As offensive tooling becomes increasingly autonomous, the line between detection and prevention keeps moving. My current focus is building systems that learn the intent behind an attack rather than the signature.
The IoT Security Problem
Traditional signature-based detection fails against evolving botnets. IoT devices lack the compute for local analysis, so detection must happen at the edge gateway or in the cloud—where latency matters.
Graph-Based Approach
I modelled each device as a node and communication events as edges. Features include:
- Temporal: packet intervals, burst patterns, time-of-day distributions
- Spatial: peer connectivity, hierarchical clustering coefficients
- Behavioral: protocol anomalies, failed authentication attempts
Training on Real Traffic
Using a labeled dataset of Mirai and Bashlite variants, I trained a Graph Attention Network that achieved:
- 97.2% detection accuracy
- Sub-100ms inference time per batch
- Zero false positives on benign firmware updates
Deployment Considerations
The model runs on gateway hardware (ARM Cortex-A72) and pushes alerts to a central SIEM. Explainability modules highlight which nodes triggered the alarm, giving SOC teams actionable intelligence instead of black-box verdicts.