Security Analytics of Network Flow Data of IoT and Mobile Devices (Work-in-progress)

TL;DR

This paper proposes a machine learning-based analytics approach to assess the security state of IoT and mobile devices using network logs, aiming to identify vulnerabilities and high-risk conditions without intrusive access.

Contribution

It introduces new techniques for analyzing network data to evaluate device vulnerability, compromise, and security status, enabling risk prediction without white-box access.

Findings

Metrics for device sensitivity and vulnerability ranking

Methods for assessing degree of compromise

Framework for predicting high-risk device states

Abstract

Given that security threats and privacy breaches are com- monplace today, it is an important problem for one to know whether their device(s) are in a "good state of security", or is there a set of high- risk vulnerabilities that need to be addressed. In this paper, we address this simple yet challenging problem. Instead of gaining white-box access to the device, which offers privacy and other system issues, we rely on network logs and events collected offine as well as in realtime. Our approach is to apply analytics and machine learning for network security analysis as well as analysis of the security of the overall device - apps, the OS and the data on the device. We propose techniques based on analytics in order to determine sensitivity of the device, vulnerability rank of apps and of the device, degree of compromise of apps and of the device, as well as how to define the state of security of the device based on these metrics. Such metrics can be used further in machine learning models in order to predict the users of the device of high risk states, and how to avoid such risks.