Gateways to the Internet of Things (IoT) are typically servers that communicate with IoT devices, providing them with low-latency services, and connecting them to the internet and other backbone networks. Since IoT devices are often simple and have limited storage and computational capabilities, gateways can be equipped with Attack Detection (AD) software to analyze incoming traffic, detect potential cyberattacks, and protect both the gateway and connected devices from threats that could overwhelm the system as a whole. This paper presents an enhanced gateway system that combines a traffic shaping technique with an attack detection module and an optimum attack mitigation scheme aimed at protecting the gateway and the overall system from cyberattacks. The optimum mitigation approach selects a sampling interval for the AD, that minimizes the total overhead of AD and mitigation. The proposed approach is implemented in a practical test-bed, so that the performance of the mitigation scheme may be evaluated in the presence of flood attacks. The experiments show its practical value and illustrate the agreement obtained between the analysis and the measurements obtained from several experiments.