The growing IoT market
IoT systems consist of interconnected devices, machines, and related software services. In 2017, there were approximately 27 billion IoT devices and this number is expected to increase to 50.1 billion by 2020. The market size of IoT devices is expected to reach approximately $9 trillion by 2020.
Since most established hardware companies and start-ups are interested in introducing new devices, they wish to gain competitive advantage on the market. Due to this reason, most of these hardware systems do not have rigorous security measures in place.
IoT systems are also at a high risk of attack because of their ad hoc and resource constrained nature. However, cyber threats are a show stopper for IoT systems. Network layer attacks can cause heavy disruption and loss of information. IoT systems are particularly prone to security issues since they require cooperation of both cyber domain and physical domain.
Some of the common vulnerabilities that are faced by IoT security include insufficient authentication, insecure network services, privacy concerns, lack of transport encryption and integrity verification, insecure software or firmware, poor physical security and insufficient routing protocols.
Apart from the physical security measures, IoT threats can be ordered into three types:
- Denial of Services (DoS)- This type of risk denies or avoids client’s asset on a system by presenting futile or undesirable movement.
- Malware: Attackers use executable code to disturb gadgets on IoT system. The assailant would be able to take standpoint of blemishes in the firmware and run their product to disturb IoT engineering.
- Data Breaks: This is a problem where shielded or secret information is unveiled by the system. Aggressors can parody ARP parcels between companions on the system.
- Some problems solved by ML/DL
In order to secure IoT systems, continuous monitoring and analysis is required. Because of the inordinately high amount of data involved in IoT system, Machine Learning and Deep Learning methods can be highly effective.
Machine Learning and Deep Learning have been successfully used to implement security systems, including IoT Authentication, access control, secure offloading, and malware detection methods. These Machine-learning approaches often help reduce the computational limitations of IoT devices, enhancing their security while maintaining or decreasing their onboard computational requirements. Some common implementations are as listed below:
Authentication allows IoT devices to distinguish between source nodes and outside attacks. To ensure low consumption of computation power, authentication techniques typically provide security protection by focusing on the features of radio channels and transmitters in the physical terrain of device. These physical characteristics are compared to the characteristics identified by the transmitter. To determine whether a transmission is authentic or not, the characteristics are compared to a threshold.
However, due to the IoT environment being unpredictable, it becomes difficult to choose an appropriate threshold to maximize the accuracy.
Machine learning techniques such as Q learning, a reinforcement technique, can be used to select optimal threshold to achieve highest accuracy of authentication, by maximizing the number of attack transmissions correctly identified as attacks while minimizing the number of authentic transmissions wrongly identified as attacks. It can be used to find the optimal authentication policy that could result in best outcome.
Supervised learning techniques such as Franke-Wolfe or incremental aggregated gradient can be used to increase spoofing resistance. Unsupervised learning methods such as Gaussian process can be used to authenticate nearby devices while securing information related to the device.
With access control, IoT devices prevent the access of resources by unauthorized users. Machine learning techniques like support vector machine (SVM), k-nearest neighbors, and neural networks have been used to detect unauthorized users. Due to the complexity of this type of security, computational limitations often constrain the security of low-grade IoT devices.
K-nearest neighbor can be used to identify outliers among the data, providing a method to unauthorized users. A multiplayer perceptron, a type of feed forward artificial neural network, can calculate a suspicion factor denoting the likelihood that an IoT device may be target of attacks. Methods such as SVM have been abundantly used to detect attacks on internet traffic and electricity grids.
Secure IoT offloading
With secure offloading, IoT devices can use external, cloud based computation, and storage resources for tasks that require heavy computational power or for which latency must be minimized. Q learning can be used to identify the optimal rate of offloading data to combat jamming and spoofing attacks. This is done by determining the long term reward of offloading data based on the power jamming the system, the maintenance of the task, the channel bandwidth and gain.
Supervised learning techniques can be used to identify malware by identification of atypical behavior. For example, one method uses KNN to cluster network traffic and then sues random forests to identify malware among the regular traffic. In order to limit load on IoT devices and to increase computational speed, malware detection can be offloaded to a server.
All intrusion detection approaches can be traditionally classified into three baskets, namely, misuse detection, anomaly detection, and specification-based detection. Additionally, hybrid detection approach is defined as a combination of misuse detection and anomaly detection.
Misuse detection also known as signature based Intrusion detection is highly efficient in identifying known attacks. However, they do not work well when working with unknown or novel attacks since the system does not know their signatures.
Additionally, any modification in signature can lead to an alarming increase in false alarm rate which decreases effectiveness and reliability of the detection system. Typically this type of detection does not need any information on typical activity. However, it does require a mark database.
As an example, this framework does not mind how a worm finds the objective, how it propagates itself or what transmission plot it employs. The framework would investigate the payload and mark the error irrespective of whether it contains a worm or not.
Anomaly based Intrusion Detection
Anomaly based detection approach considers the normal activity profile of a device and considers any alternate behavior as a conflict with the normal activity. Ordinary peculiar behaviors that might be caught incorporate
- Abuse of system conventions, for example, covered IP fragments and running a standard convention on a stealthy port.
- Unique traffic patterns, for example, more UDP parcels when compared to TCP parcels
- Suspicious examples in application payload.
They are generally classified as rule based techniques, statistical models, biological models, and learning models. Among these, learning models have a more robust structure against unknown attacks than others.
Specification based systems
Specification based systems are based on specific deny rules by defining a particular behavior. If specifications are violated, then the system thinks that there is an abnormal situation. This approach is effective to uncover unseen attacks that may be carried out in the future.
However, setting particular specifications to the system can be a long and overwhelming task while trying to consider each and every different scenario.