Closing the Loop: An Access-Control Architecture for Automated, Anomaly-Driven Network Revocation in IoT Deployments
Automatically kicking compromised IoT devices off the network in milliseconds
When an IoT device starts behaving suspiciously, security systems can now detect it and boot it from the network in about a third of a second—without needing specialized equipment. The system uses standard protocols already installed in most networks, combines three different detection methods into a single model, and can permanently revoke a device's access while also disconnecting its active session.
IoT botnets and compromised sensors cause real damage because suspicious devices typically stay connected until someone manually investigates. This approach stops an infected device in under 400 milliseconds, severely limiting the window for attack. It works with off-the-shelf equipment, making it practical for hospitals, factories, and offices to deploy today rather than waiting for networks to upgrade.