Description:BACKGROUND
Field of Invention
[001] Embodiments of the present invention generally relate to an evaluation system for effectively detecting an intrusion and particularly to a system for evaluating datasets for detecting intrusion in Internet of Things (IoT) environment.
Description of Related Art
[002] In rapidly evolving landscape of cybersecurity, proliferation of Internet of Things (IoT) devices has introduced unprecedented challenges and vulnerabilities. The IoT encompasses a diverse array of interconnected devices, ranging from smart home appliances to industrial sensors, that play integral roles in both personal and professional domains. However, extensive interconnectivity also exposes these devices to a myriad of cyber threats, necessitating robust security measures to mitigate risks effectively.
[003] Moreover, conventional cybersecurity approaches have struggled to adequately address the unique challenges posed by the IoT environment. The inherent characteristics of IoT devices, such as limited computational resources and diverse communication protocols, present significant obstacles to implementing traditional security measures. As a result, IoT ecosystems remain highly susceptible to various forms of cyberattacks, including malware infections, data breaches, and network intrusions.
[004] However, by leveraging innovative technologies such as machine learning, anomaly detection, and secure communication protocols, altogether aim for an enhanced cybersecurity framework for establishing a comprehensive defense mechanism capable of proactively identifying and neutralizing emerging threats within IoT networks. Furthermore, the development of lightweight security solutions optimized for resource-constrained IoT devices, thereby minimizing performance overhead and ensuring optimal operational efficiency.
[005] There is thus a need for a system for evaluating a dataset for detecting an intrusion in an Internet of Things (IoT) environment that can administer the aforementioned limitations in a more efficient manner.
SUMMARY
[006] Embodiments in accordance with the present invention provide a system for evaluating a dataset for detecting intrusion in an Internet of Things (IoT) environment. The system comprising: an intrusion detection system. The intrusion detection system comprising: an input port configured to detect signals capable of manipulating an Internet of Things (IoT) device, being received from external sources; and an intrusion analyzer in communication with the input port. The intrusion analyzer is configured to: analyze the detected signals using an intrusion analyzer, wherein the intrusion analyzer utilizes the dataset for detecting a threat; reduce false positives upon detecting, by the intrusion analyzer, the threat in the analyzed signals; re-analyze the detected signals using ensemble models, when the intrusion analyzer fails to detect the threat; and reduce the false positives and update the dataset upon detecting the threat by the ensemble models.
[007] Embodiments in accordance with the present invention provide a method for evaluating a dataset for detecting intrusion in an Internet of Things (IoT) environment using a system, the method comprising steps of detecting signals, at an input port of an intrusion detection system, capable of manipulating an Internet of Things (IoT) device, being received from external sources; analyzing the detected signals using an intrusion analyzer, wherein the intrusion analyzer utilizes the dataset for detecting a threat; reducing false positives upon detecting, by the intrusion analyzer, the threat in the analyzed signals; re-analyzing the detected signals using ensemble models, when the intrusion analyzer fails to detect the threat; and reducing false positives and updating the dataset upon detecting the threat by the ensemble models.
[008] Embodiments of the present invention may provide a number of advantages depending on their particular configuration. First, embodiments of the present application may provide a system and a method for evaluating a dataset for detecting intrusion in an Internet of Things (IoT) environment.
[009] Next, embodiments of the present application may provide an intrusion detection system for detecting intrusion in an Internet of Things (IoT) environment.
[0010] Next, embodiments of the present application may provide a system for evaluating a dataset for detecting intrusion in an Internet of Things (IoT) environment capable of continuously monitoring an Internet of Things (IoT) environment in real-time to provide immediate alerts and responses to potential security threats.
[0011] Next, embodiments of the present application may provide a system for evaluating a dataset for detecting intrusion in an Internet of Things (IoT) environment that incorporates adaptive learning algorithms for enabling the intrusion detection system to dynamically adjust its intrusion detection mechanisms based on evolving threats and changing IoT network dynamics.
