Integration of AI to Ensure the Security of IoT

B. Durga Neelima1, P. Ramanjaneya Prasad2

1
Assistant Professor & Head, Department of Computer Science, Avanthi Degree & PG College,
Osmania University, Hyderabad, India.

2
Assistant Professor, Department of Computer Science, Avanthi Degree & PG College, Osmania
University, Hyderabad, India.

ABSTRACT

The Internet of Things (IoT), which enables the connectivity of billions of things that can share data without
centralized coordination, is one of the most promising technologies now in use. It is quite challenging to maintain
such a big amount of data because continuing security must be guaranteed. AI is the technique utilized to increase
the IoT's effectiveness. The data that IoT devices gather can be more valuable, thanks to AI. By utilizing this
knowledge, better products and services that cater to client wants can be produced. This paper on Artificial
Intelligence for the Internet of Things addresses a number of significant issues and themes, including the design,
development, and evaluation of novel methodologies based on the use of AI solutions.

Keywords: Artificial Intelligence, Client, Connectivity, Internet of Things, Technologies

1. INTRODUCTION
IoT plays a vital role in our everyday lives and has a position in many households and enterprises in the newly
developing era of modern technology [1]. The Internet of Things (IoT) is a network of digital and analog
equipment and computer devices with unique identifiers (UIDs) that can exchange data automatically. In terms of
device connectivity, the IoT idea has offered the world a greater degree of accessibility, integrity, availability,
scalability, confidentiality, and interoperability. Due to a lack of security standards, IoTs are vulnerable to
cyberattacks. Cyberattacks on the Internet of Things (IoT) have been around for a very long time. The size and
complexity of these attacks, however, have increased. Nearly every object in the physical world will soon be
equipped with "smart" technology, from connected refrigerators to connected cars to connected IoT medical
devices. Each of these devices adds a new point of entry to the network and raises the stakes in terms of security
and privacy [ 3]. We will need artificial intelligence to make these gadgets "secure and smart". Additionally, we
must consider connected IoT devices' evolution across industries, where they are pervasive in all aspects of daily
life, from manufacturing to supply networks, and why a "security by design" approach should be used because
any one component can be compromised and to stop the entire ecosystem from being abused. Due to the complex
algorithms that identify aberrant behaviour and allow it to go unreported, this has led to a surge in the usage of AI
by cyberattackers [4]. With the development of IoT technologies, AI has attracted a lot of interest. With this
expansion, IoT cybersecurity apps have started to leverage AI technologies like decision trees, linear regression,
machine learning, support vector machines, and neural networks to be able to identify risks and prospective
assaults. In three survey-style sections, this review paper examines a range of issues related to cybersecurity, the
Internet of Things (IoT), artificial intelligence (AI), and how they all relate to one another. It also offers a thorough
analysis of cyberattacks against IoT devices and suggests AI-based defences against these attacks.

2. SECURITY RISKS WITH IoT

IoT offers organizations a variety of options, but a number of aspects can pose security risks. For instance,
hackers are well aware of the intricacies of the code because there are numerous open code sources. Several of
the dangers include

2.1 Utilizing pre-generated passwords

Most companies ship equipment with default passwords and don't even suggest changing them. For instance,
light control systems, home routers, and security cameras frequently experience this. The fact that default
passwords are well-known and may easily be breached by hackers is one of the biggest threats to IoT security.

2.2 Unsafe Communication

IoT security challenges arise from the fact that IoT devices frequently send unencrypted messages over
networks. The best approach to ensure a secure connection is to use protocols like Transport Layer Security
(TLS) and transport encryption. Multiple networks are used to segregate devices, ensuring private and secure
connection and guaranteeing the secrecy of sent data [5].

2.3 Exposure of Personal Information

Skilled data thieves may do significant harm even only by learning internet protocol (IP) addresses from
unpatched IoT devices. These addresses can be used to locate a user's precise location and home address.
Internet security professionals frequently advise using a virtual private network (VPN) to mask your internet
protocol address and protect the IoT connection.

2.4. AI and Automation

The use of AI technology is already very common. The downside of automation is that it leaves all AI
networks and the infrastructure they were in charge of vulnerable to a single programming mistake or flawed
algorithm. Automation and artificial intelligence are only bits of code. So, if hackers get access, they are free
to take control of the system and do anything they choose. Making sure the instruments are protected from
these risks and assaults is crucial.

