"IoT vulnerability detection" Cross-Reference to Related Applications [0001] The present application claims priority from Australian Provisional Patent Application No 2022903302 filed on 4 November 2022, the contents of which are incorporated herein by reference in their entirety. Technical Field [0002] This disclosure relates to detecting vulnerabilities in an Internet of Things (IoT) network. Background [0003] The Internet of Things (IoT) paradigm has displayed tremendous growth in recent years, leading to innovations such as Industry 4.0 and the emergence of smart environments that improve efficiency, asset management, and facilitate intelligent decision-making. Despite tremendous benefits, they are offset by considerable cybersecurity concerns that arise due to inherent vulnerabilities that hinder the security of IoT ecosystems. Thus, introducing such potentially vulnerable IoT devices to secured environments, such as smart airports would cause new attack surfaces and vectors to exploit them. [0004] Identifying such vulnerabilities in an IoT network is a challenge as existing vulnerability detection methods are not suited for an IoT network, due to the diversity of data, diversity of devices, hardware constraints and complexity. [0005] Any discussion of documents, acts, materials, devices, articles or the like which have been included in the present specification is not to be taken as an admission that any or all of these matters form part of the prior art base or were common general knowledge in the field relevant to the present disclosure as it existed before the priority date of each of the appended claims. [0006] Throughout this specification word “comprise”, or variations such as “comprises” or “comprising”, will be understood to imply the inclusion of a stated element, integer or step, or group of elements, integers or steps, but not the exclusion of any other element, integer or step, or group of elements, integers or steps. Summary [0007] Disclosed herein is a method, system and software that evaluates an IoT network, its component devices and its protocols, by automatically capturing and modelling benign and vulnerable network interactions, to detect unknown vulnerabilities and protect IoT networks against sophisticated cyber-attacks. In other words, the method, system and software described herein assesses IoT networks, by automatically logging and modelling network behaviours to discover unknown vulnerabilities. [0008] A method for detecting an unknown vulnerability in an Internet of Things (IoT) network comprising multiple devices, the method comprising: storing, on a computer-readable medium, transmitted messages generated by the multiple devices in the IoT network and indicative of network interactions between the multiple devices in the IoT network; training a generator deep learning model by repeating the steps of: generating an output message from the generator deep learning model using one of the transmitted messages as input of the generator deep learning model; applying a trained discriminator deep learning model to the output message generated by the generator deep learning model to determine a classification of the output message, the classification being one of (i) the output message was generated by the generator deep learning model or (ii) the output message was generated by the multiple devices in the IoT network; and updating the generator or discriminator deep learning model or both to reduce an error in the classification of the output message; generating a fuzzing message from the generator deep learning model using one of the transmitted messages as input of the generator deep learning model; communicating the fuzzing message through the IoT network; and analysing a response to the communicated fuzzing message to detect the unknown vulnerability. [0009] It is advantageous to generate a fuzzing message from one of the transmitted messages as the generated fuzzing message will be based on legitimate network interactions. This allows the fuzzing message to be accepted by the protocols of the devices on the IoT network, thereby being protocol agnostic. It is a further advantage that the fuzzing message is specifically targeted toward a device in the IoT network, which reduces the amount of fuzzing messages on the IoT network needed to detect an unknown vulnerability, thereby reducing the possibility of overloading the devices. [0010] In some embodiments, the generator deep learning model is a generator of a generative adversarial network (GAN), and the discriminator deep learning network is a discriminator of the GAN. [0011] In some embodiments, storing the transmitted messages comprises generating vulnerability data by vulnerability testing of the IoT network, wherein the vulnerability data comprises information regarding detected vulnerabilities from the vulnerability testing. [0012] In some embodiments, storing the transmitted messages comprises labelling each of the messages as benign or vulnerable based on the vulnerability data. [0013] In some embodiments, the response to the communicated fuzzing message is indicative of one or more of: a crash of one of the multiple devices; unexpected behaviour of one of the multiple devices; and malicious behaviour of one of the multiple devices. [0014] In some embodiments, response to the communicated fuzzing message comprises labelling the fuzzing message as benign or vulnerable based on the response. [0015] In some embodiments, the one of the transmitted messages used to generate the fuzzing message is labelled as benign. [0016] In some embodiments, each transmitted message comprises a payload of an IoT protocol. [0017] In some embodiments, the IoT protocol is one of: Messaging Queue Telemetry Transport (MQTT) protocol; Advanced Message Queuing Protocol (AMQP); Constrained Application Protocol (CoAP); or Data Distribution Service (DDS). [0018] In some embodiments, storing the transmitted messages comprises converting each message into a binary string and padding each message with one or more bits to result in binary strings of equal length. [0019] In some embodiments, generating the fuzzing message by applying the generator deep learning model comprises performing a bit operation on the one of the transmitted messages to generate variation in the generated fuzzing message. [0020] In some embodiments, updating the generator or discriminator deep learning model comprises updating the generator deep learning model to minimise a cost value and updating the discriminator deep learning model to maximise the cost value. [0021] In some embodiments, the generator or discriminator deep learning model is a neural network, comprising one or more of: a convolutional layer; a transpose convolutional layer; a dense layer; a dropout layer; and a batch normalisation layer. [0022] In some embodiments, training the generator deep learning model comprises repeating the steps of generating, applying and updating until the discriminator deep learning model is accurate above a first threshold and accurate below a second threshold. [0023] In some embodiments, analysing the response to the communicated fuzzing message comprises applying a trained classifier to the response. [0024] In some embodiments, the classifier is a multilayered perceptron (MLP) comprising an output layer with a first output indicating a benign operation and a second output indicating a vulnerability. [0025] In some embodiments, communicating the fuzzing message to the IoT network generates a network interaction between the multiple devices and the response to the communicated fuzzing message is based on the generated network interaction. [0026] In some embodiments, the transmitted messages and the fuzzing message are encrypted and training the generator deep learning model and generating the fuzzing message is performed on the encrypted messages. [0027] In some embodiments, the method further comprises, upon detecting the unknown vulnerability, performing an action based on the detected unknown vulnerability. [0028] In some embodiments, performing an action comprises generating, by a computer processor, an alert or disconnecting one of the multiple devices, associated with the detected unknown vulnerability, from the IoT network. [0029] In some embodiments, the further comprises, after detecting the unknown vulnerability, applying the generator deep learning model to the fuzzing message to detect a second unknown vulnerability. [0030] Software that, when installed on a computer and executed by the computer, causes the computer to perform the method of any one of the preceding claims. [0031] A system comprising: multiple devices; and a processor configured to store, on a computer-readable medium, transmitted messages generated by the multiple devices in the IoT network and indicative of network interactions between the multiple devices in the IoT network; train a generator deep learning model by repeating the steps of: generating an output message from the generator deep learning model using one of the transmitted messages as input of the generator deep learning model; applying a trained discriminator deep learning model to the output message generated by the generator deep learning model to determine a classification of the output message, the classification being one of (i) the output message was generated by the generator deep learning model or (ii) the output message was generated by the multiple devices in the IoT network; and updating the generator or discriminator deep learning model or both to reduce an error in the classification of the output message; generate a fuzzing message from the generator deep learning model using one of the transmitted messages as input of the generator deep learning model; communicate the fuzzing message through the IoT network; and analyse a response to the communicated fuzzing message to detect the unknown vulnerability. [0032] Optional features provided in relation to the method, equally apply as optional features to the software and the system. Brief Description of Drawings [0033] An example will be described with reference to the following drawings: [0034] Fig.1 illustrates a method for detecting an unknown vulnerability in an Internet of Things (IoT) network. [0035] Fig.2 illustrates a system for detecting an unknown vulnerability in an Internet of Things (IoT) network. [0036] Fig.3 illustrates the generator and discriminator training in generative adversarial network configuration. [0037] Fig.4 illustrates an abstract representation of the mutation-based Fuzzing process. [0038] Fig.5 illustrates the architecture of the generator deep learning model. [0039] Fig.6 illustrates the architecture of the discriminator deep learning model. [0040] Fig.7 illustrates the architecture of the vulnerability discriminator. [0041] Fig.8 illustrates an example scenario of an intelligent mutation fuzzer for IoT networks. [0042] Fig.9 illustrates vulnerabilities identified by the intelligent mutation-based fuzzer. Description of Embodiments [0043] Contemporary innovations and rapid technological advancements have allowed the compression of hardware and the efficient use of constrained power supplies, resulting in the emergence of a new domain that has gradually become an integral part of a number of industries organisations, known as the Internet of Things (IoT). The IoT may be comprised of sensors and actuators and other devices that have been outfitted with various processors, memory, network and power resources, and are interconnected into ubiquitous deployed networks that are capable of exchanging data, monitoring environmental conditions and adjusting their functionality according to user-provided or environment-derived stimuli. [0044] IoT deployments combine devices, such as, for example, temperature, proximity and light sensors with actuators such as air-conditioners, water/fuel pumps, ovens and fridges, linking their outputs and internal states, and enabling more complex and intuitive services that do not require direct user interaction. This modular nature of an IoT enables the construction of multi-layered services, which results in a collection of benefits that an IoT provides to its users. This has been the realisation by organisations and companies in recent years, including augmentations to existing business processes, automation, improved efficiency and lower management costs. These benefits have led to the genesis of a new domain, an extension of the IoT and a generalisation of the Industry 4.0 paradigm, where environmental feedback is harvested from devices and consistently employed for intelligent decision-making, known as Smart Environments. [0045] A smart environment can be considered as any environment