Design and implementation of intelligent packet filtering in IoT microcontroller-based devices

TL;DR

This paper presents T800, a machine learning-based packet filter designed for resource-constrained IoT devices, enhancing security by efficiently classifying and blocking malicious traffic on microcontrollers like ESP32.

Contribution

Introduction of T800, a low-resource, ML-based packet filtering system for IoT devices, with detailed benchmarking and adaptability to different microcontroller platforms.

Findings

T800 effectively classifies malicious packets on ESP32 microcontrollers.

It increases device capacity by filtering out unwanted traffic.

The system is adaptable and provides a performance evaluation framework.

Abstract

Internet of Things (IoT) devices are increasingly pervasive and essential components in enabling new applications and services. However, their widespread use also exposes them to exploitable vulnerabilities and flaws that can lead to significant losses. In this context, ensuring robust cybersecurity measures is essential to protect IoT devices from malicious attacks. However, the current solutions that provide flexible policy specifications and higher security levels for IoT devices are scarce. To address this gap, we introduce T800, a low-resource packet filter that utilizes machine learning (ML) algorithms to classify packets in IoT devices. We present a detailed performance benchmarking framework and demonstrate T800's effectiveness on the ESP32 system-on-chip microcontroller and ESP-IDF framework. Our evaluation shows that T800 is an efficient solution that increases device computational capacity by excluding unsolicited malicious traffic from the processing pipeline. Additionally, T800 is adaptable to different systems and provides a well-documented performance evaluation strategy for security ML-based mechanisms on ESP32-based IoT systems. Our research contributes to improving the cybersecurity of resource-constrained IoT devices and provides a scalable, efficient solution that can be used to enhance the security of IoT systems.