The Internet of Things, also known as the IoT, refers to the billions of devices around the world that are now connected to the Internet, collecting and sharing data. The amount of data collected through IoT sensors must be completely securely controlled. To protect the information collected by IoT sensors, a lightweight method called Discover the Flooding Attack-RPL (DFA-RPL) has been proposed. The proposed DFA-RPL method identifies intrusive nodes in several steps to exclude them from continuing routing operations. Thus, in the DFA-RPL method, it first builds a cluster and selects the most appropriate node as a cluster head in DODAG, then, due to the vulnerability of the RPL protocol to Flooding attacks, it uses an ant colony algorithm (ACO) using five steps to detect attacks. Use Flooding to prevent malicious activity on the IoT network. In other words, if it detects a node as malicious, it puts that node on the detention list and quarantines it for a certain period of time. The results obtained from the simulation show the superiority of the proposed method in terms of Packet Delivery Rate, Detection Rate, False Positive Rate, and False Negative Rate compared to IRAD and REATO methods.