TD-RA policy-enforcement framework for an SDN-based IoT architecture

Internet of Things (IoT) has been suffering from increasing security threats since many years which compromise the whole network security. Automating the management of IoT devices helps in implementing security measures within communication systems. Software Defined Networking (SDN) has been introduced as a new networking approach that enables this automation. Many approaches were developed to mitigate IoT attacks in SDN-based IoT networks. Some studies investigated the prevention of flooding attacks, while others tried to cover broader attack surfaces. However, their proposed methods are time consuming and resource-exhausting as they use complex algorithms. In this paper, we propose a lightweight secure Threat Detection (TD) and Rule Automation (RA) framework namely "TD-RA'' to effectively detect and mitigate different cyber-security threats in an SDN-based IoT environment. The proposed solution is composed of a Binary and Multi-class Classification Modules (BCM/MCM) for IoT threat detection and a Policy-Enforcement Module (PEM) for attack mitigation. Different machine learning methods have been implemented and compared to solve the classification problems. It is shown that for binary classification, the Decision Tree method achieves the highest accuracy which is around 98.7%, while for multi-class classification, Random Forest achieves the highest accuracy which is around 91.1%. The experimental results show that the proposed framework can successfully detect abnormal traffic and prevent IoT threats through SDN with smaller network overhead and high performance. Moreover, the overall processing time of our security modules is significantly smaller than that of existing solutions by reaching a mean value of 6 ms. This paper also introduces a large-scale architecture that comprises clusters of controllers to maintain high availability of network services. Such an integrated security approach, including detection and mitigation techniques, provides IT industries with reliable security measures that can be implemented to increase SDN-based IoT system responsiveness to different IoT attacks.