Melody Moh and Robinson Raju
Today, IoT devices are ubiquitous and have pervaded almost every sphere of our lives, ushering an era of smart things:
To get a better understanding of the scale of IoT, here are some numbers for review:
Now, if the focus shifts to the amount of data that gets generated, one gets a glimpse of the dawn of the zettabyte era [7]. To put a zettabyte into perspective, 36,000 years of high‐definition television video would be the equivalent of one zettabyte.
While previous chapters talked about the ubiquitousness of IoT, the amount data generated, and the technologies used, this chapter focuses on the type of data that is transmitted and the security and privacy implications of this. Ubiquitousness is a double‐edged sword. The reach is higher and more widespread than human comprehension, but so is the vulnerability. Hence security and privacy implications of a system that has myriads of devices manufactured independently and communicating using different protocols and generates zettabytes of data are broad and deep. Cisco's whitepaper on Global Cloud Index [6] talks about the types of data in the cloud. A total of 7.6% of documents in file‐sharing services contain confidential data. Personally identifiable information (e.g., Social Security numbers, tax ID numbers, phone numbers, addresses, and so on) follows this at 4.3% of all documents. Next, 2.3% of documents contain payment data (e.g., credit card numbers, debit card numbers, bank account numbers, and so on). Finally, 1.6% of documents contain protected health information (e.g., patient diagnoses, medical treatments, medical record IDs, and so on).
As IoT usage grows, the amount of data uploaded to the cloud by IoT systems far exceeds that done by users. Because IoT data is on the cloud and IoT devices have connectivity to the Internet, they become vulnerable to attacks of different types. In fact, more often than not, we read about breaches on a daily basis:
As per Cybercrime report in 2016 [14], cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.
A review of the 2015 IBM Point of View on IoT security [15] shows threats at multiple points in the IoT ecosystem and protections that are applicable at every layer (see Figure 10.1).
In most of the scenarios just described, hackers were able to do the most damage when they gained access to sensors like baby monitors or pacemakers. So, it is critical to have sensors protected and monitored so that one can either prevent the intrusion or alert the user when there is one, in the fastest possible time. The possible threats at the sensing layer are the following:
The availability, manageability, and scalability of the network are crucial for the operation of IoT. If the monitoring applications are not able to get data in time, IoT devices are rendered useless. Hence, hackers target networks more often to cripple the effectiveness of smart systems. Attacking the network by sending a lot of data at once to congest the network and pave the way to denial of service attacks is very common.
The service layer acts as a bridge between the hardware layer at the bottom and the interface layer at the top. An attack on the service layer impacts critical functions such as device management and information management, leading to the end users not being serviced. Privacy protection, access control, user authentication, communication security, data integrity, and data confidentiality are vital aspects of service layer security.
In many ways, the interface layer is the most vulnerable part of the IoT ecosystem because this layer is at the top and is a gateway to all the other layers below. If there is a compromise in the authentication and authorization mechanisms of the interface, the ripple effects could permeate to the edge. The end user is a possible attack mechanism since attackers could gain sensitive information via phishing or other similar attacks. The web and the app interfaces can be subject to frequent attacks like SQL injection, cross‐site scripting, known default credentials, insecure password recovery mechanism and so forth.
OWASP (Open Web Application Security Project) has a very neat summarization of the attack surface areas for IoT [16] and is a handy reference (see Table 10.1).
Table 10.1 OWASP IoT attack surface areas.
Attack surface | Vulnerability |
Ecosystem Access Control |
|
Device Memory |
|
Device Web Interface |
|
Device Firmware |
|
Device Network Services |
|
Administrative Interface |
|
A 2015 report of Internet of Things research study [17] done by Hewlett Packard reported that 80% of devices raised privacy concerns. Many devices collect some of the other form of personal data such as name, address, date of birth, payment information, health data, light and sound information from home, activities within a home, and so forth (Figure 10.2). Most of these devices are transmitting data within the home network in an unencrypted fashion, and since data go out from home into the cloud, most people are just one misconfiguration away from exposing the data to the outside world. The report found that, on average, 25 vulnerabilities were found per device, totaling 250 vulnerabilities.
