Context Aware Anomaly Behavior Analysis for Smart Home Systems
The Internet of Things (IoT) will lead to the development of advanced Smart Home services that are pervasive, cost-effective, and can be accessed by home occupants from anywhere and at any time. However, advanced smart home applications will introduce grand security challenges due to the increase in the attack surface. Current approaches do not handle cybersecurity from a holistic point of view; hence, a systematic cybersecurity mechanism needs to be adopted when designing smart home applications. In this paper, we present a generic intrusion detection methodology to detect and mitigate the anomaly behaviors happened in Smart Home Systems (SHS). By utilizing our Smart Home Context Data Structure, the heterogeneous information and services acquired from SHS are mapped in context attributes which can describe the context of smart home operation precisely and accurately. Runtime models for describing usage patterns of home assets are developed based on characterization functions. A threat-aware action management methodology, used to efficiently mitigate anomaly behaviors, is proposed at the end. Our preliminary experimental results show that our methodology can be used to detect and mitigate known and unknown threats, as well as to protect SHS premises and services.
[1] Verizon. Create intelligent, more meaningful business connections. Retrieved from http://www.verizonenterprise.com/solutions/connected-machines/, 2016.
[2] A. Zanella, N. Bui, A. Castellani, L. Vangelista and M. Zorzi, Internet of Things for Smart Cities, in IEEE Internet of Things Journal, vol. 1, no. 1, pp. 22-32, Feb. 2014.doi: 10.1109/JIOT.2014.2306328.
[3] J. Pacheco and S. Hariri, IoT Security Framework for Smart Cyber Infrastructures, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W), Augsburg, 2016, pp. 242-247.doi: 10.1109/FAS-W.2016.58.
[4] Jesus Pacheco, Autonomic Cyber Security (ACS): A paradigm shift in cyber security, http://nsfcac.arizona.edu/research/iot-security-framework.html.
[5] Pacheco J, Hariri S. Anomaly behavior analysis for IoT sensors. Trans Emerging Tel Tech. 2018; 29: e3188. https://doi.org/10.1002/ett.3188.
[6] Z. Liu, X. Huang, Z. Hu, M. K. Khan, H. Seo and L. Zhou, On Emerging Family of Elliptic Curves to Secure Internet of Things: ECC Comes of Age, in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 3, pp. 237-248, 1 May-June 2017.doi: 10.1109/TDSC.2016.2577022.
[7] J. Y. Kim, W. Hu, H. Shafagh and S. Jha, "SEDA: Secure Over-The-Air Code Dissemination Protocol for the Internet of Things," in IEEE Transactions on Dependable and Secure Computing. doi: 10.1109/TDSC.2016.2639503.
[8] Migault D, Guggemos T, Killian S, et al. Diet-ESP: IP layer security for IoT. Journal of Computer Security, 2017, 25(2):1-31. DOI: 10.3233/JCS-16857.
[9] P. P. Gaikwad, J. P. Gabhane and S. S. Golait, A survey based on Smart Homes system using Internet-of-Things, 2015 International Conference on Computation of Power, Energy, Information and Communication (ICCPEIC), Chennai, 2015, pp. 0330-0335.
[10] Dan Goodin.: Is your refrigerator really part of a massive spam-sending botnet?, http://arstechnica.com/security/2014/01/is-your-refrigerator-really-part-of-a-massive-spam-sending-botnet/.
[11] P. B. Nassar, Y. Badr, K. Barbar and F. Biennier, Risk management and security in service-based architectures, 2009 International Conference on Advances in Computational Tools for Engineering Applications, Zouk Mosbeh, 2009, pp. 214-218.doi: 10.1109/ACTEA.2009.5227927.
[12] H. Suo, J. Wan, C. Zou, J. Liu, Security in the Internet of Things: A Review, International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 3.2012.
[13] I. Butun, S. D. Morgera and R. Sankar, A Survey of Intrusion Detection Systems in Wireless Sensor Networks, in IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 266-282, First Quarter 2014. doi: 10.1109/SURV.2013.050113.00191.
[14] D. P. Duarte et al., Substation-based self-healing system with advanced features for control and monitoring of distribution systems, 2016 17th International Conference on Harmonics and Quality of Power (ICHQP), Belo Horizonte, 2016, pp. 301-305.
