The rise of the Internet of Things (IoT) paradigm in the past decade
has had a significant impact on all aspects of our lives through the
many use cases it has made possible, including smart farming, smart
homes, and remote healthcare services among many others.
While the number of smart devices and utilization scenarios aimed at
supporting them grow exponentially, the large attack surface created
by the interconnectivity of millions of these devices is a concerning
aspect that needs to be addressed with intelligent intrusion detection
and prevention techniques.
This dissertation proposes a highly available software-defined
network-based intelligent security architecture for IoT networks. It
utilizes a weighted average ensemble model, comprised of a "few-shot"
learning classifier, namely Prototypical Networks, and a Support
Vector Machines (SVM), for highly accurate detection of intrusions.
Also, we propose to deploy the SDN controller and network function
virtualization (NFV) solutions as micro-services into a Kubernetes
cluster in a public cloud, to provide high availability and uptime.
We evaluate the attack detection performance of the proposed model
with the recently released Bot-IoT dataset consisting of real-world
IoT network flows, as well as an SDN dataset we generated and the
UNSW-NB15 intrusion detection dataset, and show that the proposed
model achieves significantly better performance than state-of-the-art
machine learning models for intrusion detection in the absence of
large amounts of sample attacks.
The proposed architecture is promising to achieve intelligent security
in the future’s ubiquitous IoT networks with its low processing
overhead and high intrusion detection accuracy.