Researchers at Cardiff University in Wales have developed a way to detect and classify cyber attacks on smart devices around homes.
 
The system can distinguish between malicious or benign activity and detect attacks on devices such as the Amazon Echo Dot and Apple TV with a 90 per cent accuracy. The researchers say the lightweight tool could be used in a similar way to antivirus software and believe its implementation is imperative to keep up with the rapid development of smart devices.
 
In Western Europe the average household has around 5.4 smart devices with the global sector expected to grow to 20.4 billion devices by this year. Known collectively as the IoT, smart devices are ubiquitous across society and have become key technologies in a range of sectors, from economy and energy to transport and healthcare.
 
This development comes as the UK’s Department of Digital, Culture, Media & Sport recently declared that a new law would force companies to explicitly state the length for which they will provide security updates when customers purchase a smart device.
 
The system developed by experts at Cardiff University’s School of Computer Science & Informatics, has been described in the IEEE Internet of Things Journal.
 
In their study, the researchers developed a mock household environment containing eight smart devices – Belkin NetCam camera, TP-Link NC200 camera, TP-Link smart plug, Samsung Smart Things hub, Amazon Echo Dot, Apple TV, British Gas Hive and Lifx lamp – connected to a motion sensor and a window and door sensor.
 
They deployed several popular cyber attacks on the network and applied a three-layer intrusion detection system to detect them. In particular, they classified the type and profiled the normal behaviour of each device connected to the network; identified malicious packets on the network when an attack was occurring; and classified the type of attack that was deployed.
 
The system was able to complete these three tasks with 96.2, 90 and 98 per cent accuracy, respectively.
 
“The insufficient security measures and lack of dedicated detection systems for networks of smart devices make them vulnerable to a range of attacks, such as data leakage, spoofing, disruption of service and energy bleeding,” said Eirini Anthi, lead author of the study. “These can lead to disastrous effects, causing damage to hardware, disrupting the system availability, causing system blackouts, and even physically harming individuals.”
 
For example, she said a relatively simple and seemingly harmless deauthentication attack could cause no significant damage, but if performed on a device with critical significance, such as a steering wheel in a wireless car, it could pose a threat to human life.
 
“What we’ve demonstrated,” she said, “ is a system that can successfully distinguish between devices on the network, whether network activity is malicious or benign, and detect which attack was deployed on which device connected to the network automatically.”
 
Pete Burnap, co-author of the study and director of Cardiff University’s NCSC-recognised Centre of Excellence in Cyber Security Research, added: “This is another step forward in the early stage detection of disruptive cyber attacks that is being integrated with our wider portfolio of research using advanced AI to predict and actively block malicious activity before it achieves major impact. The overarching goal of our cyber research programme is to pave the way for proactive and cost saving cyber defences, maximising the potential for AI in cyber security in line with the objectives of the UK’s industrial strategy.”