A team of students from Penn State World Campus, who are pursuing master of professional studies degrees in information sciences, has formulated a multi-pronged data analysis method that can reinforce the security of Internet of Things (IoT) devices against present-day risks and threats.
The IoT devices include home video cameras, smart TVs, and baby monitors.
By 2020, more than 20 billion IoT devices will be in operation, and these devices can leave people vulnerable to security breaches that can put their personal data at risk or worse, affect their safety. Yet no strategy exists to identify when and where a network security attack on these devices is taking place and what such an attack even looks like.
Beulah Samuel, Student, Information Sciences and Technology Program, Penn State World Campus
The students applied a combination of methods repeatedly used in conventional network security management to an IoT network, replicated by the University of New South Wales Canberra.
Particularly, they demonstrated the application of machine learning, statistical data, and other data analysis approaches to ensure the security of IoT systems throughout their lifecycle. Then, they used a visualization tool, and intrusion detection to establish whether or not an attack had already happened or was happening within that network.
The Penn team explained their methodology and study outcomes in a paper presented on October 10th at the 2019 IEEE Ubiquitous Computing, Electronics, and Mobile Communication Conference. The team was proffered with the “Best Paper” award for the efforts.
One of the data analysis methods applied by the researchers was the open-source, freely available R statistical suite, which was used to characterize the IoT systems in use on the Canberra network. Besides, machine-learning solutions were used to look for patterns in the data that were not clear when R was used.
One of the challenges in maintaining security for IoT networks is simply identifying all the devices that are operating on the network. Statistical programs, like R, can characterize and identify the user agents.
John Haller, Student, Information Sciences and Technology Program, Penn State World Campus
The team used the extensively available Splunk intrusion detection tool, which consists of software for monitoring, searching, and examining network traffic, through a web-style interface.
“Splunk is an analytical tool that is often used in traditional network traffic monitoring, but had only seen limited application to IoT traffic, until now,” stated Melanie Seekins.
With these tools and others, the student team spotted three IP addresses that were making aggressive attempts to break into the Canberra network’s devices.
We observed three IP addresses attempting to attach to the IoT devices multiple times over a period of time using different protocols. This clearly indicates a Distributed Denial of Service attack, which aims to disrupt and/or render devices unavailable to the owners.
Andrew Brandon, Student, Master’s Degree in Information Sciences, Penn State World Campus
As the foundation for their method, the team compared it with a framework widely used for managing risk—the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).
“The NIST RMF was not created for IoT systems, but it provides a framework that organizations can use to tailor, test, and monitor implemented security controls. This lends credibility to our approach,” stated Brandon.
According to Seekins, eventually, the potential to examine IoT data using the team’s method may allow security professionals to detect and manage controls, to alleviate risk and examine incidents as they happen.
“Knowing what has taken place in an actual attack helps us write scripts and monitors to look for those patterns,” she said. “These predictive patterns and the use of machine learning and artificial intelligence can help us anticipate and prepare for major attacks using IoT devices.”
The team anticipates the new method will add to the development of a standard IoT network security protocol.
“There is no standardization for IoT security,” noted Seekins. “Each manufacturer or vendor creates their own idea of what security looks like, and this can become proprietary and may or may not work with other devices. Our strategy is a good first step toward alleviating this problem.”