29 research outputs found
Machine Learning to Automate Network Segregation for Enhanced Security in Industry 4.0
The heavy reliance of Industry 4.0 on emerging communication technologies, notably Industrial Internet-of-Things (IIoT) and Machine-Type Communications (MTC), and the increasing exposure of these traditionally isolated infrastructures to the Internet, are tremendously increasing the attack surface. Network segregation is a viable solution to address this problem. It essentially splits the network into several logical groups (subnetworks) and enforces adequate security policy on each segment, e.g., restricting unnecessary intergroup communications or controlling the access. However, existing segregation techniques primarily depend on manual configurations, which renders them inefficient for cyber-physical production systems because they are highly complex and heterogeneous environments with massive number of communicating machines. In this paper, we incorporate machine learning to automate network segregation, by efficiently classifying network end-devices into several groups through examining the traffic patterns that they generate. For performance evaluation, we analysed the data collected from a large segment of Infineon’s network in the context of the EU funded ECSEL-JU project “SemI40”. In particular, we applied feature selection and trained several supervised learning algorithms. Test results, using 10-fold cross validation, revealed that the algorithms generalise very well and achieve an accuracy up to 99.4%
IoT Device Identification Using Deep Learning
The growing use of IoT devices in organizations has increased the number of
attack vectors available to attackers due to the less secure nature of the
devices. The widely adopted bring your own device (BYOD) policy which allows an
employee to bring any IoT device into the workplace and attach it to an
organization's network also increases the risk of attacks. In order to address
this threat, organizations often implement security policies in which only the
connection of white-listed IoT devices is permitted. To monitor adherence to
such policies and protect their networks, organizations must be able to
identify the IoT devices connected to their networks and, more specifically, to
identify connected IoT devices that are not on the white-list (unknown
devices). In this study, we applied deep learning on network traffic to
automatically identify IoT devices connected to the network. In contrast to
previous work, our approach does not require that complex feature engineering
be applied on the network traffic, since we represent the communication
behavior of IoT devices using small images built from the IoT devices network
traffic payloads. In our experiments, we trained a multiclass classifier on a
publicly available dataset, successfully identifying 10 different IoT devices
and the traffic of smartphones and computers, with over 99% accuracy. We also
trained multiclass classifiers to detect unauthorized IoT devices connected to
the network, achieving over 99% overall average detection accuracy
Recommended from our members
Do switches dream of machine learning?: Toward in-network classification
Machine learning is currently driving a technological and societal revolution. While programmable switches have been proven to be useful for in-network computing, machine learning within programmable switches had little success so far. Not using network devices for machine learning has a high toll, given the known power efficiency and performance benefits of processing within the network. In this paper, we explore the potential use of commodity programmable switches for in-network classification, by mapping trained machine learning models to match-action pipelines. We introduce IIsy, a software and hardware based prototype of our approach, and discuss the suitability of mapping to different targets. Our solution can be generalized to additional machine learning algorithms, using the methods presented in this work