MECInOT: a multi-access edge computing and industrial internet of things emulator for the modelling and study of cybersecurity threats

In recent years, the Industrial Internet of Things (IIoT) has grown rapidly, a fact that has led to an increase in the number of cyberattacks that target this environment and the technologies that it brings together. Unfortunately, when it comes to using tools for stopping such attacks, it can be noticed that there are inherent weaknesses in this paradigm, such as limitations in computational capacity, memory and network bandwidth. Under these circumstances, the solutions used until now in conventional scenarios cannot be directly adopted by the IIoT, and so it is necessary to develop and design new ones that can effectively tackle this problem. Furthermore, these new solutions must be tested in order to verify their performance and viability, which requires testing architectures that are compatible with newly introduced IIoT topologies. With the aim of addressing these issues, this work proposes MECInOT, which is an architecture based on openLEON and capable of generating test scenarios for the IIoT environment. The performance of this architecture is validated by creating an intelligent threat detector based on tree-based algorithms, such as decision tree, random forest and other machine learning techniques. Which allows us to generate an intelligent and to demonstrate, we could generate an intelligent threat detector and demonstrate the suitability of our architecture for testing solutions in IIoT environments. In addition, by using MECInOT, we compare the performance of the different machine learning algorithms in an IIoT network. Firstly, we present the benefits of our proposal, and secondly, we describe the emulation of an IIoT environment while ensuring the repeatability of the experiments

A MEC-IIoT intelligent threat detector based on machine learning boosted tree algorithms

In recent years, new management methods have appeared that mark the beginning of a new industrial revolution called Industry 4.0 or the Industrial Internet of Things (IIoT). IIoT brings together new emerging technologies, such as the Internet of Things (IoT), Deep Learning (DL) and Machine Learning (ML), that contribute to new applications, industrial processes and efficiency management in factories. This combination of new technologies and contexts is paired with Multi-access Edge Computing (MEC) to reduce costs through the virtualisation of networks and services. As these new paradigms increase in growth, so does the number of threats and vulnerabilities, making IIoT a very desirable target for cybercriminals. In addition, IIoT devices have certain intrinsic limitations, especially due to their limited resources, and this makes it impossible, in many cases, to detect attacks by using solutions designed for other paradigms. So it is necessary to design, implement and evaluate new solutions or adapt existing ones. Therefore, this paper proposes an intelligent threat detector based on boosted tree algorithms. Such detectors have been implemented and evaluated in an environment specifically designed to test IIoT deployments. In this way, we can learn how these algorithms, which have been successful in multiple contexts, behave in a paradigm with known constraints. The results obtained in the study show that our intelligent threat detector achieves a mean efficiency of between 95%–99% in the F1 Score metric, indicating that it is a good option for implementation in these scenarios

Role of age and comorbidities in mortality of patients with infective endocarditis

[Purpose]: The aim of this study was to analyse the characteristics of patients with IE in three groups of age and to assess the ability of age and the Charlson Comorbidity Index (CCI) to predict mortality. [Methods]: Prospective cohort study of all patients with IE included in the GAMES Spanish database between 2008 and 2015.Patients were stratified into three age groups:<65 years,65 to 80 years,and ≥ 80 years.The area under the receiver-operating characteristic (AUROC) curve was calculated to quantify the diagnostic accuracy of the CCI to predict mortality risk. [Results]: A total of 3120 patients with IE (1327 < 65 years;1291 65-80 years;502 ≥ 80 years) were enrolled.Fever and heart failure were the most common presentations of IE, with no differences among age groups.Patients ≥80 years who underwent surgery were significantly lower compared with other age groups (14.3%,65 years; 20.5%,65-79 years; 31.3%,≥80 years). In-hospital mortality was lower in the <65-year group (20.3%,<65 years;30.1%,65-79 years;34.7%,≥80 years;p < 0.001) as well as 1-year mortality (3.2%, <65 years; 5.5%, 65-80 years;7.6%,≥80 years; p = 0.003).Independent predictors of mortality were age ≥ 80 years (hazard ratio [HR]:2.78;95% confidence interval [CI]:2.32–3.34), CCI ≥ 3 (HR:1.62; 95% CI:1.39–1.88),and non-performed surgery (HR:1.64;95% CI:11.16–1.58).When the three age groups were compared,the AUROC curve for CCI was significantly larger for patients aged <65 years(p < 0.001) for both in-hospital and 1-year mortality. [Conclusion]: There were no differences in the clinical presentation of IE between the groups. Age ≥ 80 years, high comorbidity (measured by CCI),and non-performance of surgery were independent predictors of mortality in patients with IE.CCI could help to identify those patients with IE and surgical indication who present a lower risk of in-hospital and 1-year mortality after surgery, especially in the <65-year group

Treatment with tocilizumab or corticosteroids for COVID-19 patients with hyperinflammatory state: a multicentre cohort study (SAM-COVID-19)

