AWS Launches IoT Device Defender ML Detect

AWS IoT Device Defender Machine Learning Detect and Mitigation - ML Detect - allows you to create Security Profiles that include ML models of expected device behaviors built on historical device data automatically, and designate these profiles to a group of devices.

Recently, Amazon announced AWS IoT Device Defender Machine Learning Detect and Mitigation - ML Detect, which is a new feature that automatically detects IoT device-level operational and security anomalies using learnings from past device data.

Now you can use AWS IoT Device Defender’s Rules Detect feature to manually set static alarms. The new feature ML Detect makes this easier by automatically setting your devices' expected behavior. You are not required an in-depth understanding of how your devices behave over a range of metrics to get started like messages sent, disconnect frequency, and bytes in/out.

ML Detect also makes automatic updates to the likely behavior based on new data trends caused by seasonality and other changing factors.

ML Detect supports six cloud-side metrics for near-real-time continuous monitoring and applies ML algorithms to inference if there is an anomaly in metric datapoints. The feature also provides confidence level HIGH/MEDIUM/LOW in ML alarm notifications.

Source: AWS

In the initial ML training period, ML Detect aggregates a minimum of 25,000 data points per metric for 14 days across your devices. And at the initial model creation, it will begin identifying device behavior anomalies. Once  the initial model is created,  the feature retrains the model everyday with a minimum of 25,000 datapoints per metric in order to refresh the expected device behaviors based on the latest trailing 14 days.

ML Detect makes use of the same alarm mechanism as AWS IoT Device Defender Rules Detect, including Amazon SNS notification integration.