The Internet of Things (IoT) is becoming increasingly prominent. Many of the devices available today are ones that people wouldn’t have envisioned a decade or so ago. Consumers can buy security cameras, smart speakers, toothbrushes and much more that connect to WiFi and are under IoT’s umbrella.
Despite the substantial amount of product development in the IoT sector, people continuously bring up an area of improvement: security.
Manufacturers are often so eager to launch their products in the marketplace that they don’t prioritize protecting those items from cyber threats. Then, the device users suffer because they end up dealing with the aftermath of insufficient security.
How Do IoT Companies Find out About Threats?
Sometimes, white hat hackers discover IoT device vulnerabilities before cybercriminals do. Then, the creators of those gadgets can issue patches to limit the extent of the damage.
Alternatively, tech professionals at the companies behind the IoT devices identify vulnerabilities by assessing inputs that could cause application errors. After finding problems, they design, deploy and test patches.
Regardless of whether awareness of the threat happens internally at a company or comes from an external source, the process of patching devices is time consuming. It means the products may remain at risk for weeks or even months after the point of initial threat discovery.
Researchers at IBM Develop a Virtual Patch
Researchers at IBM think they have a possible solution to this common situation and substantial security problem. They proposed a virtual patch that offers advance detection of threats. This kind of virtual patching is an improvement on previous methods because it uses machine learning to check for issues.
The team trained a deep neural network by running numerous testing tools on an app and using the generated data to teach it how to respond to different threats. They wanted to assign a label to each application input to classify it as malicious, benign or an error. They ended up putting the malicious and error inputs into a single class.
The system would then tell them whether it was necessary to take a closer look at an input. One of the positive things researchers discovered is that the neural networks may not need any feature extraction training to work correctly. Deep neural networks also give rapid results. As such, they can provide nearly real-time predictions.
The team wanted to turn the patch into an automatic system that could work on several apps instead of only one.
Moreover, the researchers didn’t initially pursue any deep neural network training that required manual extraction methods. They thought that approach would bring them closer to the goal of making the deep learning model as generalized as possible.
Changing the Way People Find Threats
Cybersecurity experts know the varied nature of today’s threat landscape well. Their experience would likely make them agree with these researchers that a more versatile virtual patch would be more useful than one that only detected threats for a single application.
Making the patch as diverse as possible in its threat detection capabilities was also crucial given the rate at which new IoT products appear in the marketplace.
A Kaspersky Lab report published in September 2018 highlights why a new method of threat detection, such as the one tested above, is so necessary in today’s world. It showed there were three times as many kinds of malware targeting smart devices in the first half of 2018 than in all of 2017.
Teaching the Virtual Patch With Historical Data
The IBM researchers eventually trained the virtual patch on previously generated data via a hybrid deep learning network. The deep neural network was a combination of a recurrent neural network (RNN) and a convolutional neural network (CNN).
Deep learning engineers often use RNNs for voice-related data. It can take a sequential approach to data and predict what’s coming next better than other kinds of deep neural networks. In contrast, CNNs typically receive images and assign importance to various aspects of them.
Testing the worthiness of the patch required generating data from old versions of applications, then seeing if the deep neural network detected threats in those applications that people found and documented years earlier.
They looked for two kinds of vulnerabilities, and the research paper on the subject confirms that the model was more than 90 percent effective in identifying them. The team also improved their results by adding a new path that has basic feature extraction followed by a CNN.
Steps Toward Solving the IoT Security Problem
Many people feel simultaneously impressed by the capabilities of IoT devices and concerned that they aren’t secure enough. It’ll likely be a while before the team can use their technique in a widespread way that goes beyond the lab environment.
However, the essential thing to remember about their achievements is that they’ve made meaningful progress in securing IoT devices.
The results could help companies avoid scrambling to come up with patches for known threats. Instead, they may fix devices with virtual patches that stop threats by preventing them from becoming problematic.