An article in FastCompany by Lauren Zanolli [18] talks about IoT being a “Privacy Hell.” Another article in Wall Street Journal [19] talks about IoT opening up new privacy litigation risks. Italian retailer Benetton was boycotted for having RFID tracking in clothes [20]. There was a sense of real urgency in FTC report on IoT in Jan 2015 [21] that asked companies to adopt best practices to address consumer privacy and security risks. There has been much research into security aspects of IoT, and most of them have been a continuation of security challenges with networking and routing. In comparison, the research into privacy issues has been decidedly less.
Privacy is a comprehensive term, and historically it has meant media, place, communication, body privacy. Today, the term is increasingly used to mean information privacy. Privacy was defined by Westin in 1968 as “the claim of individuals, to determine for themselves when, how, and to what extent information about them is communicated” [22].
Ziegeldort et al. in their paper on privacy in IoT [23], concretized the definition as follows. Privacy in the Internet of Things is the threefold guarantee that addresses these subjects:
Ziegeldort et al. [23] also defined a reference model to quickly understand and analyze the privacy concerns regarding anything that is interconnected anywhere via a network. The reference model contained four main types of entities: (i) smart things; (ii) subject; (iii) infrastructure; and (iv) services. It includes five types of information flows: (i) interaction; (ii) collection; (iii) processing; (iv) dissemination; and (v) presentation.
Ziegeldort et al. [23] also categorized the privacy threats (see Figure 10.3) into the following: (i) identification; (ii) localization and tracking; (iii) profiling; (iv) privacy‐violating interaction and presentation; (v) lifecycle transitions; (vi) inventory attack; and (vii) linkage.
Identification is the threat of associating an identifier, e.g., a name and address, with an individual. It also enables and aggravates other threats, e.g., profiling and tracking of people.
Localization and tracking is the threat of determining and recording a person's location through time and space. Since localization is an essential functionality in many IoT systems, the data are fetched by most applications. However, this leads to disclosure of private information such as illness, vacation plans, work schedules, and so forth.
Profiling is the threat of categorizing individuals into groups by using data from IoT devices. Personalization in e‐commerce, e.g. recommender systems, newsletters, and advertisements use profiling methods to optimize and to give targeted content. Examples, where profiling leads to a violation of privacy, are price discrimination, unsolicited advertisements, social engineering, or erroneous automatic decisions, e.g., by Facebook's automatic detection of sexual offenders. Also, several data marketplaces collect and sell profile information.
Privacy violating interaction is the threat of communicating private information in such a manner that it gets disclosed to an unwanted audience. For example, someone wearing a smartwatch and traveling in a public transit could inadvertently let strangers read their SMSes since the messages pop up on the watch screen as they come in.
When smart things undergo upgrades, configurations and data are backed up and restored. In the process, sometimes, wrong data can end up in the wrong device, leading to a privacy violation, e.g. photos and videos on one device available on another.
Since smart things are queryable on the Internet, hackers can query devices to compile an inventory of things at a specific location, such as whether a home contains a smart meter, smart thermostat, smart lighting, and so forth.
Linkage is a threat where one gathers insights about a subject by combining data from different sources, collected in different contexts. The revelation might be erroneous, and users may not have given permission to do this.
In summary, privacy is a critical issue in IoT devices and needs to be handled promptly from the manufacturing to deployment at every layer in the IoT ecosystem.
A denial of service (DoS) attack is a cyberattack where an attacker makes a network resource unavailable by interrupting services of a machine connected to the Internet. It is typically accomplished by flooding the target machine with fake requests in order to overload the system. A distributed denial of service (DDoS) attack is one that uses multiple network resources as the source of the attack. A DDoS is mainly intended not only as a method to multiply the capabilities of a single attacker but also to conceal the identity of the attacker and thwart mitigation efforts. Most botnets use compromised computer resources without the owner's knowledge. In the CIA (confidentiality, integrity, availability) triad of information security, DDoS attack falls in the availability category. Figure 10.4 depicts how an attacker could initiate one attack and transform it into a multitude of attacks on a victim [24].