in which IoT devices have been assimilated, promoting automation, efficiency and enhancements to their existing services/activities, thus distinguishing them from their mundane counterparts. Examples of such environments include smart homes, where IoT deployments are restricted in number and focused on improving the quality of life of the residents, and smart agriculture, where sensors are dispersed in vast fields and monitor air temperature, humidity, soil pH (acidity) and other conditions that may affect crop growth, and smart airports, where IoT-driven services provide optimisation of resource utilisation and janitorial management, improvements to self-checking and passenger experience and enhanced security checks. [0046] Although the benefits of the the multi-layered services that power smart environments and their increased productivity are considerable, they are often undermined by substantial cyberthreats and security weaknesses that are inherently found in IoT devices. Hackers and malware can leverage the Internet to target and exploit IoT devices, resulting in Denial of Service (DoS) attacks that can take down smart environments, preventing users from accessing IoT-based services. [0047] IoT exploitation may also lead to data exfiltration of sensitive information, including biometric data that can be leveraged against legitimate users, and device takeovers that can result in massive IoT-powered botnets capable of launching cyberattacks against secondary targets. Furthermore, unique characteristics of the IoT, which consists of resource-constrained devices that are constantly on standby, have resulted in IoT-centric threats such as bricking, where a device is permanently disabled. [0048] IoT exploitation may also lead to data/sensor manipulation, which can cause the readings of a device to be manipulated, and raise false alarms, facility or city-wide malware propagation can cause a malware infection of a single device to transition to neighbouring devices and resource depletion attacks that leverage persistent and CPU- intensive calls to an IoT device can cause its power supply to be wasted. [0049] The impact of cyberattacks on smart environments, such as smart airports, for example, is considerable, as malfunctions, disruptions or malicious manipulations of subsystems can have socio-political, monetary and nationwide security implications. Such cyberattacks, that target the IoT, often leverage attack surfaces in either the devices themselves, their network communication protocols or the control software that manages them, to compromise the integrity of IoT deployments. For example, hackers and malware can leverage and exploit vulnerabilities on the devices or the network itself to possibly gain access to the devices, and cause the devices to malfunction or misbehave. Thus, the need for effective cybersecurity solutions that can detect suspicious network interactions, and vulnerable IoT devices either during downtime or in real-time, is integral to the viability of IoT and smart environments as a whole. This disclosure focuses on the detection of in an IoT network, in an attempt to remedy these vulnerabilities and increase the security of the network. [0050] Existing solutions to detect vulnerabilities on an IoT network often rely on either physically accessing IoT devices and assessing their integrity, requiring invasive actions to be taken to gain access to its firmware, or analysing the source code of mobile applications that control these devices, while others rely on the use of expert- derived rules. Although such strategies can prove effective in detecting cyberattacks in IoT networks such as smart environments, it may not be practical to locate and assess every individual sensor and actuator in a smart environment, as due to their diminutive size and ubiquitous nature, it can be challenging to locate them and time consuming to physically access them one-by-one. [0051] Furthermore, while monitoring the IoT network can be effective for the detection of attacks, this implies a post-mortem approach, where a device has already been compromised and actively affected the integrity of the entire smart environment network, for example by exfiltrating sensitive data, manipulating sensor readings or allowing lateral movement to an otherwise secured network. Hence, the goal is to detect a zero-day vulnerability (a vulnerability that has not been discovered yet) before it is discovered by a hacker or malware and exploited. Additionally, the utilisation of rule-based tools is not dynamic and thus would require expert knowledge and considerable effort to keep up-to-date. [0052] One method that has been employed in the past for the detection of vulnerabilities (or bugs) in code, is fuzzing, where guided, pseudo-random inputs are either generated from scratch or produced through mutation of legitimate data and sent to the target software, which is monitored for crashes and unexpected behaviour that indicates a flaw in the code. [0053] However, randomly generating the input for fuzzing tends to be inadequate for detecting vulnerabilities in an IoT network as the devices on the network reject most of the inputs as they are not compatible with the device. More specifically, each device on the IoT network has a device-specific that rejects the fuzzing input (such as randomly generated messages or communications) if it does not adhere to the protocol of the device, as it has been implemented in the device. This problem becomes more difficult in an IoT network where many devices have their own device-specific protocols. Hence, it is nearly impossible to tailor the fuzzing input to adhere to the formats expected by possible protocols for all devices on the IoT network. [0054] Further, there is only a small chance of detecting a vulnerability using randomly generated fuzzing inputs, as most of the inputs simply do nothing to the devices on the IoT network. Therefore, a large number of fuzzing inputs are required to detect a vulnerability, which causes the IoT network to crash simply due to a large amount of traffic on the network. [0055] This disclosure provides a method that remotely detects vulnerabilities in smart devices on an IoT network. The disclosed method does not require firmware analysis, which is difficult because the firmware varies between vendors and models of IoT devices. The method in this disclosure leverages deep Convolutional Neural Networks (CNNs), trained using a generative adversarial network (GAN), to mutate legitimate traffic payloads (messages) and fuzz IoT devices over the network. “Legitimate” means that the messages comply with the message or data format requirements of a communication protocol so that these messages or data are recognised by the IoT devices as valid messages and not ignored. [0056] A GAN consists of two machine learning models: a generator deep learning model (simply, a generator) and a discriminator deep learning model (simply, a discriminator). A deep learning model refers to a machine learning model, such as a neural network, which contains at least two hidden layers. A simple example of a neural network model is a shallow neural network model which contains just one hidden layer. In this disclosed method, the machine learning models may be neural networks, which have an input layer connected to a hidden layer which is connected to an output layer. [0057] In this disclosure, the generator fuzzing messages from legitimate traffic payloads by mutating these payloads. Training the generator to generate a fuzzing message comprises the generator ‘competing’ against the discriminator in a zero-sum game, hence the reference to ‘adversarial’. The zero-sum game refers to the fact that after a round of training (which may be referred to as a batch or mini-batch), there is always a winner and a loser. For example, after one round of training, the generator may be the winner and the discriminator is the loser of the zero-sum game. For example, this training method rewards the winner of the zero-sum game by not updating the training parameters, while the loser must update its parameters as a result of losing the game. [0058] The disclosed method trains the discriminator initially on the legitimate traffic payloads and uses the discriminator to determine if the output from the generator is a legitimate traffic payload or a fake message. “Fake” in this context means that it is a message that was generated by the generator – hence it is a “synthetic” message. Therefore, the goal of the generator is to essentially ‘fool’ the discriminator by creating fake payloads that the discriminator cannot distinguish from legitimate messages. The generator and discriminator form a GAN and the description below provides further detail. [0059] Fig.1 illustrates method 100 for detecting an unknown vulnerability in an Internet of Things (IoT) network. “Unknown” in this context means that the vulnerability has not yet been previously detected and is not yet recorded or documented, such as in a list of vulnerabilities. This may be a local unknown, which means that this vulnerability may have been detected and documented in other networks but not in the current network. Or the vulnerability may be globally unknown in the sense that a publicly shared list of vulnerabilities does not list this vulnerability. However, in any event, the vulnerability may be unknown to hackers and offered to hackers through illegal channels. Such a vulnerability may be referred to as “zero-day vulnerability”. [0060] The disclosed method intelligent fuzzing messages from legitimate messages on the IoT network, such that the fuzzing message resembles originally transmitted network messages in their structure and format but not necessarily in logic. In this sense, the fuzzing messages comply with the communication or data or message format of a communication protocol and the IoT devices accept the fuzzing messages instead of ignoring them. In method 100, a processor of a computer system captures “real” messages and stores 101, on a computer-readable medium, as transmitted messages generated by the multiple devices in the IoT network. It is noted that the “real” messages may be captured by a different network interface and sent to the computer system. The messages are indicative of network interactions between the multiple devices in the IoT network, which is why they are referred to as “real” messages as opposed to the "synthetic” or “fake” messages generated by the generator. For example, the processor observes the IoT network and records each message that it observes on the network. The messages may be indicative of communication between two devices on the IoT network, such as communication from a door sensor to a smart light, for example. As such, the message from the door sensor may contain instructions for the smart light. For example, the message may instruct the light to turn on, in response to the door sensor detecting the front door has been opened. [0061] In some examples, the processor may store 101 the transmitted messages by converting each message into a binary string and padding each message with one or more bits to result in binary strings of equal length. Padding, in this context, is the process of adding bits (e.g., zeros) to the start or the end of the binary string. It is noted that some binary strings may use more or less padding than others, to obtain binary strings of equal length. Converting each message into a binary string provides the benefit of having each of the transmitted messages in the same format. Converting the messages to binary strings of equal length has the benefit that each converted message is compatible with the dimension of an input layer of the machine learning models. An example of the process of converting the messages into a binary format, as performed by the processor, is shown as pseudocode in Algorithm 1 under the Algorithms section below. [0062] The processor may also data by vulnerability testing of the IoT network, wherein the vulnerability data comprises information regarding detected vulnerabilities from the vulnerability testing. The vulnerability testing can be considered as “preliminary vulnerability testing”, as this vulnerability testing occurs before the fuzzing process of using the GAN to generate a fuzzing message. An example of this preliminary vulnerability testing is shown as pseudocode in Algorithm 2. This vulnerability testing may be performed using any established vulnerability detection methods. One example is to leverage the Metasploit software, however, the disclosed method is not limited to using this software. [0063] One of the goals of preliminary vulnerability testing the IoT network is to determine any trivial