3. IoT DEVICE ATTACK STRATEGIES

Due to the inadequate security of many IoT devices, cyberattackers have created a number of techniques to
target IoT devices from a range of attack surfaces. Potential attack surfaces include the IoT device itself,
including its hardware and software, the network to which it is connected, and the application with which it
interacts. These three attack surfaces are the most often used since they represent the foundational parts of an
IoT system. Operating systems that aren't patched and weak passwords that are easy targets for brute force
attacks are two straightforward instances of hazards. IoT-specific basic and complicated risk considerations
must be considered by security teams as businesses in almost every sector grow their operational reliance on
IoT devices.

3.1 Botnets
More sophisticated equipment and computers have operating system mechanisms built into them. They are
often function-focused devices, lacking, for instance, the storage capacity or computational capability of
computers. In light of this, hackers frequently view IoT devices as simple attack vectors that they can quickly
exploit. One IoT device would not be significantly affected by malware installation, but infecting several IoT
devices enables attackers to create botnets, armies of compromised devices that launch assaults on other
networked systems. Attackers can direct their zombie devices to carry out assaults like flooding th e network
with traffic or transmitting spam by using botnets to do their bidding.
The greatest defence against botnets is to make sure all IoT devices are properly protected. This entails
updating firmware, changing default passwords, and restricting access to the device. Companies should also
have a strategy in place for detecting and handling DDoS assaults.

3.2 Ransomware
IoT devices aren't immune to ransomware threats just because they don't frequently store important data
locally. In most cases, ransomware attacks on IoT devices restrict the devices' essential operation rather than
encrypting data and demanding payment from an enterprise. That may entail turning off an industrial gadget
that is essential to running a business or blocking a camera or microphone from cap turing the feed it is focused
on. Businesses should make sure that all IoT devices are adequately protected in order to safeguard against
ransomware. This entails restricting access to the hardware, updating the firmware, and changing any default
passwords. Companies should also have a strategy in place for detecting and handling ransomware threats.

3.3 Foot Printing

Information collection and familiarization with the target system are the first steps in ethical hacking. The
term "reconnaissance" refers to a collection of procedures and methods, including "foot printing," "scanning,"
and "enumeration," that are intended to gather and surreptitiously learn as much as possible about a target
system. The process of finding and stealing sensitive information requires reconnaissan ce. Attackers would
have access to comprehensive information in an effective recon. An attacker utilizes recon to interact with
open ports, active services, etc. on the network in order to gather information without actively using the
network. Access to networks outside of the internet may be possible with the aid of the information it offers.
IoT devices must have hardware-based security in order to prevent reverse engineering. The application
processor, which consists of sensors, actuators, power supply, and connectivity, should be placed in a tamper
resistant environment [6]. Hardware-based security can also be used for device authentication so that the
device can demonstrate its authenticity to the server it is connected to.

3.4 Invisibility
Because IoT device connections to the network are multiplying quickly, asset inventories frequently fall
behind, giving rise to the proverb "you can't protect what you can't see." Security teams may monitor the
traffic that passes through IoT devices in detail in order to see any unusual patterns, threats, and indicators of
active assaults when IoT devices are visible. Using network discovery tools to identify the networked devices
is an important step, even though it isn't the first one. Starting with the list of gadgets you are already familiar
with is recommended. Without a doubt, you are aware of your most precious and significant assets. Starting
there and safeguarding those devices is an important initial step, and using what you learn with those devices
can aid in your decision-making when selecting the tools you need and formulating your overall strategy.

3.5 Lack of fundamental safeguards and unencrypted data in devices

The majority of IoT devices lack the resources necessary to implement robust encryption due to the function -
focused approach utilized in IoT design. Despite the fact that a lot of IoT devices don't keep files locally, they
do send vital telemetry data (such video or audio data) back to businesses or into the cloud. Without strong
encryption methods, the traffic is especially susceptible to spying, hijacking, and eavesdrop ping. Attackers
may alter sensitive medical information or client data, replace camera feeds, stop them from recording, or
both.
The best way to reduce this danger is to hide these kinds of devices behind a specialized shield that performs
the tasks of a firewall, NAT device, authentication, and other security measures to prevent them from being
found on the network. Byos is exceptional in that it can handle all of these features with only one device, the
Edge Gateway.