[0012] Next, embodiments of the present application may provide a system for evaluating a dataset for detecting intrusion in an Internet of Things (IoT) environment that minimizes computational overhead and energy consumption while maintaining high detection efficacy.
[0013] These and other advantages will be apparent from the present application of the embodiments described herein.
[0014] The preceding is a simplified summary to provide an understanding of some embodiments of the present invention. This summary is neither an extensive nor exhaustive overview of the present invention and its various embodiments. The summary presents selected concepts of the embodiments of the present invention in a simplified form as an introduction to the more detailed description presented below. As will be appreciated, other embodiments of the present invention are possible utilizing, alone or in combination, one or more of the features set forth above or described in detail below.
BRIEF DESCRIPTION OF THE DRAWINGS
[0015] The above and still further features and advantages of embodiments of the present invention will become apparent upon consideration of the following detailed description of embodiments thereof, especially when taken in conjunction with the accompanying drawings, and wherein:
[0016] FIG. 1 illustrates a block diagram of a system for evaluating a dataset to detect intrusion in an Internet of Things (IoT) environment, according to an embodiment of the present invention;
[0017] FIG. 2 illustrates a block diagram of an intrusion analyzer, according to an embodiment of the present invention; and
[0018] FIG. 3 depicts a flowchart of a method for evaluating the dataset for detecting intrusion in an Internet of Things (IoT) environment using a system, according to an embodiment of the present invention.
[0019] The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word "may" is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include”, “including”, and “includes” mean including but not limited to. To facilitate understanding, like reference numerals have been used, where possible, to designate like elements common to the figures. Optional portions of the figures may be illustrated using dashed or dotted lines, unless the context of usage indicates otherwise.
DETAILED DESCRIPTION
[0020] The following description includes the preferred best mode of one embodiment of the present invention. It will be clear from this description of the invention that the invention is not limited to these illustrated embodiments but that the invention also includes a variety of modifications and embodiments thereto. Therefore, the present description should be seen as illustrative and not limiting. While the invention is susceptible to various modifications and alternative constructions, it should be understood, that there is no intention to limit the invention to the specific form disclosed, but, on the contrary, the invention is to cover all modifications, alternative constructions, and equivalents falling within the scope of the invention as defined in the claims.
[0021] In any embodiment described herein, the open-ended terms "comprising", "comprises”, and the like (which are synonymous with "including", "having” and "characterized by") may be replaced by the respective partially closed phrases "consisting essentially of", “consists essentially of", and the like or the respective closed phrases "consisting of", "consists of”, the like.
[0022] As used herein, the singular forms “a”, “an”, and “the” designate both the singular and the plural, unless expressly stated to designate the singular only.
[0023] FIG. 1 illustrates a block diagram of a system 100 for evaluating a dataset 102 to detect intrusion in an Internet of Things (IoT) environment. The system 100 may comprise an Intrusion Detection System (IDS) 104 (hereinafter referred to as the “IDS 104”) for detecting intrusion in the Internet of Things (IoT) environment according to an embodiment of the present invention. In an embodiment of the present invention, the IDS 104 may distinguish itself by leveraging the Internet of Things (IoT) specific datasets that may accurately represent the complexities of IoT-generated traffic. By training on authentic Internet of Things (IoT) data, the IDS 104 enhances its ability to differentiate between normal and malicious activities, reducing false positives and negatives.
[0024] In an embodiment of the present invention, the IDS 104 may employ advanced detection techniques such as, but not limited to, a signature-based detection, an anomaly-based detection, a deep learning to enhance accuracy and efficiency in identifying cyber threats. The IDS 104 may continuously learn and evolve to adapt to emerging threats and the evolving Internet of Things (IoT) environment through adaptive learning, dynamic updating, and self-learning capabilities. In an embodiment of the present invention, the IDS 104 may be designed for seamless integration into existing Internet of Things (IoT) environment and Internet of Things (IoT) infrastructures and scalable deployment across large-scale Internet of Things (IoT) networks.
