SecureFlow: Knowledge and data-driven ensemble for intrusion detection and dynamic rule configuration in software-defined IoT environment

There is a massive growth in the rate of heterogeneous devices configured in the Internet of Things (IoT) environment for efficient communication. The IoT devices are limited in resources, and there are no defined protocols in terms of security during communication in the IoT-based platforms. Several solutions are framed to make communication secure in the IoT ecosystem. However, the existing schemes need to be more reliable to handle the cyber threats and unwarranted incidents (such as intrusions, anomalies and attacks) coming from IoT endpoints owing to the unstructured patterns of IoT data and dynamic network conditions. Moreover, heavy cryptographic primitives have their deployment challenges due to the resource constraints of the IoT ecosystem. The dynamic nature of IoT traffic requires flexible and varied rules to handle the threats in different deployment scenarios. Therefore, a programmable interface enabled through Software-defined Networking (SDN) can handle heterogeneous threats and incidents in the IoT cyber world. Thus, in this paper, we have designed a novel framework, SecureFlow, an intrusion detection and dynamic rule configuration system based on the knowledge-based and data-driven ensemble. The proposed framework is robust and fault tolerant owing to dual-layer Intrusion Detection System (IDS) and rule configuration modules that can work without one of them. SecureFlow validated through several experiments performed through emulations in Mininet. The results depict that the proposed framework is effective and promising.