CO-STOP: A robust P4-powered adaptive framework for comprehensive detection and mitigation of coordinated and multi-faceted attacks in SD-IoT networks

Abstract

The increasing sophistication of multi-faceted attacks (MFAs) presents significant challenges for securing Internet of Things (IoT) networks, where traditional defenses and even contemporary solutions often fail to provide comprehensive protection. Current frameworks in the literature face critical limitations such as centralized control architectures that are prone to bottlenecks and single points of failure, inadequate traffic monitoring capabilities, and limited adaptability to dynamic attack surfaces. These gaps make IoT environments vulnerable to stealthy, coordinated, and complex attacks that can simultaneously target multiple layers of the network. Addressing these challenges requires a more dynamic and distributed approach to security. This paper introduces CO-STOP, an innovative framework designed to overcome these limitations by integrating machine learning (ML), the P4 programming language, Software-Defined Networking (SDN), and a novel multi-control design (MCD). CO-STOP enhances IoT network management by distributing both detection and mitigation efforts across multiple controllers, improving scalability and resilience. It also addresses the shortcomings of existing solutions by incorporating adaptive traffic monitoring and a distributed mitigation strategy that reduces the risks of network disruption. The framework comprises four interconnected modules: (1) Authenticated Dynamic Multi-Control (ADMC), which introduces secure, synchronized controller collaboration; (2) P4-Enabled Adaptive Traffic Monitoring (P4-ATM), leveraging programmable state tables for real-time traffic analysis; (3) Multi-Faceted Attack Detection and Prevention (MFADP), employing a Dynamic Meta-Ensemble with Confidence-Based Prioritization (DMECP) for accurate attack detection; and (4) P4-Enabled Multi-Control Adaptive Mitigation (P4-MCAM), which distributes mitigation efforts across multiple controllers. CO-STOP demonstrates significant resource efficiency, with the P4-based solution reducing bandwidth consumption by 27%, memory usage by 19%, and CPU utilization by 21% compared to the OpenFlow-based approach. Experiments reveal that the proposed multi-controller architecture consistently outperforms the single-controller design across six key evaluation metrics. CO-STOP sets new benchmarks in SD-IoT security, achieving 99.25% accuracy, a 98.83% F1-score, and a low false positive rate of 0.51%. By addressing both the limitations of existing frameworks and the critical need for scalable, efficient, and adaptive security solutions, CO-STOP represents a substantial advancement in safeguarding SD-IoT networks from emerging attacks.