Though the motivations for DDoS can be multiple – extortion, hacktivism, cyberterrorism, personal vendetta, business rivalry, etc. – the impact is very severe in many instances. It can cause damage to reputation, huge revenue loss, and tens of thousands of hours of lost productivity. The scale of DDoS attacks has continued to rise over recent years, by 2016 exceeding a terabit per second.
The most recent DDoS attack on Dyn [26] was made possible by the large number of unsecured IoT devices, such as home routers and surveillance cameras. The attackers employed thousands of such devices that had been infected with malicious code to form a botnet. The devices themselves were not powerful, but collectively they generated a massive amount of traffic to overwhelm targeted servers. The moment someone places a device on the Internet without changing the default password, it gets added to the army of vulnerable machines used for DDoS attacks. A report from welivesecurity.com [27] mentions that ESET tested more than 12,000 home routers to find 15% of them being unsecured. In the article “10 things to know about October 21 IoT DDoS attack” [28], Stephen Cobb lists default password as the leading cause. A mashable.com report in 2014 [29] mentions that 73,000 webcams were discovered in the Internet because people did not change default passwords.
To summarize, one could attribute the success of recent DDoS attacks despite decades of research and tools to mitigate, to the following:
As mentioned, in many instances above, IoT devices are growing at an alarming pace, and it is imminent that the devices be made secure. The attacks increasingly have a crippling effect on the economy and have become the new currency of global warfare. With this in mind, the US Senate introduced legislation in August 2017 [30] to improve the cybersecurity of IoT devices.
Specifically, if enacted, the Internet of Things (IoT) Cybersecurity Improvement Act of 2017 [31] would:
The overarching strategy to secure IoT devices should be twofold: reduce the number of devices that can be abused and convince the would‐be attackers like hacktivists on the gravity of the situation. Also, there needs to be a global strategy to punish the guilty. There have been multiple efforts to reduce the number of devices that can be abused. The Cybersecurity Improvement Act mentioned above, alerts sent out by the Department of Homeland Security, WaterISAC's 10 Basic Cybersecurity measures [32], are few initiatives from the government toward this. Here are the top four actions recommended by US‐CERT [33] in the wake of the latest attacks:
Machine learning, a term coined by Arthur Samuel, an American pioneer in the field of computer gaming and artificial intelligence [34], is the science of getting computers to learn and act without being explicitly programmed. The idea behind machine learning is to have an algorithm that can analyze data, identify patterns, and create a model that the machine could use to analyze data that it has not seen before. As systems provide more data to it, the algorithm learns continuously and will be able to produce reliable decisions repeatedly. In the past decade or so, with the increase of computing power and development of systems like Hadoop to do massive data processing at a short period, machine learning has pervaded many things that people use. From speech recognition, image recognition, fingerprint scanning, to self‐driving cars, machine learning is used almost everywhere and is arguably the most impactful invention in recent times.
There are many machine‐learning algorithms used in a variety of scenarios. Broadly, they could be categorized either by the nature of learning available to the system or by the desired output.
Depending on the nature of the learning, machine‐learning algorithms can be categorized as follows [35]:
Depending on the desired output, machine‐learning algorithms can be categorized as follows:
In this section, we briefly touch on the most commonly used machine‐learning (ML) algorithms [36], and this would help get a better context for the review of machine‐learning algorithms utilized for IoT.
In many instances, a single type of algorithm may not be able to give optimal results due to the variety of the types of data or other reasons. In these cases, different algorithms are combined to give more accurate predictions than individual models.
Artificial neural networks (ANNs) are computing systems that model neural networks and brain in humans. ANN contains units called neurons. Neurons are connected to each other via synapses and communicate signals to each other. Each neuron receives inputs from other neurons connected to it and computes an output to be transmitted upstream. Each input signal has a corresponding weight, and the neuron applies a function to the weighted sum of the inputs it gets. Feed forward neural networks (FFNN), also known as multilayer perceptrons (MLP), is the most common type of neural networks in practical applications. There are other types of ANNs such as CNN (convolutional neural network), RNN (recurrent neural network), DBN (deep belief network), TDNN (time delay neural network), DSN (deep stacking network) and so forth.
