As Singapore embarks on its vision towards a Smart Nation, Telecommunications Companies (Telcos) – many of which are also Internet Service Providers (ISPs), play an increasingly important role of providing seamless connectivity. The prevalence of cyber threats, some of which have the potential to disrupt services, has made it a lot more challenging for the Telcos. In many cases, the attacks exploit vulnerabilities of unmaintained IoT devices operating in the customer’s premises.
This project developed an IoT identification algorithm and evaluated deployment options in the Telco network that allow preserving user privacy while giving the Telcos visibility for abnormal (potentially malicious) traffic originating from home IoTs.
The IoT identification is Machine Learning-based. Training is performed separately for each IoT model using one-class classifier, with features extracted from NetFlow traffic instead of high-definition data to preserve privacy. Evaluation of the algorithm was then performed with widely accepted classification metrics. It is shown to allow Telco to detect 73% of IoT device of interest.
The centrally trained classifier can be locally deployed on a low-cost thin computer. The team evaluated several options for deployment point and made a recommendation based on various considerations such as impact on user privacy, performance of algorithm and other functionalities expected of the three-phase approach.
The resulting visibility to home IoT traffic would allow the Telco to intercede and block traffic from infected devices in the subsequent phases beyond this project, thereby improving the resiliency of the Telco’s network against cyberattacks and allowing them to maintain reliable service standards.