Automated Detection and Analysis of IoT Network Traffic Through Distributed Open Source Sensors and Citizen Scientists presented at flocon 2018

by Joe Mcmanus,

Summary : The Internet of Things (IoT) is revolutionizing how we think of computing. Between home automation and wearable technology more and more low power devices are being deployed at an accelerated rate. Unfortunately, it seems we have not learned from security mistakes of the past. Major attacks like the Marai Botnet were possible because of simple mistakes in software design. As the market has not yet reacted to demand that security be built in from the ground up what can we do to protect the IoT?This talk will cover securing the Internet of Things (IoT) through network based detection leveraging low cost distributed sensing, machine learning and citizen scientists. The platforms, communications and use cases of IoT are varying enough that traditional IDS signatures are not the right solution. Behavioral based approaches will be required to catch the ever-changing attacks on the IoT.Using citizen scientists to deploy open platform sensors users can help to detect and monitor IoT threats in real time. By enpowering the citizen scientist through local visualization that is performed on an interactive touch screen on the sensor we can create more situational awareness around the security of their networks.Through the collection of NetFlow, DNS and IP reputation data at the sensor, initial triage is performed before being sent to a cloud based machine learning environment. The machine learning environment is also fed information from a system of distributed IoT honeypots to ensure attack data is continually analyzed by the cloud.Through this system we will secure the end users IoT devices and create additional awareness around information security. The data is also available for researchers to assist is additional study.Attendees will learn: This talk will challenge security researchers to think outside the box of our research community and how we can better work to educate end users about security issues.