Scientists at the North Caucasus Federal University have developed a problem-oriented system for monitoring and responding to attacks in the Internet of Things environment. The security shield development project was implemented with the support of the Russian Science Foundation (grant No. 24-21-00481 on the topic "Methods of countering multi-vector attacks on decentralized Internet of Things systems").

The Internet of Things, with its smart devices and services, has now covered key areas in our daily lives, including industry, medicine, agriculture, smart homes and cities, transportation, and robots. However, such devices create new vulnerabilities and multi-vector attacks are particularly dangerous, in which attackers combine various methods of influence. NCFU scientists have begun to develop comprehensive safety monitoring systems capable of detecting anomalies of a heterogeneous nature in real time.

– The Internet of Things has turned everything around, from home kettles to medical pacemakers, into a single network, but there is a trap in this connectivity: modern cyber attacks have become like complex viruses that attack the system from different sides simultaneously, disguising themselves as the normal operation of devices. We have developed a kind of collective digital immunity for the Internet of Things. In the developed system, instead of pulling all the data into a single center, we "train" the devices themselves to distinguish normal behavior from anomalies right on the spot. This allows you to block even the most sophisticated attacks with 95% accuracy," said Fariza Tebueva, Doctor of Physico-Mathematical Sciences, Professor of Computational Mathematics and Cybernetics at the Faculty of Mathematics and Computer Science named after Professor N.I. Chervyakov.

The system developed by NCFU scientists works like a living organism: it notices even the slightest deviations in the "behavior" of devices, which may be a sign of an attack. Devices learn to recognize danger together, sharing only experience. If one device encounters a new threat, information about it is instantly transmitted throughout the network, and after 5 seconds all other devices "produce antibodies," the authors of the development explained.

Scientists have developed a solution that integrates three key components: federated training, which allows distributed nodes to collectively train attack detection models without exchanging confidential data, deep autoencoders to detect hidden anomalies, and a distributed registry to coordinate responses. Such an integrated approach will simultaneously solve the problems of data distribution, detecting unknown threats and ensuring trust in the absence of centralized management.

The architecture of the system includes three levels: devices with local detection models, an aggregator server for coordinating training, and a distributed registry for exchanging information about attacks. The mathematical model formalized the processes of learning, detection and response, and also defined the criteria for the effectiveness of the system.

The team of scientists also conducted experimental studies that confirmed the high effectiveness of the proposed approach. The developed problem-oriented system has demonstrated 95% accuracy in detecting attacks, which is comparable to centralized solutions. The balanced metric of accuracy and completeness of cyberattack detection (F1 measure) has also improved. At the same time, the resource costs correspond to the limitations of smart devices.

Architecture development itself can be applied in industrial IoT, smart cities and medical networks. In addition, the conducted research has confirmed the possibility of creating effective distributed security systems for the Internet of Things, combining high detection accuracy with data confidentiality and fault tolerance.