vulnerabilities that should already be known (for example, vulnerabilities that are not zero-day vulnerabilities). That is, the preliminary testing may detect any well-documented vulnerabilities, for which hackers may exploit these vulnerabilities to gain access to or manipulate the IoT network. By preliminarily testing the IoT network for vulnerabilities, the processor may use the network data obtained from the preliminary testing to train and validate the generator (the intelligent mutation-based fuzzer). This assists the generator to detect unknown vulnerabilities that are not trivial vulnerabilities that could be detected using existing methods. [0064] The processor may also label each of the messages as benign or vulnerable based on the vulnerability data. Labelling the data enables the machine learning models in the GAN to be trained using supervised learning. This label may also be encoded in the binary string during the process of converting the messages into a binary format and padding the binary strings. For example, the first bit in the padding may be used to indicate the label, where ‘0’ is used to represent a benign message and ‘1’ is used to represent a vulnerable message. A vulnerable message may be interpreted as a carefully crafted piece of data (collection of bits) that, once received by a device that is afflicted by a particular vulnerability (for example a code bug, intentional malicious mechanism or misconfiguration), causes the behaviour of the device to deviate from intended operation. [0065] The processor then trains a deep learning model by repeating steps 102, 103 and 104 of method 100. An example of training the generator, as performed by the processor, is shown as pseudocode in Algorithm 4. The processor firstly generates 102 an output message from the generator deep learning model using one of the transmitted messages as input of the generator deep learning model. In this step, the processor mutates the transmitted message and generates a new message (the output message). The processor generates 102 the output message by applying the generator deep learning model to one of the transmitted messages. This means the transmitted message is the input of the generator deep learning model. The processor may apply the generator deep learning model by performing a bit operation to the transmitted message to generate variation in the generated fuzzing message. A bit operation may be one of a bit flip, bit addition or a data injection, such as an addition of bit ‘chunks’. A bit ‘chunk’ may be a random string of bits, where the string length may be of a random length. [0066] The processor then applies 103 a trained discriminator deep learning model to the output message generated by the generator deep learning model to determine a classification of the output message. This means the generated output message is an input to the discriminator deep learning model. The classification is one of (i) the output message was generated by the generator deep learning model or (ii) the output message was generated by the multiple devices in the IoT network. More specifically, the discriminator determines a classification of the output message generated by the generator and compares the classification to the label of the transmitted messages to determine whether the discriminator has correctly classified the output message. It is noted again that, during training, the labels of the messages are known because it is known whether the input message to the discriminator is a captured “real” message or a generated “fake” message. [0067] Before training the generator of the GAN, the processor may initially train the discriminator using the transmitted messages. However, it is noted that the trained discriminator may be further trained during the process of training the generator. Further training the discriminator during the process of training the generator improves the overall training of the generator, as also improves during the training. In other words, the generator and the discriminator compete against each other in their training to improve their respective models’ accuracy. [0068] The processor then updates 104 the generator or discriminator deep learning model or both to reduce an error in the classification of the output message. For example, if the discriminator correctly classifies the output message when compared to the transmitted messages, then the processor may update the generator. Vice versa, if the discriminator incorrectly classifies the output message, then the processor updates the discriminator. The processor updates the generator or the discriminator by updating the weights of the connections between nodes in the machine learning model through backpropagation and gradient descent, for example. [0069] In another example, the processor may update both the generator and the discriminator based on the classification as determined by the discriminator. In this example, the goal of the discriminator is to reduce the error between the classification and the label value and the processor may adjust the weights to reduce this error. However, in this example, the goal of the generator is to ‘fool’ the discriminator by generating an output message that the discriminator misclassifies. Therefore, the goal of the generator is to increase the error between the classification and the label value. As such, the processor may adjust the weights of the generator to increase this error. [0070] It is noted that, preferably, the generator mutates one of the transmitted messages, rather than outputting the same message used as input. This is because having the output message the same as the input does not lead to effective training of the generator, as the discriminator may classify the output message as one of the transmitted messages. [0071] The error refers to the absolute value between the classification for the output message determined by the discriminator and the true classification determined by the comparison of the output message with the transmitted messages. For example, the discriminator may produce a numerical value between 0 and 1 as output which represents the classification. As an ‘0’ may represent a classification of the output message was generated by the generator deep learning model and ‘1’ may represent a classification of the output message was generated by the multiple devices in the IoT network. In this example, the discriminator may output a value of 0.2, which indicates that the discriminator is more certain that the output message was generated by the generator, rather than being one of the transmitted messages. The processor may use the error (i.e., the absolute value between the discriminator’s classification and the true numerical classification) to adjust the weights of the generator or the discriminator using gradient descent, for example. [0072] Periodically, the processor may apply the discriminator to one of the transmitted messages and may update the discriminator based on the classification. This may serve as a validation step, to assess whether the discriminator performs as expected. When considering the example above, the discriminator may output a value of 0.95 as a result of the discriminator applied to the transmitted message. In this case, the discriminator is performing well, as it can correctly identify the transmitted message as being a real message. The processor may still adjust the weights to reduce the error between the output classification value and the true numerical classification (in this example, ‘1’ may represent a message as being real). However, in this example, if the discriminator outputted a classification value of 0.1, then the discriminator would not be performing well. As such, the discriminator may need to be further trained using the real messages (the transmitted messages) to enable the discriminator is performing well. As an example, if the discriminator needs further training, training of the generator may cease to focus on training the discriminator. As such, the discriminator may be trained on the transmitted messages until the error is below a predetermined threshold, for example. After training the discriminator in this way, training of the generator may then resume. [0073] The processor may repeat steps 102-104 until the discriminator deep learning model is accurate above a first threshold and accurate below a second threshold. For example, the processor may repeat steps 102-104 until the discriminator correctly classifies the transmitted messages with an accuracy above 99%, which would correspond to the first threshold. In this the processor may also repeat steps 102-104 until the discriminator correctly classifies the output message as being generated by the generator with an accuracy below 99%, which would correspond to the second threshold. [0074] In this example, such a second threshold ensures that the generator does not learn to reproduce its input accurately. Instead, the generator generates the output message with some “error”, thus resulting in a mutated output message. This error may be considered as “variation” and, as such, as a result of generating the fuzzing message, the processor may perform a bit operation on one of the transmitted messages to generate this variation in the generated fuzzing message. The processor may assess the output message against the input and terminate the training once the output resembles the input but is not identical. [0075] Steps 102-104 describe a mini-batch training cycle. In this training cycle, the discriminator is first updated and then the loss from the discriminator is utilised to update the generator, for example. In some examples, the GAN discriminator and generator are trained not concurrently, but rather in sequence. First, the discriminator is trained and then the generator is trained. As such, applying 103 a trained discriminator machine learning model to the output message can be considered as applying a mini- batch trained discriminator machine learning model to the output message. [0076] After training the generator deep learning model, the processor generates 105 a fuzzing message from the generator deep learning model using one of the transmitted messages as input to the generator deep learning model. Generating 105 the fuzzing message is similar to generating 102 an output message. However, the generator of the GAN is now trained after repeating steps 102, 103 and 104. As such, the processor may apply the generator deep learning model to one of the transmitted messages, thereby mutating the message by performing a bit operation. In an example, the processor generates 105 the fuzzing message using one of the transmitted messages labelled as benign. [0077] It is noted that during the the generator may learn to recognise sections of the binary strings that correspond to protocol adherence. These sections in the binary string result in a particular device on the IoT network accepting the message, as per the device protocol. As such, the generator may learn not to mutate these sections of the binary string, so that the fuzzing message, produced by the generator once trained, can still be accepted by the intended device once mutated. [0078] The transmitted messages and the fuzzing message may contain information that indicates the device where the message was sent from. The messages may also contain information that indicates the device that the message is intended to be sent to or the device it is sent from. Further, a device on the IoT network may contain one or more ports, such as input/output (I/O) ports. As such, the transmitted messages and the fuzzing messages may contain information that indicates which port on the IoT device is intended to be sent to or the port it is sent from. [0079] After generating 105 the fuzzing message, the processor communicates 106 the fuzzing message through the IoT network. Communicating 106 the fuzzing message through the IoT network may comprise leveraging a messaging module on a computer system in the IoT network. For example, the messaging module may create a network communication from one device to another device in the IoT network using the fuzzing message. The messaging module may be a Message Queuing Telemetry Transport (MQTT) broker, in the case that each transmitted message comprises a payload of the MQTT protocol. However, such a messaging module is not limited to being a MQTT broker. [0080] Finally, the processor analyses 107 a response to the communicated fuzzing message to detect 108 the unknown vulnerability. The processor may analyse 107 the response to the communicated fuzzing message by applying a trained classifier to the response. In some examples, the trained classifier may be applied to