The main ingredient in an ML system is data. With the spread of IoT, there is a massive amount of data that gets generated on a daily basis, and this is a goldmine for machine learning. The adoption of supervised and unsupervised machine‐learning techniques in IoT smart data analysis is broad. All of the smart things discussed in Section 10.1.1 – smart homes where appliances, lights, and thermostat connect to the Internet [1], smart medical appliances that not only monitor remotely but also administer medicines [2], smart bridges that have sensors to monitor load [3], smart power grids to detect disruptions and manage distribution of power [4] and smart machinery in industries that have embedded sensors in machinery to increase worker [5] – would be using or have the potential to use machine learning in some form or the other.
There are many concrete examples where machine learning saved millions of dollars for corporations:
In this section, we summarize the machine‐learning algorithms that could be used for various use cases for different domains. The data are a summarization of information from examples above and also from papers Machine Learning for Internet of Things Data Analysis: A survey from Mahdavinejad et. al. [41] and Unlocking the Value of the Internet of Things (IoT) – A Platform Approach by Misra et. al. [42].
Healthcare systems in hospitals and at home have sensors to monitor patients or surrounding. Some metrics that could use machine learning could be remote monitoring and medication, disease management, and health prediction.
Readings from smart meters for electricity, water, or gas could be used for usage prediction, demand supply prediction, load balancing, and other scenarios.
Many industries have sensors on equipment for continuous monitoring, mechanisms to track production volumes and security systems to continuously monitor. So, the metrics to optimize would be to diagnose problems when they occur, very quickly, to predict failure so that evasive action could be taken, detect security breaches into the facility or theft of goods.
Insurance companies would be interested in knowing what kind of cars or profiles of people are more likely to be connected with accidents. The usage pattern could be obtained by sensors in the cars. They could use that information to charge appropriate insurance premiums. Machine learning could be applied to obtain home or car usage pattern, prediction of property damage, remote assessment of damage, and so forth.
Traffic is a very important metric to be monitored, especially in big cities. Traffic data could be obtained via sensors in cars, data from mobiles phones, tracking devices on people, and so forth. Machine‐learning algorithms could be used to predict traffic, identify traffic bottlenecks, detect accidents or even predict accidents.
In a smart city, it is essential to optimize facilities for citizens. Based on data from smartphones, ATMs, vending machines, traffic cameras, bus/train terminals or other tracking devices, and machine‐learning algorithms can predict the travel patterns of people, density of population at certain places, predict abnormal behaviors, forecast energy consumption, forecast needs for public infrastructure like housing, transportation, shopping, and more.
Smart homes are one area where IoT devices have increased multifold in the past decade. They are equipped with smart meters to monitor energy, devices like Nest and Ecobee to control temperature automatically and remotely, smart bulbs like Philips Hue that could be automated and controlled remotely, smart switches, fitness bands, smart locks, security cameras, and so forth. Multiple sensors and the amount and quality of generated data can be harnessed by machine‐learning algorithms to provide valuable insights like occupancy awareness, intrusion detection, gas leakage, energy consumption prediction, television viewing preferences and prediction, and so forth.
As the demand for food increases with rise in population, large‐scale farms are beginning to use sensors in the fields, drones to take pictures, and other IoT devices to be able to optimize resource usage, detect crop diseases faster, and predict production. AgTech (agriculture technology) is a growing field of active research.
In many ways, machine learning and IoT have a symbiotic relationship. IoT provides machine learning with large amount of data and machine learning is revolutionizing IoT by making the simple devices much smarter than they are. In an article about machine learning revolutionizing IoT, Ahmed [43] mentions three ways in which ML is changing IoT:
In the next section, we review how machine learning is making IoT more secure.
In the previous section, we did a review of a lot of use cases where machine‐learning algorithms were used for IoT. Some of the key tasks like discovering a pattern in existing data, detecting outliers, predicting values, and feature extraction are critical to IoT security. Some of the machine‐learning algorithms used for these tasks are tabulated in Table 10.2.
Table 10.2 Categorization of ML solutions for IOT security.
