MTP implements Artificial Intelligence to detect IoT attacks
As part of the ITEA project ENTA (Encrypted Network Traffic Analysis for Cyber Security), project partner MTP from Spain has developed a solution to help discover IoT machines that are connected to a network and to observe if these devices are executing or will execute cyberattacks.
The implementation of this system involves a two-step process. Firstly, an AI model is created to identify IoT devices from among non-IoT devices based on data collected from network interactions. Once IoT communications are detected, a second AI model classifies whether these communications represent cyberattacks by verifying their potential threat levels.
The data set used to perform such tests is a binary class dataset that indicates, based on different characteristics (its IP, its port, the number of packets carried by that communication, etc.), whether it is being attacked or not.
After experimenting with different algorithms that were able to find attributes that indicate an attack, MTP then investigated whether there were other AI algorithms that could identify IoTs connected to the network. All communications within this work are encrypted, which serves as an additional layer of complexity.
Ultimately, the AI models that MTP has found to be useful for both the IoT communication detection problem and the IoT attack identification problem are those that operate on the basis of decision trees or that contain models based on this. This includes Decision Tree, Random Forest, AdaBoost and different variants of Gradient Boosting.
The larger goal of the project is to integrate these models into one supermodel solution that will offer several benefits. Firstly, it will enable network administrators to receive notifications when an IoT connection is found on the network, allowing them to easily see if this is known or new. They can then decide to allow or deny entry to their network flow. Secondly, the solution will alert administrators when IoT communications are detected with a high probability of bringing vulnerabilities to the system, enabling them to carry out proactive actions so that this attack does not occur.
To meet the need for tools that can detect cyberattacks within encrypted traffic, MTP will successfully continue with the implementation of this solution and the development of the ENTA project, which will continue until 2025.
To learn more about how the ENTA project is developing as well as about MTP's participation, please visit:.https://project-enta.com/