The adoption of the Internet of Things (IoT) has proliferated across various domains, where everyday objects like refrigerators and washing machines are now equipped with sensors and connected to the internet. Undeniably, the security of such devices, which were not primarily designed for internet connectivity, is of utmost importance but has been largely neglected. In this paper, we propose a framework for the real-time DDoS attack detection and mitigation in SDN-enabled smart home networks. We capture network traffic during regular operations and during DDoS attacks. This captured traffic is used to train several machine learning (ML) models, including Support Vector Machine (SVM), Logistic Regression, Decision Trees, and K-Nearest Neighbors (KNN) algorithms. These trained models are executed as SDN controller applications and subsequently employed for real-time attack detection. While we utilize ML techniques to protect IoT devices, we propose the use of SNORT, a signature-based detection technique, to secure the SDN controller itself. Real-world experiments demonstrate that without SNORT, the SDN controller goes offline shortly after an attack, resulting in a 100% packet loss. Furthermore, we show that ML algorithms can efficiently classify traffic into benign and attack traffic, with the Decision Tree algorithm outperforming others with an accuracy of 99%.

中文翻译：

---

基于SDN的智能家居DDoS攻击检测与缓解

物联网 (IoT) 的应用已遍及各个领域，冰箱和洗衣机等日常用品现在都配备了传感器并连接到互联网。不可否认，此类设备主要不是为互联网连接而设计的，其安全性至关重要，但在很大程度上被忽视了。在本文中，我们提出了一个在支持 SDN 的智能家庭网络中进行实时 DDoS 攻击检测和缓解的框架。我们在常规操作和 DDoS 攻击期间捕获网络流量。捕获的流量用于训练多种机器学习 (ML) 模型，包括支持向量机 (SVM)、逻辑回归、决策树和 K 最近邻 (KNN) 算法。这些经过训练的模型作为 SDN 控制器应用程序执行，随后用于实时攻击检测。虽然我们利用 ML 技术来保护 IoT 设备，但我们建议使用 SNORT（一种基于签名的检测技术）来保护 SDN 控制器本身。现实世界的实验表明，如果没有 SNORT，SDN 控制器在受到攻击后不久就会离线，导致 100% 的数据包丢失。此外，我们还表明，ML 算法可以有效地将流量分类为良性流量和攻击流量，决策树算法的准确率优于其他算法，准确率为 99%。