R-IDPS: Real time SDN based IDPS system for IoT security

Abstract

Internet of things increases the automation pace of the world but at the same time, IoT poses many security challenges for the industry. Intrusion detection and prevention systems have dominated the market for security in conventional networks. The challenge to IDPS is huge resource utilization and imparting performance penalties. Also, real-time training of detection machine learning models has been an issue. In this research, we develop an agent-based IDPS system using software-defined networking (SDN) technology at its core. The system develops a baseline profile for the IoT network by analyzing data from all the devices under normal conditions. Based on this profile, we extract the network traffic features. Using these features, we construct our dataset for anomaly detection in the network. For detection, we use a support vector machine to detect ICMP flood and TCP SYN flood attacks. The R-IDPS machine learning model is capable of real-time training. The proposed model (R-IDPS) is fully capable of mitigating attacks using SDN technology. The main objective of the research is to analyze the accuracy of the proposed SDN-based intrusion detection system especially under the stress conditions of DDoS attacks. Simulation results show 97 % to 99 % of attack detection accuracy with no false positives. The R-IDPS is scalable for both large and heterogeneous IoT networks.