the message that an IoT device returns, as a result of receiving the fuzzing message. The classifier may be a MultiLayered Perceptron (MLP) comprising an output layer with a first output indicating a benign operation and a second output indicating a vulnerability. For example, the trained classifier may value between 0 and 1, where ‘0’ may represent a benign operation (normal response) and ‘1’ may represent a vulnerability (non-normal response). As such, the classifier may be trained using the transmitted messages after labelling the messages as either benign or vulnerable based on the vulnerability data. However, other classifiers are also possible, such as a CNN, decision tree, etc. [0081] The response to the communicated fuzzing message may be indicative of one or more of: a crash of one of the multiple devices; unexpected behaviour of one of the multiple devices; and vulnerable behaviour of one of the multiple devices. For example, one of the transmitted messages in the fuzzing process may be assessed based on any unexpected behaviour as benign or vulnerable. In other words, when the system sends a fuzzing message, it either detects a vulnerability, or not. The system considers a device vulnerable if the message that the device returned, as a result of receiving a ‘fuzzed message’, is identified by the “Vulnerability discriminator” as vulnerable- indicative (based on the output of the model’s classification). Otherwise, the device is normal. Essentially, the goal of communicating the fuzzing message through the IoT network is to cause the devices on the network to behave in an unexpected manner that is different from their normal functionality. Information about the fuzzing message, such as the payload and device information, may be used to pinpoint the vulnerability in the network and take action, to ensure the network is safe from cyberattacks. [0082] Analysing the response to the communicated fuzzing message may indicate whether the status of the IoT device is benign or vulnerable. In other words, analysing the response to the communicated fuzzing message may comprise labelling the fuzzing message as benign or vulnerable based on the response to communicating the fuzzing message through the IoT network. In some examples, when these fuzzing messages are applied to the IoT network (sent against the IoT devices through network communications), the responses may be evaluated as benign or vulnerable. For example, if the response was unexpected, such as a device crash, unexpected behaviour or malicious behaviour, the response (and hence, the fuzzing message that caused the response) may be labelled as vulnerable. Similarly, if a device was to operate normally after applying the fuzzing message to network, then the response (and the fuzzing message) may be labelled as benign. In some examples, labelling the response (or the fuzzing message) may be dependent on the severity of the response and not simply the response itself. [0083] Fig.2 illustrates a system 200 for detecting an unknown vulnerability in an Internet of Things (IoT) network 201. The IoT network 201 may comprise, for example, various devices including computer systems, smart devices, sensors, and video displays. These devices may be interconnected through various forms of communication, such as the Internet, for example. Only 6 devices in IoT network 201 are shown in Fig.2 for illustration purposes. In practically, any number of devices may be connected to IoT network 201. In some examples, IoT devices are resource- constrained devices and as such, may operate without an operating system due to limited resources. This means that compiled source code comprises all required low- level access functions using included libraries, rather than relying on functions provided by the operating system hosting device drivers. For example, IoT devices may only include a system-on-chip microcontroller rather than a microprocessor. The microcontroller may be a ESP32 series microcontroller by Espressif Systems. [0084] The system 200 also comprises a computer 202 which itself comprises a processor 203 connected to a program memory 204 and a data memory 205. Computer 202 is part of the IoT network 201 and may be one of many devices on the IoT network 201. Computer 202 also comprises an input/output (I/O) port 206. System 200 may also comprise a server 207 which is part of the IoT network 201, which itself may comprise one or more processors connected to a program memory and a data memory (not shown). In some examples, server 207 may be configured to perform similar functions to computer 202. In system 200, computer 202 and server 207 may comprise respective operating systems, such as MS Windows or Linux, and are in communication with each other via the IoT network 201. However, both computer 202 and server 207 can communicate with any device that is part of the IoT network. Devices on IoT network 201 may communicate with each other by leveraging an application programming interface (API). [0085] The program memory 204 and memory 205 are non-transitory computer- readable mediums, such as a hard drive, a solid state disk or CD-ROM. Software, that is, an executable program stored on program memory 204 causes the processor 203 to perform the method in Fig.1, that is, processor 203 stores transmitted messages, generates an output message, applies a trained discriminator deep learning model to the output model, updates the generator or discriminator deep learning model or both, generates a fuzzing message, communicates the fuzzing message and analysis a response. [0086] The data memory 205 may store the transmitted messages that are observed on the IoT network 201, as well as the fuzzing message that is generated by the generator after training. More specifically, each transmitted message may comprise a payload of an IoT protocol. For example, the IoT protocol may be Messaging Queue Telemetry Transport (MQTT) protocol, Advanced Message Queuing Protocol (AMQP), Constrained Application Protocol (CoAP) or Data Distribution Service (DDS). However, it is noted that the disclosed method is not limited to these protocols. In the example, where each transmitted message comprises a payload, the payload of each message may be stored on the data memory 205. The transmitted messages and the fuzzing message may be stored on data memory 205 as JavaScript Object Notation (JSON) file, Packet Capture (PCAP) file or a similar/equivalent format, for example. [0087] The data memory 205 may further store data such as the vulnerability data determined during the preliminary vulnerability testing of the IoT network 201 and any vulnerabilities that are detected using the disclosed method. For example, if an unknown vulnerability is detected by communicating a fuzzing message messaging through the IoT network 201, details of the unknown vulnerability may be stored on data memory 205. These details may be the type of vulnerability, the device(s) affected by the vulnerability, the port(s) affected by the vulnerability and the fuzzing message responsible for the vulnerability. Some of these details may be contained in the fuzzing message itself, therefore it may only be necessary to store the fuzzing message on data memory 205. The vulnerability data may be stored on data memory 205 as JavaScript Object Notation (JSON) file, Packet (PCAP) file or a similar/equivalent format, for example. [0088] The data memory 205 may also store any one of the machine learning models, including the generator, discriminator and classifier. For example, if any one of the machine learning models is a trained neural network, the data memory 205 may store the machine learning model in the form of network parameters (i.e., the weights) that have been optimised through training. [0089] The processor 203 may receive data through all these interfaces, which includes memory access of volatile memory, such as cache or RAM, or non-volatile memory, such as an optical disk drive, hard disk drive, storage server or cloud storage. The computer system 200 may further be implemented within a cloud computing environment, such as a managed group of interconnected servers hosting a dynamic number of virtual machines. [0090] It is to be understood that any receiving step may be preceded by the processor 203 determining or computing the data that is later received. For example, processor 203 may store the fuzzing message on data memory 205, such as on RAM or a processor register. Processor 203 then requests the data from the data memory 205, such as by providing a read signal together with a memory address. The data memory 205 provides the data as a voltage signal on a physical bit line. [0091] Fig.1 is to be understood as a blueprint for the software program and may be implemented step-by-step, such that each step in Fig.1 is represented by a function in a programming language, such as C++ or Java. The resulting source code is then compiled and stored as computer-executable instructions on program memory 204. The resulting source code may also be compiled and stored as computer-executable instructions on program memory of server 207. [0092] It is noted that for most humans performing the method 100 manually, that is, without the help of a computer, would be practically impossible. Therefore, the use of the computer is part of the substance of invention and allows performing the necessary calculations that would otherwise not be possible due to a large amount of data and the large number of calculations that are involved. [0093] In another example, the server 207 may store any one the transmitted messages and/or the fuzzing message generated by the generator after training. Additionally, transmitted messages and/or the fuzzing message may be communicated to the server 207 and server 207 may then communicate the messages to computer 202. For example, once processor 203 stores the transmitted messages and generates a fuzzing message, processor 203 may communicate these messages to server 207 and server 207 may store these messages for later use. [0094] The processor 203 may receive data, such as the transmitted messages and the fuzzing message, from data memory 205 as well as from the I/O port 206. In one example, the processor 203 receives the transmitted messages from server 207 via I/O port 206, such as by using a Wi-Fi network according to IEEE 802.11. The Wi-Fi network may be a decentralised ad-hoc network, such that no dedicated management infrastructure, such as a router, is required or a centralised network with a router or access point managing the network. [0095] Although the I/O port is shown as a single entity, it is to be understood that any kind of data port may be used to receive data, such as a network connection, a memory interface, a pin of the chip package of processor 203, or logical ports, such as IP sockets or parameters of functions stored on program memory 204 and executed by processor 203. The parameters of functions may be stored on data memory 205 and may be handled by-value or by-reference, that is, as a pointer, in the source code. [0096] Computer 202 may also be configured to or connected to a monitor or display, in which a user of computer 202 may interact. Software may provide a user interface presented to the user on computer 202. The user interface is configured to accept input (via buttons or text fields etc.) from the user, via a touch screen or a device attached to computer 202 such as a keyboard or computer mouse. These devices may also include a touchpad, an externally connected a joystick, a button, and a dial. In an example, computer 202 may display the vulnerability data or an unknown vulnerability detected using the disclosed method. In this example, computer 202 may display the payload of the fuzzing message that led to the discovery of the vulnerability and the device(s)/port(s) associated with the vulnerability, by displaying the IP address of the associated device(s). [0097] Fig.2 is one example of a configuration of system 200. However, system 200 is not strictly limited to this configuration and this may be one possible embodiment of system 200. In another embodiment, the IoT network 201 may comprise hundreds of devices (only a small number of devices are shown here for simplicity). Mutation-based Fuzzing Process [0098] As set out above, fuzzing is a reliable technique for identifying vulnerabilities in software, hardware and network systems. Programs that are designed to perform fuzzing scans, called fuzzers, rely on generating pseudorandom sequences of data that resemble legitimate input for software that is going to be tested. This generated input is fed to the targeted program that is being evaluated, processed, and the output is then extracted and