How IoT security can benefit from machine learning

Computers and mobile devices running rich operating systems have a plethora of security solutions and encryption protocols that can protect them against the multitude of threats they face as soon as they become connected to the Internet. Such is not the case with IoT.

Of the billions of IoT devices presently in use, a considerable percentage are sporting low-end processing power and storage capacity and don’t have the capability to become extended with security solutions. Yet they are connected to the Internet, nonetheless, which is an extremely hostile environment.

Basically, it’s like going to the battlefield without armor.

That’s why new IoT vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of vulnerable devices in the search engine Shodan, and compromised IoT devices frequently become beachheads for more serious hacks in networks. The bottom line is that too many of our smart devices are inherently too dumb to protect themselves (and us) against cyberattacks.

But this is a gap that can be bridged with machine learning and analytics, especially as it is becoming more readily available to developers and manufacturers.

IoT devices are generating tons of data, and machine learning is being employed to analyze and peruse that data to help improve efficiency and customer service, and reduce costs and energy consumption. The same mechanics can be employed in security-related use cases, such as determining safe device behavior and general usage patterns, which can subsequently help to spot and block abnormal activity and potentially harmful behavior.

Already, several tech firms are drawing on this to offer solutions that enhance IoT security, especially in smart homes, where there are no defined security standards and practices.

Leveraging the cloud to consolidate intelligence

“Machine learning and behavioral analysis is one of the biggest trends in detecting anything and everything these days,” says Alexandru Balan, Chief Security Researcher at cybersecurity tech firm Bitdefender. However, he elaborates that machine learning still has a long way to go and there needs to be “a lot of research and innovation into developing, implementing and testing the algorithms.”

Bitdefender’s approach is to aggregate into a cloud server data from all endpoints that rely on its products; the input is analyzed to determine patterns and spot malicious behavior. “You gather all the traffic,” says Balan, “sanitize and normalize it, learn from it, see what servers the devices talk to, what other devices they talk to, how they normally interact with the Internet and with each other, and you pick up on the abnormal traffic.”

Machine learning is very promising, but it is still in its infancy and has a long way to go.

Bitdefender uses cloud-based intelligence and pattern recognition, along with local network analysis through its suite of endpoint security software and hardware, to control Internet traffic in home networks and block connections to malicious URLs, malware downloads and suspicious packets. Leveraging cloud services has enabled the company to bring enterprise-level intelligence and protection to the consumer space.

Human-aided machine learning

“Machine learning is a critical component to developing Artificial Intelligence for IoT security,” says Uday Veeramachaneni, co-founder and CEO at PatternEx. “The problem is that the IoT’s will be distributed massively and if there is an attack you have to react in real-time.”

Most systems relying on machine learning and behavior analysis will gather information about the network and connected devices and subsequently seek everything that is out of normal. The problem with this primitive method is that it produces too many false alarms and false positives.

The approach suggested by PatternEx is to develop a solution that incorporates machine learning and augments it with human analyst insight for greater attack detection. “The way to address this in real time is to create a learning system that takes those outliers and solicits human feedback on them,” Veeramachaneni explains. “The human alone can distinguish between malicious and benign, and that feedback returns to the system to create predictive models that can mimic human judgment — but at huge scale and in real time.”

This is especially pertinent in IoT ecosystems, where large numbers of devices are involved, and the real-time analysis of the overwhelming amount of data generated are beyond human abilities.

PatternEx uses machine learning algorithms to do outlier detection, and trains the model to be more accurate in real time. The training is done by a human, the analyst who can spot a new attack happening. The system generates events that indicate potential attacks. The human investigates the events and determines whether the system was correct in its assessment or not. The system learns from the experience and makes more accurate decisions next time.

“This model helps improve threat detection accuracy and decrease the number of false positives dramatically over time,” Veeramachaneni says.

Taking advantage of limited functionalities of IoT devices

IoT devices are designed to carry out a limited set of functions. Therefore, with a bit of machine learning and enough data, it becomes pretty easy to identify anomalous behavior. This idea was leveraged by startup tech company Dojo-Labs to create a smart-home IoT security solution.

“When it comes to IoT devices they were designed to do a very, very specific function,” says Yossi Atias, co-founder and CEO of the company. “So assuming we have a lot of users using the same camera or the same smart TV or the same smart alarm or smart lock, there is no real reason that one device will behave different from the other, because they’re all running the same software, which is not something the user can change.”

Dojo-Labs’ method involves collecting metadata from different endpoints and defining the behavior range of each device type in order to be able to spot and block malicious behavior. As with all solutions involving machine learning, Dojo-Labs’ model improves as it collects more and more data from customers.

The solution includes a pebble-like device that gets installed in the home network, a mobile app that allows the user to control the device and monitor the network status and a cloud service where the data is consolidated and analyzed using proprietary statistical tech and mathematical models coupled with machine learning algorithms.

There are some caveats to machine learning

Machine learning is very promising, but it is still in its infancy and has a long way to go. And by no means can it be considered a complete solution by itself. “[Machine learning] is going to be virtually everywhere,” says Veeramachaneni. “To get security in the enterprise or in the IoT realm, you have to have powerful machines organizing data, crunching data, and seeking patterns in data. But you also need the human’s intuition to spot new attacks and to train the system to stop these new (and old) attacks.”

Veeramachaneni calls this combination “augmented intelligence,” an alternative for the acronym AI, which is where the strengths of both man and machine converge to defeat cyber threats. “Neither machine learning nor humans can do it alone,” he says.