Adaptive Cybersecurity Systems: Leveraging Real-Time Data For Threat Mitigation

A self-adaptive anomaly detection system for IoT traffic, including unknown attacks, is proposed. The proposed system consists of a honeypot server and a gateway. The honeypot server continuously captures traffic and adaptively generates an anomaly detection model using real-time captured traffic. The gateway uses the generated model to detect anomalous traffic. The proposed system can adapt to unknown attacks to reflect pattern changes in anomalous traffic. Results of all experiments show that the detection model with the dynamic update method achieves higher accuracy for traffic anomaly detection in comparison to the pre-generated detection model. Experimental results indicate that a system adaptable in real-time to evolving cyberattacks is a novel approach that ensures the comprehensive security of IoT devices against both known and unknown attacks. Adaptive cybersecurity systems leverage real-time data to mitigate threats. With the continuous growth of internet-of-things (IoT) devices, an increase in cyberattacks that exploit vulnerable devices infected with malware has been observed. This tendency can lead to massive device infection, impacting the operations of an entire organization if the infected devices are connected to the organization’s network. Among the IoT devices, network-enabled home appliances, such as air conditioners, refrigerators, and heaters, have recently garnered attention due to their convenience, inefficiency, and vulnerabilities to various cyberattacks. To eliminate vulnerabilities and quickly handle unknown cyberattacks, it is essential for both the vendors and users of such devices to continue updating the firmware of the devices. However, this is a challenging task that usually requires a long time after identifying such vulnerabilities. Therefore, in the meantime, a system must adapt autonomously to changes in cyberattacks.