Anomaly traffic detection and correlation in Smart Home automation IoT systems

Abstract

AbstractSmart building automation systems are increasingly the target of hacking attacks. Moreover, they may be used as a tool for attacks against targets located out of the native Home Area Network (HAN). These attacks are often resulted in changes in traffic volume, damaged packets, increased message traffic, and so on. Symptoms of attacks can be detected as anomalies in traffic model and recognized by a software agent run on Home Gateway. Although these anomalies are detected locally, it may help network provider to protect his resources as well as other resources of his clients. For that purpose, network operator should be able to recognize anomalies and correlate them on the network level. In this way, the network operator has the ability to protect both its own network and HANs of its clients. This article shows that Smart Home security might be coupled with the providers' network security policy. For that reason, security tasks should be performed both in HAN and providers' data center. This article describes a novel strategy for anomaly detection that provides shared responsibility between a service client and the network provider. It uses a machine learning approach for classifying the monitoring data and correlation in searching suspicious behavior across the network resources at the service provider's data center.