Leveraging Machine Learning to Fill IoT Security Gaps

Posted by Olga Ezzheva

The Internet of Things promises a smart, fully-connected world where physical objects and services are interlinked to benefit society. According to a Statista report, by 2020 the number of IoT-enabled devices worldwide will reach 30.73 billion. From smart home appliances to connected medical devices to self-driving cars — we are moving full steam ahead towards the Internet of Everything.

But such ubiquitous connectivity raises many concerns regarding safety, and rightfully so. In October 2016, Mirai, arguably the most infamous IoT botnet, caused major disruptions and resulted in several high-profile Internet services inaccessible. 

With the continuously expanding IoT attack surface, the existing security practices often fall short. To address the new threat landscape, engineers harness the power of machine and deep learning to deliver robust, secure IoT solutions for a safer connected world.

Network traffic analysis

The sheer amount and diversity of IoT devices make it extremely difficult for network administrators to reliably monitor M2M and M2H interactions. Various network communication protocols — Bluetooth, Zigbee, WiFi, LoRaWAN, MQTT — add another layer of complexity.

To tackle the challenge at hand, researchers are leveraging machine learning to analyze IoT device traffic and establish legitimate behavioral profiles. Trained to recognize baseline behavior, ML algorithms can successfully detect any traffic anomalies and intrusions. Unsupervised learning goes further and detects even previously unseen attacks, helping to boost IoT security.

Botnet activity detection

The above mentioned Mirai botnet managed to infect over 600,000 IoT devices to pull off one of the largest DDoS attacks on record. The thing with IoT botnets is that they work silently, without compromising the infected device performance..

Traditional signature-based botnet detection methods prove ineffective as bots with slightly different signatures can go undetected. The same goes for zero-day attacks. Deep learning, in its turn, has the potential to improve botnet detection and enhance cybersecurity. As one of the options, researchers suggest using deep autoencoders — unsupervised neural networks — that can learn complex patterns and detect infected IoT devices with low false alarm rates.

IoT device authentication

Viewed as the first line of security, authentication ensures that users and devices can be trusted to be what they declare to be. In large IoT ecosystems with millions of connected devices, strong authentication becomes as important as it is challenging.

In addition to network heterogeneity and complexity, limited computational ability and power of IoT-enabled devices do not allow using traditional authentication techniques. Minimal storage capacity of embedded systems also contributes to the complexity.

Machine learning offers new capabilities in enforcing secure authentication and improving resistance to identity-based spoofing attacks. Recent researches demonstrated the success of deep learning-based RF fingerprinting for highly accurate IoT device identification based on RF emissions. 

IoT access management

Another pillar in IoT security, access control helps keep unauthorized users and devices away from protected network resources. Given the complexity of IoT ecosystems and enormous amounts of IoT-generated data, static, context-unaware access control rules cannot ensure adequate levels of protection.

Keeping in mind these limitations, a reinforcement learning model can be applied to dynamically optimize access control policy. The model continues to improve over time and takes into account multiple contexts that smart devices are used in. The authors also suggest leveraging blockchain technology to provide a distributed access control architecture that can be a better fit for a decentralized IoT environment.

Summing up

As the number of connected devices is growing at a breathtaking pace, IoT security remains top of mind for manufacturers, enterprises, and consumers alike. An IoT ecosystem is only as strong as its weakest link. Without proper security in place, an infected IoT device cannot only compromise thousands of others but give access to your personal information or participate in a massive DDoS attack. 

New security threats and vulnerabilities require new approaches, and machine learning lends itself well to the challenge. From detecting anomalous behavior of IoT devices to accurate fingerprinting to adapting access control policy, machine and deep learning help enhance IoT security.

Previous
Previous

The Invisible Threat to Your Health - IOT