SilentDefender
The pace of IoT and IIoT innovation combined with the myriad of unfamiliar operating systems, untraceable supply chains, and covert communications has led to a fundamental lack of trust with these devices. This is driving a new generation of approaches to network security through use of machine learning techniques to keep pace with emerging threats and attacks, zero-days, and hybrid attacks.
SilentDefender is a Python based machine learning software product for understanding aberrant behavior while passively monitoring a local network. The solution follows an Active Cyber Defense approach following concepts developed by DARPA and the US Air Force. Through passive asset identification, network monitoring and machine learning; Silent Defender seeks to understand the relationship between devices on the local network, as well as ingress and egress behaviors to identify, report, and alert on anomalies and indicators of malicious behavior.
Discover new IoT/IIoT device on network
Ingress/Egress Communications to a New Country
New ICS/IoT/IIoT behavior
New Interconnectivity Communication between devices
IoT Device Transparency beyond manufacturer
Unique/Odd connections not previously observed since last ML baseline
Network behaviors outside normally observed times of day
Protocol Deviation for Device
Originally developed to run efficiently on a Raspberry Pi, current iterations run on a Raspberry Pi4. As a result of this efficient design, the solution is easily portable to other Linux platforms that support Python. It also incorporates our extensive research as highlighted in our book titled “Defending IoT Infrastructures with the Raspberry Pi” and also our presentations at conferences including RSA and DEF CON.
