CA2974604A1 - A method for detecting and isolating infected iot (internet of things) devices; using advanced packets inspection and behavior analytics - Google Patents
A method for detecting and isolating infected iot (internet of things) devices; using advanced packets inspection and behavior analytics Download PDFInfo
- Publication number
- CA2974604A1 CA2974604A1 CA2974604A CA2974604A CA2974604A1 CA 2974604 A1 CA2974604 A1 CA 2974604A1 CA 2974604 A CA2974604 A CA 2974604A CA 2974604 A CA2974604 A CA 2974604A CA 2974604 A1 CA2974604 A1 CA 2974604A1
- Authority
- CA
- Canada
- Prior art keywords
- network
- devices
- data
- packets
- traffic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A method and apparatus for detecting and isolate infected device (internet of thing, (loT)) on a computer network based on network traffic characteristics classification, analysis and profiling. In one form, the apparatus provides authentication and connections of the devices to the computer network. It groups the devices into network segments based on their type or application or data characteristics or profiling, derived from deep packets inspection. In addition, it baselines the individual device data traffic. It also tags all traffic from the device with a unique identifier. It builds a table of device data fingerprint. All devices output data are inspected and profiled, by creating and compares feature and/or hashes and/or code snippets and other charactering identifier. Comparisons are carried out against know devices and applications fingerprint (from the baseline) If there is a fingerprint similarity and other qualifying characteristic match, the device and data will be considered good, tagged and allowed to progress into the network based on security policy applicable to the device type. If there is no match, the data and device will be assumed to be compromised and be blocked. The device itself will be reconfigured and placed in a network segment for further investigation. The mechanism of identifying infected devices based on device output data is predominantly applicable to sandbox architecture (or single application) devices, which is common among mobile and sensor device or Internet of Things (loT) devices, where computing, operating system resources and data are isolated on an application basis. This makes comparison of fingerprint pertinent identifier.
Description
BACKGROUND AND DESCRIPTION
Mobile devices security is the backbone of today's modern enterprise, one that is quickly shifting core business processes to mobile apps and cloud-based services. Just as important is the emerging sensors and micros service single application based system. It is estimated that there will be some 300 million such devices by 2020. They are becoming more and more vital to the workforce and its customer and their protection has become one of critical business importance.
With mobile becoming more and more vital to both your workforce and customers, and yet more and more exposed to attack, largely because of their volume and hardware smalless and simplicity, which limits their availability to host and process complex security applications i.e.
typical virus scanner and malware detectors etc. In addition, because they are relative simple system, it is often difficult to secure or security hardened them.
The Internet of things presents link between objects in the real world and the digital world, which in return enables timely connection from one device or entity to another.
These objects can be managed remotely and can interact with each other as well as collect or sense data from their surroundings and process that data into useful information. With the involvement of loT in smart cars and smart buildings, compromising loT devices can be hazardous to their users' lives. From that perspective, the significance of securing loT devices becomes evident.
However, the heterogeneity of loT devices obstructs the implementation of traditional security. Ergo, the need for communication security mechanisms that evaluates security of loT devices in Real-time is necessary.
In addition, with the introduction of 6LoWPAN binding the threat domain is expanded to now include technologies such as DECT ultra low energy (DECT ULE) and Bluetooth Low Energy (BLE).
This IP-based loT now enables the seamless integration of the physical world into the virtual world represented by our computer systems that are globally connected through the Internet.
The use of IP also fosters the convergence of the early, isolated loT systems mentioned above.
Increasing connectivity and removing the divide between application domains will enable novel applications and business models, ultimately creating a new economy.
loT devices are also not technically complex nor securely hardened. Hence, they can be easily compromised. This invention provides a method and mechanism to ensure data and information integrity by using data profiling and characterization techniques.
Devices, as well as transmitted data, are vulnerable to various security threats. Such threats can be exploited through usage of malicious applications or intercepting communication.
This apparatus:
pg. 2 1) Provides access to the network
Mobile devices security is the backbone of today's modern enterprise, one that is quickly shifting core business processes to mobile apps and cloud-based services. Just as important is the emerging sensors and micros service single application based system. It is estimated that there will be some 300 million such devices by 2020. They are becoming more and more vital to the workforce and its customer and their protection has become one of critical business importance.