[0025] The IDS 104 may comprise an input port 106. In an embodiment of the present invention, the input port 106 may be in communication with the Internet of Things (IoT) devices 108a-108n (hereinafter referred individually to as the Internet of Things (IoT) device 108, and plurally to as the Internet of Things (IoT) devices 108). The IDS 104 may further comprise an intrusion analyzer 110.
[0026] In an embodiment of the present invention, the input port 106 may be configured to detect the signals capable of manipulating the Internet of Things (IoT) device 108 arranged in the Internet of Things (IoT) environment. The signal may be received from external sources such as an internet, in an embodiment of the present invention. According to embodiments of the present invention, the input port 106 may be, but not limited to, an RJ11 port, a serial port, an airport, a wireless access point, and so forth. Embodiments of the present invention are intended to include or otherwise cover any type of the input port 106, including known, related art, and/or later developed technologies. The Internet of Things (IoT) environment may be a cluster of actively connected Internet of Things (IoT) devices 108. The IDS 104 may further generate alerts upon detecting the threat in the Internet of Things (IoT) environment.
[0027] In an embodiment of the present invention, the IDS 104 may support compatibility with the Internet of Things (IoT) devices 108, protocols, and communication standards. The IDS 104 may be employed in a distributed architecture and parallel processing techniques to handle large volumes of data and accommodate the growing scale of Internet of Things (IoT) deployments. In an embodiment of the present invention, the Internet of Things (IoT) device 108 may be a smart device connected to a network. The Internet of Things (IoT) device 108 may be connected with the IDS 104 in such a manner that the signals being received from an external source (Internet) may first be rectified by the IDS 104, and upon clearance of the signals as safe, the signals may further proceed to the Internet of Things (IoT) device 108.
[0028] According to embodiments of the present invention, the Internet of Things (IoT) device 108 may be, but not limited to, a smartphone, a computer, a mainframe, a server, a smart speaker, a smart home automation kit, a smart display, and so forth. Embodiments of the present invention are intended to include or otherwise cover any Internet of Things (IoT) device 108, including known, related art, and/or later developed technologies.
[0029] In an embodiment of the present invention, the intrusion analyzer 110 may be a processor that may be configured to execute computer-executable instructions to generate an output relating to the system 100. The intrusion analyzer 110 may be adapted to be in communication with the input port 106, in an embodiment of the present invention. According to embodiments of the present invention, the intrusion analyzer 110 may be, but not limited to, a Programmable Logic Control (PLC) unit, a microprocessor, a development board, and so forth. Embodiments of the present invention are intended to include or otherwise cover any type of the intrusion analyzer 110 including known, related art, and/or later developed technologies. In an embodiment of the present invention, the intrusion analyzer 110 may further be explained in conjunction with FIG. 2.
[0030] In an embodiment of the present invention, the intrusion analyzer 110 may be adapted to intercept the signals that may be received by the input port 106 from the external source. The intrusion analyzer 110 may further detect the threat in the signals, in an embodiment of the present invention. The intrusion analyzer 110 may compare signal data with the dataset 102 for the detection of threats in the signals, in an embodiment of the present invention. In another embodiment of the present invention, the intrusion analyzer 110 may be unable to detect any threat in the signals, the received signals may be re-analyzed using ensemble models. According to embodiments of the present invention, the ensemble models comprise machine learning algorithms such as, but not limited to, decision trees, random forests, support vector machines, neural networks, and so forth. Embodiments of the present invention are intended to include or otherwise cover any machine learning algorithms that may be enveloped in the ensemble models, including known, related art, and/or later developed technologies.
