Skip to main content

SunBlock: Cloudless Protection for IoT Systems

  • Conference paper
  • First Online:
Passive and Active Measurement (PAM 2024)


With an increasing number of Internet of Things (IoT) devices present in homes, there is a rise in the number of potential information leakage channels and their associated security threats and privacy risks. Despite a long history of attacks on IoT devices in unprotected home networks, the problem of accurate, rapid detection and prevention of such attacks remains open. Many existing IoT protection solutions are cloud-based, sometimes ineffective, and might share consumer data with unknown third parties. This paper investigates the potential for effective IoT threat detection locally, on a home router, using AI tools combined with classic rule-based traffic-filtering algorithms. Our results show that with a slight rise of router hardware resources caused by machine learning and traffic filtering logic, a typical home router instrumented with our solution is able to effectively detect risks and protect a typical home IoT network, equaling or outperforming existing popular solutions, without any effects on benign IoT functionality, and without relying on cloud services and third parties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


  1. 1.

    We obtained this number empirically after extensive testing showing a good trade-off between ML accuracy and reaction time.


  1. Asus (TrendMicro). Accessed 03 Nov 2023

  2. Bitdefender Box 2. Accessed 03 Nov 2023

  3. F-Secure. Accessed 03 Nov 2023

  4. Fail2ban. Accessed 03 Nov 2023

  5. Fingbox. Accessed 03 Nov 2023

  6. Firewalla. Accessed 03 Nov 2023

  7. iptables. Accessed 03 Nov 2023

  8. LinkSys | WRT3200ACM Data Sheet. Accessed 03 Nov 2023

  9. McAfee Secure Home Platform. &shell=article-view &locale=en-US &articleId=TS102712. Accessed 03 Nov 2023

  10. netfilter. Accessed 03 Nov 2023

  11. netml. Accessed 03 Nov 2023

  12. OpenWrt. Accessed 03 Nov 2023

  13. RATtrap. Accessed 03 Nov 2023

  14. Safeguards study: threat simulation scripts. Accessed 03 Nov 2023

  15. Snort 3. Accessed 03 Nov 2023

  16. Snort3 community rules. Accessed 03 Nov 2023

  17. SunBlock project page. Accessed 11 Jan 2023

  18. Suricata. Accessed 03 Nov 2023

  19. Tcpreplay Official Site. Accessed 03 Nov 2023

  20. TP-Link HomeShield (Avira). Accessed 03 Nov 2023

  21. Zeek. Accessed 03 Nov 2023

  22. Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: SoK: security evaluation of home-based IoT deployments. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1362–1380 (2019).

  23. Antonakakis, M., et al.: Understanding the Mirai Botnet. In: 26th USENIX Security Symposium (USENIX Security 2017), Vancouver, BC, pp. 1093–1110. USENIX Association (2017).

  24. Babun, L., Denney, K., Celik, Z.B., McDaniel, P., Uluagac, A.S.: A survey on IoT platforms: communication, security, and privacy perspectives. Comput. Netw. 192, 108040 (2021).

  25. Briggs, C., Fan, Z., Andras, P.: A review of privacy-preserving federated learning for the internet-of-things. In: Federated Learning Systems: Towards Next-Generation AI, pp. 21–50 (2021)

    Google Scholar 

  26. Chakrabarti, S., Chakraborty, M., Mukhopadhyay, I.: Study of snort-based IDS. In: ICWET 2010, pp. 43–47. Association for Computing Machinery, New York (2010).

  27. Conti, M., Nati, M., Rotundo, E., Spolaor, R.: Mind the plug! Laptop-user recognition through power consumption. In: Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, IoTPTS 2016, pp. 37–44. Association for Computing Machinery, New York (2016).

  28. Dua, A., Tyagi, V., Patel, N., Mehtre, B.: IISR: a secure router for IoT networks. In: 2019 4th International Conference on Information Systems and Computer Networks (ISCON), pp. 636–643 (2019).

  29. Dudley, J.J., Kristensson, P.O.: A review of user interface design for interactive machine learning. ACM Trans. Interact. Intell. Syst. (TiiS) 8(2), 1–37 (2018)

    Article  Google Scholar 

  30. He, W., et al.: SoK: context sensing for access control in the adversarial home IoT. In: 2021 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 37–53 (2021).

  31. Huang, D.Y., Apthorpe, N., Li, F., Acar, G., Feamster, N.: IoT inspector: crowdsourcing labeled network traffic from smart home devices at scale. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 4(2) (2020).

  32. Karale, A.: The challenges of iot addressing security, ethics, privacy, and laws. Internet Things 15, 100420 (2021).

  33. Kolcun, R., et al.: Revisiting IoT device identification. In: Bajpai, V., Haddadi, H., Hohlfeld, O. (eds.) 5th Network Traffic Measurement and Analysis Conference, TMA 2021, Virtual Event, 14–15 September 2021. IFIP (2021).

  34. Kolcun, R., et al.: The Case for Retraining of ML Models for IoT Device Identification at the Edge. arXiv preprint (2020).

  35. Kotak, J., Elovici, Y.: IoT device identification using deep learning. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds.) CISIS 2020. Advances in Intelligent Systems and Computing, vol. 1267, pp. 76–86. Springer, Cham (2021).

    Chapter  Google Scholar 

  36. Lastdrager, E., Hesselman, C., Jansen, J., Davids, M.: Protecting home networks from insecure IoT devices. In: NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium, p. 1–6. IEEE Press (2020).

