The Internet of Things (IoT) is a network of dedicated physical objects (things) that contain embedded technology to sense and interact with each other and the external environment. IoT has been increasingly adopted in many application domains such as logistics, smart grid, industrial processes, smart home, intelligent transportation, environmental monitoring, and healthcare. Gartner analyst predicts that there will be 26 billion IoT units by 2020. IoT is having greater impact on the U.S. and the world’s economy. McKinsey estimates that the economic impact of IoT applications in U.S. could be from $3.9 trillion to $11.1 trillion per year in 2025
Recent data breaches, such as those at Target, Facebook, JP Morgan, and Equifax highlight the increasing social and economic impact of such cyber incidents. For example, the JP Morgan Chase attack was believed to be one of the largest in history, affecting nearly 76 million households. When a breach is detected, the damage often has already occurred and the system recovery usually takes a long time. In this research, in addition to anomaly detection, we seek to develop analytics tools by which one can predict as early as possible whether an organization or a user may suffer a cybersecurity incident in the near future.
We will develop analytics solution frameworks for automated anomaly prediction and fast response to potential cyberattacks towards IoT systems. The proposed project will be continued research following the cybersecurity analytics project sponsored by Siemens Technology Company in 2018. Specifically, the objectives of this project are threefold: (i) developing new automated computational approaches of feature engineering for large-scale spatiotemporal IoT data streams by combining frequency analysis and advanced data-mining techniques; (ii) design of early anomaly detection algorithms based on unsupervised learning and classification; and (iii) devising a novel response mechanism for malicious cyber attacks with fast identification of the attacking points and compromised components within the targeted IoT system.