Smart Gateways: Active A.I. in Subscriber Networks (2020)

By Kyle Haefner, CableLabs

In the last several years progress toward securing Internet of Things (IoT) devices has been made on several fronts. There are now mature specifications for IoT devices that require with encryption, authentication and authorization for every device. Governments and industry have released baselines that provide guidance on what should constitute a secure device. There is even recent legislation at the state level aimed at enforcing security in IoT.

None of this will guarantee secure devices. There will always be devices that are exposed, unpatched and vulnerable. Even companies and manufacturers that prioritize security will inevitably find themselves with vulnerabilities inherited in the supply chain from decades old code like Ripple20. Combine this with malware like Mirai that is constantly being updated to take advantage of these newly discovered vulnerabilities and it becomes clear that building strong security into individual devices is simply not enough. The question that now needs to be answered is, can secure systems be built from networks of potentially insecure devices? The question posed above is not a mere hypothetical one. Today's subscriber networks consist of not just a heterogenous mix of devices, but also the implicit mix of vulnerabilities and attack surfaces inherent in today's complex home networks. To address this problem in a comprehensive and systematic way, intelligence must be added to the network so as to give the network the ability to know the devices running on it, learn how those devices behave and be capable of actively and surgically blocking traffic that is outside the bounds of what is deemed normal.

This research presents a method whereby a centralized router/gateway can learn a device's behavior on the network and based on that behavior, determine normal and abnormal behavior from that device. The model presented in this paper takes advantage of the predictability of an IoT device's network footprint by developing a formalized measurement of complexity for each device. Low complex and simple devices are more accurately modeled and thus can be more confidently managed autonomously by the network.

After describing the framework necessary to measure the complexity of network devices, this work then uses this complexity measure to inform and tune an anomaly detection algorithm to construct a behavioral model for each device. This tuned model represents the behavior footprint of each device learned from its network traffic and forms the basis for differentiating normal traffic from abnormal.

To demonstrate the efficacy of this model, this work analyzes boundary of each device's learned behavior against seven common types of malware traffic from infected IoT devices. Finally, to illustrate that the model can be effectively applied to a broad spectrum of devices, four different IoT datasets were analyzed: one residential dataset, two lab datasets, and a dataset based on commercial IoT devices. The results show that this model can be an effective way to actively block Distributed Denial of Service (DDoS) attacks and malware traffic especially on low complex devices.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Predicting the Evolution of Distributed Denial of Service Attacks on Carrier Networks
By Kyle Haefner, Cable Television Laboratories Inc.
Can Future Networks Survive Without Artificial Intelligence?
By Dr. Claudio Righetti, Emilia Gibellini, Carlos Germán Carreño Romano & Gabriel Carro; Telecom Argentina S.A.
Optimizing Active Components for Extended Spectrum Networks
By Chris Day & Joshua Rose, Analog Devices
Smart Entertainment in the Smart Home
By Arsham Hatambeiki, Universal Electronics Inc.
Full Duplex DOCSIS over Active (N+X) Cable Networks
By Werner Coomans, Ph.D., Nokia Bell Labs; Rex Coldren, Nokia/Gainspeed
Cable and Mobile Convergence: A Vision from the Cable Communities Around the World
By Jennifer Andréoli-Fang, PhD, CableLabs; John T. Chapman, Ian Campbell, & Mark Grayson, Cisco; Ahmed Bencheikh, Praveen Srivastava & Vikas Sarawat, Charter Communications; Drew Davis & Paul Blaser, Cox Communications; Damian Poltz & Dave Morley, Shaw Communications; Eduardo Panciera, Telecom Argentina; Philippe Perron, Sylvain Archambault, Eric Menu, Géraldine Trouillard & David Lagacé, Videotron; Gavin Young & Bruno Cornaglia, Vodafone
Leveraging Openflow In DOCSIS® Networks
By Chris Donley, CableLabs
Is the Smart Assistant Mutually Inclusive with IoT?
By Charles Cheevers & Jonathan Wu, ARRIS International plc
Residential Gateways: From The Inside Out
By Paul Pishal, Philips Broadband Networks
Delivering Seamless Subscriber Aware Services over Heterogeneous Access Networks using a SDN and NFV Framework
By Nagesh Nandiraju Ph.D., Yiu Lee and Jorge Salinger, Comcast Cable
More Results >>