[0031] According to embodiments of the present invention, the dataset 102 may be preprocessed by preprocessing techniques such as, but not limited to, a cleaning of the dataset 102, a normalization of the dataset 102; a filtration of the dataset 102, a removal of noise from the dataset 102, and so forth. Embodiments of the present invention are intended to include or otherwise cover any preprocessing techniques for preprocessing of the dataset 102, including known, related art, and/or later developed technologies. In another embodiment of the present invention, the dataset 102 may be updated periodically using a data randomizer.
[0032] FIG. 2 illustrates a block diagram of the intrusion analyzer 110 of the IDS 104, according to an embodiment of the present invention. The intrusion analyzer 110 may comprise the computer-executable instructions in form of programming modules such as a data detection module 200, a data analysis module 202, a data reduction module 204, and an alert generation module 206.
[0033] In an embodiment of the present invention, the data detection module 200 may be configured to detect the signals capable of manipulating the Internet of Things (IoT) device 108. The signals may be received from the external source (maybe the Internet), in an embodiment of the present invention. In an embodiment of the present invention, the data detection module 200 may further be configured to transmit the received signals to the data analysis module 202.
[0034] In an embodiment of the present invention, the data analysis module 202 may be activated upon receipt of the signals from the data detection module 200. The data analysis module 202 may be configured to analyze the detected signals using the intrusion analyzer 110. The intrusion analyzer 110 may utilize the dataset 102 for detection of the threat, in an embodiment of the present invention. Upon analysis of the detected signals using the dataset 102, the data analysis module 202 may transmit a first reduction signal to the data reduction module 204.
[0035] In another embodiment of the present invention, if the intrusion analyzer 110 fails to detect the threat, then the detected signals may be re-analyzed by the data analysis module 202 using ensemble models. Upon analysis of the detected signals using the ensemble models, the data analysis module 202 may transmit a second reduction signal to the data reduction module 204.
[0036] In an embodiment of the present invention, the data reduction module 204 may be activated upon receipt of the first reduction signal from the data analysis module 202. The data reduction module 204 may be configured to reduce the false positives upon detecting the threat in the signals analyzed by the intrusion analyzer 110, in an embodiment of the present invention.
[0037] In an embodiment of the present invention, the data reduction module 204 may be activated upon receipt of the second reduction signal from the data analysis module 202. The data reduction module 204 may be configured to reduce false positives and update the dataset 102 upon detecting the threat by the ensemble models, in an embodiment of the present invention.
[0038] After the reduction of the false positives, the data reduction module 204 may transmit an alert generation signal to the alert generation module 206.
[0039] In an embodiment of the present invention, the alert generation module 206 may be activated upon receipt of the alert generation signal from the data reduction module 204. The alert generation module 206 may be configured to generate the alerts upon detecting the threat on the Internet of Things (IoT) environment, in an embodiment of the present invention.
[0040] FIG. 3 depicts a flowchart of a method 300 for evaluating the dataset 102 for detecting the intrusion in the Internet of Things (IoT) environment using the system 100.
[0041] At step 302, the system 100 may detect the signals, at the input port 106 of the IDS 104, capable of manipulating the Internet of Things (IoT) device 108.
[0042] At step 304, the system 100 may enable the IDS 104 to analyze the detected signals using the intrusion analyzer 110. The intrusion analyzer 110 may utilize the dataset 102 for detecting the threat.
[0043] At step 306, the system 100 may check if the threat is detected. The system 100 may proceed to step 308 upon detecting the threat. Otherwise, the system 100 may proceed to step 310.
[0044] At step 308, the system 100 may enable the intrusion analyzer 110 to reduce false positives upon detecting the threat in the analyzed signals, and the system 100 may proceed to step 316.
[0045] At step 310, the system 100 may re-analyze the detected signals using the ensemble models when the intrusion analyzer 110 fails to detect the threat.
[0046] At step 312, the system 100 may check if the threat is detected by using the ensemble models. The system 100 may proceed to step 314 upon detecting the threat. Otherwise, the system 100 may return to step 302.
[0047] At step 314, the system 100 may reduce the false positives and update the dataset 102 upon detecting the threat by the ensemble models.