[15] Nobakht, Mehdi, Vijay Sivaraman and Roksana Boreli. “A Host-Based Intrusion Detection and Mitigation Framework for Smart Home IoT Using OpenFlow.” 2016 11th International Conference on Availability, Reliability and Security (ARES) (2016): 147-156.
[16] Jonathan Roux, Eric Alata, Guillaume Auriol, Vincent Nicomette, Mohamed Kaâniche. Toward an Intrusion Detection Approach for IoT based on Radio Communications Profiling. 13th European ependable Computing Conference, Sep 2017, Geneva, Switzerland. 4p., 2017. <hal-01561710>.
[17] Gajewski, Mariusz, Jordi Mongay Batalla, George Mastorakis and Constandinos X. Mavromoustakis. “A distributed IDS architecture model for Smart Home systems.” Cluster Computing (2017): 1-11.
[18] Abowd G. D., Dey A. K., Brown P. J., Davies N., Smith M., Steggles P. Towards a Better Understanding of Context and Context-Awareness. In: Gellersen HW. (eds) Handheld and Ubiquitous Computing. HUC 1999. Lecture Notes in Computer Science, vol 1707. Springer, Berlin, Heidelberg.1999.
[19] Smart Home Energy. What is a ”smart home”? Web page, date: 2013-09-25. (Online). Available: http://smarthomeenergy.co.uk/whatsmart-home.
[20] Xiaoyan Jia, Xiaoyong Li, and Yali Gao. 2017. A Novel Semi-Automatic Vulnerability Detection System for Smart Home. In Proceedings of the International Conference on Big Data and Internet of Thing (BDIOT2017). ACM, New York, NY, USA, 195-199.
[21] C. Lee, L. Zappaterra, Kwanghee Choi and Hyeong-Ah Choi, Securing smart home: Technologies, security challenges, and security requirements, 2014 IEEE Conference on Communications and Network Security, San Francisco, CA, 2014, pp. 67-72. doi: 10.1109/CNS.2014.6997467.
[22] FIPS PUB 199. Standards for Security Categorization of Federal Information and Information Systems. Technical report, National Institute of Standards and Technology. Federal Information Processing Standards Publication.
[23] E. Fernandes, J. Jung and A. Prakash, Security Analysis of Emerging Smart Home Applications, 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, 2016, pp. 636-654.doi: 10.1109/SP.2016.44.
[24] C. Perera, A. Zaslavsky, P. Christen and D. Georgakopoulos, Context Aware Computing for The Internet of Things: A Survey, in IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 414-454, First Quarter 2014.
[25] G. Castelli, M. Mamei, A. Rosi, and F. Zambonelli, Extracting high-level information from location data: the w4 diary example, Mob. Netw. Appl. 2009, vol. 14, no. 1, pp. 107–119, (Online). Available: http://dx.doi.org/10.1007/s11036-008-0104-y.
[26] Z. Pan, S. Hariri and Y. Al-Nashif, Anomaly based intrusion detection for Building Automation and Control networks, 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA), Doha, 2014, pp. 72-77.doi: 10.1109/AICCSA.2014.7073181.
[27] Works with Nest, https://nest.com/works-with-nest/, 2018.
[28] Apple Developer: HomeKit, https://developer.apple.com/homekit/, 2018.
[29] Xiaomi Gateway (Aqara), https://wiki.domoticz.com/wiki/Xiaomi _Gateway_(Aqara), 2018.
[30] uml.org, Unified modeling language (uml), 2012, http://www.uml.org/ (Addressed on: 2012-05-29).
[31] H. Alipour, Y. B. Al-Nashif, P. Satam and S. Hariri, Wireless Anomaly Detection Based on IEEE 802.11 Behavior Analysis, in IEEE Transactions on Information Forensics and Security, vol. 10, no. 10, pp. 2158-2170, Oct. 2015.doi: 10.1109/TIFS.2015.2433898.
[32] P Satam, H Alipour, Y Al-Nashif, S Hariri, Anomaly behavior analysis of DNS protocol., in Internet Serv. Inf. Secur, 2015, (4), 85–97.
[33] H. Alipour, Y. B. Al-Nashif and S. Hariri, IEEE 802.11 anomaly-based behavior analysis, 2013 International Conference on Computing, Networking and Communications (ICNC), San Diego, CA, 2013, pp. 369-373.
[1] Verizon. Create intelligent, more meaningful business connections. Retrieved from http://www.verizonenterprise.com/solutions/connected-machines/, 2016.
