Why machine learning alone can’t secure IoT devices

For the past couple of weeks, security researchers at various universities have been seeking to outdo each other in finding ways to secure Internet of Things devices by leveraging machine learning technologies. However, machine learning is just one of many ingredients needed to truly safeguard all connected devices in a household.

Last week, researchers at Princeton University published a paper showing how they could leverage machine learning to create a real-time IoT DDoS detection tool. The team noted that, to their knowledge, their anomaly detection method was “the first to apply anomaly detection specifically to IoT botnets at the local network level.”

This week, a trio of researchers from TU Darmstadt, Aalto University and Le Quy Don Technical University published similar findings after testing an anomaly detection system based on a Security Gateway and an IoT Security Service, also leveraging machine learning algorithms.

Technicalities aside, the system aptly captures all benign patterns of behavior to differentiate benign conduct from malicious. And it does so with an impressive success rate (96% with 1% false positives) and speed (<0.03 s), the team claims. The paper emphasizes the use of machine learning to achieve these goals, however, as we’ve noted in the past, many more factors must come into play to ensure that IoT devices – and indeed all Internet-connected devices in your home – are truly secured from external threats.

The misconception that machine learning can fix any problem is rooted in the hype generated by the media around these technologies. While it’s more than just a fancy term, machine learning alone isn’t enough to make ends meet and achieve complete cyber resilience.

Inherently insecure

The researchers behind both papers are at least right about one thing. As noted in the latter research, “the ‘rush-to-market’ mentality of manufacturers leads to poor product design practices” and “leaves thorough security considerations often merely an afterthought.”

Smart devices, such as gaming consoles, smart TVs, wireless surveillance systems and baby monitors, are often sold with no sound security function baked in. Many of these products also lack an operating system to support installation of a security solution. And everyone who owns at least one of these devices also owns a smartphone or a tablet, as well as a computer. If we’re going to secure our plethora of connected gizmos, we might as well go all the way.

All-in-one

For all the reasons above, and many others, Bitdefender in 2015 released BOX, a full-fledged home network security appliance that leverages multiple machine learning algorithms (perceptrons, binary decision trees, neural networks, etc.), as well as other technologies (anomaly detection, safe browsing, exploit prevention, botnet and brute-force protection, sensitive data protection) to shield an entire smart-home from threats. Besides IoT devices, BOX safeguards any device connected to the Internet – even when the devices leave the household – by keeping tabs on them from the cloud.

Machine learning is just one of numerous technologies that converge to form an all-in-one solution for guarding connected devices. To truly protect a network, your solution should ideally be capable of making regular vulnerability assessments, where the system continuously scans, identifies and highlights network security flaws.

It also helps to have a central view of the status of every device – i.e. a comprehensive device manager. Last, but certainly not least, for the devices that lack an OS or auto-update mechanism, your IoT watchdog should be able to highlight those devices awaiting a vendor-issued patch.