Practical network-layer machine learning for IoT security

 The widespread adoption of Internet of Things (IoT) devices is a testament to their immense potential, but it also brings along significant security concerns. Network-layer machine learning (ML) offers a pragmatic way to secure IoT devices. Building network layer solutions is challenging, as we need to carefully design the application, develop it end-to-end from scratch, and collect training data for ML models that are scarce in the networking domain. 

Research and deployment of network-layer ML solutions for IoT security is hampered due to three key challenges. First are the design challenges, as we need to carefully decide what kind of anomalies/devices we want to detect, where we are capturing the data, i.e., at the router or encrypted wireless packets, how we want to convert network traffic to features that can be fed into an ML model, etc. The second challenge arises from the lack of open-source implementations or existing network-layer ML frameworks. Writing the entire end-to-end ML application from scratch requires significant development effort and time. Furthermore, we have data challenges as we need data to train ML models, which is difficult to collect from limited deployments. A model trained on data from limited deployments might not generalize to unseen deployments. 

As part of this thesis, we focus on two canonical examples of network-layer ML solutions for IoT devices: IoT device detection/fingerprinting and anomaly detection. In this dissertation, we make three contributions. Our first contribution is an application (i) Lumos: A practical system that can run on just a mobile phone or laptop and can quickly detect, locate, and visualize hidden IoT devices in an unfamiliar environment. Lumos applies a novel ML algorithm to the encrypted 802.11 packets to detect and localize hidden IoT devices. Second, to solve the development challenge and enable rapid prototyping of network-layer ML solutions for IoT devices, we propose (ii) Lumen: An open-source modular framework that allows users to develop, evaluate, and compare network-layer ML solutions efficiently. We demonstrate the utility of Lumen by implementing 16 state-of-the-art network-layer ML anomaly detection algorithms. Finally, to solve the data challenge, we propose (iii) LumGEN: Lumen integrated with generative synthetic data augmentation techniques and show its effectiveness for the task of IoT anomaly detection.