Time Series Network Data Enabling Distributed Intelligence. A Holistic IoT Security Platform Solution

Aikaterini Protogerou, Evangelos V. Kopsacheilis, Asterios Mpatziakas, Kostas Papachristou, Traianos Ioannis Theodorou, Stavros Papadopoulos, Anastasios Drosou, Dimitrios Tzovaras
2022 Electronics  
The Internet of Things (IoT) encompasses multiple fast-emerging technologies controlling and connecting millions of new devices every day in several application domains. The increased number of interconnected IoT devices, their limited computational power, and the evolving sophistication of cyber security threats, results in increased security challenges for the IoT ecosystem. The diversity of IoT devices, and the variety of QoS requirements among several domains of IoT application, impose
more » ... derable challenges in designing and implementing a robust IoT security solution. The aim of this paper is to present an efficient, robust, and easy-to-use system, for IoT cyber security operators. Following a by-design security approach, the proposed system is a platform comprising four distinct yet cooperating components; a distributed AI-enhanced detection of potential threats and anomalies mechanisms, an AI-based generation of effective mitigation strategies according to the severity of detected threats, a system for the verification of SDN routing decisions along with network- and resource-related policies, and a comprehensive and intuitive security status visualization and analysis. The distributed anomaly detection scheme implementing multiple AI-powered agents is deployed across the IoT network nodes aiming to efficiently monitor the entire network infrastructure. Network traffic data are fed to the AI agents, which process consecutive traffic samples from the network in a time series analysis manner, where consecutive time windows framing the traffic of the surrounding nodes are processed by a graph neural network algorithm. Any detected anomalies are handled by a mitigation engine employing a distributed neural network algorithm, which exploits the recorded anomalous events and deploys appropriate responses for optimal threat mitigation. The implemented platform also includes the hypothesis testing module, and a multi-objective optimization tool for the quick verification of routing decisions. The system incorporates visualization and analytics functionality and a customizable user interface.
doi:10.3390/electronics11040529 fatcat:m4tgpyvzhrft3i5loro3hememm