Establishing trusted Machine-to-Machine communications in the Internet of Things through the use of behavioural tests

Today, the Internet of Things (IoT) is one of the most important emerging technologies. Applicable to several fields, it has the potential to strongly influence people’s lives. “Things” are mostly embedded machines, and Machine-to-Machine (M2M) communications are used to exchange information. The main aspect of this type of communication is that a “thing” needs a mechanism to uniquely identify other “things” without human intervention. For this purpose, trust plays a key role. Trust can be incorporated in the smartness of “things” by using mobile “agents”. From the study of the IoT ecosystem, a new threat against M2M communications has been identified. This relates to the opportunity for an attacker to employ several forged IoT-embedded machines that can be used to launch attacks. Two “things-aware” detection mechanisms have been proposed and evaluated in this work for incorporation into IoT mobile trust agents. These new mechanisms are based on observing specific thing-related behaviour obtained by using a characterisation algorithm. The first mechanism uses a range of behaviours obtained from real embedded machines, such as threshold values, to detect whether a target machine is forged. This detection mechanism is called machine emulation detection algorithm (MEDA). MEDA takes around 3 minutes to achieve a detection accuracy of 79.21%, with 44.55% of real embedded machines labelled as belonging to forged embedded machines. These results indicated a need to develop a more accurate and faster detection method. Therefore, a second mechanism was created and evaluated. A dataset composed of behaviours from real, virtual and emulated embedded systems that can be part of the IoT was created. This was used for both training and testing classification methods. The results identified Random Forest (RF) as the most efficient method, recognising forged embedded machines in only 5 seconds with a detection rate of around 99.5%. It follows that this solution can be applied in real IoT scenarios with critical conditions. In the final part of this thesis, an attack against these new mechanisms has been proposed. This consists of using a modified kernel of a powerful machine to mimic the behaviour of a real IoT-embedded machine, referred to as a fake timing attack (FTA). Two metrics, mode and median from ping response time, have been found to effectively detect this attack. The final detection method involves combining RF and k-Nearest Neighbour to successfully detect forged embedded machines and FTA in only 40 seconds, with an overall detection performance (ODP) of 99.9% and 93.70% respectively. This method also was evaluated using behaviours from embedded machines that were not present in the training set. The results from that evaluation demonstrate that the proposed solution can detect embedded machines unknown to the method, both real and virtual, with an ODP of 99.96% and 99.92% respectively. In summary, a new algorithm able to detect forged embedded machines easily, quickly and with very high accuracy has been developed. The proposed method addresses the challenge of securing present and future M2M-embedded machines with power-constrained resources and can be applied to real IoT scenarios

A Classification-Based Algorithm to Detect Forged Embedded Machines in IoT Environments

In the Internet of Things (IoT), interconnected devices manage essential information related to people's lives; hence, securing this information is essential. The number of these machines is rapidly growing; these are mostly embedded, and therefore more susceptible to attacks. Recently, thousands of subverted IoT embedded machines, such as surveillance cameras, were used for launching distributed denial of service (DDoS) attacks. In this scenario, attackers, who are not embedded machines, can emulate their behaviors to subvert the machine-to-machine network. In this paper, we present a novel algorithm to detect such forged machines. This allows detection of virtualized and emulated systems by observing their behaviors and can be used by IoT trust agents in embedded machines. With the aim of creating a machine-agnostic system, portable and applicable to future IoT machines, we propose a classification-based algorithm as the detection mechanism. Extensive experiments with different system architectures and operating systems were performed, along with a comparison of several feature selection and classification methods. The results show that our method can quickly reveal illegitimate machines with a high probability of detection, giving the opportunity for its use in power-constrained machines. Our approach is also able to detect unknown embedded systems and can be used to detect fake timing attacks

Impact of Metric Selection on Wireless DeAuthentication DoS Attack Performance

DeAuthentication Denial of Service attacks in Public Access WiFi operate by exploiting the lack of authentication of management frames in the 802.11 protocol. Detection of these attacks rely almost exclusively on the selection of appropriate thresholds. In this work the authors demonstrate that there are additional, previously unconsidered, metrics which also influence DoS detection performance. A method of systematically tuning these metrics to optimal values is proposed which ensures that parameter choices are repeatable and verifiable