3.6 Physical attacks

Physical assaults, in which the hardware of the target device is utilized to the attacker's advantage in some
way, are a common low-tech sort of attack. There are several distinct categories of physical assaults. Physical
damage, where devices or their components are harmed to prevent proper functionality; malicious code
injection, where an attacker inserts a USB containing a virus into the target device; and object jamming, where
signal jammers are used to block or manipulate the signals emitted by the objects. These attacks include outage
attacks, where the network to which the devices are connected is shut off to disrupt their functions. Attacks
that permanently deny service (PDoS).

3.7 Legacy and Rogue Devices

Installing IoT devices also raises the prospect of rogue devices, which are physical upgrades to existing
systems or replacements for authorized ones that are intended to operate covertly while changing, erasing, or
stealing data. Attackers can develop rogue access points thanks to rogue devices, which weaken the network
perimeter by establishing a point of controllable traffic flow for inbound and outbound traffic.

3.8 Man in the Middle

A man-in-the-middle (MiTM) attack is a type of cyber-attack in which the attacker secretly intercepts and relays
messages between two parties who believe they are communicating directly with each other. The attack is a type
of eavesdropping in which the attacker intercepts and then controls the entire conversation. MiTM cyber-attacks
pose a serious threat to online security because they give the attacker the ability to capture and manipulate sensitive
personal information -- such as login credentials, account details or credit card numbers -- in real time. MiTM
attacks are also sometimes referred to as monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle
and man-in-the-browser attacks. The most typical MiTM assault is man-in-the-browser, in which the attackers
target browser infection and inject harmful proxy software into the victim's device. Phishing emails are a typical
way to spread malware. By intercepting a user's traffic to a banking or financial website, these attacks' primary
goal is to steal financial information. Cybercriminals place themselves in the middle of data transfers or online
conversations during MiTM attacks. The attacker easily acquires access to the user's web browser and the data it
sends and receives during transactions through the dissemination of malware. The main targets of MiTM attacks
are online banking and e-commerce sites since they demand safe authentication using a public key and a private
key, which makes it possible for attackers to steal login passwords and other sensitive information.

3.9 Denial of Service Attack

A Denial-of-Service (DoS) attack aims to bring down a computer system or network such that its intended users
are unable to access it. DoS attacks do this by providing the victim an excessive amount of traffic or information
that causes a crash [7]. Both times, the DoS attack denies the service or resource that legitimate users (such as
workers, members, or account holders) expected. DoS assaults frequently target the web servers of well-known
corporations, including media, financial, and commercial companies, as well as governmental and commercial
organizations. DoS attacks can cost the victim a lot of time and money to cope with, even while they normally do
not lead to the theft or loss of important information or other assets. A cyberattack known as a distributed denial
of service (DDoS) assault involves several devices targeting a single server [8]. This is often accomplished by
overtaxing the server's connection and blocking further data from being sent to it. Computers, servers, or even
personal gadgets like smartphones may launch this kind of assault, but they all have one thing in common: they
need to be linked to the internet in order to take part. Due to the high frequency of DDoS assaults, Cloudflare, the
top firm in this sector, had to enhance its service, introduce a number of new features, and add an additional layer
of security to keep up with the rising demand.

4. AI IMPORTANCE IN CYBERSECURITY
The emergence of remote work practices and the interconnectedness of endpoints provide unique
cybersecurity difficulties. A contemporary, AI-driven endpoint response and detection solution that can
proactively block and isolate malware and ransomware attacks and advance endpoint security into a zero-trust
environment is required to tackle them. AI-based solutions make use of machine learning algorithms that can
quickly identify and address both known and unidentified dangers. Machine learning algorithms are used in
I-based solutions to quickly identify and address both known and unidentified threats.

4.1 Detection of Malware

Endpoint interconnectedness and the development of remote work practices provide unique cybersecurity
problems. In order to battle these, there is a need for a cutting-edge, AI-driven endpoint response and detection
solution that can proactively block and isolate malware and ransomware attacks and advance endpoint security
into a zero-trust environment. Machine learning algorithms are used in AI-based systems to quickly identify and
address both known and unidentified risks. I-based solutions make use of machine learning algorithms that can
quickly identify and address both known and unidentified threats.
4.2 Phishing Detection
Phishing is a common type of cyber-attack that targets people and businesses. To recognize and prevent known
phishing emails, traditional phishing detection methods frequently depend on rules-based filtering or blacklisting.
Because they are only effective against known assaults and can overlook emerging or novel ones, these strategies
have several drawbacks. Machine learning techniques are used by AI-based phishing detection tools to examine
the structure and content of emails in order to spot probable phishing assaults. These algorithms may discover
trends and abnormalities that point to a phishing attempt by learning from enormous volumes of data. In order to
spot possible phishing attempts, AI-based systems may also examine how consumers engage with emails. AI-
based solutions, for instance, can detect suspicious behaviour and notify security personnel if a user clicks on a
questionable link or submits personal information in response to a phishing email.

