MP-GUARD: A novel multi-pronged intrusion detection and mitigation framework for scalable SD-IoT networks using cooperative monitoring, ensemble learning, and new P4-extracted feature set.

• Dynamic P4 Feature Extraction: Extracts real-time features from traffic using P4 programs, improving intrusion detection accuracy. • Cooperative Traffic Monitoring: Analyzes data across distributed controllers using P4 state tables for comprehensive attack detection. • Ensemble Learning with P4 Features: Integrates P4-extracted features with traditional data for enhanced multi-pronged attack detection. • Scalable Multi-Controller Architecture: Distributes control plane functions for fault tolerance and handling high traffic loads in SD-IoT. • Dataplane-Level P4 Intrusion Detection: Minimizes controller overhead and enables faster response times using P4 programs on the data plane. The ever-increasing complexity of the Internet of Things (IoT) environment demands robust and adaptable intrusion detection frameworks, as existing approaches struggle with real-time traffic analysis, limited scalability, and static feature sets. This paper introduces MP-GUARD, a novel framework that leverages Software-Defined Networking (SDN), machine learning (ML), and a multi-controller architecture to address these challenges. MP-GUARD tackles multi-pronged intrusion attacks in IoT networks by offering real-time intrusion detection, collaborative traffic monitoring, and multi-layered attack mitigation. It achieves this through two core modules: P4-Assisted Cooperative Traffic Monitoring (CTM-P4) and Multi-Pronged Intrusion Detection and Mitigation (MPIDM). CTM-P4 facilitates real-time communication among multiple controllers, enabling dynamic feature extraction leveraging the interconnected state tables within P4-enabled switches. This module introduces a new 22-feature set (12 extracted and 10 computed) for comprehensive network analysis. MPIDM leverages the detailed network insights from CTM-P4 for attack identification and prevention. It introduces Stacked Ensemble Learning with Dynamic P4-Based Feature Selection (SELDP4-FS), achieving exceptional performance with 99.32 % accuracy, 99.24 % F1-score, and 0.49 % false positive rate. Additionally, MPIDM boasts efficient response and detection times of 16ms and 11ms, respectively. Beyond accuracy, MP-GUARD demonstrates significant advantages in terms of scalability and efficiency. The multi-controller architecture offers a 65 % reduction in overhead compared to single-controller setups. Furthermore, this work introduces the Mean Accuracy Steadiness Level (MASL) metric to assess model stability under varying traffic conditions. By combining P4-based feature extraction, dynamic feature selection, cooperative monitoring, ensemble learning, and a multi-controller architecture, MP-GUARD presents a significant contribution to IoT security, offering a scalable and adaptable solution for securing future SD-IoT deployments against evolving threats. [Display omitted] [ABSTRACT FROM AUTHOR]