With mobile becoming more and more vital to both your workforce and customers, and yet more and more exposed to attack, largely because of their volume and hardware smalless and simplicity, which limits their availability to host and process complex security applications i.e.
typical virus scanner and malware detectors etc. In addition, because they are relative simple system, it is often difficult to secure or security hardened them.
The Internet of things presents link between objects in the real world and the digital world, which in return enables timely connection from one device or entity to another.
These objects can be managed remotely and can interact with each other as well as collect or sense data from their surroundings and process that data into useful information. With the involvement of loT in smart cars and smart buildings, compromising loT devices can be hazardous to their users' lives. From that perspective, the significance of securing loT devices becomes evident.
However, the heterogeneity of loT devices obstructs the implementation of traditional security. Ergo, the need for communication security mechanisms that evaluates security of loT devices in Real-time is necessary.
In addition, with the introduction of 6LoWPAN binding the threat domain is expanded to now include technologies such as DECT ultra low energy (DECT ULE) and Bluetooth Low Energy (BLE).
This IP-based loT now enables the seamless integration of the physical world into the virtual world represented by our computer systems that are globally connected through the Internet.
The use of IP also fosters the convergence of the early, isolated loT systems mentioned above.
Increasing connectivity and removing the divide between application domains will enable novel applications and business models, ultimately creating a new economy.
loT devices are also not technically complex nor securely hardened. Hence, they can be easily compromised. This invention provides a method and mechanism to ensure data and information integrity by using data profiling and characterization techniques.
Devices, as well as transmitted data, are vulnerable to various security threats. Such threats can be exploited through usage of malicious applications or intercepting communication.
This apparatus:
pg. 2 1) Provides access to the network
2) Provides a gateways for all IoT devices to access the network
3) Provides a method and mechanism for tagging all devices on the network packets
4) Captures and inspects the network packets from network devices.
5) Classified and profiled the packets
6) Compare the packets with known good packets, based on a. Application type and expected data, etc.
b. Network, IP, TCP and UDP network por, etc.
c. Packets characterizes (size, etc) d. Network traffic behaviour, volumetric etc.
b. Network, IP, TCP and UDP network por, etc.
c. Packets characterizes (size, etc) d. Network traffic behaviour, volumetric etc.
7) Identifies device type
8) Matches data to devices and compares to know characteristics
9) Assigns device ID tags to packets, where it does not exit.
10) Segments the network (where it does not exits)
11) Applies network and security policies to various network segments where it does not exit.
12) Identifies unexpected network traffic on the network and in the environment
13)
14) Identifies uncharacteristic network traffic from known devices on the network and in the environment
15) Identifies uncharacteristic traffic from known application on the network and in the environment
16) Identifies unusual data from applications and devices on the network and in the environment
17) Identified unknown applications on the network and in the environment
18) Identifies unknown devices on the network and in the environment
19)
20) Take security / protective measures by a. redirecting the device network traffic to segments (policy defined) b. disabling the device access to the network c. flagging the device for inspection d. flagging the application for inspection Additional background / description 1. Sensor Connectivity and Network layer This layer includes sensor network, sensors, actuators, and tags which include RFID and barcodes, and other types of tags as well. This provides sensor connectivity and networking. At the bottom, it starts off with the tags which include RFID and barcodes. Then, on top of it, are sensors and pg 3 actuators. This is a part that has solid state, catalytic, and also gyroscope, photoelectric, GPS, photochemistry, infrared, accelerometers, and things.
The sensor layer is made up of sensors and smart devices, real-time information to be collected and processed. Sensors use low power and low data rate connectivity. This is where we need our wireless sensor network formation to be made such that this sensor information is connected and can be delivered to a targeted location for further processing. Sensors are grouped according to their purpose and data types such as environmental sensors, military sensors, body sensors, home sensors, surveillance sensors, and other things. Also, sensor aggregators, and these are the gateway units, this needs to be provided through networking connectivity.
2. Gateway and Network layer It includes a wide area network, a mobile communication network, a Wi-Fi, Ethernet, gateway control and things like that. Network connectivity is like LAN, local area networking, which is like Wi-Fi and Ethernet. And then for personal area networks which are the smaller scale networks, have on the wired and wireless side. The wireless may include Ultra Wi-Band, UWB, ZigBee, Bluetooth, 6LoWPAN, and any other wired technologies.