Use case | ML algorithm |
Pattern discovery | |
Discovery of unusual data points | |
Prediction of values and categories | |
Feature extraction |
In most papers studied in this research, the main objective has been to detect a security breach. Hence, the second point in Table 10.2 becomes very critical from a security perspective. From the point of detecting outliers, the use cases can be further divided into the following:
Since anomaly detection is basically a classification problem, it follows that the most used machine learning techniques are the ones that are commonly used in classification. These include decision trees, Bayesian networks, Naïve Bayes, random forests, and support vector machines (SVM). In many new instances, artificial neural networks (ANNs) have been used. ANNs are generally not used for malware detection since it takes longer time for training. Machine‐learning algorithms for these use cases are tabulated in Table 10.3.
Table 10.3 Categorization of ML solutions for outlier detection.
Use case | ML algorithm |
Malware detection | |
Intrusion detection | |
Anomaly detection |
The next section reviews examples of machine‐learning algorithms used for the use cases in Table 10.3 by summarizing results from research paper on each of the machine‐learning algorithms.
In their paper for Android Malware detection using Linear SVM, Ham et al. [46] review various approaches for detecting malware, such as signature based, behavior based, and taint analysis based detection, and show that Linear SVM showed high performance among ML algorithms used to effectively detect malware. In a behavior‐based detection system, in order to detect abnormal patterns, event information on the device like memory usage, data content, and energy consumption are monitored. ML techniques are used to analyze the data, and hence, the choice of features is very important.
In their paper for Android malware detection using a random forest, Alam et al. [47] apply ML ensemble learning algorithm random forest on an Android feature dataset of 48919 points of 42 features each. Their goal was to measure the accuracy of random forests in classifying Android application behavior to classify applications as malicious or benign. They also analyzed the detection accuracy as the parameters of RF algorithm, such as the number of trees, depth of each tree, and number of random features were changed. The results based on fivefold cross validation showed that RF performed very well with an accuracy of over 99% in general, an optimal out‐of‐bag (OOB) error rate of 0.0002 for forests with 40 trees or more, and a root mean squared error of 0.0171 for 160 trees.
In their paper for anomaly‐based intrusion detection, Pajouh et al. [48] present a novel model for intrusion detection based on two‐layer dimension reduction and two‐tier classification module, designed to detect malicious activities such as user to root (U2R) and remote to local (R2L) attacks. Their proposed model used PCA and linear discriminate analysis (LDA) to reduce the high dimensional dataset to a lower one with lesser features. They then applied a two‐tier classification module utilizing Naïve Bayes and certainty factor version of K‐nearest neighbor to identify suspicious behaviors.
In their paper for designing an IoT device for the safety of women, Jatti et al. [49] describe the design of a device that determines whether the wearer is in danger. The device transmits data related to physiology and body position of the person. The physiological signals that are transmitted are galvanic skin response (GSR) and body temperature. Body position is determined by acquiring raw accelerometer data from a triple axis accelerometer. The premise is that when a person is faced with a dangerous situation, secretion of adrenalin affects different systems in the body, resulting in increased blood pressure and heart rate and also sweating. This increases skin conductance, measured by GSR. The data are analyzed by an ML classifier that determines if the individual is in a dangerous situation, such as threat of rape.
Before the data get to the Internet and into the cloud, it could come from two kinds of IoT devices – edge devices or gateway devices. In general terms, when we refer to the billions of IoT devices that are gathering information, we talk about edge devices, which in themselves are dumb devices that are programmed to do a specific simple task, say measuring temperature. In comparison to edge devices, gateway devices have more resources and computing power. Hence, instead of focusing on security configurations at every edge device, one could focus energy on gateway devices to have a larger impact. In fact, in Neural Network Approach to Forecast the State of the Internet of Things Elements [50], Kotenko et al. talk about the use of artificial neural networks to predict the state of an IoT element and that this could reduce the labor costs of IoT administration. Here there is an implicit acknowledgment that security configurations at the edge are labor cost intensive. The approach in the paper combined a multi‐layered perceptron network along with a probabilistic neural network. The experiments revealed that by using the multilayer perceptron network to explore similar values in the past, one could use a probabilistic neural network to determine the state of the device.