[2] A. Zanella, N. Bui, A. Castellani, L. Vangelista and M. Zorzi, Internet of Things for Smart Cities, in IEEE Internet of Things Journal, vol. 1, no. 1, pp. 22-32, Feb. 2014.doi: 10.1109/JIOT.2014.2306328.
[3] J. Pacheco and S. Hariri, IoT Security Framework for Smart Cyber Infrastructures, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W), Augsburg, 2016, pp. 242-247.doi: 10.1109/FAS-W.2016.58.
[4] Jesus Pacheco, Autonomic Cyber Security (ACS): A paradigm shift in cyber security, http://nsfcac.arizona.edu/research/iot-security-framework.html.
[5] Pacheco J, Hariri S. Anomaly behavior analysis for IoT sensors. Trans Emerging Tel Tech. 2018; 29: e3188. https://doi.org/10.1002/ett.3188.
[6] Z. Liu, X. Huang, Z. Hu, M. K. Khan, H. Seo and L. Zhou, On Emerging Family of Elliptic Curves to Secure Internet of Things: ECC Comes of Age, in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 3, pp. 237-248, 1 May-June 2017.doi: 10.1109/TDSC.2016.2577022.
[7] J. Y. Kim, W. Hu, H. Shafagh and S. Jha, "SEDA: Secure Over-The-Air Code Dissemination Protocol for the Internet of Things," in IEEE Transactions on Dependable and Secure Computing. doi: 10.1109/TDSC.2016.2639503.
[8] Migault D, Guggemos T, Killian S, et al. Diet-ESP: IP layer security for IoT. Journal of Computer Security, 2017, 25(2):1-31. DOI: 10.3233/JCS-16857.
[9] P. P. Gaikwad, J. P. Gabhane and S. S. Golait, A survey based on Smart Homes system using Internet-of-Things, 2015 International Conference on Computation of Power, Energy, Information and Communication (ICCPEIC), Chennai, 2015, pp. 0330-0335.
[10] Dan Goodin.: Is your refrigerator really part of a massive spam-sending botnet?, http://arstechnica.com/security/2014/01/is-your-refrigerator-really-part-of-a-massive-spam-sending-botnet/.
[11] P. B. Nassar, Y. Badr, K. Barbar and F. Biennier, Risk management and security in service-based architectures, 2009 International Conference on Advances in Computational Tools for Engineering Applications, Zouk Mosbeh, 2009, pp. 214-218.doi: 10.1109/ACTEA.2009.5227927.
[12] H. Suo, J. Wan, C. Zou, J. Liu, Security in the Internet of Things: A Review, International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 3.2012.
[13] I. Butun, S. D. Morgera and R. Sankar, A Survey of Intrusion Detection Systems in Wireless Sensor Networks, in IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 266-282, First Quarter 2014. doi: 10.1109/SURV.2013.050113.00191.
[14] D. P. Duarte et al., Substation-based self-healing system with advanced features for control and monitoring of distribution systems, 2016 17th International Conference on Harmonics and Quality of Power (ICHQP), Belo Horizonte, 2016, pp. 301-305.
[15] Nobakht, Mehdi, Vijay Sivaraman and Roksana Boreli. “A Host-Based Intrusion Detection and Mitigation Framework for Smart Home IoT Using OpenFlow.” 2016 11th International Conference on Availability, Reliability and Security (ARES) (2016): 147-156.
[16] Jonathan Roux, Eric Alata, Guillaume Auriol, Vincent Nicomette, Mohamed Kaâniche. Toward an Intrusion Detection Approach for IoT based on Radio Communications Profiling. 13th European ependable Computing Conference, Sep 2017, Geneva, Switzerland. 4p., 2017. <hal-01561710>.
[17] Gajewski, Mariusz, Jordi Mongay Batalla, George Mastorakis and Constandinos X. Mavromoustakis. “A distributed IDS architecture model for Smart Home systems.” Cluster Computing (2017): 1-11.
[18] Abowd G. D., Dey A. K., Brown P. J., Davies N., Smith M., Steggles P. Towards a Better Understanding of Context and Context-Awareness. In: Gellersen HW. (eds) Handheld and Ubiquitous Computing. HUC 1999. Lecture Notes in Computer Science, vol 1707. Springer, Berlin, Heidelberg.1999.
[19] Smart Home Energy. What is a ”smart home”? Web page, date: 2013-09-25. (Online). Available: http://smarthomeenergy.co.uk/whatsmart-home.
