Anomaly and Intrusion Detection in IoT Networks with Enterprise Scale Endpoint Communication – Pt 2

Derek MooreErica Davis, and Hank Galbraith, authors.

Part two of a series of LinkedIn articles based on Cognitive Computing and Artificial Intelligence Applications

Background

Several high profile incidents of ransomware attacks have called attention to IoT networks security. An assessment of security vulnerabilities and penetration testing have become increasingly important to sufficient design. Most of this assessment and testing takes place at the software and hardware level. However, a more broad approach is vital to the security of IoT networks. The protocol and traffic analysis is of importance to structured dedicated IoT networks since communication and endpoints are tracked and managed. Understanding all the risks posed to these types of network allows for more complete risk management plan and strategy. Beside network challenges, there are challenges to scalability, operability, channels and also the information being transmitted and collected with such networks. In IoT networks, looking for vulnerabilities spans the network architecture, endpoint devices and services, where services include the hardware, software and processes that build an overall IoT architecture. Building a threat assessment or map, as part of an overall security plan, as well as, updating it on a schedule basis allows security professionals and stakeholders to manage for all possible threats to the architecture. Whenever possible, creating simulations of possible attack vectors, understanding the behavior of such attacks and then creating models will help build upon a overall security management plan.

Open ports, SQL injection flaws, unencrypted services, insecure network interfaces, buffer overflow risks, lack of firewall protocols, authorization settings, web interface insecurity are among some of the types of vulnerabilities in an IoT network and devices.

Where is the location of a impending attack? Is it occurring at the device, server or service? Is it occurring in the location where the data is stored or while the data is in transit? What type of attacks can be identified? Types of attacks include distributed denial of service, man-in-the-middle, ransomware, botnets, spoofing, account penetrations, etc.

Business Use Case

For this business use case research study, a fictional company was created. The company is a national farmland and agricultural cooperative that supplies food to local and state markets. Part of the company’s IT infrastructure is an IoT network that uses endpoint devices for monitoring and controlling temperature, humidity and moisture for the company’s large agricultural farmlands. This network has over 2000 IoT devices in operations on 800 acres. Any intrusion into the network by a rogue service or bad actor could have consequences in regards to delivering fresh produce with quality and on time. The network design in the simulation below is a concept of this agricultural network. Our team created a simulation network using Cisco Packet Tracer, a tool which allows users to create and simulate package traffic throughout a computerized network at multiple ISO levels.

Simulated data was generated for using the packet tracer simulator to track and build. In the simulation network below using multiple routers, switches, servers and IoT devices for packets such as TCP, UDP, RIPv4 and ICMP, for instance.

Network Simulation

Below is a simulation of packet routing throughout the IoT network.

Cisco Packet Tracer Simulation for IoT network.  Packet logging to test anomaly detection deep learning models.

Problem Statement

Our fictional company will be the basis of our team’s mock network for monitoring for intrusions and anomaly. Being a simulated IoT network, it contains only a few dozen IoT enabled sensors and devices such as sprinklers, temperature and water level sensors, and drains. Since our model will be designed for large scale IoT deployment, it will be trained on publicly available data, while the simulated data will serve as a way to score the accuracy of the model. The simulation has the ability to generate the type of threats that would create anomalies. It is important to distinguish between an attack and a known issue or event (see part one of this research for IoT communication issues). The company is aware of those miscommunications and has open work orders for them. The goal is for our model is to be able to detect an actual attack on the IP network by a bad actor. Although miscommunication is technically an anomaly, it is known by the IT staff and should not raise an alarm. Miscommunicating devices are fairly easy to detect, but to a machine learning or deep learning model, it can be a bit more tricky. Creating a security alarm for daily miscommunication issues that originate from the endpoints, would constitute a prevalence of false positives (FP) in a machine learning confusion matrix.

No alt text provided for this image

A running simulation

Project Significance and Implementation

In today’s age of modern technology and the internet, it is becoming increasingly more difficult to protect enterprise networks against malicious attacks. Not only are malicious actors becoming more advanced with the methodologies of their attacks, but also the number IoT devices that live and operate in a business environment is ever increasing. It needs to be a top priority for any business to create an IT business strategy that protects the company’s technical architecture systems and core intellectual property. When accessing all potential security weakness, you must decompose the network model and define trust zones within the IoT architecture.

