Smart Gateways: Active A.I. in Subscriber Networks (2020)

By Kyle Haefner, CableLabs

In the last several years progress toward securing Internet of Things (IoT) devices has been made on several fronts. There are now mature specifications for IoT devices that require with encryption, authentication and authorization for every device. Governments and industry have released baselines that provide guidance on what should constitute a secure device. There is even recent legislation at the state level aimed at enforcing security in IoT.

None of this will guarantee secure devices. There will always be devices that are exposed, unpatched and vulnerable. Even companies and manufacturers that prioritize security will inevitably find themselves with vulnerabilities inherited in the supply chain from decades old code like Ripple20. Combine this with malware like Mirai that is constantly being updated to take advantage of these newly discovered vulnerabilities and it becomes clear that building strong security into individual devices is simply not enough. The question that now needs to be answered is, can secure systems be built from networks of potentially insecure devices? The question posed above is not a mere hypothetical one. Today's subscriber networks consist of not just a heterogenous mix of devices, but also the implicit mix of vulnerabilities and attack surfaces inherent in today's complex home networks. To address this problem in a comprehensive and systematic way, intelligence must be added to the network so as to give the network the ability to know the devices running on it, learn how those devices behave and be capable of actively and surgically blocking traffic that is outside the bounds of what is deemed normal.

This research presents a method whereby a centralized router/gateway can learn a device's behavior on the network and based on that behavior, determine normal and abnormal behavior from that device. The model presented in this paper takes advantage of the predictability of an IoT device's network footprint by developing a formalized measurement of complexity for each device. Low complex and simple devices are more accurately modeled and thus can be more confidently managed autonomously by the network.

After describing the framework necessary to measure the complexity of network devices, this work then uses this complexity measure to inform and tune an anomaly detection algorithm to construct a behavioral model for each device. This tuned model represents the behavior footprint of each device learned from its network traffic and forms the basis for differentiating normal traffic from abnormal.

To demonstrate the efficacy of this model, this work analyzes boundary of each device's learned behavior against seven common types of malware traffic from infected IoT devices. Finally, to illustrate that the model can be effectively applied to a broad spectrum of devices, four different IoT datasets were analyzed: one residential dataset, two lab datasets, and a dataset based on commercial IoT devices. The results show that this model can be an effective way to actively block Distributed Denial of Service (DDoS) attacks and malware traffic especially on low complex devices.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Predicting the Evolution of Distributed Denial of Service Attacks on Carrier Networks
By Kyle Haefner, Cable Television Laboratories Inc.
Requirements for the IoT Infrastructure in the Customer Premises
By Rajesh Abbi, Duke Tech Solutions, Inc.; Charles Chapman, Enersys; Sudheer Dharanikota, Duke Tech Solutions, Inc.; Kyle Haefner, CableLabs; Clarke Stevens, Shaw Communications, Inc.
A Necessary Journey Towards an AI-driven Operation - Telecom Argentina perspective
By Claudio Righetti, Mariela Fiorenzo, Horacio Arrigo; Telecom Argentina S.A.
AI for IT Operations (AIOps) - Using AI/ML for Improving IT Operations
By Hongcheng Wang, Applied AI & Discovery, Comcast; Praveen Manoharan, Applied AI & Discovery, Comcast; Nilesh Nayan, Applied AI & Discovery, Comcast; Aravindakumar Venugopalan, Applied AI & Discovery, Comcast; Abhijeet Mulye, Applied AI & Discovery, Comcast; Tianwen Chen, Applied AI & Discovery, Comcast; Mateja Putic, Applied AI & Discovery, Comcast
Matter - What It Is, How It Works and Why It Matters To The Cable Industry
By Haefner, Kyle, Ph.D., CableLabs; Haque, Asad, Comcast; Page, Jason, Charter Communications
Optimizing Active Components for Extended Spectrum Networks
By Chris Day & Joshua Rose, Analog Devices
Smart Entertainment in the Smart Home
By Arsham Hatambeiki, Universal Electronics Inc.
Can Future Networks Survive Without Artificial Intelligence?
By Dr. Claudio Righetti, Emilia Gibellini, Carlos Germán Carreño Romano & Gabriel Carro; Telecom Argentina S.A.
SCTE Smart Amplifier Project - Extend Proactive Network Maintenance to the Outside Plant
By Doug Jones, CableLabs
Full Duplex DOCSIS over Active (N+X) Cable Networks
By Werner Coomans, Ph.D., Nokia Bell Labs; Rex Coldren, Nokia/Gainspeed
More Results >>