Bringing Intelligence at the Network Data Plane for Internet of Things Security

Internet of Things (IoT) can aid modern military operations in various ways; from immersive virtual simulations for soldiers' training to autonomous vehicles and environmental sensors for situation awareness and distributed decision making. Yet, security threats arising in massively connected IoT devices continue to challenge their widespread adoption by the Army. It is necessary to equip IoT gateways with firewalls to prevent hacked devices from infecting a larger number of network nodes. Meanwhile, cutting-edge Software Defined Network (SDN) technologies open the door for greater innovation to network control and data planes. The match-and-action mechanism of SDN provides the means to differentiate malicious traffic flows from normal ones, which mirrors the past firewall mechanisms but with a new flexible and dynamically re-configurable twist. However, vulnerabilities of IoT devices and heterogeneous protocols coexisting in the same network challenge the extension of SDN into the IoT domain. To overcome these challenges, we leverage data-plane programming languages that enable intelligent packet processing, and propose two novel data-driven approaches for attack detection. First, we design a two-stage deep learning method that generates flow rules for classifying and separating malicious from normal packets. Our method is tailored to the P4 programming language so as to be adaptive to arbitrary protocols while maintaining high performance of attack detection. Second, we develop a binarized neural network (BNN) based method that offloads the security functionality from a remote server (control plane) to an IoT gateway (data plane) thereby reducing the packet classification latency and flow rule storage demand. Evaluations using network traces of various IoT protocols show significant benefits in accuracy, efficiency and universality over state-of-the-art methods.