The Internet Engineering Task Force (IETF) has defined routing protocols for Low Power and Lossy Networks (RPL) for constrained devices. RPL constructs DODAGs (Destination Oriented Directed Acyclic Graphs), to optimize routing. RPL ensures acyclic topology with the DODAG version number. However, the control message's DODAG version number is not authenticated. So, RPL is vulnerable to topological inconsistency attack known as DODAG Version Number (DVN) attack. DVN attack creates a packet delay, packet loss, cyclic topology, etc., in the network. This paper proposes a method for detecting DODAG version number attacks. Several existing schemes to defend against the DVN, such as cryptographic techniques, trust-based, thresholdbased and mitigation are computationally intensive or require protocol modification. DVN does not change the packet format or sequence of packets, but can still perform attacks and hence fall under the category of stealthy attacks, which are difficult to detect using traditional Intrusion Detection System s (IDS). Discrete-Event System (DES) based IDS have been applied in the literature for stealthy attacks that achieve low overhead, low false alarm rate, etc. However, the construction of DES-based IDS for network protocol may lead to errors, as modelling is manual. The resulting IDS, therefore, is unable to guarantee its correctness. This