At the local area network, there's Ethernet and Wi-Fi, at the Personal Area Network, there's ZigBee, Bluetooth, and 6LowPAN, and other protocols as well. At sensors which do not require connectivity to a LAN gateway may be directly connected to the Internet through a Wide Area Network.
The gateway needs to include micro-controllers, radio communication modules, signal processors and modulators, access points, embedded and operating systems, SIM
modules, encryption, and units like that. On top of it is gateway network which connects the gateways and the sensor information together.
In this domain there are WAN and LAN technologies. The gateway and network layer are layer two, it must support massive volumes of loT data produced by wireless sensors and smart devices. It requires a robust and reliable performance regarding private, public, or hybrid network modules.
In addition, network models are designed to support the communication quality of service requirements for latency, error probability, scalability, bandwidth requirements, security while achieving high levels of energy efficiency meaning that they're low energy consuming.
It is important to integrate different types of networks into a single loT
platform. loT sensors are aggregated with various types of protocols and heterogeneous networks using different technologies, loT networks need to be scalable to efficiently serve a wide range of services and applications over a large scale network where in this large scale network, some parts may have different protocols and different packet types, and different security requirements.
pg. 4 ~Mr ________ _ 3. Management Service layer In management service layer, device modelling configuring and management is a major focus, dataflow management, security control needs to be provided at the management service layer.
Also include:
The OSS, operational support system, includes device modeling, configuration, management, performance management, security management.
The billing support system which includes billing reporting, service analytics platform, this is for statistical analytics, data mining, text mining, in-memory analytics, and predictive analytics.
Management service for security, always needed access control, encryption, identify the accessed.
In addition, BRM, business rules management, rule definition, modeling, simulation and execution. Then there's the BPM, business process management which is in charge of workflow process modeling, simulation, and execution.
The management service layer is in charge of information analytics, security control, process modeling, and device management. The data management side consider both periodic and aperiodic characteristics. On the periodic side, for periodic loT sensor data, this requires filtering because some data may not be needed, but because it's periodically going to be collecting information, there's going to be a lot of information, lot of sensor data that may don't need. Filter those out, choose the ones that do need, and use and actuate, provide control management based upon these types of filter of the information that has something important included inside.
While for aperiodic event triggered loT sensor data, this may require immediate delivery and immediate response.
In addition, data management and data abstraction. On the data management side, this manages data information flow. In addition, information access, integration control all needs to provided at this data management control unit. In addition, data abstraction, information extraction processing is needed. This needs to be used as a common business model because there's going to be so much information, you want to be able to provide an abstract view of the overall data that you actually have.
4.0 Application layer where we have energy, environment, healthcare, transportation, supply chain, retail, people tracking, surveillance, and many, many more endless applications. It looks at the horizontal market, fleet management, asset management, supply chain, people tracking, and surveillance.
pg. 5 In the application layer, various applications from industry sectors can use loT for service enhancement. Applications can be classified based on the type of network availability, the coverage size, the heterogeneity. Also, may classified based on business model like real-time or non-real-time requirements.
The first thing we need to consider is network size, and we're looking at smart home, smart office, smart retail, smart city, smart agriculture, smart energy and fuel, smart transportation, and smart military, smart defense. Once you reach smart city and smart agriculture, you're going into a medium to large size scale. When you reach smart energy and fuel, you're typically entering a large scale network. Also, smart energy and fuel, smart transportation, smart military, well, these are large scale networks that need to be supported.
The basic units that you can see for smart home, smart office, smart retail, are wireless personal area networks, wireless local area networks and also, 3G, 4G mobile communications and the Internet. This is somewhat of a common for all, all different type of application domains. Once you go into smart retail, where in this domain RFID and NFC becomes very important. Also, you can find many usage applications in smart city as well. When you go into smart agriculture, or smart energy and fuel, smart transportation, and smart military, you're dealing with a much, much larger network scale. In this case, mobile communication, wireless LAN or wireless PAN
may not be enough. So satellite communication enters their domain.
