In recent years, the use of Internet of Things (IoT) is continuously expanding, while IoT systems are encountered in applications from different domains, like smart cities, industry, agriculture, etc. IoT involves billions of connected devices, which can send and receive data through the internet. Although this interconnection is highly beneficial, it also makes IoT vulnerable to cyberattacks, challenging the security of such systems. In the IoT-NGIN project, a Malicious Attack Detector (MAD) is created with main aim to protect the IoT systems from attacks. MAD utilizes a Generative Adversarial Network (GAN) based model to firstly learn the poisoning datasets and then detect the malicious activities. 

What are Generative Adversarial Networks (GAN)?

Generative adversarial networks (GAN) are a type of neural network architecture for generative modelling. The GAN architecture was first introduced by Ian Goodfellow, et. al in the article “Generative Adversarial Networks” in 2014. GAN models are used for unsupervised learning, based on a 2-player game-theoretic scenario. The purpose of a GAN model is to learn the distribution and the patterns of the training data, in such a way that the model can generate new data with the characteristics of the training data. 

Practically, a GAN model is composed of two neural network models, the Generator and the Discriminator. The Generator is trained to produce believable fake data, while the Discriminator distinguishes the data as either real, from the domain, or fake, generated from the generator. Those two models compete with each other, since the Generator attempts to deceive the Discriminator, and the Discriminator tries not to be deceived.  

GANs are an exciting field, promising to generate realistic examples across a range of domains, such as in image-to-image translation task, generation of synthetic 2D and 3D objects or even for the generation of synthetic training data for ML models, in case the amount of data is insufficient for training. GAN models can be a successful candidate for anomaly detection, like fraud identification or malicious attack detection, when an adversarial attack is performed by hackers. 

Why is malicious attack detector (MAD) needed in IoT?

Commonly, IoT networks contain many portable devices, like sensors, which are connected and communicate with each other, exchanging information everywhere, without any human intervention. The increasing scale of IoT networks as well as the fact that IoT devices are connected to the Internet, carrying private information, makes those systems vulnerable to multiple security threats. Therefore, the cybersecurity of IoT devices is of great concern. Cybersecurity is referring to all these methods that can be used to protect networks, systems and programs from digital attacks. Cyberattacks in IoT networks aim to access the IoT devices, alter or destroy the private data and the shared models.

The majority of attacks are executed by malicious nodes; therefore, the detection of those malicious nodes in IoT networks is crucial. Without appropriate security measures, IoT systems are subject to vulnerabilities and IoT nodes can be harmed by malicious attacks. To protect the security of IoT networks in IoT-NGIN, MAD will be developed and integrated in the system to identify the malicious nodes. The development of effective MAD modules is extremely challenging since the attackers are becoming more and more innovative. The IoT-NGIN MAD module will be efficient, accurate and able to detect malicious nodes in real time. 

What can GAN do about MAD?

To identify attacks and detect abnormal behavior of IoT devices and networks, machine learning models are utilized as powerful techniques for this purpose. Traditional supervised methods, like Support Vector Machine (SVM) and Decision Trees are used to classify normal and attack traffic, which indicates abnormalities. However, it is very common that the number of anomalous samples, namely attacks, are largely rarer than normal, leading to decision bias of these models. GAN models are able to successfully handle this case. Specifically, the strong generative ability of GAN models gives them the opportunity to learn the distribution of normal data and identify the abnormal data. 

Moreover, the GAN models can generate many different attacks, including also previously unidentified attacks, which would not normally be present in the dataset. Therefore, the GAN methods are very powerful in system cybersecurity, where unforeseen attacks and threats are regularly being developed. The exploitation of GAN allows the prediction of future attacks before they are even perceived in attackers’ mind. 

The IoT-NGIN MAD will exploit the advantages of GAN models to detect cyberattacks in IoT networks, by performing training on network logs, which will contain both normal activities and attacks, as well as on other poisoning datasets, including malignant activities for IoT systems.