Browse Prior Art Database

ADAPTIVE LEARNING MODEL FOR APPLICATION-BASED TRUST AND RISK SCORING USING CONSISTENT PROFILE CREATION

IP.com Disclosure Number: IPCOM000248565D
Publication Date: 2016-Dec-19
Document File: 6 page(s) / 337K

Publishing Venue

The IP.com Prior Art Database

Related People

Omar Santos: AUTHOR [+4]

Abstract

Presented herein is a distributed and dynamic security threat and risk calculation method for Internet of Things (IoT) environments. Dynamic changes of IoT infrastructure are detected, and a "risk score" profile is derived from multiple current or previously known factors about the sensor or previous communication patterns. The risk score is updated and maintained over time. This method allows for enumerating and classifying IoT asset values in large-scale IoT environments by providing an adaptive learning security capability at a fog node that maintains and dynamically learns approved application attributes. The method also allows for ongoing security checks to verify integrity of the data stream at randomized intervals set by the risk tolerance of the application.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 29% of the total text.

Copyright 2016 Cisco Systems, Inc. 1

ADAPTIVE LEARNING MODEL FOR APPLICATION-BASED TRUST AND RISK SCORING USING CONSISTENT PROFILE CREATION

AUTHORS:

Omar Santos Jazib Frahim Yenu Gobena Hazim Dahir

CISCO SYSTEMS, INC.

ABSTRACT

Presented herein is a distributed and dynamic security threat and risk calculation

method for Internet of Things (IoT) environments. Dynamic changes of IoT infrastructure

are detected, and a "risk score" profile is derived from multiple current or previously

known factors about the sensor or previous communication patterns. The risk score is

updated and maintained over time. This method allows for enumerating and classifying

IoT asset values in large-scale IoT environments by providing an adaptive learning

security capability at a fog node that maintains and dynamically learns approved

application attributes. The method also allows for ongoing security checks to verify

integrity of the data stream at randomized intervals set by the risk tolerance of the

application.

DETAILED DESCRIPTION

The majority of sensors today are built with very lightweight protocols and

limited battery life. This trend is likely to continue as sensors become smaller in their

form-factors in order to accommodate a wider set of applications and use-cases.

Consequently, sensors are only able to share limited information about their identity with

the upper layers of the stack when communicating with their first-hop gateway.

Described herein is the inclusion of adaptive machine learning for the purpose of ongoing

risk profiles based on application tolerance. This model focuses on the ability of a fog

Copyright 2016 Cisco Systems, Inc. 2

node to maintain an associated risk profile for all sensors and nodes, and, based on

received data, dynamically adjust a risk score. If the risk score falls out of the tolerance

level of the application, the data should be "quarantined" until trust increases. This ties

together adaptive learning and a first hop security layer while allowing the application to

apply important characteristics aside from the traditional authentication and authorization

initial handshakes.

Some sensors may go dormant for long periods of time, ranging from a couple of

days to months. The reintroduction of these devices can be risky as they could have been

moved or compromised, or a rogue new sensor could have been added either maliciously

or inadvertently. As a large number of sensors are placed in a variety of large-scale

environments, it may become difficult to authenticate and trust individual sensors based

on information carried in the communication exchange.

In some cases, if a sensor is not trusted it may be allowed to connect to the

network, but read and/or read/write access is not given to any applications. The data may

or may not be stored and in some cases that data may be extremely valuable, especially

after the sensor has been identified as a valid communicator to the application.

Presented herein is an adaptive learning securi...