321.9 kB)

Name Size Download all
321.9 kB Preview Download

Additional details


RISE – Research Center on Interactive Media, Smart System and Emerging Technologies 739578
European Commission