AI4SAFE-IoT: an AI-powered secure architecture for edge layer of Internet of things

© 2020, Springer-Verlag London Ltd., part of Springer Nature. With the increasing use of the Internet of things (IoT) in diverse domains, security concerns and IoT threats are constantly rising. The computational and memory limitations of IoT devices have resulted in emerging vulnerabilities in most IoT-run environments. Due to the low processing ability, IoT devices are often not capable of running complex defensive mechanisms. Lack of an architecture for a safer IoT environment is referred to as the most important barrier in developing a secure IoT system. In this paper, we propose a secure architecture for IoT edge layer infrastructure, called AI4SAFE-IoT. This architecture is built upon AI-powered security modules at the edge layer for protecting IoT infrastructure. Cyber threat attribution, intelligent web application firewall, cyber threat hunting, and cyber threat intelligence are the main modules proposed in our architecture. The proposed modules detect, attribute, and further identify the stage of an attack life cycle based on the Cyber Kill Chain model. In the proposed architecture, we define each security module and show its functionality against different threats in real-world applications. Moreover, due to the integration of AI security modules in a different layer of AI4SAFE-IoT, each threat in the edge layer will be handled by its corresponding security module delivered by a service. We compared the proposed architecture with the existing models and discussed our architecture independence of the underlying IoT layer and its comparatively low overhead according to delivering security as service for the edge layer of IoT architecture instead of embed implementation. Overall, we evaluated our proposed architecture based on the IoT service management score. The proposed architecture obtained 84.7 out of 100 which is the highest score among peer IoT edge layer security architectures

On the undetectability of payloads generated through automatic tools: A human‐oriented approach

Nowadays, several tools have been proposed to support the operations performed during a security assessment process. In particular, it is a common practice to rely on automated tools to carry out some phases of this process in an automatic or semiautomatic way. In this article, we focus on tools for the automatic generation of custom executable payloads. Then, we will show how these tools can be transformed, through some human-oriented modifications on the generated payloads, into threats for a given asset's security. The danger of such threats lies in the fact that they may not be detected by common antivirus (AVs). More precisely, in this article, we show a general approach to make a payload generated through automated tools run undetected by most AVs. In detail, we first analyze and explain most of the methods used by AVs to recognize malicious payloads and, for each one of them, we outline the relative strengths and flaws, showing how these flaws could be exploited using a general approach to evade AVs controls, by performing simple human-oriented operations on the payloads. The testing activity we performed shows that our proposal is helpful in evading virtually all the most popular AVs on the market. Therefore, low-skilled malicious users could easily use our approach