  37. Lyon, G.F.: Nmap network scanning: the official Nmap project guide to network discovery and security scanning. Insecure. Com LLC (US) (2008)

    Google Scholar 

  38. Mahdavinejad, M.S., Rezvan, M., Barekatain, M., Adibi, P., Barnaghi, P., Sheth, A.P.: Machine learning for internet of things data analysis: a survey. Digit. Commun. Netw. 4(3), 161–175 (2018).

  39. Mandalari, A., Haddadi, H., Dubois, D.J., Choffnes, D.: Protected or porous: a comparative analysis of threat detection capability of IoT safeguards. In: 2023 2023 IEEE Symposium on Security and Privacy (SP) (SP), pp. 3061–3078. IEEE Computer Society, Los Alamitos (2023).

  40. Mandalari, A.M., Dubois, D.J., Kolcun, R., Paracha, M.T., Haddadi, H., Choffnes, D.: Blocking without Breaking: Identification and Mitigation of Non-Essential IoT Traffic (2021)

    Google Scholar 

  41. Meidan, Y., et al.: ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 506–509. Association for Computing Machinery, New York (2017).

  42. Modems, A.: Comcast Infinity xFi XB6 Review (2023). Accessed 03 Nov 2023

  43. Palmese, F., Redondi, A.E., Cesana, M.: Feature-sniffer: enabling IoT forensics in OpenWrt based Wi-Fi access points. In: 2022 IEEE 8th World Forum on Internet of Things (WF-IoT), pp. 1–6. IEEE (2022)

    Google Scholar 

  44. Paracha, M.T., Dubois, D.J., Vallina-Rodriguez, N., Choffnes, D.: IoTLS: understanding TLS usage in consumer IoT devices. In: Proceedings of the Internet Measurement Conference (2021)

    Google Scholar 

  45. Patel, N., Mehtre, B., Wankar, R.: A snort-based secure edge router for smart home. Int. J. Sens. Netw. 41(1), 42–59 (2023).

  46. Razzak, I., Zafar, K., Imran, M., Xu, G.: Randomized nonlinear one-class support vector machines with bounded loss function to detect of outliers for large scale IoT data. Future Gener. Comput. Syst. 112, 715–723 (2020).

  47. Ren, J., Dubois, D.J., Choffnes, D., Mandalari, A.M., Kolcun, R., Haddadi, H.: Information exposure for consumer IoT devices: a multidimensional, network-informed measurement approach. In: Proceedings of the Internet Measurement Conference (IMC) (2019)

    Google Scholar 

  48. Sadek, I., Rehman, S.U., Codjo, J., Abdulrazak, B.: Privacy and security of IoT based healthcare systems: concerns, solutions, and recommendations. In: Pagán, J., Mokhtari, M., Aloulou, H., Abdulrazak, B., Cabrera, M. (eds.) ICOST 2019. LNCS, vol. 11862, pp. 3–17. Springer, Heidelberg (2019).

    Chapter  Google Scholar 

  49. Setayeshfar, O., et al.: Privacy invasion via smart-home hub in personal area networks. Pervasive Mob. Comput. 85, 101675 (2022).

    Article  Google Scholar 

  50. Shorman, A., Faris, H., Aljarah, I.: Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection. J. Ambient Intell. Humaniz. Comput. 11, 2809–2825 (2020).

    Article  Google Scholar 

  51. Swessi, D., Idoudi, H.: A survey on internet-of-things security: threats and emerging countermeasures. Wirel. Pers. Commun. 124(2), 1557–1592 (2022).

    Article  Google Scholar 

  52. Thompson, O., Mandalari, A.M., Haddadi, H.: Rapid IoT device identification at the edge. In: Proceedings of the 2nd ACM International Workshop on Distributed Machine Learning, DistributedML 2021, pp. 22–28. Association for Computing Machinery, New York (2021).

  53. Verizon: VerizonRouter CR1000A Datasheet (2023). Accessed 03 Nov 2023

  54. Wu, X., Xiao, L., Sun, Y., Zhang, J., Ma, T., He, L.: A survey of human-in-the-loop for machine learning. Futur. Gener. Comput. Syst. 135, 364–381 (2022)

    Article  Google Scholar 

  55. Yang, K., Kpotufe, S., Feamster, N.: A Comparative Study of Network Traffic Representations for Novelty Detection. arXiv preprint (2020).

  56. Zhou, C., Fu, A., Yu, S., Yang, W., Wang, H., Zhang, Y.: Privacy-preserving federated learning in fog computing. IEEE Internet Things J. 7(11), 10782–10793 (2020)

    Article  Google Scholar 

Download references


We thank the anonymous reviewers and our shepherd Roland van Rijswijk-Deij for their constructive and insightful feedback. This work was supported by the EPSRC Open Plus Fellowship (EP/W005271/1), the EPSRC PETRAS grant (EP/S035362/1), and the NSF ProperData award (SaTC-1955227).

Author information

Authors and Affiliations


Corresponding author

Correspondence to Vadim Safronov .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Safronov, V., Mandalari, A.M., Dubois, D.J., Choffnes, D., Haddadi, H. (2024). SunBlock: Cloudless Protection for IoT Systems. In: Richter, P., Bajpai, V., Carisimo, E. (eds) Passive and Active Measurement. PAM 2024. Lecture Notes in Computer Science, vol 14538. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-56251-8

  • Online ISBN: 978-3-031-56252-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics