Securing Smart Homes via Software-Defined Networking and Low-Cost Traffic Classification

TL;DR

This paper presents a secure smart home framework using SDN with VLAN isolation and machine learning-based traffic classification to identify IoT devices and defend against DDoS attacks efficiently on resource-limited devices.

Contribution

It introduces a novel SDN-based architecture with lightweight traffic features and machine learning for IoT device identification and attack detection in smart homes.

Findings

Effective device classification with high accuracy.

Successful detection of TCP-SYN, UDP, and ICMP DDoS attacks.

Resource-efficient feature set suitable for edge devices.

Abstract

IoT devices have become popular targets for various network attacks due to their lack of industry-wide security standards. In this work, we focus on smart home IoT device identification and defending them against Distributed Denial of Service (DDoS) attacks. The proposed framework protects smart homes by using VLAN-based network isolation. This architecture has two VLANs: one with non-verified devices and the other with verified devices, both of which are managed by the SDN controller. Lightweight stateless flow-based features, including ICMP, TCP, and UDP protocol percentage, packet count and size, and IP diversity ratio, are proposed for efficient feature collections. Further analysis is performed to minimize training data to run on resource-constrained edge devices in smart home networks. Three popular machine learning algorithms, including K-Nearest-Neighbors, Random Forest, and Support Vector Machines, are used to classify IoT devices and detect different types of DDoS attacks, including TCP-SYN, UDP, and ICMP. The system's effectiveness and efficiency are evaluated by emulating a network consisting of an Open vSwitch, Faucet SDN controller, and several IoT device traces from two different testbeds.