analysed by the fuzzer. A crash triggered as a result of employing a fuzzer’s pseudorandom input or forcing the targeted system to behave unexpectedly, is an indication of a bug, vulnerability or uncaught exception and can be leveraged to seek temporary mitigation tactics, until the exact cause of the crash is detected in the code and patched. [0099] Fuzzing provides a relatively inexpensive solution for the automated detection of vulnerabilities and bugs that were undetected during a manual inspection. According to the assumed knowledge of the targeted system, there exist three categories, white, grey and black box fuzz testing. White box testing corresponds to a scan process, where the source code of the software that is being fuzzed, is known in advance and thus can be utilised to make input generation and code exploration more efficient. Black box testing corresponds to a scan process, where the internal structure of the target software is ignored (treated as a black box), and can be employed to swiftly scan a target. Grey box testing corresponds to a scan process that seeks to combine the swiftness of black box testing with the thoroughness of white box testing, effectively initiating a black box test, and gradually gathering feedback to enhance the input generation process, so that greater coverage is achieved. [0100] There are two main categories of fuzzing, mutation and generation-based fuzzing. Mutation-based fuzzing relies on an initial valid set of data, which can be files, network packets or user-based input, and gradually alters it randomly, in a process known as mutation. Generation-based fuzzing, on the other hand, does not rely on previously acquired data, and generates new inputs based on an input model that describes valid inputs for a particular target. Pertaining to the valid input formats that a system under fuzz scanning may recognise and accept, fuzzers are further categorised into intelligent (smart) and non-intelligent (dumb). Intelligent fuzzers model their pseudo-randomly generated input on patterns and rules, so that it may be accepted by the targeted system. Non-intelligent fuzzers on the other hand, simply generate sequences of characters, disregarding length or format limitation, and thus may produce input that is ignored by the targeted system. [0101] An example of fuzzing is protocol fuzzing, the primary focus of which, is the evaluation of network elements (for example, implementation of network protocols and in some cases services in routers, desktops, laptops, tablets, smartphones, IoT lightbulbs, gas detectors, motion sensors etc) through the forging of fuzzed network packets. These fuzzed network packets may be forwarded to networked devices, and their response is gauged, which enables the fuzzer to detect potential vulnerabilities, without the need to inspect the device’s source code or hardware. The benefit of protocol fuzzing is that it enables rapid remote cybersecurity evaluation of a local network’s devices, it can be used for both IoT and non-IoT subnets, as the IoT tends to utilise the TCP/IP stack to facilitate communications between the aggregator and the backend, and coupled with machine/deep learning, the process can be automated. [0102] Candidate fuzz probes are either randomly, thus falling into the category of unsophisticated fuzzers, or from an elaborate model that replicates the target device’s input, its legitimate states and the permitted transitions between them. As such, generation-based fuzzers use extensive effort by experts to ensure such tools are kept up-to-date and can effectively interact with the latest versions of devices and protocols. In order to overcome such limitations, present in generation-based fuzzing, a mutation-based strategy is disclosed here. Generative Adversarial Networks [0103] As described previously, Generative Adversarial Networks (GANs) represent a framework consisting of two machine learning models, a generator, and a discriminator, that are trained by competing against each other in a zero-sum game. In some examples, these models are neural networks, however other machine learning models may also be utilised. To train models in a GAN configuration, first the types of models that may be used as generator and discriminator may be determined. In some examples, the shape of the output of the generator is the same as the input shape of the discriminator. Further, an initial dataset that may be utilised for partially training the discriminator is used, resulting in a combination of supervised training for the discriminator, which uses labelled data, and unsupervised for the generator, where forged data is always mislabelled. [0104] During the training of GAN, the generator and discriminator are set in a zero- sum game where a positive outcome for one model is negative for the other, leading them to compete and gradually improve in their respective tasks. The process may terminate after a pre-selected number of iterations have elapsed or a threshold error has been reached. The role of the generator is to receive input, usually in the form of pseudorandom data arranged in a 1-dimensional, 2-dimensional or even 3-dimensional array, propagate it through the model’s architecture and generate data as output that appears random at first, but after some iterations have passed, starts to resemble the target data. The discriminator, on the other hand, can be considered as an auxiliary component to the generator, as the main reason for employing GANs is either to obtain more data or to extract the generator, tasked with learning to differentiate between real and forged data, thus may be a binary classifier. [0105] Both models leverage feedback from the discriminator during training. The discriminator seeks to maximise the accuracy of separation between the two classes of data, those being ‘real’ and ‘fake’. The generator seeks to maximise the misclassification error, reducing the former’s detection accuracy and thus learning to produce fake data that are perceived as real. As an example, in one epoch, intentionally misclassified generator-derived data are provided to the discriminator, marked as real, with the produced error forwarded (for instance in backpropagation) to the generator, leading to weights and other learned parameters to be updated. [0106] In cases of GANs, where both competing models have been selected to be neural networks, the learning process resembles backpropagation, with some alterations to facilitate the goals of the two models. The goal of the generator is to produce increasingly more realistic forged data, and thus consistently fool the discriminator by minimising its accuracy, while on the other hand, the goal of the discriminator is to effectively differentiate between real and forged data, thus maximising its classification accuracy. [0107] Fig.3 illustrates the generator and discriminator training in generative adversarial network configuration. Let z be the pseudo-random vector input of the generator, G ( z ) the generator’s output that should have the same dimensions as the original data represented here as X and D ( X ) , D ( G ( z )) depicting the discriminator’s output from original data and generator output respectively. Equation 1 represents the GAN min-max loss function, which the min corresponds to the generator’s goal of producing realistic forged data that may be misclassified as real by the discriminator and the max implies the discriminator’s goal to more accurately differentiate between real and fake data. [0108] Equation 3 provides the individual cost functions for the generator, which differs from the GAN loss, as the generator cannot affect its first component E _X [ log ( D ( X )] . Note that the discriminator maximises Equation 2, as this equates to ( D ( X )) and thus, because log ( x ) is a positive monotonic function, ( X ) equal to ’1’ which corresponds to real data being classified as real, as D ( X ) ^ [0,1] , while maximising log (1 ^ D ( G ( z ))) leads to maximising 1 ^D ( G ( z )) , for which D ( G ( z )) needs to be minimised to ’0’, to correctly classify fake data as fake. On the other hand, the generator seeks to minimise the same equation, however, its input is only relevant for the second part of Equation 1, thus leading to Equation 3, where it seeks to minimise log (1 ^ D ( G ( z ))) thus maximise D ( G ( z )) to ’1’, which corresponds to misclassifying forged data as real. [0109] During the process of training the generator, processor 203 updates 104 the generator or discriminator deep learning model or both to reduce an error in the classification of the output message. For example, the error that is reduced may correspond to the loss function in Equation 2 or the components of Equation 2. In this example, the goal of the generator is to minimise this error, while the goal of the discriminator is to maximise this error. L _GAN ^{= min} _G ^max _D ^{[ E} _X ^{[ log ( D ( X )] ^ E} _Z ^{[ log (1 ^ D ( G ( z ))]]} ₍₁₎ L _G ^{= max} _D ^{[ E} _X ^{[ log ( D ( X )] ^ E} _Z ^{[ log (1 ^ D ( G ( z ))]]} ₍₂₎ L _G ^{= min} _E ^E _z ^{[ log (1 ^ D ( G ( z ))]} ₍₃₎ Generator and Discriminator training in Generative Adversarial Network configuration. Methodology [0110] This disclosure proposes an intelligent mutation-based fuzzer in the form of a CNN GAN generator, that is trained on benign and malicious IoT network communications, and then mutates that the produced fuzz test cases may be of correct form, while eliminating the need for a dedicated per-protocol vocabulary. Details of the proposed intelligent network IoT fuzzer will now be discussed. Fuzzing strategy: Mutation [0111] Fig.4 illustrates an abstract representation of the mutation-based Fuzzing process. Fuzzing refers to the process of creating fake network traffic, such as in the form of fake messages between devices on an IoT network, and observing how the devices on the network respond to the fake network traffic. The goal of fuzzing is to cause the device on the network to behave in an unexpected way, which may expose a vulnerability in the device or a vulnerability in the network itself. [0112] As described previously, mutation-based fuzzing, unlike generation strategies, relies on legitimate messages, stored in seed files, that maintain a valid format that is recognised and accepted by the target devices, thus reducing the probability of rejection of the mutated messages by the fuzzing targets. Candidate probes, in the context of network fuzzing, are produced by mutating legitimate data that has been observed and captured in communications between the target and other devices in the network. These mutations rely on bit or byte-wise flipping, the addition of values and other such interactions, often guided by some feedback, such as code-coverage and vulnerability discovery effectiveness. In other words, processor 203 may generate fuzzing message by performing a bit operation on the one of the transmitted messages to generate variation in the generated fuzzing message. [0113] To improve the effectiveness of mutation fuzzing tests, mutated data that has resulted in the discovery of a vulnerability (through device crash, restart or other unusual behaviour), is often marked for further mutation, before the fuzzer proceeds to the next candidate message found in the seed file. As such, processor 203 may, after detecting the unknown vulnerability, apply the generator deep learning model to the fuzzing message to detect a second unknown vulnerability. In other words, processor 203 may, detect the unknown apply the generator deep learning model to the fuzzing message that led to this unknown vulnerability to detect a second unknown vulnerability. [0114] To avoid unnecessary rejections of fuzz probes, occasionally, fuzzers may seek to identify protocol-sensitive segments of messages and exclude them from the fuzzing process. More specifically, when generating a fuzzing message, the generator may detect protocol-sensitive segments of messages and may not perform any bit operations, to ensure the fuzzing message is accepted by the device protocols. [0115] The disclosed method does not follow conventional mutation methods, and instead leverages an "Intelligent Mutator" to achieve the same goal: mutate legitimate network interactions (transmitted messages) to generate fuzzing messages and leverage them to identify vulnerabilities remotely in an IoT network. The disclosed method achieves this by relying on the "error" of the mutator (the GAN generator) to produce these mutations. In other words, processor 203 does not train the generator to reproduce its input accurately, instead, processor 203 leverages this "error" in its output to produce fuzzing messages as mutated versions of the input. To