Abstract

A rapid increase in the use of the Internet of Things (IoT) devices by corporates and consumers
are changing the topology of the Internet. The design of IoT devices has often been centered
on completing functional requirements (⇝ observing, remote controlling), but has sporadically
ignored security requirements.
Recently, due to the increase in cyber-attacks on IoT devices, researchers have focused on
finding alternative machine-learning solutions. LogBERT is a newdeep-learning approach based
on the BERT algorithm, which has shown promising results in identifying anomalies in computer
logs. LogBERT incorporates two self-learning tasks, Masked Log Key Prediction (MLKP)
and Volume of Hypersphere Minimization (VHM). MLKP predicts random log keys and learns
contextual information about log sequences while VHM maps the data in a hypersphere where
the normal data are concentrated around the center and the abnormal data far from the center.
After training LogBERT on normal data, the LogBERT algorithm can identify the abnormal data
which deviate from the normal learned path.
In light of the positive results shown in computer logs, we propose to extend the usage of the
LogBERT algorithm in IoT data. Our experiment is based on using real-life data which we generated
by exploiting the six most common IoT devices; an indoor camera, outdoor camera, DVR,
two different home routers, and a smart light bulb, using three different malware that has different
architectures but similar exploitation techniques; Mirai botnet, RouterSploit, and UFONet.
Our experiment showed that LogBERT can be used for anomaly detection in IoT devices and that
it achieves better results than some existing machine or deep learning approaches.