In addition for smart energy and fuel, microwave, multihub relay links may be needed and used.
Bandwidth requirements, well, smart home, smart office and smart retail, relatively these are small networks so the bandwidth, the data rate requirements are relatively small. Once you reach smart city, smart transportation and smart military, well, the data rates are much higher, they're the large scale, and they will need broadband bandwidth support. For smart agriculture, smart energy and fuel, well, and for these types of networks, typically, their sensor data units are relatively small and therefore even though they have many modules, many nodes surveying and surveillance a large area.
pg. 6
The sensor layer is made up of sensors and smart devices, real-time information to be collected and processed. Sensors use low power and low data rate connectivity. This is where we need our wireless sensor network formation to be made such that this sensor information is connected and can be delivered to a targeted location for further processing. Sensors are grouped according to their purpose and data types such as environmental sensors, military sensors, body sensors, home sensors, surveillance sensors, and other things. Also, sensor aggregators, and these are the gateway units, this needs to be provided through networking connectivity.
2. Gateway and Network layer It includes a wide area network, a mobile communication network, a Wi-Fi, Ethernet, gateway control and things like that. Network connectivity is like LAN, local area networking, which is like Wi-Fi and Ethernet. And then for personal area networks which are the smaller scale networks, have on the wired and wireless side. The wireless may include Ultra Wi-Band, UWB, ZigBee, Bluetooth, 6LoWPAN, and any other wired technologies.
At the local area network, there's Ethernet and Wi-Fi, at the Personal Area Network, there's ZigBee, Bluetooth, and 6LowPAN, and other protocols as well. At sensors which do not require connectivity to a LAN gateway may be directly connected to the Internet through a Wide Area Network.
The gateway needs to include micro-controllers, radio communication modules, signal processors and modulators, access points, embedded and operating systems, SIM
modules, encryption, and units like that. On top of it is gateway network which connects the gateways and the sensor information together.
In this domain there are WAN and LAN technologies. The gateway and network layer are layer two, it must support massive volumes of loT data produced by wireless sensors and smart devices. It requires a robust and reliable performance regarding private, public, or hybrid network modules.
In addition, network models are designed to support the communication quality of service requirements for latency, error probability, scalability, bandwidth requirements, security while achieving high levels of energy efficiency meaning that they're low energy consuming.
It is important to integrate different types of networks into a single loT
platform. loT sensors are aggregated with various types of protocols and heterogeneous networks using different technologies, loT networks need to be scalable to efficiently serve a wide range of services and applications over a large scale network where in this large scale network, some parts may have different protocols and different packet types, and different security requirements.
pg. 4 ~Mr ________ _ 3. Management Service layer In management service layer, device modelling configuring and management is a major focus, dataflow management, security control needs to be provided at the management service layer.
Also include:
The OSS, operational support system, includes device modeling, configuration, management, performance management, security management.
The billing support system which includes billing reporting, service analytics platform, this is for statistical analytics, data mining, text mining, in-memory analytics, and predictive analytics.
Management service for security, always needed access control, encryption, identify the accessed.
In addition, BRM, business rules management, rule definition, modeling, simulation and execution. Then there's the BPM, business process management which is in charge of workflow process modeling, simulation, and execution.
The management service layer is in charge of information analytics, security control, process modeling, and device management. The data management side consider both periodic and aperiodic characteristics. On the periodic side, for periodic loT sensor data, this requires filtering because some data may not be needed, but because it's periodically going to be collecting information, there's going to be a lot of information, lot of sensor data that may don't need. Filter those out, choose the ones that do need, and use and actuate, provide control management based upon these types of filter of the information that has something important included inside.
While for aperiodic event triggered loT sensor data, this may require immediate delivery and immediate response.
In addition, data management and data abstraction. On the data management side, this manages data information flow. In addition, information access, integration control all needs to provided at this data management control unit. In addition, data abstraction, information extraction processing is needed. This needs to be used as a common business model because there's going to be so much information, you want to be able to provide an abstract view of the overall data that you actually have.