A Novel ML-Based Symbol Detection Pipeline for Molecular Communication

Molecular Communication (MC) is the process of sending information by the use of particles instead of electromagnetic (EM) waves. This change in paradigm allows the use of MC in areas where EM transmission is undesirable. These include underground, underwater and even intra-body communications. While this novel paradigm promises new areas for communication, one of the major setbacks is its relatively low throughput caused by the propagation speed. This can be improved by decreasing the symbol duration; however, this can be a detriment to the correct decoding of symbols. This paper proposes a novel symbol detection pipeline to increase the possible throughput without increasing the error rate of the communication. This is based on a machine-learning algorithm for classification tasks using an L-point discrete time moving average filter and a wide range of features. Extensive simulations with long sequences at different signal-to-noise ratio (SNR) values were performed to determine how well the proposed method detects symbols. The results show that our method can detect symbols received when On-Off Keying (OOK) modulations are used with a 10 dB gain, even when transmissions with untrained SNR values occur

A Joint Traffic Flow Estimation and Prediction Approach for Urban Networks

Classical methods of traffic flow prediction with missing data are generally implemented in two sequential stages: a) imputing the missing data by certain imputation methods such as kNN, PPCA based methods etc.; b) using parametric or non-parametric methods to predict the future traffic flow with the completed data. However, the errors generated in missing data imputation stage will be accumulated into prediction stage, and thus will negatively influence the prediction performance when missing rate becomes large. To solve this problem, this paper proposes a Joint Traffic Flow Estimation and Prediction (JT-FEP) approach, which considers the missing data as additional unknown network parameters during a deep learning model training process. By updating missing data and the other network parameters via backward propagation, the model training error can generally be evenly distributed across the missing data and future data, thus reducing the error propagation. We conduct extensive experiments for two missing patterns i.e. Completely Missing at Random (CMAR) and Not Missing at Random (NMAR) with various missing rates. The experimental results demonstrate the superiority of JTFEP over existing methods

Down Syndrome detection with Swin Transformer architecture

Objective: Down Syndrome, also known as Trisomy 21, is a severe genetic disease caused by an extra chromosome 21. For the detection of Trisomy 21, despite those statistical methods have been widely used for screening, karyotyping remains the gold standard and the first level of testing for diagnosis. Due to karyotyping being a time-consuming and labour-intensive procedure, Computer Vision methodologies have been explored to automate the karyotyping process for decades. However, few studies have focused on Down Syndrome detection with the Transformer technique. This study develops a Down-Syndrome-Detector (DSD) architecture based on the Transformer structure, which includes a segmentation module, an alignment module, a classification module, and a Down Syndrome indicator. Methods: The segmentation and classification modules are designed by homogeneous transfer learning at the model level. Transfer learning techniques enable a network to share weights learned from the source domain (e.g., millions of data in ImageNet) and optimize the weights with limited labeled data in the target domain (e.g., less than 6,000 images in BioImLab). The Align-Module is designed to process the segmentation output to fit the classification dataset, and the Down Syndrome Indicator identifies a Down Syndrome case from the classification output. Results: Experiments are first performed on two public datasets BioImLab (119 cases) and Advanced Digital Imaging Research (ADIR, 180 cases). Our performance metrics indicate the good ability of segmentation and classification modules of DSD. Then, the DS detection performance of DSD is evaluated on a private dataset consisting of 1084 cells (including 20 DS cells from 2 singleton cases): 90.0% and 86.1% for cell-level TPR and TNR; 100% and 96.08% for case-level TPR and TNR, respectively. Conclusion: This study develops a pipeline based on the modern Transformer architecture for the detection of Down Syndrome from original metaphase micrographs. Both segmentation and classification models developed in this study are assessed using public datasets with commonly used metrics, and both achieved good results. The DSDproposed in this study reported satisfactory singleton case-specific DS detection results. Significance: As verified by a medical specialist, the developed method may improve Down Syndrome detection efficiency by saving human labor and improving clinical practice