ensure coverage, certain mutation strategies can be employed. More specifically, during fuzzing, a successfully mutated output can be re-utilised as input for further mutations, with this cycle continued until a mutated fuzzed output no longer produces results, which would cause the mutator to consider another input for mutation. Deep Learning-enabled Fuzzing [0116] The disclosed method takes advantage of the automated and mostly unsupervised nature of GANs, where the generator and discriminator improve their performance by leveraging the discriminator’s misclassification feedback. Thus, the mutator of the mutation-based fuzzer, which is represented by the generator of the GAN, takes the form of a deep learning model and may be a neural network. For example, the generator may be composed of a stacked deep Convolutional Neural Network (CNN) and the dense layers of a Multi-Layered Perceptron (MLP). The goal of selecting GAN as the training for a machine/deep learning model, is to produce a model that, after several epochs have elapsed, is capable of generating realistic data. However, to do so, an initial sample dataset of the selected type is constructed and curated (pre-processed), before it is used by the GAN discriminator. For example, the type of data may be in the form of payloads, obtained from PCAP files, extracted from the network interactions of the local IoT devices in IoT networks. Data collection and pre-processing [0117] Processor 203 may train the generator and the discriminator on realistic and representative data. To capture this data, processor 203 may observe (I)IoT devices on an IoT network configured to either post telemetry data to MQTT brokers or directly communicate with non-IoT devices, producing network interactions that processor 203 captures and stored in Packet Capture (PCAP) files. Additionally, before training and launching the mutation fuzzer, processor 203 performs automated penetration testing (vulnerability testing), enabling the collection of abnormal activities in the network, which is captured as vulnerability data. [0118] During pre-processing, processor 203 constructs a number of JSON files according to information obtained from PCAP files, where flow identifiers for each flow captured in the PCAP are stored (source and destination IP and port number, protocol), with the payloads stored in the form of conversations, in the form of a list that stored the payload as a text along with the direction of the message (source to destination and vice versa). Processor 203 then converts the extracted conversations into binary format, and stores them in a backend database, such as data memory 205 or server 207, along with a class feature, that determines if the payload is part of a normal interaction (value of ‘0’) or part of exploiting a vulnerability (value of ‘1’). To impose uniformity on the binary sample interactions, which enables the use of the CNN-MLP architecture of the neural networks that are utilised for the mutation process, padding in the form of ‘0’ values is added at the beginning of each sample, to make them equal in length to the largest observed sequence. In other words, processor 203 converts each message into a binary string and message with one or more bits to result in binary strings of equal length. This process can be seen below in Algorithm 1. Automated Data Labelling [0119] Processor 203 pre-processes and transforms the data so that it can be processed by the models. Although pre-processing is used for the effective training of deep learning and machine learning models, another non-trivial step is labelling. Labelling is the process of assigning values to the class feature (dependent variable), that correctly identifies an event that a record represents. Depending on the intended purpose of the collected dataset, the class feature can take many forms, such as binary for binary classification, numeric for multiclass classification and textual for multi- label classification. [0120] In terms of network flow traffic, a network flow that has been collected from a network, while a SYN-flood denial of service (DoS) attack was taking place would be correctly classified as an attack, with secondary features indicating the type of attack as “DoS” and the subtype as “SYN-flood”. In the disclosed method, deep learning models trained on mislabelled data may display a considerable error rate, either misclassifying benign instances as malicious or vulnerable (false positive) or failing to detect attacks (false negative). How labelling is carried out depends on the design and configuration of the data collection system, however often the process is either manual, with a domain expert reviewing data and assigning labels accordingly. In environment configurations, where the attacking and data collection machines are separated, labels are assigned based on temporal data values and flow identifier features, requiring a degree of synchronization in both machines. [0121] The training, evaluation and operation of the intelligent mutation-based fuzzer rely on collected network interactions from both benign as-well-as malicious scenarios, acquired from the IoT network. As such, processor 203 labels the data, to ensure that the fuzzing process can be carried out without false positives or false negatives that would result in normal devices identified as vulnerable and active vulnerabilities going undetected respectively. Thus, as part of network interactions collection process, an automated data labelling procedure is implemented, that does not need temporal data values for accurate labelling. [0122] As the modules responsible for data collection and preliminary vulnerability test scanning are situated in the same machine (i.e., computer 203), with the latter representing the malicious scenarios, they have been configured to coordinate for accurate automated labelling. For example, processor 203 may comprise a preliminary vulnerability testing module, which performs the vulnerability testing of the IoT network. Processor 203 may also comprise a data collection module, which collects data from the preliminary vulnerability testing module and generates the vulnerability data. [0123] Firstly, the preliminary vulnerability testing module engages and actively assesses every open port of every live host in the network against a list of well- established vulnerabilities, limiting the tests to relevant exploits, according to the detected service of each port. If a vulnerability is detected, then the data collection module is activated, recording the network interaction between the attacking machine and the target, the type of exploit that was utilized and the flow identifiers. Collected records, in binary format, are labelled and stored in a computer-readable medium, such as data memory 205, for use during training/evaluation of the intelligent mutation- based fuzzer, while during operation they are utilized as input to produce mutated data. Mutation Deep Learning architecture [0124] In the disclosed method, the generator and/or discriminator deep learning model may be a neural network, comprising one or more of: a convolutional layer; a transpose convolutional layer; a dense layer; a dropout layer; and a batch normalisation layer. For example, a neural network with a convolutional layer is considered to be a convolutional neural network (CNN). [0125] In the context of a CNN, a layer is the main building block of a CNN and contains a set of filters that are used to extract features from the input of the CNN. A transpose convolutional layer is used to upscale/up sample an input. A dense layer is a layer that is deeply connected with its preceding layer which means the neurons of the layer are connected to every neuron of its preceding layer. A dropout layer randomly drops connections from neurons of the previous layer, which prevents outfitting during the training of the CNN. A batch normalisation layer standardizes the inputs to the layer for each round of training (mini-batch). [0126] In this example, the CNN architecture may also comprise a ReLU activation function. Further, the output of the last convolution layer may be subjected to Global Average Pooling (GAP). Even further, a fully connected layer with Sigmoid activation may also be used on the output layer. However, other activation functions may be used. These activation functions include, but are not limited to, a binary step function, a tanh function, a ReLU function or a softmax function. [0127] Mathematically, a convolution is an integration function that expresses the amount of overlap of one function g as it is shifted over another function f. Intuitively, a convolution acts as a blender that mixes one function with another to give reduced data space while preserving the information. In terms of Neural Networks and Deep Learning, convolutions are filters (matrices/vectors) with learnable parameters that are used to extract low-dimensional features from input data. They have the property to preserve the spatial or positional relationships between input data points. Convolutional neural networks exploit the spatially-local correlation by enforcing a local connectivity pattern between neurons of adjacent layers. In this example, the CNN architecture may comprise an optimal number of convolutional layers, filter size and stride length. These factors may be optimal for determining the first and second classifications. [0128] Intuitively, convolution is the step of applying the concept of a sliding window (a filter with learnable weights) over the input and producing a weighted sum (of weights and input) as the output. The sum is the feature space that is used as the input for the next layers. [0129] In an example, 1D convolutional layer(s) are used in deep learning models, which may comprise one or more convolutional filters (simply, filters). If both the generator and the discriminator are CNNs, then processor 203 may apply one or more filters to a binary string, which is the input into either of the deep learning models. A filter, which would be a 1D filter in this example, calculates a weighted sum of bits in the binary string. For example, if the convolutional layer uses a 1 x 3 filter, there would be 3 weights, which are the coefficients of the filter. However, it is noted that the filter is not limited to a dimension of this size. The filter starts at an initial position in the input string, multiplies each bit with the respective filter coefficient and adds the results. The filter moves along the binary string in one direction and repeats the calculation. For example, if the stride is 2, the filter will move by two bits along one direction, however, the filter is not limited to a stride of 2. [0130] A single convolutional layer may use multiple filters, where each filter corresponds to a different feature. The corresponding feature of each filter is determined during training. More specifically, each filter may contain weights, which are adjusted during a training process through a backpropagation process, for example. The filters are used to quantitatively determine the contribution of a particular feature to the output of the CNN. For a convolutional layer that occurs at the start of a CNN architecture, the filters of this convolutional filter may correspond to simple features. However, convolutional layers that occur later in the CNN architecture may exhibit more complex or abstract features. As an example, the complex or abstract features may be a combination of the simple features from the previous convolutional layer. [0131] Novel mutation fuzzing based on GAN generation model: [0132] Fig.5 illustrates the architecture 500 of the generator deep learning model. As can be shown in Fig.5, the generator consists of multiple layers, arranged in a sequential model. The generator of the (the fuzzing mutator), consists of the following layers: 1. Input layer 502, to which input 501 is applied; 2. Dense layer 503 (to receive the pre-processed payloads) with 2560 outgoing connections; 3. Reshape layer 504 to transform the input to a 2D representation (for compatibility with convolution and transpose-convolution layers that process input matrices with the aid of a kernel); 4. 1D Transpose Convolution layer 505 with 128 filters and a kernel size of 6 (2 strides); 5. Batch normalisation layer 506 followed by a ReLu activation layer 507; 6. 1D Transpose Convolution layer 508 with 64 filters and a kernel size of 5 (2 strides); 7. Batch normalisation layer 509 followed by a ReLu activation layer 510; 8. 