4.0 Application layer where we have energy, environment, healthcare, transportation, supply chain, retail, people tracking, surveillance, and many, many more endless applications. It looks at the horizontal market, fleet management, asset management, supply chain, people tracking, and surveillance.
pg. 5 In the application layer, various applications from industry sectors can use loT for service enhancement. Applications can be classified based on the type of network availability, the coverage size, the heterogeneity. Also, may classified based on business model like real-time or non-real-time requirements.
The first thing we need to consider is network size, and we're looking at smart home, smart office, smart retail, smart city, smart agriculture, smart energy and fuel, smart transportation, and smart military, smart defense. Once you reach smart city and smart agriculture, you're going into a medium to large size scale. When you reach smart energy and fuel, you're typically entering a large scale network. Also, smart energy and fuel, smart transportation, smart military, well, these are large scale networks that need to be supported.
The basic units that you can see for smart home, smart office, smart retail, are wireless personal area networks, wireless local area networks and also, 3G, 4G mobile communications and the Internet. This is somewhat of a common for all, all different type of application domains. Once you go into smart retail, where in this domain RFID and NFC becomes very important. Also, you can find many usage applications in smart city as well. When you go into smart agriculture, or smart energy and fuel, smart transportation, and smart military, you're dealing with a much, much larger network scale. In this case, mobile communication, wireless LAN or wireless PAN
may not be enough. So satellite communication enters their domain.
In addition for smart energy and fuel, microwave, multihub relay links may be needed and used.
Bandwidth requirements, well, smart home, smart office and smart retail, relatively these are small networks so the bandwidth, the data rate requirements are relatively small. Once you reach smart city, smart transportation and smart military, well, the data rates are much higher, they're the large scale, and they will need broadband bandwidth support. For smart agriculture, smart energy and fuel, well, and for these types of networks, typically, their sensor data units are relatively small and therefore even though they have many modules, many nodes surveying and surveillance a large area.
pg. 6
Claims (24)
1. A method for verifying data integrity from devices, based on their type and other characteristic by inspecting their output data
2. A method of verifying data integrity and performing inspection in network data, where a The method comprises:
- Setup for the inspection system, e.g. multiple data streams capture (using various wired and wireless protocols, including IP, Bluetooth, Zig Bee, beacon etc.) - characterizing the packets based on features, applications types, characteristics etc - Selecting a subset for audit and computing the corresponding hash signature - Generating a signature of the bit sequence from the packets - Verifying identified characteristics
- Setup for the inspection system, e.g. multiple data streams capture (using various wired and wireless protocols, including IP, Bluetooth, Zig Bee, beacon etc.) - characterizing the packets based on features, applications types, characteristics etc - Selecting a subset for audit and computing the corresponding hash signature - Generating a signature of the bit sequence from the packets - Verifying identified characteristics
3. A method according to claim 1 to provides access to the network
4. A method according to claim 1 to provide a gateways for all loT devices to access the network
5. Provides a method and mechanism for tagging all devices on the network packets
6. A method according to claim 1 to captures and inspects the network packets from network devices.
7. A method according to claim 1 to classified and profiled the packets
8. A method to compare the packets with known good packets, based on a. Application type and expected data, etc.
b. Network, IP, TCP and UDP network por, etc.
c. Packets characterizes (size, etc) d. Network traffic behaviour, volumetric etc.
b. Network, IP, TCP and UDP network por, etc.
c. Packets characterizes (size, etc) d. Network traffic behaviour, volumetric etc.
9. A method according to claim 1 to Identifies device type
10. A method to matches data to devices and compares to know characteristics
11. A method according to claim 1 to assigns device ID tags to packets, where it does not exit.
12. A method according to claim 1 to segments the network (where it does not exits)
13. A method according to claim 1 to apply network and security policies to various network segments where it does not exit.
