The concept of Internet of Things involves the deployment of Low power and Lossy Networks (LLN) allowing communications among pervasive devices such as embedded sensors. The IETF designed the Routing Protocol for Low power and Lossy Networks (RPL) for supporting these constrained networks. Keeping in mind the different requirements of such networks, the protocol supports multiple routing topologies, called DODAGs, built using different objective functions, so as to optimize routing based on several metrics. A DODAG versioning system is incorporated into RPL in order to ensure an optimized topology. However, an attacker can exploit this mechanism to damage the network and reduce its lifetime. In this paper we propose a detection strategy based on a distributed monitoring architecture with dedicated algorithms that is able to identify malicious nodes performing such attacks in RPL-based environments. The performance of this solution is evaluated through extensive experiments and its scalability is quantified considering a monitoring node placement method.