A data-plane approach for detecting malware in iot networks

Abstract

Data plane where all the packet processing and forwarding is done based on control plane logic can be used to monitor the network traffic along with forwarding of the packets. Security threats have become common in IoT networks. Due to the pandemic, as things have moved to virtual platforms, security at every level, including network devices, has become a major concern. Attackers try to gather as much data as possible through various means. In networking, dependence on the control plane to take forwarding decisions is inefficient when quick response is required, in cases of attack mitigation, anomaly detection, intrusion detection etc. Some of the forwarding logic in control plane can be transformed into rules at the data plane. In this work, this is achieved through programmable switches and domain specific language such as P4. A machine learning algorithm is used to train a classifier on publicly available malware dataset. These rules are used for classifying data packets. This work derives rules from a public malware traffic dataset and uses Mininet (network emulator) to emulate an IoT network, and 88% accuracy is achieved in detecting malware at the data plane.