HawkEyeOT

Inspiration

As technology continues to evolve, smart devices are becoming an integral part of everyday life, from home devices like thermostats and refrigerators to industrial systems such as lighting systems and automation sensors. These interconnected devices, forming the Internet of Things (IoT), have great potential to make our lives better. However, as the number of connected devices increase, so does the risk of cyber threats, particularly within critical infrastructure. As a result, the need for protection in these devices is greater than ever.

What it does

HawkEyeOT uses machine learning algorithms to monitor the behavior of IoT devices in real-time, particularly those using the Modbus protocol. By detecting any unusual activity or suspicious behavior across a wide range of Modbus-based devices, we are able to detect any potential cyber attacks, alerting users and containing the threat before it can compromise key systems. With its user-friendly interface, HawkEyeOT makes it easy to quickly identify and respond to any attack attempts, ensuring the security of industrial and infrastructure IoT devices.

How we built it

We started by obtaining our data from the ToN_IoT dataset, a dataset of industrial IoT device data specifically designed for training cybersecurity AI models. The data includes a variety of IoT device behaviors and attack labels, which we used to train our threat detection system.

For our machine learning model, we used scikit-learn's Random Forest algorithm, which allowed us to build a model capable of detecting potential threats in Modbus-based IoT devices. The data was preprocessed by cleaning and normalizing the features to ensure the model could make accurate predictions, even with noisy data.

On the frontend side, we used Bootstrap to ensure a responsive, user-friendly interface. Flask was chosen as the backend framework for its simplicity and scalability, while Vis.js was employed to create an interactive visualization of IoT device statuses and threat detection alerts. The result is an easy-to-use dashboard that allows users to view and respond to potential threats in real-time.

Challenges we ran into

Our first major challenge was finding a suitable dataset, as one was not provided. After considerable research, we identified the ToN_IoT dataset, which offered the data needed to train our model for detecting cyber attacks in IoT environments.

Another significant challenge was dealing with the highly imbalanced dataset. The majority of the data was labeled as "normal" (i.e., no attacks), which caused many machine learning models to predict “no attacks” for most of the data, resulting in deceptively high accuracy. However, this led to poor performance in detecting actual attacks. We explored techniques like SMOTE (Synthetic Minority Over-sampling Technique) and adjusting class weights to handle the imbalance. Despite these efforts, these methods proved to be both memory- and time-intensive, and ultimately, we found that Random Forests performed better for our needs. Random Forests handled the class imbalance more effectively and delivered strong results without the computational overhead.

Finally, we encountered difficulties with frontend development, particularly in getting our trained model to run and provide real-time predictions within the constraints of JavaScript. Integrating the model seamlessly into the frontend and ensuring that cyber attack detection results were displayed promptly and interactively was difficult, especially given our limited experience with web development frameworks.

Accomplishments that we're proud of

I'm proud to have successfully developed a working prototype of a system I think would be very useful for industrial IoT cybersecurity. One of the key achievements I'm particularly proud of is the seamless integration of our machine learning model into the frontend. Despite our limited experience with frontend development, we were able to create a user-friendly dashboard that displays simulated real-time attack detection results.

Additionally, I'm also proud that we were able to balance performance and efficiency effectively. Our decision to use Random Forests, after exploring several other options, resulted in a solution that is both fast and practical for real-world IoT applications, ensuring both accuracy and scalability.

What we learned

This project provided valuable learning experiences, particularly in frontend and machine learning development. One of the key takeaways was learning how to handle unbalanced datasets when developing machine learning models. We also gained insights into the advantages and limitations of various machine learning algorithms, which helped us make informed decisions for the task at hand.

On the frontend side, we learned how to build user-friendly websites and how to effectively integrate the frontend with the backend using Flask. This experience expanded our understanding of full-stack development, allowing us to create a seamless and interactive user interface that communicates efficiently with the model.

What's next for HawkEyeOT

Looking ahead, the next step for HawkEyeOT is to expand its capabilities even further. While we’ve successfully demonstrated cyber attack detection on Modbus-based IoT devices, the goal is to broaden this to include other industrial IoT devices that use non-Modbus protocols. Additionally, incorporating home IoT devices—such as washing machines, refrigerators, and smart thermostats—would significantly enhance HawkEyeOT’s usefulness. Our user-friendly interface would be especially valuable for consumers who may not be well-versed in the technical aspects of IoT security.

Lastly, before HawkEyeOT can be considered a fully realized product, ensuring strong security for HawkEyeOt itself will be critical. We plan to implement additional security measures to safeguard the system from potential cyber threats, ensuring it remains protected from malicious actors and can report accurately on the status of the network.

Built With

• flask
• html
• javascript
• matplotlib
• numpy
• pandas
• python
• scikit-learn
• tensorflow
• ton-iot
• vis.js