Machine learning has seen a significant rise in popularity across a very broad range of applications in recent years – so why not apply it to IoT security?

Ben Dickson shares his thoughts in this blog which was originally posted here on Tech Talks Blog

Thanks once again Ben.


blog 1

By the end of this year, there will be more than 4 billion connected devices in use by consumers, according to Gartner. These IoT devices, which include smart TVs, tablets, smartphones, notebooks, wearables, sensors, Nest thermostats and whatnot, will make our lives more efficient, more energy saving, more comfortable, and less costly.

But the same technology that is making yesterday’s sci-fi today’s reality is also making us more vulnerable to attacks, and is opening up new possibilities for malicious actors to target us while we’re within the comfortable confines of our homes.

The reality of IoT security is pretty bleak: Many manufacturers of smart home appliance don’t know how to secure IoT devices against cyberthreats; many don’t care and are focused on functionality; and yet a huge number of IoT devices don’t even have the supporting infrastructure to run security solutions – heck, some of them don’t even have updating mechanisms. And don’t get me started on consumer negligence. Some think that encryption is all it takes to secure IoT devices, but as Ken Tola, CEO of IoT security firm Phantom, explains, there’s much more to IoT security.

The fact that IoT is making the internet ingrained in some of the more critical aspects of our lives such as health and city infrastructures makes the situation worse.

However, this doesn’t all mean that IoT is a failed initiative (in fact I myself am deeply opposed to all these paranoid IoT security articles) – it only means that we must take IoT security seriously. In this piece I want to share some thoughts on smart home security, where some of the most serious threats are being discovered.

Now, addressing IoT security in smart homes in the same fashion as we deal with the security of traditional and generic computing devices isn’t feasible. The challenges are too many. For one thing, managing so many devices will be a nightmare. We’re all used to having a laptop or two, a smartphone and maybe a smart-watch, each of which require the installation and maintenance of security solutions to protect them against attacks.

But soon enough, our homes will be equipped with enough connected devices to rival the numbers of connections in a mid-sized company. Imagine having to handle updates, passwords, settings, etc. for dozens and scores of connected devices single-handedly, without the support of an IT security team or any number of sophisticated enterprise level security tools. And as I’ve stated previously, many of these devices don’t even have the capability to run security solutions.

This is where artificial intelligence and machine learning can come to the rescue. As is the case in many industries and niches, machine learning is complementing human effort and making up for the lack of human resources (in many cases, it is replacing humans altogether).

AI is specifically adept at finding and establishing patterns, especially when it’s fed huge amounts of data. Luckily, data is something that we’re never lacking of in IoT. There are already several concrete use cases where machine learning can help improve IoT security.

Network-based solutions

Instead of looking for per-device security, network-based solutions can help secure IoT devices by creating a protective shield around the home network. This will include defining and registering every device that is allowed to access a network in order to prevent intruders from getting into IoT networks.

But IoT devices must also have access to and be accessed from outside parties such as cloud and mobile applications. Machine learning engines can monitor incoming and outgoing IoT device traffic to create a profile that determines the normal behavior of the IoT ecosystem. From there, detecting threats will boil down to discovering traffic and exchanges that do not fall within the established normal behavior. Alarms can be sent to device owners to warn them about potential risks and suspicious behavior.

Machine learning is already being used in corporate and enterprise networks to help detect threats. The problem is that many attacks are disguised in the form of legitimate requests and normal traffic. Fortunately, with IoT, since the functionality of each device is very limited, it is much harder to sneak in malicious requests and much easier to establish a finite set of rules to determine normal and anomalous behavior.

Also, the traffic monitoring scheme can be applied to interactions between devices in order to find attacks that might get past the outer perimeters and identify compromised devices. Again, although IoT is heavy with machine-to-machine (M2M) traffic, since device functionality and interaction is limited per device, it is pretty easy to single out devices that are engaging in abnormal exchanges with other devices in their networks (e.g. why the hell is the light bulb communicating with the fridge for?).

There are already several cybersecurity vendors that are dealing with IoT security through the centralized, cloud-based, network protection models. I’ve already presented a few such solutions in my article for The Next Web. These devices are very suitable for smart home IoT ecosystems that are comprised of devices that can’t protect themselves.

Device-based solutions

One of the problems with a huge number of IoT devices is that they don’t have the processing power and storage capacity to run security solutions and store huge databases of threat and malware signatures to protect them against threats.

Again, machine learning can help bring lightweight endpoint protection to IoT devices. Instead of signature-based protection (which can easily be circumvented with trivial techniques), behavior-based solutions can be developed as thin solutions that are less resource-demanding and can run without bogging down small processors.

I’ve already discussed such solutions in an article I wrote for TechCrunch that was focused on AI-based endpoint solutions that can outsmart malware. The common denominator of all of the mentioned products is that they were very lightweight and they use pattern-based approaches to deal with threats. Though they’re made for workstations and not IoT devices, but the concept can easily be ported to the IoT space.

There’s also a good post on Network World that presents some nice AI-based solutions to IoT security. Although I favor network-based solutions, I wouldn’t say that any of the two are complete per se and I would recommend to opt for both as layers upon layers of protection for your IoT devices.

Final thoughts

As connected devices start to outnumber humans, it’ll be beyond humans alone to fight threats. We’ll need to get help from the machines to protect themselves.

The goal is to be able to make the most use of all these connected devices that are finding their way into your home without having to worry about them spying on you, harming you, or becoming complicit in crimes that will be committed against you. Machine learning has proven its worth in many different areas. Hopefully, it will also help protect one of the fastest-growing sectors in the tech industry.


The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of the IoT Security Foundation.

Here at IoTSF our mission is to unite the efforts of diverse IoT stakeholder groups to raise the bar on security. That’s a truly noble and worthwhile cause – and it’s also a mighty tall challenge too. It’s such a huge task, that we can only meet our vision of safety of connection by working with many, and prioritising our efforts.

Click here to see what our Working Groups are focused on to help make it safe to connect.