More and more tools of everyday living are being outfitted with sensors, software and processing ability and connected to other systems or devices over the Internet to exchange information and data.
Many people have been enthusiastic adopters of items such as smart TVs, smart home hubs, smart thermostats and smart refrigerators, eager to take advantage of the capabilities and convenience that they provide.
But alongside their benefits, these Internet of Things devices also introduce some level of risk when added to networks because they’re susceptible to botnet or ransomware attacks and can provide an entry point for more malicious activity aimed at other devices on the network.
“These smart devices are now everywhere,” said Jianli Pan, an associate professor of computer science at the University of Missouri–St. Louis. “People are crazy about them, and they use them everywhere. But the legal regulations haven’t caught up in time. They fell behind, and people tried to get the function out of the fancy things to occupy the market. They didn’t do their due diligence in terms of considering the security issues, so there is a big gap in the sense that these devices actually create a lot of trouble when they go into our life or go into our business.”
Pan has been researching ways to make IoT security smarter – hardening their defenses automatically with the use of artificial intelligence, machine learning and blockchain technology.
He’s one of the PIs on an approximately $510,000 research grant from the National Security Agency’s National Centers of Academic Excellence in Cybersecurity. The grant, “Automated and Intelligent Threat Detection and Defense of Future IoT Edge/Cloud Systems,” was awarded through the NSA’s Cybersecurity Research Innovation 2021 Program.
“We’re applying machine learning and AI technologies to learn the device’s behavior patterns and find potential issues,” Pan said. “We do data mining so that we have a better understanding of the smart devices based on their behavior, their traffic patterns, their activities. We can extract information and insight and use it to make predictions and necessary security enhancements.”
That threat detection is the first step in a three-pronged plan.
The second is to improve IoT security with a flexible and resource-aware security protocol that can be implemented automatically at a gateway on the network.
The third step is to enhance those defenses using blockchain technology.
“If we coherently integrate all these things and support them by various AI and machine learning techniques and tools, it’s a complete solution,” Pan said.
Pan is collaborating with Prasad Calyam, an associate professor in the Department of Electrical Engineering and Computer Science at the University of Missouri–Columbia. The two first met not long after Pan came to UMSL in 2014. They had similar research interests in edge-cloud computing, IoT devices, blockchain and cybersecurity.
Pan and Calyam had been trying to find a project to work together on for several years, and the NSA’s Cybersecurity Research Innovation Program and the chance to try to take a novel approach to improving IoT security finally provided the opportunity.
They want to share the methods they develop and educate others so they can have broader impact.
“There are huge security vulnerabilities, security holes with these smart devices,” Pan said. “When these devices are doing ‘smart things’ to make our life better, we also need to make their security and defense smarter than they are now. We believe there is an opportunity for us to do something really special to remedy it.”