Go to DBLP homepageSeIoT: Detecting Anomalous Semantics in Smart Homes via Knowledge Graph
Abstract: Existing IoT Network Anomaly Detection Systems (NADSes) typically treat IoT devices as independent entities and model them by Euclidean space features. These approaches suffer from low accuracies on new attacks (e.g., platform-based attacks and evasion attacks), since they do not fully consider the semantic information including traffic periodicity and device/environment interactions. In this paper, we propose SeIoT, a knowledge graph-based bimodal anomaly detection framework for smart homes. We propose a knowledge graph structure to represent the semantic information of a smart home. First, we propose the Action Fingerprint module, an efficient and effective traffic classification approach to extract the device actions and features required by the knowledge graph. Then, we propose a bimodal anomaly detection framework including interaction-related and time-related detectors to detect the knowledge graph. We propose a feature separation-based heterogeneous graph attention network that can accurately model the interactions among devices and environments, and a method to represent traffic periodicity for the time-related detector. For evaluation, we set up a real-world testbed and evaluate the detection performance of both device-targeted attacks and platform-based attacks. Experiment results show that SeIoT can achieve better detection capability than prior work on both of the attacks.
Loading