1-D Transpose Convolution layer 511 with 32 filters and a kernel size of 4 (2 strides); 9. Batch normalisation layer 512 followed by a ReLu activation layer 513; 10.1D Transpose Convolution layer 514 with 16 filters and a kernel size of 3 (2 strides); 11. Batch normalisation layer 515 followed by a ReLu activation layer 516; 12.1D Transpose Convolution layer 517 with 8 filters and a kernel size of 4 (2 strides); 13. Batch normalisation layer 518 followed by a Flattening layer 519 to produce a 1D output; 14. Dense layer 520 with a sigmoid activation function and output size equal to the original input size of the network (input_size==size_of_payloads); and 15. Re-shape layer 521 to ensure the output vector is of dimension [input_size,1]. [0133] First, dense neuron layers 503 non-linear activation functions are leveraged as the input layer that receives the padded binary sample from the pre- processing stage and produces a binary mutated sample (re-shaped to the correct dimensions, to form a 1D array). Here, an upsampling process is used, to ensure the dimensions of the output are correct, and to that effect, transpose convolutional layers are used, with the output having a height and depth of 1 and a width equal to the maximum recorded binary payload length (recall that the number increased in convolutional layers, and decreases with transpose convolutional). [0134] Transpose convolutional layers have an output that has a bigger dimension than its input. Each transpose convolutional layer may comprise one or more kernels (similar to a filter utilise by a convolutional layer), which contain trainable weights. For example, using a 1D kernel of size 2 (dimension of 1 x 2), the output of the transpose convolutional layer may be twice the size of its input. Here, processor 203 may multiply the bit of a binary string by each weight in the size 2 kernel. The weights of the kernel are determined by training the transpose convolutional layer (as part of training the CNN architecture) and adjusting the weight through backpropagation and gradient descent, for example. [0135] To model the mutation process, both input and output are defined to have the same dimensions (1,1,max _ binary _ length ) , and thus Reshape layers are added to the architecture of the generator. As described above, the generator leverages the following layers: dense, batch normalisation, 1D transpose convolutional, flatten, reshape, ReLu activation and Sigmoid activation. The generator can deal with encrypted data, as it leverages Algorithm 1 in the pre-processing stage to transform collected network interactions and make them accessible by the deep learning models of the fuzzer. As such, the transmitted messages and the fuzzing message may be encrypted, with the training of the generator deep learning model being performed on encrypted network environments. In other words, training the generator deep learning model and generating the fuzzing message may be performed on the encrypted messages. [0136] GAN Discriminator: [0137] Fig.6 illustrates the of the discriminator deep learning model. The discriminator of the GAN consists of the following layers: 1. 1D convolutional layer 602 with 64 filters and kernel size 8, which is applied to input 601 (2 strides, same input shape as the output of GAN generator, [input_size,1]); 2. ReLu activation layer 603 followed by a Dropout layer 604 (30% of connections dropped; 3. 1D convolutional layer 605 with 128 filters and kernel size 7 (2 strides, same input shape as the output of GAN generator, [input_size,1]); 4. ReLu activation layer 606 followed by a Dropout layer 607 (30% of connections dropped), 5. Flatten layer 608 followed by a Dense layer 609 and another Dense layer 610 (32 and 8 output units) a dropout layer (30%) 6. Dense layer 611 of size 1 with a sigmoid activation; and 7. Output layer 612. [0138] Training the mutator (generator) through adversarial training leverages a discriminator. To that effect, the discriminator model consists of convolutional layers for downsampling (the dimensions of the output of a convolutional layer are given in Equation 4), dropout layers to avoid overfitting and a flatten layer to connect the final convolutional layer to a series of dense layers, to enable binary classification. The neurons in the dropout layer do not connect to all of the neurons of the previous layer. A flatten layer collapses the spatial dimensions of the input into the channel dimension. Flatten layers are used when a multidimensional output needs to be passed through a Dense layer, for example. [0139] The task of the discriminator is to detect forgeries produced by the generator, and thus provide the generator with feedback that can be used to improve the generator’s output quality. A sigmoid activation function, as shown in Equation 5, is used in the final layer and the selected loss function is binary cross-entropy, as shown in Equation 6. The discriminator of the configuration functions as a filtering method for improving the quality of the output of the mutator. To ensure that the performance of the intelligent mutation-based fuzzer is at an appropriate level for real- world deployment, processor 203 repeats the steps of generating 102, applying 103 and updating 104 until the discriminator deep learning model is accurate above a first threshold and accurate below a second threshold. For example, a cut-off threshold of 99% is set for the discriminator of the GAN configuration. Once the discriminator reaches an accuracy of 0.99 (99%), after which the training of the mutator is terminated. i ^{i in} o _{ut = 1 ^} ^{^ 2 p ^ f} s (4) ( ₅₎ (6) ( ₇₎ Where ⁱ _out and ⁱ _in are the output and input dimensions respectively, p indicated the added padding ( 2 p as padding of equal length is added on either side of the array), f is the dimension of the filter kernel that is applied to the input array and s is the number of cells the kernel moves before each calculation. [0140] Vulnerability discriminator: [0141] The disclosed method uses a separate vulnerability discriminator, that is, a classifier model that is tasked with determining if a payload, in pre-processed, padded and binary format, is indicative of a vulnerability being exploited or part of normal network interactions between the (I)IoT That is, analysing the response to the communicated fuzzing message may comprise applying a trained classifier to the response. This discriminator is useful to the process of vulnerability detection, as using this model’s output, new vulnerabilities can be found. The classifier is trained on the transmitted messages, which have been labelled as benign or vulnerable, to recognise vulnerable responses when the fuzzing message is applied to the IoT network. [0142] Fig.7 illustrates the architecture 700 of the vulnerability discriminator. In an example, the classifier is a multilayered perceptron (MLP) comprising an output layer with a first output indicating a message that has been found to indicate a benign operation and a second output indicating a vulnerability. In this example, the vulnerability discriminator consists of the following layers: 1. Input layer 701; 2. One or more hidden layers 702; and 3. Output layer 703. [0143] The input of the classifier is the network communication responses generated by forwarding fuzzed messages to IoT devices that are being tested. For example, communicating the fuzzing message through the IoT network may cause one of the devices on the IoT network to generate a network interaction between multiple devices, such as a new message. The response would, therefore, be indicative of the new message generated. [0144] The vulnerability discriminator is not the same as the GAN discriminator. More specifically the GAN discriminator and the vulnerability (the classifier) are separate machine learning models. The vulnerability discriminator is tasked with assessing the IoT-based network traffic responses elicited by sending the mutated fuzz payloads. For this purpose, a deep MLP is used due to its high performance in processing multivariate network data and its high capability of identifying IoT vulnerabilities. [0145] Training of the vulnerability (MLP) is performed on a mixture of benign and vulnerable network interactions. Specifically, from the network interactions obtained using the preliminary vulnerability assessment and the normal network collection modules, the acquired responses are extracted, pre-processed, and labelled. This is shown as pseudocode in Algorithm 5. Training the GAN generator and discriminator [0146] The first step is to pre-train the GAN discriminator, thereby obtaining a trained discriminator from the pre-training process. It is noted that the trained discriminator is not necessarily a “fully trained” machine learning model, in the sense that the weights on the model are not adjusted. In this context, “trained” refers to the model having previously gone through some form of training, such as a batch. [0147] During a single minibatch processing cycle, the discriminator is first trained on the stored transmitted message (i.e., a mixture of benign and vulnerable, corresponding to real data) and generator-produced (forged) records. The forged records are generated by using the GAN generator after a random initialisation. The forged record is then labelled, in order to train the discriminator. [0148] The GAN discriminator is then further trained along with the generator. During each training cycle, the discriminator receives half a minibatch size of real and another half of forged data before the generator generates an output message from one of the transmitted messages and determines a classification of the output message by applying the discriminator. [0149] Based on the classification of the output message, the generator or discriminator is updated to reduce an error in the classification of the output message by the GAN discriminator. In an example, updating the generator or discriminator machine deep learning model may comprise: updating the generator machine deep learning model if the classification is correct; or updating the discriminator deep learning model if the classification is incorrect. [0150] In another example, both the and the discriminator are updated based on the classification of the output message by the GAN discriminator. More specifically, the discriminator is updated to make its classification more accurate, while the generator is updated to try and make the discriminator’s classification less accurate. As such, updating the generator or discriminator deep learning model or both may comprise: updating the generator’s deep learning model based on the cost value obtained from the discriminator deep learning or updating the discriminator deep learning model in each minibatch. [0151] In this example, in each round of training, processor 203 updates both the generator and discriminator. The discriminator wants to minimise a cost function relating to its classification error. The generator seeks to maximise the cost (the classification error) of the discriminator, by producing an output message that the discriminator misclassifies as “real” rather than “generated”. After the discriminator has been updated in each round, it may receive an output message from the generator and it classifies it. The resulting classification error is leveraged by the generator to update its state and improve. Fuzzing Scenario [0152] Fig.8 illustrates an example scenario of an intelligent mutation fuzzer for (I)IoT networks. Fig.8 shows the functionality of the proposed intelligent mutation- based fuzzer. In the 1 ^st stage, the local network is scanned, and all live hosts and open ports are recorded in dedicated tables of the backend database, to ensure that any inactive IP addresses are ignored during the later stages of the fuzzing process. Concurrently, a separate module loads and stores all available network-based exploits through the Python-Metasploit interface, in a separate table of the same database. [0153] In the next 2 ^nd stage, triplets of live IP addresses, open ports and exploits are constructed and forwarded to the penetration testing module of processor 203, which facilitates the preliminary penetration testing, as illustrated in the pseudocode of Algorithm 2. As such, vulnerability data is generated, which comprises information regarding detected vulnerabilities from testing. Reference 801 shows preliminary penetration testing traffic as a result of the penetration testing. Each network-based exploit is evaluated against the list of live IP-port pairs, and any successful exploits are recorded in the foundVulnerabilities table, so that the fuzzing process can be expedited by omitting already scanned ports with found vulnerabilities. During the host discovery and preliminary penetration testing stages, and based on user prompts, network interactions between the (I)IoT devices and other network-enabled