Go to DBLP homepageGTIBS: secure smart home monitoring through gateway traffic analysis and behavioral signature identification
Abstract: Currently, smart home devices from different vendors rely on isolated cloud platforms and proprietary application services, resulting in a lack of unified and localized supervision mechanisms for users to manage devices and their behaviors. Although traffic-based device and behavior identification methods offer promising third-party oversight capabilities, they often depend on large-scale traffic data collection for model training or signature extraction. Furthermore, such approaches typically require the construction of extensive signature libraries, making local deployment at the household level impractical. Even pre-trained models struggle to address traffic feature drift across different environments. This paper proposes a gateway traffic-based IoT device behavior monitoring and signature identification method (GTIBS). It can be directly deployed online at the gateway, targeting a limited number of devices on the network. It automatically segments different behavior traffic from the devices’ encrypted traffic, extracting features such as packet length and frequency of occurrences, inter-arrival time, and protocol type for clustering to generate unique signatures for each behavior. Experimental results on multiple smart home traffic datasets confirm the distinctiveness and reliability of the generated signatures. Furthermore, we introduce a packet-level online behavior identification mechanism that enables real-time signature matching. The evaluation results show that GTIBS achieves an average identification accuracy exceeding 97%. Additionally, GTIBS demonstrates low resource consumption when deployed in real-world environments, offering efficient signature construction and continuous monitoring of device behaviors.
External IDs:dblp:journals/apin/HuWZ25
Loading