Canedo et al. [51] propose using machine learning within an IoT gateway to help secure the system. The proposal was to use an ML technique, specifically ANN, in gateway and application layers; in gateway to monitor subsystem components and in the application layer to monitor the state of the entire system. After setting up the system with training data and warming it up, the researchers manipulated the sensors to add invalid data for a 10‐minute period. When the invalid data was run against the system, the neural network was able to detect the differences between the valid and invalid data. They then added a delay between transmissions as the third input to simulate man‐in‐the‐middle attacks and they were able to predict whether the data was valid or invalid for the approximately 360 samples in the testing set and summarized that the use of ANN is very beneficial for making an IoT system more secure.
Although in the past hacking into a device to steal data, snooping to determine the information at the remote end, and so forth, were common types of attacks, the attacks in recent times have changed the landscape for IoT and put IoT devices as the leading potential cause for bringing the Internet down. In the article “Someone Is Learning How to Take Down the Internet” [52], Bruce Schneier says that based on the analysis of recent attacks, the attacker may not be the traditionally assumed types like activists, researchers, or criminals. The attack could be state‐sponsored, and the world might be embarking on an era of cyber warfare. Here are some recent examples of IoT malware attacks from Perry [53].
This DDoS attack is covered in Section 12.3.4. It took down half the Internet in the United States and Europe for hours. Mirai scans the Internet for hosts with an open telnet port and gains access if the password is weak. After it gets inside, it installs the malware and monitors the CNC (command and control) center. During the attack, the CNC instructs all the bots to create a flood of traffic and overwhelm the target. Perry [53] suggests that to protect the devices, one should take the following measures:
This bot makes the device under attack unusable, i.e. turns it into a brick. Once the malware obtains access to the device, it runs a series of commands to wipe data from the device's storage. This renders the device useless.
FLocker (short for Frantic Locker) is a bot that locks the target device and prevents valid users from accessing it. Users could be asked to pay ransom or might lose access to the device and may have to hard‐delete all data. Norton Security [54] has noted its use for targeting Android Smart TVs.
In summary, IoT attacks are increasing, and new variants of the attacks are created often. A report from F5 labs [55] shows that IoT attacks exploded by 280% in the first half of 2017 with a large chunk of this growth stemming from Mirai. Moreover, the report claims that 83% of attacks came from a single hosting provider in Spain called SoloGigabit that had a “bulletproof” reputation.
Based on the research done on ML techniques used for IoT security, it is evident that different techniques need to be used for different scenarios. There is no one‐size‐fits‐all solution because of the complexity of the problem statement. Also, anomalies in data can occur at different layers in the IoT ecosystem. Multiple devices could be hacked, resulting in wrong access patterns or data dispatch, or a gateway could be hacked, resulting in data routing. This would mean that the training system could get incomplete data or different types of data. In these cases, classic ML algorithms might fail to operate – SVM needs standardized numerical data, as the input to a decision tree cannot traverse through a branch in the tree when values are missing. In these cases, the best option is ensemble machine learning.
The other insight that came out of the research is that there are increasing use cases where IoT data must be analyzed as data are streamed, and decisions must be taken quickly. This means that the data cannot wait to be sent to the cloud and processed. Hence, new paradigms like fog computing and edge computing are more relevant for IoT security than others. Table 10.4 shows characteristic of data in smart city use case mentioned in Mahdavinejad et.al. [41] and it is clear that there are many use cases that need data to be processed near the device for quicker turnaround.
Table 10.4 Where data should be processed.
Use case | Type of data | Where it is best to be processed |
Smart Traffic | Stream/massive data | Edge |
Smart Health | Stream/massive data | Edge/cloud |
Smart Environment | Stream/massive data | Cloud |
Smart Weather Prediction | Stream data | Edge |
Smart Citizen | Stream data | Cloud |
Smart Agriculture | Stream data | Edge/cloud |
Smart Home | Massive/historical data | Cloud |
Smart Air Controlling | Massive/historical data | Cloud |
Smart Public Place Monitoring | Historical data | Cloud |
Smart Human Activity Control | Stream/historical data | Edge/cloud |
To summarize the insights:
Use ensemble machine learning method for IoT data analysis in the cloud. Ensemble machine learning method uses multiple machine‐learning algorithms to obtain better predictive performance than what could be obtained from a single algorithm alone. It would also perform much better for different types of data and missing data. Figure 10.5 depicts the general idea behind ensemble machine learning.
