Defence & Military
❯
Cybersecurity
❯AI (swarm intelligence) solution for attack detection in IoT environment
Non-intrusive detection of malware
For:
General users of Internet-connected devices
Scope:
Build an AI solution that detects malware activities.
Goal:
Other
Automated threat enrichment intelligence in Cyber security
Goal:
Improve Operation Efficiency
AI (swarm intelligence) solution for attack detection in IoT environment
For:
End users of smart metering, utility companies
Scope:
Anomaly-based attack detection in an IoT environment using swarm
Intelligence.
Goal:
Other
AI (swarm intelligence) solution for attack detection in IoT environment
For:
End users of smart metering, utility companiesGoal:
OtherProblem addressed
Given: Advanced metering infrastructure (AMI) smart meters in smart
buildings in smart cities.
Detect: Detect energy theft / meter tampering by consumers in AMI or
hacking attacks by external agents (man in the middle) in edge computing
security scenarios with intermittent disconnection, near real-time response
without using server or cloud-based analytics.
Scope of use case
Anomaly-based attack detection in an IoT environment using swarm
Intelligence.
Description
This description is an introduction to anomaly-based attack
detection using swarm intelligence.
Motivation: World-wide statistics shows that are IoT
installed base is expected to be 12,86 bill u in the consumer
sector by 2020. In the smart city industry, smart security is
expected to account for 13,5 percent of the global smart city
market. It is expected to be more than one billion devices
installed in smart homes. India is planning one hundred
smart cities to be developed in the next 5 y, and security is of
paramount importance. Securing advanced metering
Infrastructure (AMI) is expected to be the key component for
securing smart city infrastructure. An important aspect of
securing AMI is securing the Smart Energy meters and
detecting attacks on these smart meters. While there are
many traditional solutions for anomaly and intrusion-based
detection based on static preset rules / policies, these
solutions are not effective in detecting future attacks that are
not already known. A more robust and more secure security
solution to detect attacks in edge network is essential. Hence
55
a new innovative approach of using swarm intelligence along
with anomaly-based detection has been a technology choice
to solve this problem in a unique way.
Problem statement: Detect energy theft / meter tampering
by consumer in AMI or hacking attack by an external agent
(man in the middle) for edge computing security scenarios
with intermittent disconnection, near real-time response
without using a server or cloud-based analytics.
Current situation: There are many cloud service-based
centralized solutions available using static rules / configured
policies that can detect existing known attacks only.
Processing in a centralized cloud service involves
transferring data from sensors / actuators to the cloud
service, which in itself is a concern in terms of privacy,
security, regulations and compliance for some key industry
verticals.
Solution approach: Swarm Intelligence is a specific branch of
AI. It is a new innovative approach using a swarm
intelligence (AI)-based solution for attack detection. This use
case used the collective behaviour of the decentralized self-
organizing swarm of nodes with simple computational rules,
interacting locally.
Result: Simple collective algorithms for detection of man-in-
the-middle attacks on data / networks.
The following anomaly-based attack detection algorithms
were used:
1. moving average-based;
2. Mahalanobis distance-based;
3. entropy-based.
Use case: Detection of attacks on AMI smart metering
network. It includes two parts:
1. energy theft by consumers;
2. attack launched by external entity (hacker) using a man in-
the-middle attack.
Technology: Swarm intelligence and anomaly-based attack
detection using energy consumption data from smart meters
to detect attacks using consensus-based anomaly detection
algorithms.
The following items are solution steps.
Step 1: Each smart meter node reads its energy consumption
data
Step 2: Node shares energy consumption data with its
neighbouring nodes
Step 3: Node computes anomaly index based on anomaly
detection algorithm
Step 4: Neighbouring nodes detect anomalous node(s) based
on anomaly index by consensus
Step 5: Neighbouring nodes raise alarm indicating attacked /
compromised node
Step 6: Report alarm to back end host
Step 7: Display monitoring status on host UI
Sensor Network - IOT
AI: Perceive