https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Tapping AI for Intrusion Detection Systems

AI has enabled intrusion detection systems to be adapted for IoT networks, which have been difficult to cover with traditional alternatives.
  • Linda Rosencrance
  • 18th October 2021

Internet of Things (IoT) devices have increased the attack surface, creating additional entry and exit points for any systems within which they are used.

Typically, though, traditional intrusion detection systems (IDS) are primarily rule-based and they’ve not been able to keep up with emerging threats, which are constantly launched through, from and against IoT devices, said Rebecca Herold, IEEE member, CEO and founder of The Privacy Professor consultancy.­­

“As it relates to IoT, an IDS needs to not only monitor the IoT device itself but also identify threats from the other components involved with the full IoT product,” she said.

So, the IDS would need to treat the following as potential intrusion sources: IoT back-end systems, such as the supporting cloud services, along with the mobile applications interfacing with the IoT device, the local hub and possibly other remote hubs within the IoT device ecosystem and any other type of connecting element, Herold said.

Rule-based IDS vs AI-based IDS to Detect IoT Attacks

Rule-based IDS will look for known attack behaviors and alert on them (like standard signature-based IDS) while artificial intelligence (AI)-based IDS will look for deviations from a behavioral model acquired by the AI algorithms, said Ariel Zeitlin, co-founder and CTO, Guardicore.

However, rule-based approaches will always fail in the IoT as we have very few attacks to examine, according to Jamison Utter, senior director product and solution evangelism for Ordr.

“The field is so new that so far, we see password attacks and a few specialized industrial attacks,” he said. “All IoT threats will be and should be considered ‘unknown’ and ML [machine learning] is the way to detect that. The good news is devices are deterministic, in that they act and perform the same tasks, the same way every day—otherwise, they are broken. Therefore, it’s a fantastic application for AI/ML technologies.”

How Do AI-Based IDS Work to Detect IoT Attacks?

AI-based IDS are in their infancy and, in general, are certainly still an emerging type of product for securing IoT products, Herold said.

“What makes AI-based IDS an attractive option is that AI can be more nimble and effective within the wide range of ecosystems where IoT devices are used,” she said. “For example, within extremely scalable cyber-physical systems where there are many IoT devices that may be connecting and disconnecting to the ecosystem throughout any point in time and where continuous data analytics are being performed throughout a complex wide area network.”

Rule-based IDS look for specific signatures or set patterns in the traffic, for example a particular command, key words and/or traffic patterns, said Scott Laliberte, managing director, emerging technology group, Protivit.

An AI/ML-based IDS attempts to learn/benchmark the normal or typical forms of network traffic generated by IoT devices and identify anomalies based on algorithms and deviations from those normal or typical forms of traffic, he said.

Is a particular device acting differently than it normally does or different from its peer group?  Does a combination of actions or attacks look similar to other attacks or indicate a possible attack may be developing?

“An AI/ML-based IDS can be very effective, if developed properly, but it requires solid algorithms, good data sets for training and expertise to adjust and improve the model,” Laliberte said. “AI/ML-based methods require tuning by operators to make them valuable.”

AI-based IDS will usually try to establish a model of normal behavior of connected devices and then detect deviations from this behavior, Zeitlin said. In particular, it may try to identify the devices by fingerprinting them from the network and then identifying deviations of the typical behaviors of such devices in the real world.

Benefits of Applying AI-Based IDS to Detect IoT Attacks

AI-based IDS systems are superior in their ability to identify threats autonomously, which is typically done with machine learning models. Their accuracy rate can range from the 80 percentile up into the low 90 percentile, said Chuck Everette, Deep Instinct’s director of cybersecurity advocacy.

“Deep learning, an advanced subset of machine learning, can get the accuracy rating up to 99% with the proper prevention solution,” he said. “With the proper training, deep learning can think like the human mind and make decisions within milliseconds, deciding if a file or network flow is malicious or benign.”

Using soundly engineered and thoroughly tested AI-based IDS can help identify signs of possible intrusions through, or attacks being launched from, compromised IoT devices sooner than previous generations of IDS, according to Herold. This can then help stop widespread access through the digital ecosystems where compromised IoT devices are located.

“AI-based IDS can also help enable defenders to take action more quickly to slow down attackers,” she said. “Well-engineered AI-based tools can automate the detection of attacks at the edges of a network as well as those launched from inside digital ecosystems.”

Challenges Applying AI-based IDS to Detect IoT Attacks?

