Cyber Threat Detection in IoT

🔍 Beyond Detection: Leveraging Large Language Models for Cyber Attack Prediction in IoT Networks This paper proposes a novel network intrusion prediction framework that combines LLMs with Long Short Term Memory (LSTM) networks for IoT cybersecurity. The framework uses two fine-tuned LLMs in a feedback loop: - GPT for predicting network traffic and - BERT for evaluating the quality of predicted traffic An LSTM classifier (a type of recurrent neural network (RNN) architecture) then identifies malicious packets among these predictions. 🎯 Results: Overall accuracy of 98% on the CICIoT2023 IoT attack dataset 93.4% accuracy for BERT in packet-pair classification Near-perfect precision, recall, and F1-scores for most attack types in multi-class classification 🛡️ The Problem: Existing Intrusion Detection Systems (IDSs) are often reactive, responding to specific patterns or observed anomalies. This work proposes a proactive approach to anticipate and mitigate malicious activities before they cause damage in IoT networks. 💡 What can we learn? - This is a great example of where fine-tuning can shine: obscure cyber security data like network packets, think of some others that are not like natural language (remember LLMs are built on the field of natural language processing NLP) - Combining generative (GPT) and discriminative (BERT) LLMs creates a robust system for predicting future network states. - LLMs are great at synthetic data generation, many evals and benchmarks are done using this 📊 My take: - The combination of two different LLM models is a great approach for: having one generate synthetic data (don't use the same model to do the evals on this) or task decomposition: try experimenting with different models for different tasks/agents, same for "LLM as a judge", use smaller fast models for the business logic, then larger, powerful model for quality/evals - its still very difficult to go from PoC or prototype to production. While the results are promising, real-world deployment may face challenges due to computational requirements and the need for extensive fine-tuning. - this also reminded me of a great post by Greynoise on the differences between using BERT vs GPT, highly recommend this read: https://lnkd.in/erVRJZjf 🔗 to paper: https://lnkd.in/ek-43nN7

Catch IoT malware and rootkits using electromagnetic side-channel communication from the microchip. 🐺📟၊၊||၊👨🏻💻 Security researchers Duy-Phuc Pham, Damien Marion, and Annelie Heuser earlier shared their research, which combines offensive research techniques and defensive goals: detecting malware within embedded devices using electromagnetic insights. The theory is simple: each piece of code processed within a microchip emits many signals (see the picture below), including electromagnetic (EM) emanations. Researchers were able to identify specific EM signatures associated with the operation of malware and rootkits. In simple terms - when a microchip processes legitimate code, it "sings" one song; when it is infected with malware or a rootkit, the song is different, and it can be detected and attributed. Interesting indeed! More details: IoT Malware and Rookit Detections Using Electromagnetic Insights: Unveiling the Unseen [PDF]: https://lnkd.in/ddS2yq8v #technology #malware #infosec #cybersecurity #hacking #embedded #IoT #SCADA #cyber #security #rootkit #sidechannel #research

Secure critical IoT/PT and ICS deployments with device and network security testing including breach and attack simulation - Securing critical infrastructure including ICS/OT and IIoT/IoT deployments requires solutions that emulates cyberattacks to protect connected devices and the networks of which they are connected. Safety, up-time/continuity and security, are critical for organizations operating large fleets of mission-critical connected devices, such as manufacturing, complex global and regional operations, healthcare and utilities. Yes, device manufacturers are responsible for security fixes, however these typically lag actual risks/attacks and zero days…enterprises need time to take vulnerable devices offline or replace them before they are compromised. Often these updates must be tested…and tested over time. Our personal experience is that some of these updates can be mission affecting with negative results. Therefore, testing networks and devices against multi-stage attacks — including ransomware infections, lateral movement, phishing attempts, protocol fuzzing, and data exfiltration — is vital. BLUF: To harden IIoT/IoT devices, use a device security test tool to subject them to low-level protocol fuzzing and upper-layer application attacks. Thoroughly test chipsets and network stacks to find flaws in Ethernet, Wi-Fi®, Bluetooth®, Bluetooth® Low Energy, LoRa, CAN bus, and cellular interfaces. Utilize specialized field and lab testing for OT devices that can ‘break’ if tested see our blogs on OT/ICS testing. At the same time, network security teams must continuously assess firewalls, endpoint security, and properly correlated SIEM/SOAR tools to prevent configuration drift and detect alerts. Use a breach and attack simulation(s) tool(s) to emulate multi-stage network attacks, reveal gaps in coverage, and identify remediations. Without these, security tool updates can inadvertently cause blind spots or vulnerabilities. Critical infrastructure and IIoT/IoT deployment security solutions require enterprises to secure critical OT/ICS/IIot/IoT deployments with both manual (RedTeam/PurpleTeam) and automated security testing and breach and attack simulation. These ideally should emulate multi-stage cyberattacks with your teams, scan for vulnerabilities, and mitigate risk with a systematic and  ever-expanding list of security assessments, audits, and test plans. Harden networks, protect connected devices, and stay ahead of emerging threats with Cyberleaf Defense in Depth and Pen Testing designed for your IoT and Critical Infrastructure Security Assessment.   If you like this post – please follow Cyberleaf on LinkedIn https://lnkd.in/e6txch76 and contact us directly for free assessments and a real conversation on Cyber Security.   Be safe out there!