This paper introduces a new attack blocking mechanism to defend against malicious unknown
attacks in the Internet of Things (IoT) environments. The new mechanism starts by installing a
honeypot in each Software Defined Network OpenFlow switch to attract and collect suspicious traffic.
Upon detecting suspicious traffic, it will first store the traffic in the honeypot first, instead of
performing instant anomaly detection, to preserve the overall network speed and packets. The
mechanism then sends the collected attack traffic to the controller, to extract more appropriate features
by the machine learning practice and to ensure more accurate anomaly identification. After identifying
the attack type, it will add a proper defense rule in the flow table – a new entry – to block similar future
attacks. Experimental evaluation proves that the new mechanism is more advantageous than the
existing flow-based IDS mechanism. Major advantages include being able to detect and prevent
unknown attacks without blocking regular network traffic, achieve better capture rates than the
Intrusion Detection System (IDS) upon traffic-high or short packet attacks, and avoid potential packet
loss.
Relation:
Journal of Applied Science and Engineering 23(1), p.163-173
