A centralized (SDN-paradigm) controller to monitor IoT networks. In this implementation, it cooperates with Cooja, the contiki emulator to monitor RPL networks. The project was the basis for a publication in Elsevier Future Generation Computer Systems, https://doi.org/10.1016/j.future.2021.07.013

This is a controller for IoT Networks running RPL protocol. It follows the SDN paradigm, hence it only communicates with the sink. The controller is able to identify an intruder, and the attacked nodes. The controller will automaticailly discover the underlying network, monitor in real time, an depict changes. A video example , where the network, starts and then node no 7 changes position. After a while (remember, RPL takes time to adjust), the node's new position and parent are automatically depicted in the GUI. An actual attack is identified in this , by two attacker (purple color). The network nodes are connected via the attackers who are implementing two attacks: rank attack & grayhole attack. After minute ~5, the attack is identified. the controller runs kMeans algoritm, finds all suspicious nodes, runs a Kosaraju algorithm to find how many stronlgy connected graphs there are, and at the end finds the mother of each such sub-graph. The "mother(s)" identified are the attackers. As a meta-step, the network can exclude the attackers from being selected as parents by using "coloring" from a previous work, a video , papers here & here.

You can freely run, modify, adapt it, use it for your research project. You also need a contiki OS with specificly adapted nodes (sink-client-intruder) in order to run experiments. The "proffesional" way which gives you access to all, is to download contiki TWICE:

1. the contiki (slightly altereed with a lot of custom messages, etc.) from []. Go to contiki/examples/ipv6/rpl-udp-fresh/ and run one of the many *.csc files there. they all use the same two nodes: udp-server.c and udp-client.c. The *dixon*.csc emulations are using the respective *dixon*.c sink/client code.
2. In order to include one or more intruder node(s), you have to download another contriki version (completely separated), from , or , or . Again, in all cases, the intruder code is in contiki/examples/ipv6/rpl-udp-fresh/*.c.

All JavaFX libraries were embedded in the folder /libraries. It was found that the project was not really portable when expecting those libraries to be found in the Java JRE/JDK.Specificallly, it only worked with specific Java flavous (Oracle), when those included all the JavaFX libraries, otherwise the project was failing on runtime (compile was ok!). You can read more in such articles: https://stackoverflow.com/questions/51478675/error-javafx-runtime-components-are-missing-and-are-required-to-run-this-appli

With the above "hack" I tried the project in a clean Ubuntu 20 installation (September 2023). If any problems, email [email protected]

##DONT FORGER TO CITE...

George Violettas, George Simoglou, Sophia Petridou, Lefteris Mamatas, A Softwarized Intrusion Detection System for the RPL-based Internet of Things networks, Future Generation Computer Systems, Volume 125, 2021, Pages 698-714, ISSN 0167-739X, https://doi.org/10.1016/j.future.2021.07.013.

Kyriakos Vougioukas ([email protected]) created a superb testing framework in Python, fully parameterizable, which was used for extensive tests of Dixon-Q test, and Chebyshev's Inequality. He also made it freely avaliable, !here. You can obviously use it for other purposes. I sincerely thank him...

Controller in Action 1

Controller in Action 2

Controller in Action 3

Controller in Action 4

Controller in Action 5

Controller in Action 6