The Internet is a powerful interconnection of computers, servers, and other peripheral devices. The connection of these devices allows information to be stored, shared, and used faster than at any point in history. As the Internet grows, the types of
devices that are connected to it are changing and increasing in functionality. The advent of the increased functionality of technology has allowed many atypical devices such as thermostats, wireless outlets, and other devices to be connected to the Internet. The connection of these devices has helped better the average user’s everyday life as they have more control over their devices. For example, a programmable thermostat can help maintain a low energy bill by allowing the user to maintain the temperature of their home via a smartphone. While the interconnectedness of multiple devices to the Internet is very beneficial, the fast paced changes makes for many unknowns. One such unknown is howthese devices could be used to attack and corrupt a network, and the impact these devices could have on cyber security. The Internet of Things is the study of non-typical devices connected to a network and the adverse effects these devices can have on the integrity of a network. When a new device is added to a network it creates new attack vectors, which are paths of means by which a hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome. The greater the number of attack vectors the larger the attack surface, a collection of attack vectors where an unauthorized user can enter or extract data. A larger attack surface will make it more difficult to determine the presence of an infiltration or exfiltration of data by the hacker because there will be more areas of weaknesses within a system from which the hacker could gain access.It has become problematic to detect cyber-attacks by conventional techniques because of the large amount of data that is recorded within a network. Typically, when an attack happens, there are a set of protocols that are followed which are outlined by the National Institute of Standards Technology (NIST) for recording and reporting an attack. The NIST is an organization that promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life (Hernandez). The NIST outlines a set of protocols that are to be followed in the event of a cyber-attack. The NIST dictates the suggested steps for incident response as: preparation, detection and analysis, containment, eradication, and recovery, and post-incident activityThis process is loosely followed by most organization to help secure themselves against cyber-attacks. The first phase of incident response is preparation. Preparation is the process of establishing incident response capabilities so organizations are ready to respond to incidents. In the detection and analysis phase, the network device logs and network flows are examined to determine all of the information from the attack. In a large company these logs can be immense and it can be extremely cumbersome to determine when or how the attack took place. After the analysis and detection phase, the containment, eradication, and recovery phase is immediately enacted. In this phase, companies and entities define acceptable risks in dealing with incidents and develop strategies. It is at this point that they decide how to properly dispense of an attack. The last phase is the post incident response activity where all of the reporting is completed and all of the evidence of the attack is stored. It is typically at this phase where the publicbecomes aware of the attacks and the full affect and techniques used by the attacker are learned. Modern day hackers have become more sophisticated in their attacks, employing more skilled, deliberate, and coordinated attacks in order to exploit companies. They are using a method known as the Advanced Persistent Threat, which is far more severe than a typical attack. Advanced Persistent Threat is dedicated to staying in a system and gaining the most information about the intended target. Once the information is collected, it is passed to a central point where it is analyzed and used for malicious intent. APT attacks require a connection between a group of infected computers within a targeted network which are controlled by a machine outside of the network. It models the command andcontrol architecture that uses a master computer to control the other slave computers. The connection between the computers is hypothesized to be atypical to a networks normal traffic because the amount of information that is being passed during the exfiltration is greater than typical network activity.