IoTEdu: Access Control, Detection, and Automatic Incident Response in Academic IoT Networks

IoTEdu: Access Control, Detection, and Automatic Incident Response in Academic IoT Networks Joner Assolin∗†, Diego Kreutz†, Leandro Bertholdo‡ ∗IComp, Universidade Federal do Amazonas (UFAM) †AI Horizon Labs, Programa de P´os-Graduac¸˜ao em Engenharia de Software (PPGES) Universidade Federal do Pampa (UNIPAMPA) ‡Universidade Federal do Rio Grande do Sul (UFRGS) Abstract The growing presence of IoT devices in academic environments has increased operational complexity and exposed security weaknesses, especially in academic institutions without unified policies for registration, monitoring, and incident response involving IoT. This work presents IoTEdu, an integrated platform that combines access control, incident detection, and automatic blocking of IoT devices. The solution was evaluated in a controlled environment with simulated attacks, achieving an average time of 28.6 seconds between detection and blocking. The results show a reduction in manual intervention, standardization of responses, and unification of the processes of registration, monitoring, and incident response. Index Terms Internet of Things (IoT), IoT security, access control, intrusion detection systems (IDS), incident response, network monitoring, firewall automation, academic networks, edge security, pfSense, Zeek, device onboarding, threat detection, network management, cyber-physical systems. I. INTRODUCTION The expansion of Internet of Things (IoT) devices in academic institutions has transformed teaching, research, and infrastructure environments into complex cyber-physical ecosystems. Sensors, actuators, and connected equipment are used in laboratory activities, continuous data collection, and building automation, expanding the attack surface and demanding coordinated monitoring mechanisms [1]. Despite the growth of IoT in the country, the Brazilian scenario still presents significant weaknesses. At universities such as UFRGS and Unicamp, internal processes for enabling and managing devices involve manual and bureaucratic steps, resulting in long processing times, reaching up to six business days in the case of UFRGS1 and up to two business days for the first response at Unicamp, with no defined deadline for completion2 . In contrast, institutions such as UNIPAMPA and UFAM do not provide formal workflows, policies, or SLAs for IoT devices. This lack of standardization leads to improvised practices, operational inconsistencies, and increased exposure to vulnerabilities, especially on campuses with hundreds of devices without centralized management, reinforcing the need for control and monitoring models adapted to the national context. Currently, there is a lack of an integrated solution that unifies access control, continuous monitoring, and automated response for Internet of Things networks in the Brazilian academic context. In order to fill this gap, the development of the IoTEdu platform 3 is proposed, which consists of an integrated system for managing and monitoring the security of IoT devices. The platform incorporates adaptive policies, automation, access control, and incident response mechanisms. The solution was designed to interoperate with existing authentication infrastructures, reduce delays in the onboarding process, standardize institutional workflows, and strengthen operational security in academic environments. Its contributions include a unified architecture suited to the Brazilian context, a hybrid mechanism for proactive and reactive control, a simplified device onboarding process, and an automated policy framework capable of detecting, responding to, and mitigating anomalous behaviors. Unlike existing solutions, IoTEdu unifies local network control, institutional authentication, and automatic response, composing an end-to-end security workflow. II. RELATED WORK Solutions aimed at the security and management of IoT devices present distinct approaches, ranging from broad commercial platforms to academic initiatives with a specific scope. Table I summarizes these approaches into categories that reflect their different focuses and capabilities. The analyzed solutions are primarily centered on device management, traffic monitoring, or access control, each addressing only part of the security lifecycle. However, none of them offers integrated mechanisms for automatic mitigation based on events captured locally in the network, which hinders rapid response in academic environments, which are typically distributed and heterogeneous. 1https://www1.ufrgs.br/CatalogoServicos/servicos/servico?servico=3239 2https://detic.unicamp.br/servicos/rede-sem-fio-unicamp-iot-wi-fi/ 3https://github.com/GT-IoTEdu/API ERRC25 arXiv:2512.09934v1 [cs.CR] 28 Nov 2025 TABLE I IOT DEVICE MANAGEMENT SOLUTIONS IN ACADEMIC NETWORKS. Category Solution License Main Focus Limitation IoT Management Platforms AWS IoT Core Proprietary Connectivity, device management, and IoT data analytics. Security focused on cloud–device communication; does not address

This content is AI-processed based on open access ArXiv data.