SeArch: A Collaborative and Intelligent NIDS Architecture for SDN-Based Cloud IoT Networks

Abstract

The explosive rise of intelligent devices with ubiquitous connectivity have dramatically increased Internet of Things (IoT) traffic in the cloud environment and created potential attack surfaces for cyber-attacks. Traditional security approaches are insufficient and inefficient to address security threats in cloud-based IoT networks. In this vein, software defined networking (SDN), network function virtualization (NFV), and machine learning techniques introduce numerous advantages that can effectively resolve cybersecurity matters for cloud-based IoT systems. In this paper, we propose a collaborative and intelligent network-based intrusion detection system (NIDS) architecture, namely SeArch for SDN-based cloud IoT networks. It composes a hierarchical layer of intelligent IDS nodes working in collaboration to detect anomalies and formulate policy into the SDN-based IoT gateway devices to stop malicious traffic as fast as possible. We first describe a new NIDS architecture with a comprehensive analysis in terms of the system resource and path selection optimizations. Next, the system process logic is extensively investigated through main consecutive procedures, including initialization, runtime operation, and database update. Afterward, we conduct a detailed implementation of the proposed solution in an SDN-based environment and perform a variety of experiments. Finally, evaluation results of the $SeArch$ architecture yield outstanding performance in anomaly detection and mitigation as well as bottleneck problem handling in the SDN-based cloud IoT networks in comparison with existing solutions.