| CPC H04L 63/1416 (2013.01) [G16Y 40/50 (2020.01); H04L 41/16 (2013.01)] | 20 Claims |
|
1. A A method for detecting code injection activity in Internet-of-Things (IoT) devices by a machine learning based platform comprising:
determining, by a verification system, baseline information about an IoT device,
wherein the baseline information comprises:
information about a first aspect of the IoT device, the first aspect represented by at least a value corresponding to a compiled binary code of the IoT device, and
information about a second aspect of the IoT device representing an expected behavior of the IoT device;
detecting a state change of the IoT device, wherein the state change comprises at least one of: a change to the compiled binary code of the IoT device or a change to interpreted code run on the IoT device;
responsive to the state change of the IoT device, appending, by the verification system, a current-state block representing the state change to a prior-state block representing a previous state of the IoT device in a blockchain,
wherein the current-state block comprises a payload that carries information corresponding to at least one of the first aspect or the second aspect of the IoT device; and
detecting whether a suspicious attack has occurred by comparing the payload of the current-state block to the baseline information.
|