IMSS25 13th International Symposium on Intelligent Manufacturing and Service Systems, Düzce, Türkiye, 25 - 27 Eylül 2025, ss.240-249, (Tam Metin Bildiri)
The proliferation of Internet of Things (IoT) technologies has made RPL-based IoT networks
increasingly vulnerable to routing attacks such as Blackhole, Version Number, and Hello Flood. This
study proposes a machine learning and deep learning-based approach to effectively detect these
attacks. A realistic IoT network dataset was constructed, containing key network attributes such as
frame. Time (timestamps), frame.len (packet lengths), wpan.src64, and wpan.dst64 (source and
destination MAC addresses), icmpv6. Type, and icmpv6.code (ICMPv6 packet types and codes),
ipv6.src and ipv6.dst (IPv6 source and destination addresses), along with classification labels. The
attack detection system was developed using LightGBM, XGBoost, LSTM, and BiLSTM algorithms
and evaluated through performance metrics such as F1-score and AUC. BiLSTM achieved superior
performance in detecting Blackhole and Hello Flood attacks by effectively analyzing sequential
patterns in frame, time, and ICMPv6 features. At the same time, LightGBM demonstrated a low
computational cost and fast testing times, making it highly suitable for resource-constrained IoT
devices. All models provided high classification accuracy and real-time processing capability,
fulfilling the early intervention needs in IoT cybersecurity. The proposed solution not only ensures
robust detection of routing attacks in RPL-based IoT networks but also lays a strong foundation for
enhancing the long-term security and resilience of IoT ecosystems.