The figure above (click to enlarge) is a global overview of the architecture of a SPIN-based system, featuring two distinct component groups: lightweight SPIN agents that measure network traffic and more intelligent controllers. The separation is new and enables us to use the system for a larger set of deployment scenarios.
An agent captures traffic flows, generates flow digests, and can block traffic flows. A controller receives digests from one or more agents, analyses them, and can order the agents to block the traffic flows from certain IoT devices. For example, a controller may detect that a device is generating traffic flows that match the Mirai botnet. The controller then orders the appropriate agent to quarantine (block) the infected device.
Controllers and agents may be hosted on the same device, but our new design also supports deployment scenarios with several agents and one or a few controllers elsewhere in the network. For example, there may be a separate Wi-Fi hotspot on each floor of a house, each with its own agent and all governed by a central controller that runs on a general-purpose, always-on device such as a network-attached storage (NAS) device.
The SPIN platform can be extended with application components that can be implemented by (commercial) organisations, the SPIN community, or by the research community.
A well-defined API provides application developers with necessary of the home network and its IoT devices so developers don’t have to deal with the particularities of low-level measurements.