4.3 Security Log Analysis

Machine learning techniques are used by AI-based phishing detection tools to examine the structure and content
of emails in order to spot probable phishing assaults. These algorithms may discover trends and abnormalities that
point to a phishing attempt by learning from enormous volumes of data. In order to spot possible phishing
attempts, AI-based systems may also examine how consumers engage with emails. AI-based solutions, for
instance, can detect suspicious behaviour and notify security personnel if a user clicks on a questionable link or
submits personal information in response to a phishing email.
Using AI-based security log analysis, businesses may also find possible insider risks. AI algorithms may identify
aberrant activity that may be an indication of insider threats, such as illegal access or unexpected data transfers,
by studying user behaviour across a variety of systems and apps. Following that, businesses may take steps to stop
data breaches and other security events before they happen. AI-based security log analysis gives businesses a
valuable tool for spotting possible attacks and responding to them.

4.4 Network Security

Artificial intelligence (AI) systems may be trained to scan networks for anomalous behaviour, spot odd traffic
patterns, and spot unauthorized devices. AI can enhance network security by detecting anomalies. In order to spot
patterns that are unusual, network traffic must be analysed. AI systems may learn what is typical for a given
network and spot traffic that is unusual or suspicious by examining past traffic data. This may involve traffic from
dubious IP addresses, strange protocol usage, or uncommon port utilization.

4.5 End Pont Security

Cybercriminals frequently attack endpoints like computers and cell phones. The signature-based detection
method used by conventional antivirus software can only identify known malware variants. AI can examine
the behaviour of unknown malware types to find them. Machine learning algorithms are used by AI-based
endpoint security systems to study endpoint activity and identify possible threats.
For instance, a solution for endpoint security powered by AI may analyse files for malware and quarantine
any questionable data. Additionally, it can keep an eye on endpoint activity and spot any peculiar patterns that
can hint to a security concern. Endpoint security tools powered by AI can also stop unwanted access attempts
and keep hackers from accessing private information.
CONCLUSION
The majority of modern sophisticated security solutions today use AI or ML. Through IoT devices like smarter
houses, smart automobiles, and other IoT-enabled items, artificial intelligence and machine learning not only
significantly improve traditional cybersecurity but also significantly enhance the quality of our daily lives.
Security professionals advise firms to walk a narrow line when choosing between an unsupervised and a
monitored solution. Even while AI and ML systems may operate autonomously without human oversight, it
is nevertheless advisable that humans occasionally step in to help the system become more balanced and
efficient. Standardizing the data sets that are accessible is one of the most essential suggestions that security
professionals offer in order to make it simple for ML-based solutions to understand the data and analysed it
rapidly. In order to combat any form of cyber threats, ML-based systems will be very helpful if the data sets
are established and standardized.

REFERENCES
[1] Rouse M. What is IoT (Internet of Things) and how does it work? IoT Agenda, TechTarget.
http://www.internetofthingsagenda.techtarget.com/defnition/Internet-of-Things-IoT.
[2] Lu Y, Xu LD. Internet of Things (IoT) cybersecurity research: a review of current research topics. IEEE
Internet Things J. 2019;6(2):2103–15.
[3] Common cyber attacks in the IoT. https://www.globalsign.com/en/blog/common-cyber-attacks-in-the-iot.
[4] Pendse A. Transforming cybersecurity with the Artificial Intelligence and Machine Learning: view.
https://ciso.economictimes.indiatimes.com/news/transforming-cybersecuritywith-ai-and-ml/67899197
[5] IoT Attacks: 6 Security Risks To Be Aware Of, https://www.byos.io/blog/iot-attacks.
[6] Lakhani. A, The role of artificial intelligence in Internet of Things and Operational Technology Security
https://www.csoonline.com/article/566503/the-role-of-artificial-intelligence-in-iot-and-ot-security.html
[7] Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defence mechanisms against distributed denial of
service (DDoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), 2046-2069.
[8] Yan, Q., et al. (2015). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks
in cloud computing environments: A survey, some research issues, and challenges. IEEE communications
surveys & tutorials, 18(1), 602-622.