Efficient and Intelligent Attack Detection in Software Defined IoT Networks

With the increasing deployment of Internet of Things (IoT) in various domains (e.g., smart buildings and critical infrastructure protection), the limited capabilities on such devices introduce significant security vulnerabilities, especially when considering their integration with Software Defined Network (SDN) to provide flexible services. In this paper, we investigate efficient attack detection techniques for such software-defined IoT (SD-IoT) networks. First, we simulate commonly utilized attacks, such as SYN, ping flood, UDP port scan and UDP flood, using Mininet-WiFi for a given SD-IoT topology and collect representative datasets with Wireshark. Then, focusing on Random Forest (RF) machine learning models, we study the effects of various feature sets (e.g., IPs and ports) on the detection accuracy for different attacks. Moreover, the effects of RF configurations (i.e., forest size and tree depth) on the detection accuracy and run-time overheads are also evaluated. In addition to our collected datasets, two known IoT datasets were also used. The results show that RF can achieve high detection accuracy with the selected feature sets for the considered attacks. Moreover, the detection accuracy of RF decreases only slightly with reduced forest sizes (e.g., fewer trees or less depth) where the run-time overheads can be significantly reduced. This demonstrates the utility of the studied techniques in resource-constrained IoT networks.