Live Demo

Demo Scenarios

• Scenario 1: Benign IoT Device Flow – A security camera uploads footage to a cloud server. Flow is permitted based on the MUD profile.


• Scenario 2: Unauthorized Access Attempt – A guest device tries to ping a thermostat. The flow is blocked based on MUD and flagged as malicious by the ML model.


• Scenario 3: Suspicious Flow with Low Trust – A device sends bursty UDP packets to multiple destinations. PageRank trust score drops and the flow is logged and rate-limited.

Controller Logs

Sample CLI output from the Ryu controller during live decision-making:

[INFO] Packet from 10.0.0.5 → 10.0.0.8 | Protocol: TCP | Action: ALLOW (MUD)
[INFO] Packet from 10.0.0.9 → 10.0.0.2 | Protocol: ICMP | Action: DROP (MUD Violation)
[INFO] Flow classified as MALICIOUS by ML model – dropped and logged
[INFO] PageRank Trust Score Update: 10.0.0.2 → 0.091 (Low Trust)
      

Optional: REST API Output

Example JSON response from a REST endpoint to retrieve current flow stats:

{
  "flow_id": "flow_104",
  "src_ip": "10.0.0.2",
  "dst_ip": "10.0.0.9",
  "bytes": 5023,
  "ml_label": "malicious",
  "pagerank_score": 0.091,
  "action": "drop"
}