Use fog computing for data analysis closer to the edge. This would mean that decisions could be taken faster. Also, it would be more relevant to the device or groups of devices serviced by the fog computing node.
It is with this intent that the next two sections are entirely focused on fog computing and machine‐learning algorithms used in fog computing use cases.
As noted earlier, the amount of data generated by IoT devices is expected to soar to 400 zettabytes by 2018 and grow exponentially every year. There are multiple issues with a cloud‐only architecture where data from IoT devices make it to the cloud to be processed and analyzed:
Fog computing solves this by selectively moving compute, storage, and decision‐making closer to the network edge where data are being generated. OpenFog Reference Architecture for fog computing defines fog computing as “A horizontal, system‐level architecture that distributes computing, storage, control and networking functions closer to the users along a cloud‐to‐thing continuum” [56]. Essential characteristics of fog computing platforms include low latency, location awareness, and wired or wireless access. There are numerous benefits to this:
One of the main advantages of fog computing is the ability to do near real‐time analytics, and in many cases, this means utilizing machine learning at the fog nodes.
We could find many examples from the case studies reviewed in Section 10.4.3 where machine learning could be used. One example could be in industries where machine learning could help in fault isolation and fault detection of machines and thus improve MTTR (mean time to repair) of a failed system to achieve higher availability. Another example could be a train station in a smart city, where machine learning could be used to optimize operations by monitoring occupancy, movement, and overall system usage and over time. More examples are reviewed in the next section.
At the fog nodes, analytics can be both reactive as well as predictive. The fog nodes closer to the edge will most likely have reactive analytics, and the nodes farther from the edge will have more predictive analytics since it needs more computation power. The basic premise is that computing power is highest in the cloud and it goes down in the hierarchy referred to section 10.4.4 on n‐tier architecture. Machine‐learning algorithms can be run at fog nodes that have the processing power to compute corresponding to the task at that layer (see Table 10.5). Machine‐learning models are created at the nodes near the cloud or in the cloud itself. The models could be downloaded to middle‐tier nodes to help in execution.
Table 10.5 ML Use cases for fog computing.
Use case | ML algorithm |
Fog computing in industry – Remote monitoring for oil & gas operations [57] |
|
Fog computing in retail –
Retail customer behavior analysis [57] |
|
Fog computing in self‐driving cars [57] |
|
Traditional cloud‐based or noncloud centralized analytics infrastructures rely on training a machine learning algorithm by using data from past failures. The algorithm would create a model that could be used to predict failure. But in many instances, failure prediction is too late to prevent the breakdown and is used to minimize the effect of damage. In comparison, if near‐instant analytics is done locally using fog computing, the system would be able to take steps to prevent the occurrence of the issue. That is because the analytics system is nearer to the edge and has more context.
Retail stores, in general, do product placement based on analytics derived from customer purchases and also seasonal preferences. So, we see product placements change during Halloween, Thanksgiving, Christmas, and so forth. If fog computing is used with analytics being done for a store or a group of stores in an area, the system would be able to analyze buying patterns of the users in the locality and help the store to target merchandise better and improve customer experience.
With Google, Tesla, Uber, GM, and other mainstream companies testing self‐driving cars, the reality of having these vehicles for mainstream use cases is very near. Self‐driving automobiles are excellent examples of fog computing, since a lot of computing and decision‐making happens on the edge. Nevertheless, each car transmits a lot of data for processing in the cloud. An N‐tier model would make the system considerably more efficient. Machine‐learning algorithms used are ANN for image processing, Naïve Bayes or similar algorithms for anomaly detection, reinforced learning, and so forth.
Tang et al. [58] present a hierarchical structure for fog computing architecture to support the integration of massive number of infrastructure components and services in future smart cities. The architecture laid out in the paper is a four‐layer model, with the first layer being the cloud and the last being the sensors. The layers in between are the fog layers. Figure 10.6 shows the different layers and the primary security handling at each layer.
Table 10.6 Machine‐learning algorithms at different fog layers.