This application was designed to use Microsoft Azure Machine Learning analyze and detect anomalies in large data sets collected from all devices on the business’ network. In an actual implementation of this application, there would be a constant data flow running through our predictive model to classify traffic as Normal, Incorrect Setup, Distributed Denial of Service (DDOS attack), Data Type Probing, Scan Attack, or Man in the Middle. Using a supervised learning method to iteratively train our model, the application would grow increasingly more cognitive, and accurate at identifying these network traffic patterns correctly. If this system were to be fully implemented, there would need to also be actions for each of these classification patterns. For instance, if the model detected a DDOS attack coming from a certain device, the application would automatically send shutdown commands to the device, thus isolating it from the network and containing the attack. When these actions occur, there would be logs taken, and notifications automatically sent to appropriate IT administrators and management teams, so that quick and effective action could be taken. Applications such as the one we have designed are already being used throughout the world by companies in all sectors. Crowdstrike for instance, is a cyber technology company that produces Information Security applications with machine learning capabilities. Cyber technology companies such as Crowdstrike have grown ever more popular over the past few years as the number of cyber attacks have increased. We have seen first hand how advanced these attacks can be with data breaches on the US Federal government, Equifax, Facebook, and more. The need for advanced information security applications is increasing daily, not just for large companies, but small- to mid-sized companies as well. While outsourcing information security is an easy choice for some companies, others may not have the budget to afford such technology. That is where our application gives an example of the low barrier to entry that can be attained when using machine learning applications, such as Microsoft Azure ML or IBM Watson. Products such as these create relatively easy interfaces for IT Security Administrators to take the action into their own hands, and design their own anomaly detection applications. In conclusion, our IOT Network Anomaly Detection Application is an example of how a company could design and implement it’s own advanced cyber security defense applications. This would better enable any company to protect it’s network devices, and intellectual property against the ever growing malicious attacks.

Methodology

For this project, our team acquired public data from Google, Kaggle and Amazon. For the IoT model, preprocessed data was selected for the anomaly detection model. Preprocessed data from the Google open data repository was collected to test and train the models. R Studio programming served as an initial data analysis and data analytics process to determine Receiver Operating Characters (ROC) and Area Under the Curve (AUC) and evaluate the sensitivity and specificity of the models for scoring the predictability of the response variables. In R, predictability was compared between with logistic regression, random forest, and gradient boosting models. In the preprocessed data, a predictor (normality) variable was used for training and testing purposes. After the initial data discovery stage, the data was processed by a machine learning model in Azure ML using support vector machine and principal component analysis pipelines for anomaly detection. The response variable has the following values:

  • Normal – 0
  • Wrong Setup – 1
  • DDOS – 2
  • Scan Attack – 4
  • Man in the Middle – 5

The preprocessed dataset for intrusion detection for network-based IoT devices includes ultrasonic sensors using Arduino microcontrollers and Node MCU, a low-cost open source IoT platform that can run on the ESP8266 Wi-Fi Module used to send data.

The following table represents data from the ethernet frame which is part of the TCP/IP packet that is transmitted from a source device to a destination device for network communication.  The following dataset is preprocessed according to the network intrusion detection based system.

The following table represents data from the ethernet frame which is part of the TCP/IP packet that is transmitted from a source device to a destination device for network communication. 

Source:  Google.com

Source: Google.com

In the next article, we’ll be exploring the R code and Azure ML trained anomaly detection models in greater depth.

Designing and Building a Self-Driving Car – Part 4

Topics:  The many lessons of Pulse Width Modification or “Where have I seen this before?” Thoughts on Motor Speed and where to look for inspiration for a project.

This blog will be about the many lessons one learns throughout his or her life – and boy! have I’ve learned many!  In college I took electrical and electronics engineering courses, but one of the biggest lessons learned were not about resistors, capacitors, or Kirchhoff’s Voltage Law, or transistors; it was: ” You will forget what you learn quickly, if you don’t apply it in practice.”  This is the lesson that I intend to instill in my child throughout this project.

My “Parent’s Guide” tip is to create a project that will continuously reinforce the concepts that you will be using for the project.  The best way, in my opinion, to do this is to have a project that will last many months (or in years in my case).  Take a detour now and then to do a science fair or demonstration in from of the grandparents, science clubs and assortment of friends; in between boy scouts, or girl scouts, baseball, volleyball, tennis, swimming, or the myriad of activities children do throughout their lives, you need one project that is consistent and continuous and big for which they can take into college or whatever the next big step in their lives will be.

Learned about pulse modifications throughout my education.  First in an electronics lab course in 1993, and again in 1997 and 1999.  When I began working on the autonomous car project with my child, we began working on the PWM circuit for the electric motor that was to go into the car.  I forgot how it worked or what it would take to build this circuit.