[20] Xiaoyan Jia, Xiaoyong Li, and Yali Gao. 2017. A Novel Semi-Automatic Vulnerability Detection System for Smart Home. In Proceedings of the International Conference on Big Data and Internet of Thing (BDIOT2017). ACM, New York, NY, USA, 195-199.
[21] C. Lee, L. Zappaterra, Kwanghee Choi and Hyeong-Ah Choi, Securing smart home: Technologies, security challenges, and security requirements, 2014 IEEE Conference on Communications and Network Security, San Francisco, CA, 2014, pp. 67-72. doi: 10.1109/CNS.2014.6997467.
[22] FIPS PUB 199. Standards for Security Categorization of Federal Information and Information Systems. Technical report, National Institute of Standards and Technology. Federal Information Processing Standards Publication.
[23] E. Fernandes, J. Jung and A. Prakash, Security Analysis of Emerging Smart Home Applications, 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, 2016, pp. 636-654.doi: 10.1109/SP.2016.44.
[24] C. Perera, A. Zaslavsky, P. Christen and D. Georgakopoulos, Context Aware Computing for The Internet of Things: A Survey, in IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 414-454, First Quarter 2014.
[25] G. Castelli, M. Mamei, A. Rosi, and F. Zambonelli, Extracting high-level information from location data: the w4 diary example, Mob. Netw. Appl. 2009, vol. 14, no. 1, pp. 107–119, (Online). Available: http://dx.doi.org/10.1007/s11036-008-0104-y.
[26] Z. Pan, S. Hariri and Y. Al-Nashif, Anomaly based intrusion detection for Building Automation and Control networks, 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA), Doha, 2014, pp. 72-77.doi: 10.1109/AICCSA.2014.7073181.
[27] Works with Nest, https://nest.com/works-with-nest/, 2018.
[28] Apple Developer: HomeKit, https://developer.apple.com/homekit/, 2018.
[29] Xiaomi Gateway (Aqara), https://wiki.domoticz.com/wiki/Xiaomi _Gateway_(Aqara), 2018.
[30] uml.org, Unified modeling language (uml), 2012, http://www.uml.org/ (Addressed on: 2012-05-29).
[31] H. Alipour, Y. B. Al-Nashif, P. Satam and S. Hariri, Wireless Anomaly Detection Based on IEEE 802.11 Behavior Analysis, in IEEE Transactions on Information Forensics and Security, vol. 10, no. 10, pp. 2158-2170, Oct. 2015.doi: 10.1109/TIFS.2015.2433898.
[32] P Satam, H Alipour, Y Al-Nashif, S Hariri, Anomaly behavior analysis of DNS protocol., in Internet Serv. Inf. Secur, 2015, (4), 85–97.
[33] H. Alipour, Y. B. Al-Nashif and S. Hariri, IEEE 802.11 anomaly-based behavior analysis, 2013 International Conference on Computing, Networking and Communications (ICNC), San Diego, CA, 2013, pp. 369-373.
@article{"International Journal of Information, Control and Computer Sciences:78753", author = "Zhiwen Pan and Jesus Pacheco and Salim Hariri and Yiqiang Chen and Bozhi Liu", title = "Context Aware Anomaly Behavior Analysis for Smart Home Systems", abstract = "The Internet of Things (IoT) will lead to the development of advanced Smart Home services that are pervasive, cost-effective, and can be accessed by home occupants from anywhere and at any time. However, advanced smart home applications will introduce grand security challenges due to the increase in the attack surface. Current approaches do not handle cybersecurity from a holistic point of view; hence, a systematic cybersecurity mechanism needs to be adopted when designing smart home applications. In this paper, we present a generic intrusion detection methodology to detect and mitigate the anomaly behaviors happened in Smart Home Systems (SHS). By utilizing our Smart Home Context Data Structure, the heterogeneous information and services acquired from SHS are mapped in context attributes which can describe the context of smart home operation precisely and accurately. Runtime models for describing usage patterns of home assets are developed based on characterization functions. A threat-aware action management methodology, used to efficiently mitigate anomaly behaviors, is proposed at the end. Our preliminary experimental results show that our methodology can be used to detect and mitigate known and unknown threats, as well as to protect SHS premises and services.
", keywords = "Internet of Things, network security, context awareness, intrusion detection", volume = "13", number = "5", pages = "261-14", }
