Cyber Monitoring and Defence System for IoT Devices

Internet of Things (IoT) is a disruptive technology with applications across diverse application domains from transportation and logistics, health care, smart environment, to personal and social, gaming, robot and smart cities. Alongside growth of these infrastructures, the volume and variety of attacks on such infrastructures has increased. For instance, Mirai botnet was able to infect more than 2.5 million IoT devices and subsequently enslaved to launch a successful widespread DDoS attacks in October 2016. These attacks exemplified vulnerability of Internet-connected IoT devices to security threats as well as providing a glimpse into potential consequences of successful attacks including attempts to hijack critical national and international infrastructures. The existing problems are compounded by expanded cyber-attack surface due to growing number of IoT devices, and threats posed by ever-growing innovation beyond the capability of Mirai botnet. These include Reaper, Persirai, Brickbot etc., constituting additional attack capabilities i.e. ransomware, data stealing, exploiting on-device resources, device-bricking (or destroying), etc. Our research has identified these next-generation botnets to aim at exploiting known and newly discovered vulnerabilities and security flaws especially in the "Linux-based Internet-connected IoT devices". To date, there is no effective IoT security solution against botnets targeting, specifically, the ulnerabilities and security flaws of the device's operating system and utilities i.e. the embedded Linux system. Various IoT security solutions exist, for instance, Kaspersky's IoT Scanner, Bit Defender, DarkTrace and Senrio but with the exception of Senrio Trace, these solutions focus on network traffic analysis. Although Senrio Trace represents a device-level solution, it is focused at gaining insight into the security and real-time operation of the software, hence not effective against the aforementioned botnets. This project is set out to meet the technological gaps, by developing new security capability at "device-level" with greater effectiveness against botnets targeting IoT devices, aiming to achieve defence in depth for cyberspace and deter adversaries to the connected devices. In particular, our solution - CyMonD aims at improving the current IoT security landscape by enhancing protection at the device-level against botnets targeting vulnerabilities in Linux system and utilities e.g. intrusive root access, abnormal system processes, malware injection etc. It combines secure communication, Linux system programming, machine learning and distributed communication technologies to address unique challenges within the IoT device security space. CyMonD is able to prevent zero-day attacks such as DDoS, ransomware, data breach etc., as these abnormalities can be detected and suppressed at the device-level.