Intrusion Prevention System Evaluation for SDN-Enabled IoT Systems

As the importance of communication networks increases in our lives, the limitations of traditional networks start to emerge. Software Defined Networking (SDN) is the most recent paradigm in the networking industry, its purpose being to mitigate traditional network limitations, such as complexity, the difficulty of introducing new services in the network, the inability of enforcing security policies while having a network-wide view. From a security point of view, the need for middleboxes in the network, such as firewalls or Intrusion Detection/Prevention Systems (IDS/IPS) is eliminated by implementing these functionalities in software applications. As SDN has the potential of becoming a key enabler for the Internet of Things (IoT), there are specific aspects of security for IoT that need to be taken into account, for example the lack of powerful computing resources or limited battery life, making securing IoT devices more challenging. This paper addresses one of these security issues, while evaluating a simple IPS application for an SDN controller. An emulated IoT network is controlled by the SDN controller, which also runs an IPS application. When a node becomes faulty or it is compromised and it sends too much traffic, that could cause a Denial of Service (DoS) in the network, it is blocked by the controller for a configurable amount of time.