The challenges in developing and deploying an AI/ML-based IoT IDS are how early we are in the IoT maturity cycle and the inconsistent implementation architectures that can make effective use of AI-based IDS difficult, Laliberte said.

“A lack in adherence of protocols and standards in IoT makes it more difficult to develop effective AI and gather sufficient data sets to train the models (your data sets would have to have sufficient data with the different protocols, device types, architectures, etc.),” he said.

In addition, the demand for IoT IDS is still developing. Many organizations do not even have general governance or visibility into IoT deployed in their environment, much less thought about deploying purpose-built IoT IDS to protect it, according to Laliberte.

Protivit advises organizations to realize that IoT must be managed and secured just like traditional IT, he said. In many instances, proper management of IoT can be an even bigger risk to the organization than traditional IT because of potential health and safety impacts if something goes wrong.

“Until organizations realize this and focus on IoT security, the demand for IoT IDS may not be great enough to fuel and fund the extensive research and development efforts needed to rapidly mature IoT IDS,” Laliberte said.

Some may argue that there has been a lot of research and work done to continuously improve AI-based IDS tools that are used in ecosystems with the IoT products in operation, Herold said. However, it is also true that IoT products are also being updated and new IoT devices and products are being introduced to the market continuously.

These are some widely documented problems and challenges for AI-based IoT IDS tools, according to Herold.

  • Will the autonomous actions taken for a false security alert result in harm to those using the ecosystem, digitally, physically or otherwise?
  • Will the AI-based IDS tool be able to consistently and accurately work in all types of network traffic situations?
  • Many IoT devices do not store data at all, so AI-based IDS tools that have analysis dependencies from data in memory and/or in storage may not be accurate.

The Future of AI-based IDS to Detect IoT Attacks?

Protivit is seeing major players making significant investments in the IoT security space. For instance, Microsoft is making major investments with its Azure Defender for IoT suite, according to Laliberte. This will help mature the space quickly, but businesses would need to recognize the need for IoT IDS and monitoring and then invest in the technology to continue to mature this technology.

“As standards further develop and emerge in the IoT space, it will become easier to develop and train AI/ML IoT IDS models,” he said. “I see this space continuing to evolve over the next few years, with a strong, mature product emerging in the next two years.”

Tags: Security Vertical Industries

Related


  • IoT Security Firm to Acquire Medical Security Startup
    Claroty is set to acquire Medigate to grow its foothold in securing the Internet of Medical Things
  • Panic buttons could become widespread in the hotel industry.
    The Hotel Panic Button Could Redefine Hospitality Networking
    The hotel panic button could see mainstream adoption in the United States by 2020. Read on to hear how it might change the hospitality networking landscape.
  • Smart utilities
    Inside Arm’s and KEPCO’s Smart Grid Technology Partnership
    Why Arm is providing white-glove IoT services to the largest electric utility in South Korea.
  • Facial recognition
    The Facial Recognition Technology Genie Is Out of the Bottle
    The potential for misuse of facial recognition technology is real, but its power may be too great for many to ignore.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Funding Available for Critical Infrastructure Security
  • Why IoT Device Security Is a Common Pool Resource
  • Smart City Security: Atlanta Cyberattack Cripples City
  • Why IoT Security Issues Still Loom Large in Health Care

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Clearview AI has been fined $9.4 million for collecting images of people from social media platforms to add to its… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Swiss-startup Airyacht is developing an eponymously named vehicle that it says will take the luxury-yacht experienc… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

@Tesla’s #Autopilot being investigated once again following fatal crash in Newport Beach, California. iotworldtoday.com/2022/05/23/tes…

23rd May 2022
IoTWorldToday, IoTWorldSeries

A new Kansas law will enable #driverless deliveries from @Walmart and its partner @Gatik_AI. #AVs… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

Access a world of opportunity in 2022 with @IoTWorldToday ➡️ Now is time to unlock ROI, by accessing a global com… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

3D Home Printer to Build 72 Residences for National Homebuilder dlvr.it/SQhWSF https://t.co/XJOs70DqzH

19th May 2022
IoTWorldToday, IoTWorldSeries

Microsoft Ramping up Cybersecurity Service Offerings dlvr.it/SQhPR0 https://t.co/nYzaDRnyVY

19th May 2022
IoTWorldToday, IoTWorldSeries

IoT Product Roundup: PTC, Nokia, Arm and More dlvr.it/SQhNNF https://t.co/ZApdw3RHdu

19th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X