The use of AI and ML in protecting the IoT

For the last few years, internet security has been based on a combination of anti-virus software, isolation techniques and encryption software. Government bodies and security companies would track traffic on the internet and look for suspicious materials based upon their signature. 

These techniques focused on running anti-malware software after the facts. They enabled the segregation between good data and malware. But if malware was undetected, it could lurk in the background of systems for months or even years and become active later in time. 

The consumer world is rapidly changing. It is migrating from an environment where only the computer, the gaming console and the smartphone were connected to the internet. Little by little, this environment integrates new devices such as sensors, cameras and smart home appliances whose purpose is to keep their owners and users informed in real-time about the many things in their life: homes, family, physical safety, weather and much more. 

This Internet of Things (IoT) means we have now a more complex environment with many more devices, each one being a possible vector of attack, with privacy and safety breaches. However, these connected devices, to the exception of a laptop and a smartphone, typically perform one or two functions at most. 

If they deviate from their designed purpose, a monitor station can alert a central system and flag an issue. This is where Artificial Intelligence (AI) and Machine Learning (ML) are coming to play an important role in securing consumer environments.

The importance of AI and ML to protect consumers 

Machine Learning can be used to determine the behavioural patterns of a system such as the traffic on the network, the applications running, the communications set up between devices. A ML system will track patterns either in a device, or the local network or activity in cloud services. 

At the device level, the local Machine Learning system will determine the normal operational mode of the appliance by looking at a series of parameters such as memory, tasks, IP addresses and determine the pattern of operations in normal conditions. In smart consumer appliances limited to one or two functions, by imbedding neural network accelerators (NNAs) that boost the machine learning engine, it becomes feasible to achieve a good modelling of the behavioural patterns. 

And the appliance may report its metadata to either a network level or cloud level system that will ingest all this information and perform analytics on a broad device population.

At the network level, the routers see all the traffic and can apply their own intelligence to determine when the devices in the network communicate with the outside world. With ML engines, they can assess when abnormal communications emerge. They can detect unusual data flow from the network to the outside world. They can report it as an issue. And vice versa, they can identify unusual sources of traffic targeting a local device. 

Within the cloud, the host of the cloud applications see a very broad population of devices and networks, and with their larger computing resources, they can track the real time activities of the full environment. They apply the same ML concepts than at the device or the network level but because of their computing power, they can process much more data and see the finer details of a very large ecosystem. 

Learnings from commercial and industrial markets

ML and forensics analytics software are already common within industrial and commercial environments. There are successful examples of ML based security in hospitals, transportation systems, factories, industrial sites such as oil and gas platforms. ML is used in conjunction with the traditional techniques of segregating sensitive data and tracking known attacks. It offers the additional dimension of early identification of disruptive behaviour through analytics. 

Given the challenges of growing ecosystems of connected appliances, it is becoming too difficult to track individual devices. Help is required from AI systems to determine when a device has been infected by malware. 

ML systems would have been able to detect attacks such as the Mirai botnet which was caused by malware installed in network cameras. The botnet launched Denial of Service (DoS) attacks on internet directory servers on the east coast of the USA. Either at the device or the network level, the usage of ML technology would have detected the abnormal behaviour associated with the attack and would have notified the device owners early on. 

AI security in 2020

The application of ML in the consumer world is broad. From checking that the privacy parameters have been set up appropriately and are regularly tracked, to observing the behaviour of appliances, protecting the consumer’s data and private information. The ML system becomes the guardian of the consumer’s environment. It is built into the devices, the routers and the cloud hosting the applications. Together these layers of security work jointly to offer guidance on setting up the devices and protecting the consumer. 

By transferring metadata device and network metadata to cloud level systems, the devices and the networks enable cloud analytics and forensics activities. The cloud ML and AI gets a bird’s eye view of very large ecosystems. It can bridge behavioural patterns across networks. These techniques were initially pioneered within the commercial and industrial markets, but they are fully applicable to the consumer world. 

To conclude, connectivity of the internet of things (IoT) consumer devices grows the attack surface for malware. At the same time, it enables ML based analytics to offer security solutions based on exploiting the behavioural patterns of the local environment by sharing this metadata with cloud operators.

Marc Canel is the Vice President of Strategy & Security at Imagination Technologies.

• See the best cloud anti-virus listed here