IoTPredictor: A security framework for predicting IoT device behaviours and detecting malicious devices against cyber attacks

Abstract

Securing Internet of Things (IoT) devices is paramount to mitigate unauthorised access and potential cyber threats, safeguarding the integrity of transmitted and processed data within interconnected devices. Identifying malicious IoT devices necessitates vigilant monitoring of network traffic, behaviour analysis, and implementing security measures, including Anomaly Detection Systems (ADSs), Intrusion Detection Systems (IDSs), and regular firmware updates. Traditional security approaches need to be revised for safeguarding IoT systems due to their inherent limitations in accommodating the resource-constrained nature of these devices.

We introduce IoTPredictor, an advanced security approach designed to predict and detect malicious activities in IoT devices. Leveraging Hidden Markov Models (HMMs), IoTPredictor integrates an ADS to proactively detect and thwart attacks within the complex IoT-fog computing landscape. Our conceptual approach begins with categorising IoT devices into genuine, compromised, and counterfeit. We propose an HMM-based state transition model that captures potential transitions between states, such as normal, compromised, or counterfeit operations. We introduce an algorithm for estimating probabilities associated with next-state predictions to facilitate predictive analysis. Furthermore, we present a formal approach for analysing communications between different states, enhancing the precision of the security framework. To validate the effectiveness of IoTPredictor, we conduct a series of experiments and provide a comprehensive evaluation. The results demonstrate the robustness and efficiency of our proposed security framework in predicting and preventing malicious activities, thereby contributing to the overall security enhancement of IoT devices within the complex IoT-fog computing network.