|Networking equipment that connects households to an operator network, such as home gateways and routers, are major victims of cyber-attacks, being exposed to a number of threats, from misappropriation of user accounts by malicious agents to access to personal information and data, threatening users’ privacy and security. The exposure surface to threats is even wider when the growing ecosystem of Internet-of-Things devices is considered. Thus, it is beneficial for the operator and customer that a security service is provided to protect this ecosystem. The service should be tailored to the particular needs and Internet usage profile of the customer network. For this purpose, Machine Learning methods can be explored to learn typical behaviours and identify anomalies. In this paper, we present preliminary insights into the architecture and mechanisms of a security service offered by an Internet Service Provider. We focus on Distributed Denial-of-Service kind of attacks and define the system requirements. Finally, we analyse the tradeoffs of distributing the service between operator equipment deployed at the customer premises and cloud-hosted servers.|
*** Title, author list and abstract as seen in the Camera-Ready version of the paper that was provided to Conference Committee. Small changes that may have occurred during processing by Springer may not appear in this window.