Wireless sensor networks (WSNs) consist of hundreds, or thousands of sensor nodes distributed over a wide area and used as the Internet of Things (IoT) devices to benefit many home users and autonomous systems industries. With many users adopting WSN-based IoT technology, ensuring that the sensor's information is protected from attacks is essential. Many attacks interrupt WSNs, such as Quality of Service (QoS) attacks, malicious nodes, and routing attacks. To combat these attacks, especially on the routing attacks, we need to detect the attacker nodes and prevent them from any access to WSN. Although some survey studies on routing attacks have been published, a lack of systematic studies on detecting WSN routing attacks can be seen in the literature. This study enhances the topic with a taxonomy of current and emerging detection techniques for routing attacks in wireless sensor networks to improve QoS. This article uses a PRISMA flow diagram for a systematic review of 87 articles from 2016 to 2022 based on eight routing attacks: wormhole, sybil, Grayhole/selective forwarding, blackhole, sinkhole, replay, spoofing, and hello flood attacks. The review also includes an evaluation of the metrics and criteria used to evaluate performance. Researchers can use this article to fill in any information gaps within the WSN routing attack detection domain.
Routing protocols transmit vast amounts of sensor data between the Wireless Sensor Network (WSN) and the Internet of Things (IoT) gateway. One of these routing protocols is Routing Protocol for Low Power and Lossy Networks (RPL). The Internet Engineering Task Force (IETF) defined RPL in March 2012 as a de facto distance-vector routing protocol for wireless communications with lower energy. Although RPL messages use a cryptographic algorithm for security protection, it does not help prevent internal attacks. These attacks drop some or all packets, such as blackhole or selective forwarding attacks, or change data packets, like grayhole attacks. The RPL protocol needs to be strengthened to address such an issue, as only a limited number of studies have been conducted on detecting internal attacks. Moreover, earlier research should have considered the mobility framework, a vital feature of the IoT. This article presents a novel lightweight system for anomaly detection of grayhole, blackhole, and selective forwarding attacks. The study aims to use a trust model in the RPL protocol, considering attack detection under mobility frameworks. The proposed system, anomaly detection of three RPL attacks (RPLAD3), is designed in four layers and starts operating immediately after the initial state of the network. The experiments demonstrated that RPLAD3 outperforms the RPL protocol when defeating attacks with high accuracy and a true positive ratio while lowering power and energy consumption. In addition, it significantly improves the packet delivery ratio and decreases the false positive ratio to zero.