Layer | Disaster response | ML algorithm |
Layer 4 ‐ Sensors | None | None |
Layer 3 – Fog nodes for the neighborhood | Response for anomaly | KNN, Naïve Bayes, random forest, DBSCAN |
Layer 2 – Fog nodes for the community | Response for hazardous event | HMM, MAP [58]
Regression, ANN, decision trees |
Layer 1 – Cloud | Response for city‐wide disaster, long‐term forecasting | ANN, Deep learning, decision trees, reinforcement learning, Bayesian networks |
Layer 3 contains fog nodes that get raw data from the sensors. The nodes at this layer perform two functions. One identifies potential threat patterns on the incoming data streams from sensors using machine‐learning algorithms, and the other performs feature extraction for reducing the amount of data to be sent upstream. The paper [58] does not specify how anomaly detection is done. Algorithms like KNN, Naïve Bayes, random forests, or DBSCAN could be used to do anomaly detection.
Layer 2 contains fog nodes that get data from nodes below them, and the data represent information from hundreds of sensors across locations. In the paper, HMM (hidden Markov model) and MAP (maximum aposteriori) algorithms are used for classification and alert if there is a hazardous event. Table 10.6 summarizes the machine‐learning algorithms at each fog layer.
Section 10.3.1 categorized an ML solution for IoT security into pattern discovery, anomaly detection, value/label prediction, and feature extraction. We reviewed essential ML algorithms like K‐means, DBSCAN, Naïve‐Bayes, random forest, CART, PCA, and so forth. We also did a deep‐dive on anomaly detection use cases specifically focusing on malware and intrusion detection. All these use cases and examples apply to fog computing, such as malware detection using SVM [46], Malware detection using random forest [47], and intrusion detection [48] can be done in the fog nodes instead of on the cloud. In fact, anomaly detection using ANN by Kotenko [50] particularly talks about doing machine learning at the gateway layer, which is synonymous with doing it at a mid‐tier fog node.
In conclusion, fog computing can make IoT ecosystem more secure by being more contextual, being able to detect issues faster and reacting quicker to events.
As discussed, application of machine learning is very critical to IoT security due to the volume and variety of data. AI and ML are fast‐growing fields and IoT data analysis needs to be on par with the latest trends in these areas. Review of numerous machine‐learning techniques and several examples in IoT point to the fact that analyzing data in near real‐time at the proximity of the node is important. Hence, research on machine‐learning algorithms that need lesser memory and can process large amounts of time series data quickly is needed.
We could categorize future research directions as follows:
In this chapter, we covered a range of topics starting from introduction to IoT, IoT architecture, IoT security, and privacy concerns, fog computing, machine learning for IoT security and machine learning in IoT security through fog computing. In each section, we defined the concept and then proceeded to expand the topic with references and examples.
First, we introduced the concept of the Internet of Things (IoT), common IoT devices, IoT architecture with a focus on four‐layer architecture, IoT applications, especially in the healthcare domain. With various examples, we showed how IoT devices have become ubiquitous and have pervaded almost every sphere of our lives ushering an era of smart things. Then we reviewed critical security and privacy issues with IoT devices and the ecosystem. With examples such as hacks of water treatment plants, nuclear power plant, baby monitor videos, wearable devices, and so forth, we showed the seriousness of the security issue. We used DDoS (distributed denial of service) as an example to show how IoT devices have been used to cripple the internet and bring down essential services to people in different parts of the world. Then we did a quick study of machine learning and commonly used machine‐learning algorithms and then delved into examples of machine learning used in IoT.
We took a look at examples like smart home, smart medical appliances, smart power grids, Roomba vacuum, Tesla, and so forth. Then we further reviewed use cases per domains like manufacturing, healthcare, utilities, and so forth and gave examples of ML algorithms in each. Then we focused on machine‐learning techniques for IoT security. By reviewing several papers and websites, we categorized the fundamental ML tasks used in defending IoT systems and then summarized a few papers focused on machine learning for IoT security with focus on malware detection, intrusion detection, and anomaly detection. In the end, we concluded that bringing computing closer to the edge and using ensemble learning techniques could provide reliable defense against attacks on IoT devices. We also concluded that fog computing is a critical emerging field within IoT domain and machine‐learning algorithms used in fog nodes are critical to the success and scalability of IoT.