Project title:
[EN] Development of a tool for protecting users, systems, and devices of the Internet of Things, based on machine learning and behavioral analysis.
[PL] Budowa narzędzia dedykowanego dla ochrony użytkowników, systemów i urządzeń internetu rzeczy, w oparciu o uczenie maszynowe i analizę behawioralną.

Application number: CYBERCESIDENT/489240/IV/NCBR/2021
Value of the project: 5 811 322,00 PLN
Donation: 5 060 266,00 PLN
Beneficiary: Łukasiewicz Research Network – Institute of Innovative Technologies EMAG (lider) + EFIGO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ + QED Software Sp. z o.o.
Project duration: 2021-07-01 – 2024-06-30
Project realised as a part of: IV konkurs CyberSecIdent – Cyberbezpieczeństwo i e-Tożsamość

The goal of this project is to develop a system for continuous monitoring of IoT devices security. The system architecture and its compatibility with the Android and Linux family systems is assumed to enable implementation on a wide range of IoT devices, particularly devices for remote monitoring of gas, water, heat and electrical energy networks. The solution includes the central point SOC (Security Operations Center) operating in the Software as a Service (SaaS) model and monitoring software (Agent). The Agent’s task is to collect and aggregate data and send them to SOC where advanced security analyses are made with the use of machine learning algorithms. The results are sent back to the Agent. SOC identifies a new threat and informs the Agent about it. The Agent will launch protection measures as well as identify a new threat signature and notify other Agents about it. This way, the Agents will be equipped with the functionality of verifying the system status based on existing signatures and will undertake actions once a threat is detected. SOC will also manage vulnerabilities by evaluating them. Expert vulnerability assessment will allow more effective use of this information in machine learning algorithms. Experts will periodically and incrementally assess past and incoming threats accordingly, which will allow fine-tuning of machine learning algorithms and verification of existing threat assessments and anomalies. The project particular plan is to prepare for implementation an installation-ready system. The system will be implemented on devices equipped with the ARM-family processors. An important element of the project is to develop a solution that would guarantee low consumption of electrical energy. This will allow application in devices supplied by low voltage and batteries. Passive cooling will be possible to use as well.