entities are initially recorded in PCAP files. [0154] The PCAP files are then processed, with the payloads extracted and stored in the form of JSON files, each of which stores the two ends of a communication (source and destination IP addresses and port numbers), and a list of the exchanged payloads along with their direction (source to destination and vice-versa). These payloads are useful to the fuzzing process, as they are leveraged for the training of both the mutator, which is responsible for altering existing valid payloads, and the discriminator that differentiates between normal and abnormal (vulnerability-indicative) network responses that are received after the mutated payloads are dispatched. [0155] In the 3 ^rd stage, the deep learning models that provide the core functionality to the fuzzer, are trained and evaluated on data that has been collected during the other two stages. Reference 802 shows the mutator model (generator machine learning model) being loaded to Message module. First, the classifier (a deep MLP-based discriminator) is trained, which takes the form of a binary classifier and outputs the value ‘0’ for normal interactions and ‘1’ otherwise, that is responsible for detecting vulnerabilities, based on the responses that the fuzzer receives to its mutated probes. Then, post preliminary penetration test, by leveraging the captured network interactions, the mutator model is trained. [0156] The mutator takes the form of the generator from a pair of deep neural networks with stacked deep and convolutional (and transpose convolutional) layers, and is trained in a GAN configuration, where the error from the GAN discriminator is utilised by the GAN generator to periodically improve the quality of produced data. The process is identified as mutation- fuzzing, as the input of the GAN discriminator is set to be the captured vulnerable-indicative interactions, thus resulting in the generator producing realistic mutated output. The previously captured network interactions are loaded and forwarded to a dedicated messaging module, where they are first converted into binary format (as per Algorithm 1), mutated by the stored trained GAN generator, and converted back to text from binary, before it is sent to the remote host and a response is received. Reference 803 shows network conversations (transmitted messages) being loaded. [0157] As such, communicating the fuzzing message to the IoT network generates a network interaction between the multiple devices and the response to the communicated fuzzing message is based on the generated network interaction. Reference 804 shows Intelligent Mutation Fuzzing traffic as a result of mutating one or more fuzzing messages from the previously captured network interactions and applying the fuzzing messages to the IoT network using the disclosed method. In other words, Reference 804 shows Intelligent Mutation Fuzzing traffic as a result of generating one or more fuzzing messages from one or more captured transmitted messages (or generating one or more fuzzing messages by further applying the generator to an already-fuzzed message) and applying the fuzzing messages to the IoT network using the disclosed method. [0158] Any acquired responses are passed through the trained classifier (the vulnerability discriminator, not to be confused with the GAN discriminator) and labelled as either vulnerable-indicative or normal. For any detected vulnerabilities, the IP address, port number and port type of the target, along with the mutated payload are stored in the foundVulnerabilities table of the backend database for later reference. [0159] While an example is presented in this disclosure to demonstrate the effectiveness of the disclosed method at detecting unknown vulnerabilities, the method may further comprise, upon detecting the unknown vulnerability, performing an action based on the detected unknown vulnerability. For example, performing an action may comprise generating, by a computer processor, an alert or disconnecting one of the multiple devices, associated with the unknown vulnerability, from the IoT network. Such an alert may be raised on computer 202, where a user may see the alert and perform the action to mitigate the issue raised by the alert. [0160] The disclosed method may be repeated to detect another unknown vulnerability, as the detected unknown vulnerability is stored in the foundVulnerabilities table of the backend database for later reference. Detecting a second unknown vulnerability may comprise creating a new fuzzing message by the disclosed method or further mutating the fuzzing message used to find the first unknown vulnerability. As such, the method may further comprise, after detecting the unknown vulnerability, applying the generator deep learning model to the fuzzing message to detect a second unknown vulnerability. In some examples, a single mutation may not be sufficient to detect an unknown vulnerability. Hence, processor 203 may apply the generator to the fuzzing message to generate a second fuzzing message. The second fuzzing message may then be communicated over the IoT network to detect an unknown vulnerability. This process may be repeated, by processor 203, as many times as necessary to detect an unknown vulnerability. Experiments and Result Assessment Experimentation Environment [0161] To demonstrate and test the disclosed methods, a realistic testing environment is used, which may be simply referred to as the “experimentation environment”. In the experimentation environment, a hybrid cyber twins testbed is used, which is comprised of 3 internal and 1 external zones, and in each zone, several IoT sensors and actuators, including smoke detectors, IP cameras, pressure, humidity, and occupancy sensors, are deployed and managed by a per-zone coordinator. The experimentation environment models an IoT network, such as a smart airport environment. Each coordinator is capable of bridging communications between devices using a diverse range of wireless communication protocols, such as Bluetooth, ZigBee, Z-wave and LoRa. [0162] A total of 82 IoT sensors and are deployed in the testbed, selected to resemble a typical smart airport environment. To enhance accessibility, a data management system was designed to complement the services provided by the testbed, allowing for visualization of live feedback from the sensors and facilitating seamless data collection from heterogeneous sources and of varying data types, including sensor- derived telemetry data and network flows. Furthermore, the data management system provides automated activities for data pre-processing, such as extraction of payloads from collected network packets, cleansing superfluous characters, conversion to binary format and applying padding to homogenise the data. Labelling is also automatically performed by processor 203, before the data can be effectively utilized for training the deep learning models. Experiments [0163] To evaluate the performance of the intelligent mutation-based fuzzer, experiments were conducted on the experimentation environment, with the fuzzer deployed in a server machine, connected to the experimentation environment. To establish a baseline, the preliminary vulnerability testing module was engaged, which scanned the entire network of the testbed environment, including IoT and non-IoT devices, for known vulnerabilities. This preliminary vulnerability testing module was designed to leverage Metasploit, which is a well-established and open-source software used by cybersecurity experts and penetration testing practitioners. A multi-process implementation was selected for this module, as it reduces the time for scanning every device and open port in the network. Training the intelligent mutation-based fuzzer uses the collection of both benign as-well-as vulnerable network interactions (payloads), the latter of which is obtained by running the vulnerability testing module against all live devices in the environment. [0164] After the fuzzer has been trained, it can be deployed and leveraged to scan all devices in the network. Network interactions obtained by running the preliminary vulnerability testing and the normal interactions collection modules are mutated by the fuzzer, with the output forwarded to any accessible network-enabled (I)IoT and non- (I)IoT devices. Although engaging the vulnerability testing module is costly time-wise, requiring over 6 hours to complete its execution of the experimentation environment, the finalized fuzzer was observed to complete its operations in under 30 minutes. The produced mutations were not only able to detect the previously identified vulnerabilities, verifying the performance of the fuzzer, but also detected a vulnerability in one of the IP cameras that was not detected by the Metasploit. Results and Comparison Results [0165] Experiments with the intelligent mutation-based fuzzer of the disclosed method resulted in the detection of several vulnerabilities, a lot of which were not detected by the preliminary vulnerability testing process, which functions as both the input space for the fuzzer, as-well-as a base-line for assessing the performance of the fuzzer and identifying zero-day vulnerabilities. [0166] Fig.9 illustrates vulnerabilities identified by the intelligent mutation-based fuzzer. Some detected vulnerable hosts in the experiment environment, can be seen in Fig.9, with each record providing the IP address and device port number where the vulnerability was detected, the name of the service running in each port, a vulnerability description and the generated payload in UTF-8 format. Note that the vulnerability description in each depicted record is "Unknown_Vulnerability", as these vulnerabilities were detected solely by using the intelligent mutation-based fuzzer and not the preliminary vulnerability test scan, which relies on established methods of detecting vulnerabilities. Algorithms Algorithm 1: Encoding of IoT network interactions to binary format. max_len=get_max_payload_length(); input_msg=load_msg(); input_msg_hex=convert_num(input_msg,base=16); input_bin=convert_bin(input_msg_hex); remainder=max_len-length(input_bin); final_bin=input_bin; if remainder > 0 then final_bin=remainder*"0"+final_bin; final_bin=reshape_list(final_bin,dim=(max_len,1) return final_bin Algorithm 2: Preliminary multi-process vulnerability testing. initiate_network_recording(); host_list=get_live_hosts(); exploit_list=local_network_exploits(); host_sublist=[] subprocess_list=[] for host in host_list do host_sublist.add(host); if length(host_sublist)==2 then pid=new_Process(target=sprcs, args=(host_sublist)); subprocess_list.add(pid); host_sublist=[] end end for subP in subprocess_list do subP.wait() end Function test( host , exploit ): cnct=connect(host.IP,host.Port); ld_explt=locat(exploit); result=send_exploit(cnct,ld_explt); return result; Function sprcs (host _ sublist ): for host in host_sublist do for exploit in exploit_list do if test(host,exploit) is True then store(host.IP,host.Port,exploit); end end Algorithm 3: Preliminary vulnerability testing feedback strategy. waitT=5 totalWaitT=0 while acquire_feedback() is None do sleep(waitT); totalWaitT=waitT waitT-=0.5*waitT; if waitT <= 0 then waitT=1; end if totalWaitT >= 20 then break; end end Algorithm 4: Training process of Fuzzer Mutator. generator=load_generator_model(); gan_model=combine(generator,discriminator); batchS=get_batchSize(); batchS_H=batchS*0.5; epochs=load_N_epochs(); i=0; f _{or i} ^<= _{epochs do} real_data=load_data ; fake_data=generator.run(random_interactions(), size=batchS_H); discriminator.train([real_data,fake_data]); realistic_forged_data=generator.run(random_interactions(),si ze=batchS); gan_model.train([realistic_forged_data], disable=discriminator) ; i+=1; end store_model(generator); Algorithm 5: Training of Vulnerability Detection Discriminator. detector=load_vuln_detector(); batch=get_batchSize(); epochs=load_N_epochs(); i=0 X,Y=load_labelled_payloads(); X _bin =str_tp_bin(X); x _trn , x _tst , y _trn , y _tst =train_test_split(X _bin ,Y) d _{etector.train(} ^x _trn ^{, y} _{trn ,batch)} end Algorithm 6: Automatic Labelling of Captured (I)IoT Network Payloads. extract_payloads_from_PCAP_filesr(); f=open_file_path(’./captures’); for file in f do if file.ends_With(’.json’) then convos=json.load(file); if file.type==’Normal’ then cls=0; tp=’Normal’; stp=’Normal’; end else cls=1; tp=file.type; stp=file.subtype; end end else continue; end load_to_DB(convos,class=cls,type=tp,subtype=stp); end [0167] It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the above-described embodiments, without departing from the broad general scope of the present disclosure. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.