The morale is working on a project such as this she help to continuously reinforce concepts of STEM throughout a child’s life and should not just be about getting it done!

We decided to create multiple prototypes (4), varying in difficulty, size, configuration and purpose.

Prototype 1:  Will be the an simplified Arduino and RaspberryPi prototype built for the sole purpose of controlling a DC Motor and a Servo with OpenCV and a RaspberryPi camera.  It’s a non-functional RC model.

IMG_2630[1]

Prototype 2:  Will be a workable RC Car that will do everything that Prototype 1 will do, but will have a Brushless motor with ESC and will move.

IMG_0849

Prototype 3:  Will be a 3D printed model designed in Bender and then 3D printed.  This prototype will better emulate an “actual car”.  It will have all the essentials such as a transmission, steering, suspension, differential, axle, etc.  It will not have all the other things a car has that have nothing to do with power, acceleration or steering.  I will be a working model with an actual brushless motor, computers and microcontrollers.  It will not have cameras, but will be operated by a dataset from actual road video.

2019-10-29_16-56-33

Figure 1:  Blender open source design software

Prototype 4:   An actual gasoline car rebuilt into an electrified self-driving car.  My hope is to rebuild an old Geo Metro.  But the chances are a little small at this point, because Geo Metros all over the country are being snapped up to convert to electric.  The advantages of rebuilding an electric car using a Geo Metro are:

  1. They’re cheap.  Many have bad engines which make them even cheaper.  You could find one from $300 to $1500.
  2. They’re lightweight.  Geo Metros are three cylinder and don’t have all the stuff that weights modern cars down.
  3. The shape is conducive to the space you would need for an electric car.  Since the car that I’m building will also contain computers and other mechanisms to make it self-driving, the hatchback is particularly attractive.

 

Chevrolet_Metro_hatchback_rear

 

Parent’s Guide to Designing and Building a Self-Driving Car with Their Kids – Part 3

“It’s not the destination, it’s the Journey…” 

I suspect building a full-size self-driving car seems like a momentous task – and it is.  But a few things we have going for us.  As I stated in my previous blog, autonomous (self-driving) cars have a lot of the STEM aspects you want to instill in your child – math, science, electronics, and technology.  So even if you don’t finish this, those subjects will take your child far.

A few things I would recommend is building a design for you car.  The cheapest way of designing anything is using a Computer-Aided Design (CAD) software.  For me, this is Autodesk® AutoCAD® 2017.  It’s a great software package, but a little on the pricey side.  There are also plenty of open source CAD software packages available.  The nice thing about AutoCAD is that i comes with an add-on called Autodesk EAGLE, which is a electronics schematic design tool.  Inevitably, there will be some electronic circuits required to build the prototype and eventually the actual car, so having an electronics design tool will be very helpful.

2019-09-02_7-25-46

Autodesk EAGLE, a electronics design tool

I alluded this earlier in one of my blogs, but you will want to build a prototype that makes it easier for kids to learn about the curriculum and about the subject matter involved. A prototype has a smaller budget an can be a much smaller than the eventual final product.  In my case I took apart one of my child’s toys and hooked it up to a RaspberryPi and Arduino (see Part 2 for more info).

Having a cash budget and setting design limitations on the car will take out a some of the risk of a venture such as this.  For instance, our stated goal was to create a car that would not have an occupant riding inside of it, nor would it be on any public roads. This would not require us to get specific permits or spend heavily on safety features of the car. Before building anything large, my recommendation is to have the following:

  1. A budget.  My budget is going to be around $15,000 adjusted for inflation.
  2. A goal statement or what you want to achieve that makes the project a successful learning experience.
  3. design goals.  The must haves to achieve the goal you want.
  4. If you want to get really crazy, an actual project plan.

We actually plan to create multiple prototypes, as our skills increase, so will the quality and “coolness” of our design.  This RC car we plan to use for our second prototype:

IMG_0849

The body of the prototype II car will a Porsche.  Prototype I is almost done 🙂 !

IMG_0851

The internal frame of prototype II car.  Once completed, it will have cameras, computers, and motors.  There will be other devices as well to help with autonomy.