Objectives: The objective of this study was to estimate the association between tocilizumab or corticosteroids and the risk of intubation or death in patients with coronavirus disease 19 (COVID-19) with a hyperinflammatory state according to clinical and laboratory parameters. Methods: A cohort study was performed in 60 Spanish hospitals including 778 patients with COVID-19 and clinical and laboratory data indicative of a hyperinflammatory state. Treatment was mainly with tocilizumab, an intermediate-high dose of corticosteroids (IHDC), a pulse dose of corticosteroids (PDC), combination therapy, or no treatment. Primary outcome was intubation or death; follow-up was 21 days. Propensity score-adjusted estimations using Cox regression (logistic regression if needed) were calculated. Propensity scores were used as confounders, matching variables and for the inverse probability of treatment weights (IPTWs). Results: In all, 88, 117, 78 and 151 patients treated with tocilizumab, IHDC, PDC, and combination therapy, respectively, were compared with 344 untreated patients. The primary endpoint occurred in 10 (11.4%), 27 (23.1%), 12 (15.4%), 40 (25.6%) and 69 (21.1%), respectively. The IPTW-based hazard ratios (odds ratio for combination therapy) for the primary endpoint were 0.32 (95%CI 0.22-0.47; p < 0.001) for tocilizumab, 0.82 (0.71-1.30; p 0.82) for IHDC, 0.61 (0.43-0.86; p 0.006) for PDC, and 1.17 (0.86-1.58; p 0.30) for combination therapy. Other applications of the propensity score provided similar results, but were not significant for PDC. Tocilizumab was also associated with lower hazard of death alone in IPTW analysis (0.07; 0.02-0.17; p < 0.001). Conclusions: Tocilizumab might be useful in COVID-19 patients with a hyperinflammatory state and should be prioritized for randomized trials in this situatio

Security Analysis of the MQTT-SN Protocol for the Internet of Things

The expansion of the Internet of Things (IoT) paradigm has brought with it the challenge of promptly detecting and evaluating attacks against the systems coexisting in it. One of the most recurrent methods used by cybercriminals is to exploit the vulnerabilities found in communication protocols, which can lead to them accessing, altering, and making data inaccessible and even bringing down a device or whole infrastructure. In the case of the IoT, the Message Queuing Telemetry Transport (MQTT) protocol is one of the most-used ones due to its lightness, allowing resource-constrained devices to communicate with each other. Improving its effectiveness, a lighter version of this protocol, namely MQTT for Sensor Networks (MQTT-SN), was especially designed for embedded devices on non-TCP/IP networks. Taking into account the importance of these protocols, together with the significance that security has when it comes to protecting the high-sensitivity data exchanged in IoT networks, this paper presents an exhaustive assessment of the MQTT-SN protocol and describes its shortcomings. In order to do so, seven different highly heterogeneous attacks were designed and tested, evaluating the different security impacts that they can have on a real MQTT-SN network and its performance. Each one of them was compared with a non-attacked implemented reference scenario, which allowed the comparison of an attacked system with that of a system without attacks. Finally, using the knowledge extracted from this evaluation, a threat detector is proposed that can be deployed in an IoT environment and detect previously unmodeled attacks

An automatic complex event processing rules generation system for the recognition of real-time IoT attack patterns

The Internet of Things (IoT) has grown rapidly to become the core of many areas of application, leading to the integration of sensors, with IoT devices. However, the number of attacks against these types of devices has grown as fast as the paradigm itself. Certain inherent characteristics of the paradigm, as well as the limited computational capabilities of the devices involved, make it difficult to deploy security measures. This is why it is necessary to design, implement and study new solutions in the field of cybersecurity. In this paper, we propose an architecture that is capable of generating Complex Event Processing (CEP) rules automatically by integrating them with machine learning technologies. While the former is used to automatically detect attack patterns in real time, the latter, through the use of the Principal Component Analysis (PCA) algorithm, allows the characterization of events and the recognition of anomalies. This combination makes it possible to achieve efficient CEP rules at the computational level, with the results showing that the CEP rules obtained using our approach substantially improve upon the performance of the standard CEP rules, which are rules that are not generated by our proposal but can be defined independently by an expert in the field. Our proposal has achieved an F1-score of 0.98 on average, a 76 percent improvement in throughput over standard CEP rules, and a reduction in the network overhead of 86 percent over standard simple events, which are the simple events that are generated when our proposal is not used.16 página

24 Integrando el Edge Computing en el Desarrollo de una Metodología Forense Dedicada a Entornos IoT

La aplicación del Internet de las Cosas (IoT) en los múltiples ámbitos de nuestra sociedad no solo ha supuesto buenas noticias para los usuarios, que han conseguido llevar la tecnología a lugares que no hacían uso de ella, sino que, lamentablemente, los cibercriminales también se han visto beneficiados con este cambio de paradigma. La fragilidad de los dispositivos IoT en términos de seguridad, unido a la sensibilidad de los datos que manejan, ha causado que el IoT sea un lugar idóneo en el que llevar a cabo sus ataques. En consecuencia, se necesitan de técnicas forenses que permitan esclarecer cómo se debe proceder a la hora de examinar estos nuevos dispositivos, puesto que tienen características muy distintas a los convencionales. Por ello, en este artículo, además de realizar una evaluación del estado del análisis forense en el entorno IoT y sus requisitos, se propone una metodología forense centrada en este nuevo entorno que hace uso de la tecnología edge computing

Automatic Analysis Architecture of IoT Malware Samples

The weakness of the security measures implemented on IoT devices, added to the sensitivity of the data that they handle, has created an attractive environment for cybercriminals to carry out attacks. To do so, they develop malware to compromise devices and control them. The study of malware samples is a crucial task in order to gain information on how to protect these devices, but it is impossible to manually do this due to the immense number of existing samples. Moreover, in the IoT, coexist multiple hardware architectures, such as ARM, PowerPC, MIPS, Intel 8086, or x64-86, which enlarges even more the quantity of malicious software. In this article, a modular solution to automatically analyze IoT malware samples from these architectures is proposed. In addition, the proposal is subjected to evaluation, analyzing a testbed of 1500 malware samples, proving that it is an effective approach to rapidly examining malicious software compiled for any architecture