14. A method to Identify unexpected network traffic on the network and in the environment
15. A method to Identify uncharacteristic network traffic from known devices on the network and in the environment Pg. 10
16. A method and apparatus to Identifies uncharacteristic traffic from known application on the network and in the environment
17. A method and apparatus to identifies unusual data from applications and devices on the network and in the environment
18. A method and apparatus to identify unknown applications on the network and in the environment
19. A method and apparatus Identify unknown devices on the network and in the environment
20. A method and apparatus to take security / protective measures by a. redirecting the device network traffic to segments (policy defined) b. disabling the device access to the network c. flagging the device for inspection d. flagging the application for inspection
21. A system of claim 1 for verifying network packet and data integrity based on their output data and device and application characteristics
22. A method or system pertaining to claim 1 to 22 implemented as an embedded integrated circuit
23. A method or system pertaining to claim 1 to 22 implemented as an application
24. A method or system pertaining to claim 1 to 22 implemented as an apparatus pg. 11 pg. 12 pg. 13
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2974604A CA2974604A1 (en) | 2017-07-27 | 2017-07-27 | A method for detecting and isolating infected iot (internet of things) devices; using advanced packets inspection and behavior analytics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2974604A CA2974604A1 (en) | 2017-07-27 | 2017-07-27 | A method for detecting and isolating infected iot (internet of things) devices; using advanced packets inspection and behavior analytics |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2974604A1 true CA2974604A1 (en) | 2019-01-27 |
Family
ID=65229101
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2974604A Abandoned CA2974604A1 (en) | 2017-07-27 | 2017-07-27 | A method for detecting and isolating infected iot (internet of things) devices; using advanced packets inspection and behavior analytics |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2974604A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112134875A (en) * | 2020-09-18 | 2020-12-25 | 国网山东省电力公司青岛供电公司 | IoT network abnormal flow detection method and system |
-
2017
- 2017-07-27 CA CA2974604A patent/CA2974604A1/en not_active Abandoned
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112134875A (en) * | 2020-09-18 | 2020-12-25 | 国网山东省电力公司青岛供电公司 | IoT network abnormal flow detection method and system |
| CN112134875B (en) * | 2020-09-18 | 2022-04-05 | 国网山东省电力公司青岛供电公司 | IoT network abnormal flow detection method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Koroniotis et al. | A holistic review of cybersecurity and reliability perspectives in smart airports | |
| Banerjee et al. | A blockchain future for internet of things security: a position paper | |
| Collen et al. | GHOST-Safe-Guarding Home IoT Environments with Personalised Real-Time Risk Control. | |
| Thouti et al. | Investigation on identify the multiple issues in IoT devices using Convolutional Neural Network | |
| CN104246785A (en) | System and method for crowdsourcing of mobile application reputations | |
| Abdelrahman et al. | Mobile network anomaly detection and mitigation: The NEMESYS approach | |
| Santana et al. | A privacy-aware crowd management system for smart cities and smart buildings | |
| Gelenbe et al. | NEMESYS: Enhanced network security for seamless service provisioning in the smart mobile ecosystem | |
| Kebande et al. | Adding digital forensic readiness as a security component to the IoT domain | |
| CN111492635A (en) | Malicious software host network flow analysis system and method | |
| Abualsauod | A hybrid blockchain method in internet of things for privacy and security in unmanned aerial vehicles network | |
| US20210390797A1 (en) | Method, apparatus, and system for providing mobile transportation platform data capture for data analytics | |
| Hemdan et al. | Cybercrimes investigation and intrusion detection in internet of things based on data science methods | |
| US10419318B2 (en) | Determining attributes using captured network probe data in a wireless communications system | |
| Nevavuori et al. | Requirements for training and evaluation dataset of network and host intrusion detection system | |
| Kołodziej et al. | Intelligent Transportation Systems–Models, Challenges, Security Aspects | |
| Ashraf et al. | IoT empowered smart cybersecurity framework for intrusion detection in internet of drones | |
| Gandhi et al. | Bond: Efficient and frugal dl model co-design for botnet detection on iot gateways | |
| Magare et al. | Security and privacy issues in smart city: Threats and their countermeasures | |
| CA2974604A1 (en) | A method for detecting and isolating infected iot (internet of things) devices; using advanced packets inspection and behavior analytics | |
| Kourtis et al. | Leveraging Deep Learning for Network Anomaly Detection | |
| Chen et al. | A wireless multi-step attack pattern recognition method for WLAN | |
| Nguyen et al. | Towards an attention-based threat detection system for iot networks | |
| Hamadi | Artificial Intelligence Applications in Intrusion Detection Systems for Unmanned Aerial Vehicles | |
| Kitchin | Spatial big data and the era of continuous geosurveillance |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Dead |
Effective date: 20190729 |