Abstract
As several home appliances, such as air conditioners, heaters, and refrigerators, were connecting to the Internet, they became targets of cyberattacks, which cause serious problems such as compromising safety and even harming users. We have proposed a method to detect such attacks based on user behavior. This method models user behavior as sequences of user events including operation of home IoT (Internet of Things) devices and other monitored activities. Considering users behave depending on the condition of the home such as time and temperature, our method learns event sequences for each condition. To mitigate the impact of events of other users in the home included in the monitored sequence, our method generates multiple event sequences by removing some events and learning the frequently observed sequences. For evaluation, we constructed an experimental network of home IoT devices and recorded time data for four users entering/leaving a room and operating devices. We obtained detection ratios exceeding 90% for anomalous operations with less than 10% of misdetections when our method observed event sequences related to the operation. In this article, we also discuss the effectiveness of our method by comparing with a method learning users’ behavior by Hidden Markov Models.
Highlights
H OME appliances such as refrigerators, heaters, and air conditioners are being increasingly integrated with Internet connections to expand connectivity beyond personal computers and smartphones
Existing intrusion detection systems assume that legitimate and anomalous traffic patterns are notably different, both attackers and legitimate users send the same types of packets to operate IoT devices
We proposed a method to detect the anomalous operation of home IoT devices by learning user behaviors during operation [18]
Summary
H OME appliances such as refrigerators, heaters, and air conditioners are being increasingly integrated with Internet connections to expand connectivity beyond personal computers and smartphones. Most of the current attacks targeting IoT devices aim to create botnets [8], [9] Such attacks are detectable by methods based on analyses of attacker behaviors [10]–[12] or through usual traffic comparisons [13], [14]. Existing intrusion detection systems assume that legitimate and anomalous traffic patterns are notably different, both attackers and legitimate users send the same types of packets to operate IoT devices. We proposed a method to detect the anomalous operation of home IoT devices by learning user behaviors during operation [18]. The proposed method can detect anomalous operation that does not fit the user behaviors even if the commands are generated by malware-infected smartphones.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
