Segmentation of Illicit Behaviour in IoT via Artificial Immune Systems

Abstract

In recent years due to the increasing number of devices connected to the Internet in what is known as the era of the Internet of Things, the number of potential vulnerabilities has also increased. Various anomaly detectors and malicious behaviour classification algorithms have been proposed. Still, in unsupervised training scenarios, the artificial intelligence models focus on detecting anomalies and do not differentiate between different behaviour patterns. To improve the level of detail for these systems (be able to define entities and group events/messages into homogeneous behaviours) the application of optimization mechanisms based on artificial immune systems (aiNet) in clustering algorithms is proposed. The proposed pipeline is comprised of artificial immune systems (aiNet) for generating a first set of detectors, a distance based clustering method (K-means) for redistributing these detectors and a density-based clustering method (DBSCAN or OPTICS) for refining this clustering and enabling behavioural segmentation. The system is parametrizable to adapt to the requirements of the search being carried out. In addition, the use of public databases has been made to develop the behaviour extraction model and validate the results with the algorithms for the classification of malicious behaviours and entity identification already available.