IoT devices have become popular targets for various network attacks due to their lack of industry-wide security standards. In this work, we focus on smart home IoT device identification and defending them against Distributed Denial of Service (DDoS) attacks. The proposed framework protects smart homes by using VLAN-based network isolation. This architecture has two VLANs: one with non-verified devices and the other with verified devices, both of which are managed by the SDN controller. Lightweight stateless flow-based features, including ICMP, TCP, and UDP protocol percentage, packet count and size, and IP diversity ratio, are proposed for efficient feature collections. Further analysis is performed to minimize training data to run on resource-constrained edge devices in smart home networks. Three popular machine learning algorithms, including K-Nearest-Neighbors, Random Forest, and Support Vector Machines, are used to classify IoT devices and detect different types of DDoS attacks, including TCP-SYN, UDP, and ICMP. The system's effectiveness and efficiency are evaluated by emulating a network consisting of an Open vSwitch, Faucet SDN controller, and several IoT device traces from two different testbeds.
翻译:由于缺乏全行业的安全标准,互联网装置已成为各种网络攻击的流行目标。在这项工作中,我们侧重于智能家庭IOT装置识别,并保护它们免遭分散式拒绝服务(DDoS)攻击。拟议框架通过使用VLAN网络隔离来保护智能家庭。这一架构有两部VLAN:一台带有未经核实的装置,另一台带有经核实的装置,两者均由SDN控制器管理。轻量的无国籍流动特征,包括IPCMP、TCP和UDP协议百分率、包数和大小以及IP多样性比率,是为高效的地物收藏而提议的。进一步的分析是为了尽量减少在智能家庭网络中利用资源紧张的边缘装置运行的培训数据。三种受欢迎的机器学习算法,包括K-Nearest-Neigbors、随机森林和辅助矢量机器,用来对互联网装置进行分类,并检测不同类型的DDoS攻击,包括TCP-SYYN、UDP和ICMP。该系统的效能和效率由Open vScontrad 和不同的ICry-SVADDD-DDDD-DDDDD的多个测试和IT网络来评估。