From GPUs to Raspberry Pi

Downsizing our AI algorithm to detect IoT cyberattacks.

TL;DR Success with Pi 4B, Minifying to Pico!

• Our team tries to prevent smart devices from cyberattacks. Especially industrial devices like temperature/pH sensors at water/food processing facilities.

• Since we have to protect small smart devices, large neural networks won’t work. Instead, we prototyped bio-inspired and classical ML algorithms.

• We just ran our first successful test on a smart device! We had a Raspberry Pi 4B predict that me watching Youtube videos isn’t a cyberattack 🙃 We’re now shrinking our data processing to work on a 15x cheaper microcontroller.

8x speed. The orange light shows the Raspberry Pi monitoring data being sent around it (in this case, from my wifi router to my phone). Then, red/green flashes show a packet detected from a hacker/normal user. I made the algorithm 10x more sensitive to force a red flash.

---

Behind the Scenes: Data Processing

This is the hardest part of the entire algorithm. We have to measure about 50 statistics about the network data detected. This is hard to do by hand, so we use a Python library called scapy. It puts the Raspberry Pi in ‘monitoring mode’ (so that the wifi card on the Raspberry Pi tracks all data being sent around it).

The Python library then saves the extracted statistics into a CSV file on the Raspberry Pi temporarily. The data is eventually backed up onto a MySQL server, currently running on my laptop.

TCP/UDP packets Youtube sends to my phone. Each row is its own network request.

In the meanwhile, the Raspberry Pi locally has a script looking out for the creation of these CSV files. When a new CSV file (new network data) is detected, the Raspberry Pi moves on to the data analysis.

---

Behind the Scenes: Data Analysis

The data analysis is done by a simple negative selection algorithm (NSA).

• For non-technical folks, this algorithm creates 8 example patterns of statistics from normal network requests. It then compares those 8 patterns to incoming network requests. The new network requests are also classified as normal if they’re not too different from the patterns.

• For technical folks, I package numerical features from the CSV file into a row vector of floats. Then, I compute the average Euclidean distance of each row vector to the patterns generated by NSA. If the distance is under some sensitivity threshold, the network request is normal.

Finally, I just configured General Purpose Input Output (GPIO) pins on the Raspberry Pi to light up some LEDs to indicate the results of the network request analysis for demo purposes! In the future, the pin setup will be more complicated since the wifi card will be separate from the microcontroller that’s analysing data 😖

---

That’s it on our end for now! Next, we’ll create our own data processing script that can be uploaded to a microcontroller, since scapy takes megabytes of data just to store 😭