Cyber Monitoring and Defence for IoT Devices (CyMonD)

Internet of Things (IoT) is a disruptive technology with applications across diverse application domains from transportation and logistics, smart environment, to personal and social, gaming and smart cities. Alongside their growth, the volume and variety of attacks on such infrastructures has increased. For instance, Mirai botnet infected more than 2.5 million IoT devices and subsequently enslaved to launch a successful widespread DDoS attacks in October 2016. Such attacks exemplify vulnerability of Internet-connected IoT devices to security threats as well as providing a glimpse into potential consequences of successful attacks including attempts to hijack critical national and international infrastructures.

The growing scale of IoT devices and attacks has expanded the cyber-attack surface – a recent study by Gartner has predicted IoT-related attacks to form 25% of all attacks encountered by an enterprise by 2020. These include additional attack capabilities such as ransomware, data stealing, exploiting on-device resources, device-bricking (or destroying), etc. Our research has identified these malware to aim at exploiting known and newly discovered security vulnerabilities in the connected IoT devices - a view confirmed by recent DCMS conducted study, identifying device security being an afterthought for vendors.

Through this funding programme, our market research has discovered various IoT security solutions such as Kaspersky's IoT Scanner, Bit Defender, DarkTrace and Senrio however with the exception of Senrio Trace, these solutions focus on network traffic analysis.
Although Senrio Trace represents a device-level solution, it is focused at gaining insight into the security and real-time operation of the software, hence not effective against the aforementioned threats. This identifies a gap in the market as there is no effective IoT security solution against malware targeting security vulnerabilities within an IoT device's software stack i.e. the embedded Linux system.
This project sets out to address the aforementioned gap by developing new security capability at "device-level" (aka. endpoint) effective against malware targeting IoT devices, aiming to achieve defence in depth and deter adversaries to the connected devices. In particular, our solution - CyMonD improves current IoT security landscape by enhancing device-level protection against botnets targeting vulnerabilities in Linux system e.g. intrusive root access, abnormal system processes, malware injection etc. It utilizes secure communication, Linux system programming, machine learning and distributed communication technologies to achieve a robust solution for protection against malware targeting IoT devices. Consequently, CyMonD can protect against known and unknown attacks for connected IoT devices such as DDoS, ransomware and data breach etc.