Building a tool dedicated to protecting users, systems and devices of the Internet of Things, based on machine learning and behavioral analysis
The SPINET project was a joint venture of three institutions:
- Łukasiewicz Research Network – EMAG Institute of Innovative Technologies – Project Leader
Project Manager: Marcin Michalak, BEng, PhD
- EFIGO Limited Liability Company
Project Manager: Oliver Woźny
- QED Software Limited Liability Company
Project Manager: Antoni Jamiołkowski
Project Objective:
The aim of the project is to create a system for continuous monitoring of security in a wide range of IoT devices (based on Android and Linux systems), with particular emphasis on remote monitoring devices for gas, water, heat and electricity networks.
Solution Scope:
The solution includes a central part of the SOC (Security Operations Center) operating in the SaaS model and dedicated monitoring software (Agent) for IoT devices. The Agent's task is to collect and aggregate data and send it to the SOC, where security analyses are carried out using machine learning algorithms. These results are in turn sent back to the Agent. The SOC identifies new threats and informs the Agent about them. The Agent will trigger protective actions and identify a new threat signature and notify other Agents about it. Agents will have the functionality of verifying the state of the system based on existing signatures and will take action when a threat is detected. The SOC will manage vulnerabilities by evaluating them. Expert vulnerability assessment conducted in the SOC will enable more effective use of information in machine learning algorithms. Experts will cyclically and incrementally assess historical and incoming threats, which will allow tuning machine learning algorithms and verifying existing threats and anomalies. The project is planned to prepare in particular for the implementation of a system ready for installation and implementation on devices equipped with ARM family processors. An important element of the project is the development of a solution that guarantees low electrical energy consumption. This will ensure the possibility of use in devices powered by low voltage or batteries and the use of passive cooling.
Detecting anomalies on IoT devices
One of the basic assumptions of the project is to monitor anomalies that may pose a threat directly on the device and not, as was the case so far, in network traffic.
This will reduce the risk of infecting the device itself and increase the device's resistance to attacks aimed at disrupting its operation.
As part of the project, a data sample will be generated on the basis of which behavioral analysis and machine learning will be carried out.
One of the assumptions of the project is the use of supported behavioral analysis.
The research team will identify patterns that constitute anomalies based on the generated sample. Patterning will be used to identify anomalies more efficiently and quickly.
Applied Behavioral Analysis
Machine learning
Machine learning will also be performed based on the generated data sample.
Thanks to standardization and anomaly marking, the system will be able to learn subsequent anomalies and indicate or eliminate false positives.
Planned Effects:
- Increased security of ensuring the continuity of services using devices connected to the system (e.g. smart metering services).
- Increased end-user confidence in IoT devices.
- Increase in the number of IoT device implementations.
- Increased security in terms of sensitive data leakage and thus avoiding penalties in this respect.
- Increased level of security in terms of protection against zero day attack.
- Early detection of unauthorized data sending attempts and early detection of attacks aimed at destabilizing devices and stealing data.
- Reducing the risk of uncontrolled remote manipulation of IoT devices.
- Reducing the risk of using IoT devices in botnets.
Project value: PLN 5,811,322 including funding of PLN 5,060,266
Funding for Efigo Sp. z o.o.: PLN 1,227,032
EN 
PL