Applying machine learning and data analytics to optimize data security and reliability for M2M and the Internet of Things Mehran Roshandel, Deutsche Telekom AG, Telekom Innovation Laboratories (T-Labs) Telecoms Fraud and Risk Management, 26th - 28th November 2012, Copthorne Tara Hotel, London
30
Embed
Applying machine learning and data analytics to optimize ... · Applying machine learning and data analytics to optimize data security and reliability for M2M and the Internet of
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Applying machine learning and data analytics to optimize data security and reliability for M2M and the Internet of Things Mehran Roshandel, Deutsche Telekom AG, Telekom Innovation Laboratories (T-Labs)
Telecoms Fraud and Risk Management, 26th - 28th November 2012, Copthorne Tara Hotel, London
Telekom Innovation Laboratories 2
M2M related activities at Telekom Innovation Laboratories.
Secure Micro Kernel Secure mobile
middleware World of connected
objects M2M business
enabling demonstrator
Internet of Services/ Internet of
Things
Prototype of home Mgmt. infrastructure
Home Mgmt. Platform Demonstrator
Telco Enabling for the Cloud
Mobile Wallet
Telekom Innovation Laboratories 3 3
Agenda.
Introduction
M2M Key risk indicators
Using machine learning within Deutsche Telekom AG
Forecasting the incidents in IT server farms and it’s financial impact
Assessing risk of financial transactions and it’s financial impact
Summary
Telekom Innovation Laboratories 4
Introduction.
Telekom Innovation Laboratories 5
Time
… every “box” will also be a computer …
Smart & Connected Devices
Security ???
Telekom Innovation Laboratories 6
M2M risk indicators
1. Crime statistics
2. M2M relevant attacks in the past
3. Recent “Hacker Conference” Contributions
Telekom Innovation Laboratories 7
Selected Attacks relevant for M2M communication security between 1997 and 2011
„Criminal Electronic Trespassing“ in Germany
Case Statistics Paragraph 202a StGB
Crime Statistics
M2M relevant Attacks
Hacker Conference
Contributions
M2M risk indicators …
Telekom Innovation Laboratories 8
Cases falling under § 202a StGB in Germany
Source: Bundeskriminalamt, Germany
1
10
100
1000
10000
100000
1990 1995 2000 2005 2010
Year
Cas
es
„Criminal Electronic Trespassing“ statistics in Germany A „Moore„s law of hacking“?
Telekom Innovation Laboratories 9
Chaos Communication Camp 2011 - hunz
Machine-to-machine (M2M) security
…Smart Meter Hack provides SSL access to backend systems …
Chaos Communication Camp 2011- hunz
Machine-to-machine (M2M) security
… access vendor network & other cars using a hacked GSM motor module …
Chaos Communication Camp 2011- Karsten Nohl & Luca Melette
The data privacy guidelines of Deutsche Telekom is more restrictive as required by law.
Machine learning algorithms are focusing only on learning patterns, which will be used for classification of behavior.
Personal data or business critical data will require anonymization or pseudonymization before processing. This applies to all examples presented in this talk.
Germany has one of the best (strongest) data privacy rules.
Telekom Innovation Laboratories 16
Using machine learning within Deutsche Telekom AG
Forecasting the incidents in IT server farms: Project: Anomaly detection in IT server farms (ADIT)
Telekom Innovation Laboratories 17
Forecasting the incidents in IT server farms. Challenges for IT service management.
Privacy preserving information acquisition, processing, and exploitation.
Anomaly detector
plugins
Telekom Innovation Laboratories 20
Anomalies in IT servers. Example: Early detection of a real incident. Real incident (INC-2012-CW05-1) was early (>7 hours before) detected via feature “CPUUser”.
Payment anomalies (Avoidance of potential loss of money)
Types of attacks or anomalies
Telekom Innovation Laboratories
The blue curve shows the historical trend of potential losses in 2011 without advanced risk management
The red curve shows the estimated potential losses with machine learning based risk management.
Financial savings in 2011
Business impact of machine learning based system on financial transaction system
26
Telekom Innovation Laboratories
Results of machine learning based risk management. Accuracy of 84% as shown in proof-of-concept.
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
WTP
R
FPR
Weighted ROC (transactions 10Euros and up)
ROC: Receiver Operating Characteristic
WTPR: Weighted True Positive Rate
FPR: False Positive Rate
WTPR = 84% at FPR = 10%
Evaluation: Over 85 weeks, customer subset
27
Telekom Innovation Laboratories 28
Summary.
Avoiding of Risk
Monitoring
Machine
Learning
M2M
Telekom Innovation Laboratories
Growing of M2M technologies increase the need of security and risk management.
Since many new types of devices are involved in M2M communication, there arise new complex forms of M2M relationship and risk scenarios which can not be completely described only by rule based systems.
The application of machine learning based systems can help where classical (security and cryptographic) methods fail or have their limits.
The introduced examples have shown that machine learning algorithms provide detection mechanisms that discovers anomalies and/or risks that can only be covered by these new technology.
Due to the consequent use of machine learning based risk detection financial losses are preventable beyond the opportunities of traditional detection solutions.
Machine Learning helps to break the limits of traditional monitoring & risk management systems