Parent’s Guide to Designing and Building a Self-Driving Car with Their Kids – Part 2

“The two biggest challenges with this project is: 1) Getting your kids more interested in the project over their video games. 2) Convincing your child’s science teacher they did most of the work for the school science fair”

Before I start delving into the technical rigors of building a self-driving car.  I want to talk about kids.  As parents, we want our kids to be excited about things we get excited about.  When I thought up this project, I realized it was above what a fifth grader could do.  A self-driving car involves a multitude of technical subjects:  Advanced calculus, statistics, probability, linear algebra, deep learning, machine learning, electronics, computer science, telemetry, data science, mechanics, physics,…These are subjects kids are not expected to be good at.  But, I thought to myself  “It’s about the Journey…”.

As a parent, I want to expose my kids to STEM (Science, Technology, Engineering, Math).  This project is STEM³, meaning, it’s several factors above what is typically taught in grade school level STEM curriculum.  So how do you incorporate this into a child’s STEM education without frustrating your child and yourself in the process?

Divide things up into simpler lessons

So when my child and I started thinking about building a self-driving car, we started small.  We converted a radio controlled car into a self driving robot using the following components:

  1. Raspberry Pi 3 microcomputer.
  2. Arduino Microcontroller
  3. OpenCV computer vision software.
  4. Chassis of an old RC car.
  5. Electric 9V Motor

We then said, “What are the major components that a self-driving car would need”.  What we listed were:

  1. A Motor
  2. Steering
  3. A computer
  4. A camera

Doing our research into companies like Waymo, Google, Volvo, Tesla among others who are investing millions into autonomous technology, we began learning that among these pioneering companies are a community of tinkerers who are using open source code and open hardware to build autonomous RC cars.  Many of whom are blogging about it.  To learn more about these communities, I recommend the blog series. Becoming Human AI.  

With then focused on specific topics, that children could research and learn about.

  1. For the Motor: Pulse Width Modification.
  2. For the Steering:  Controlling sweeper servo moters.
  3. For the Computer:  Programming Raspberry PI with Python.
  4. For the Camera:  Using OpenCV for image processing.

School Science Fair Skepticism

When we attended my child’s science fair, we had spent weeks going over Pulse Width Modification, which is a way to control an electronic motor speed and building a sweeper motor for our prototype RC autonomous car.  We stuck on a Raspberry PI 3 computer which is basically a very cheep microcomputer that you can program and load up with an open source software package called OpenCV.  OpenCV  can detect images from a camera be recognize what that object is at least detect things in an image.  When we were done our science fair project looked like this:

 

IMG_2630[1]

We spent weeks putting this together, and I made certain my child understood each component in the car and had the knowledge to talk about it.  What I quickly noticed was among the baking soda volcanoes, and the dyed flower petal experiments, was a lot of skepticism that a fifth grader could put something like a “self driving robot”-thingy  together.

My child put the poster together and did all the calculations as I stood by and asked “So what can you include from those findings?”  The scientific method, which is the most important tool in science, was reiterated throughout the experiment:

  1. What are observations?
  2. What is your hypothesis?
  3. What methodology did you use?
  4. What is your experiment?
  5. What were you conclusions (what did you learn)?

This is what needs to be the basis for a child’s work in STEM projects in order for him or her to learn from the successes and failures of doing science and technology.

IMG_2635[1]

The picture above is my child’s science fair poster.  We worked pretty hard on it.  But my child did all of analysis and calculations and took all of the notes and typed it up.  I gave him a test to make certain that he understood everything.  The goal wasn’t to win (he didn’t) it was to get him interested in science and technology and show him that there are others that are excited as well…And many people were!

 

 

 

Parent’s Guide to Designing and Building a Self-Driving Car with Their Kids – Part 1

I was never really a “car” guy.  I always saw them as transportation from point A to point B.  I’ve abhorred walking into a car dealership to negotiate car purchases; and as a parent, keeping my car clean seemed like an constant battle.  Driving long distances, even if the car was clean, was especially arduous for me.  America is a huge country, so driving from my home in North Carolina to South Carolina or Tennessee is a five to seven hour odyssey without any of reward or enlightenment.

However, I was always enjoyed NASCAR (being from North Carolina), and I enjoyed watching YouTube videos of DIY rebuilders who take wrecks of cars and give them a new life.  So when I first learned about self-driving cars and the amount of tech and data that goes into making these autonomous machines, I started to take notice…

In this series, I will be discussing all the successes, failures and lessons learned building a life-size self-driving car…with my sons.  Subscribe and follow me on my blog to see how we’re doing.  I suspect it will be years before we are done (or give up) with it all.  It’ll be a lesson on how to build it, but also how to get your kids excited by a challenging STEM project.

Stay Tuned!!