IoT Network Cybersecurity Assessment With the Associated Random Neural Network

This paper proposes a method to assess the security of an n device, or IP address, IoT network by simultaneously identifying all the compromised IoT devices and IP addresses. It uses a specific Random Neural Network (RNN) architecture composed of two mutually interconnected sub-networks that complement each other in a recurrent structure, called the Associated RNN (ARNN). For each of the n devices or IP addresses in the IoT network, two distinct neurons of the ARNN advocate opposite views: compromised or not compromised. The fully interconnected 2n neuron ARNN structure of paired neurons learns offline from ground truth data. Thus rather than requiring a separate attack detector at each network node, the ARNN offers a single overall attack detector that observes the incoming traffic at each node, learns about the interdependencies between network nodes, and formulates a recommendation for each device or IP address in an IoT network. The ARNN weight initialization and learning algorithm are discussed, and the ARNN performance is evaluated using real attack data, and compared against several learning and testing techniques. Results are obtained both for off-line learning with ground truth data, and for on-line incremental learning using a simplified average metric measured from incoming packet traffic. Comparisons with the best state-of-the-art techniques show that the ARNN significantly outperforms previously known approaches.