[0048] At step 316, the system 100 may generate the alerts upon detecting the threat in the Internet of Things (IoT) environment.
[0049] While the invention has been described in connection with what is presently considered to be the most practical and various embodiments, it is to be understood that the invention is not to be limited to the disclosed embodiments, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the scope of the appended claims.
[0050] This written description uses examples to disclose the invention, including the best mode, and also to enable any person skilled in the art to practice the invention, including making and using any devices or systems and performing any incorporated methods. The patentable scope of the invention is defined in the claims, and may include other examples that occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if they have structural elements that do not differ from the literal language of the claims, or if they include equivalent structural elements within substantial differences from the literal languages of the claims. , Claims:CLAIMS
I/We Claim:
1. A system (100) for evaluating a dataset (102) for detecting intrusion in an Internet of Things (IoT) environment, the system (100) comprising:
an intrusion detection system (104), characterized in that the intrusion detection system (104) comprising:
an input port (106) configured to detect signals capable of manipulating an Internet of Things (IoT) device (108a-108n), being received from external sources; and
an intrusion analyzer (110) in communication with the input port (106), wherein the intrusion analyzer (110) is configured to:
analyze the detected signals using an intrusion analyzer (110), wherein the intrusion analyzer (110) utilizes the dataset (102) for detecting a threat;
reduce false positives upon detecting, by the intrusion analyzer (110), the threat in the analyzed signals;
re-analyze the detected signals using ensemble models, when the intrusion analyzer (110) fails to detect the threat; and
reduce the false positives and update the dataset (102) upon detecting the threat by the ensemble models.
2. The system (100) as claimed in claim 1, wherein the dataset (102) is preprocessed by preprocessing techniques selected from a cleaning of the dataset (102), a normalization of the dataset (102); a filtration of the dataset (102), a removal of noise from the dataset (102), or a combination thereof.
3. The system (100) as claimed in claim 1, wherein the dataset (102) is updated periodically using a data randomizer.
4. The system (100) as claimed in claim 1, wherein the ensemble models comprise machine learning algorithms such as decision trees, random forests, support vector machines, neural networks, or a combination thereof.
5. The system (100) as claimed in claim 1, wherein the Internet of Things (IoT) devices (108a-108n) are selected from a smartphone, a computer, a mainframe, a server, a smart speaker, a smart home automation kit, a smart display, or a combination thereof.
6. A method (300) for evaluating a dataset (102) for detecting intrusion in an Internet of Things (IoT) environment using a system (100), the method (300) characterized by steps of:
detecting signals, at an input port (106) of an intrusion detection system (104), capable of manipulating an Internet of Things (IoT) device (108a-108n), being received from external sources;
analyzing the detected signals using an intrusion analyzer (110), wherein the intrusion analyzer (110) utilizes the dataset (102) for detecting a threat;
reducing false positives upon detecting, by the intrusion analyzer (110), the threat in the analyzed signals;
re-analyzing the detected signals using ensemble models, when the intrusion analyzer (110) fails to detect the threat; and
reducing false positives and updating the dataset (102) upon detecting the threat by the ensemble models.
7. The method (300) as claimed in claim 6, wherein the dataset (102) is preprocessed by preprocessing techniques selected from a cleaning of the dataset (102), a normalization of the dataset (102); a filtration of the dataset (102), a removal of noise from the dataset (102), or a combination thereof.
8. The method (300) as claimed in claim 6, wherein the dataset (102) is updated periodically using a data randomizer.
9. The method (300) as claimed in claim 6, wherein the ensemble models comprise machine learning algorithms such as decision trees, random forests, support vector machines, neural networks, or a combination thereof.
10. The method (300) as claimed in claim 6, comprising a step of generating alerts upon detecting the threat in the Internet of Things (IoT) environment.

Date: April 24, 2024
Place: Noida

Dr. Keerti Gupta
Agent for the Applicant
(IN/PA-1529)