Intrusion Detection in Critical SD-IoT Ecosystem

The Internet of Things (IoT) connects physical objects with intelligent decision-making support to exchange information and enable various critical applications. The IoT enables billions of devices to connect to the Internet, thereby collecting and exchanging real-time data for intelligent services. The complexity of IoT management makes it difficult to deploy and manage services dynamically. Thus, in recent times, Software Defined Network (SDN) has been widely adopted in IoT service management to provide dynamic and adaptive capabilities to the traditional IoT ecosystem. This has resulted in the evolution of a new paradigm known as Software-defined IoT (SD-IoT). Although there are several benefits of SD-IoT, it also opens new frontiers for attackers to introduce attacks and intrusions. Specifically, it becomes challenging working in a critical IoT environment where any delay or disruption caused by an intruder can be life-threatening or can cause significant destruction. However, given the flexibility of SDN, it is easier to deploy different intrusion detection systems that can detect attacks or anomalies promptly. Thus, in this paper, we have deployed a hybrid architecture that allows monitoring, analysis, and detection of attacks and anomalies in the SD-IoT ecosystem. In this work, we have considered three scenarios, a) denial of services, b) distributed denial of service, and c) packet fragmentation. The work is validated using simulated experiments performed using SNORT deployed on the Mininet platform for three scenarios