Combination of techniques could improve security for IoT devices: Study

Oct 14, 2019

Washington D.C. [USA], Oct 14 : Recently developed data analysis approach could boost up the security of IoT devices against current risks and threats from the internet.
"By 2020, more than 20 billion IoT devices will be in operation, and these devices can leave people vulnerable to security breaches that can put their personal data at risk or worse, affect their safety," said Beulah Samuel, a student in the Penn State World Campus information sciences and technology program.
"Yet no strategy exists to identify when and where a network security attack on these devices is taking place and what such an attack even looks like," added Beulah Samuel.
The team applied a combination of approaches often used in traditional network security management to an IoT network simulated by the University of New South Wales Canberra.
Specifically, they showed how statistical data, machine learning and other data analysis methods could be applied to assure the security of IoT systems across their lifecycle.
They then used intrusion detection and a visualisation tool, to determine whether or not an attack had already occurred or was in progress within that network.
The researchers describe their approach and findings in a paper presented at the 2019 IEEE Ubiquitous Computing, Electronics and Mobile Communication Conference.
One of the data analysis techniques the team applied was the open-source freely available R statistical suite, which they used to characterise the IoT systems in use on the Canberra network. In addition, they used machine learning solutions to search for patterns in the data that were not apparent using R.
"One of the challenges in maintaining security for IoT networks is simply identifying all the devices that are operating on the network," said John Haller, a student in the Penn State World Campus information sciences and technology program. "Statistical programs, like R, can characterise and identify the user agents."
The researchers used the widely available Splunk intrusion detection tool, which comprises software for searching, monitoring and analysing network traffic, via a Web-style interface.
"Splunk is an analytical tool that is often used in traditional network traffic monitoring, but had only seen a limited application to IoT traffic, until now," said Melanie Seekins.
Using these tools, and others, the team identified three IP addresses that were actively trying to break into the Canberra network's devices.
"We observed three IP addresses attempting to attach to the IoT devices multiple times over a period of time using different protocols," said Andrew Brandon. "This clearly indicates a Distributed Denial of Service attack, which aims to disrupt and/or render devices unavailable to the owners."
As the basis for their approach, the researchers compared it to a common framework used to help manage risk, the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).
"The NIST RMF was not created for IoT systems, but it provides a framework that organisations can use to tailor, test, and monitor implemented security controls. This lends credibility to our approach," said Brandon.
Ultimately, Seekins said, the ability to analyse IoT data using the team's approach may enable security professionals to identify and manage controls to mitigate risk and analyse incidents as they occur.