Detection of Anomalous User Activity for Home IoT Devices

Vishwajeet Bhosale, Lorenzo de Carli, Indrakshi Ray

Abstract

Home IoT devices suffer from poor security, and are easy to commandeer for unskilled attackers. Since most IoTs cannot run host-based detection, detecting compromise via analysis of network traffic is in many cases the only viable option. Unfortunately, traditional Deep Packet Inspection techniques are not applicable: many IoT devices encrypt their traffic and common attacks (e.g., credential stuffing) cannot be described via signatures. Anomaly detection on traffic features, while effective to identify egregious misbehavior (e.g., a DDoS) cannot identify privacy violations, where an attacker triggers legitimate functions (e.g., streaming video, unlocking a door), but without consent of the user. In this paper, we propose a novel anomaly detection technique based on the analysis of user activities. Our approach builds a model to identify user-performed activities on the device from packet sequences, and uses unsupervised learning to identify deviations from normal user behavior in activity sequences. Thus, it can flag situations where an attacker misuses an IoT device, even when such attacks do not involve protocol-level exploits and do not result in significant anomalies in traffic-level features. Preliminary results show that our approach can effectively map device traffic to activities, and suggest that such activities can be used to distinguish malicious and benign users.

Download


Paper Citation


in Harvard Style

Bhosale V., de Carli L. and Ray I. (2021). Detection of Anomalous User Activity for Home IoT Devices. In Proceedings of the 6th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS, ISBN 978-989-758-504-3, pages 309-314. DOI: 10.5220/0010476503090314


in Bibtex Style

@conference{iotbds21,
author={Vishwajeet Bhosale and Lorenzo de Carli and Indrakshi Ray},
title={Detection of Anomalous User Activity for Home IoT Devices},
booktitle={Proceedings of the 6th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,},
year={2021},
pages={309-314},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010476503090314},
isbn={978-989-758-504-3},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,
TI - Detection of Anomalous User Activity for Home IoT Devices
SN - 978-989-758-504-3
AU - Bhosale V.
AU - de Carli L.
AU - Ray I.
PY - 2021
SP - 309
EP - 314
DO - 10.5220/0010476503090314