Internet-of-things (IoT) devices are vulnerable to malicious operations by attackers, which can cause physical and economic harm to users; therefore, we previously proposed a sequence-based method that modeled user behavior as sequences of in-home events and a base home state to detect anomalous operations. However, that method modeled users' home states based on the time of day; hence, attackers could exploit the system to maximize attack opportunities. Therefore, we then proposed an estimation-based detection method that estimated the home state using not only the time of day but also the observable values of home IoT sensors and devices. However, it ignored short-term operational behaviors. Consequently, in the present work, we propose a behavior-modeling method that combines home state estimation and event sequences of IoT devices within the home to enable a detailed understanding of long- and short-term user behavior. We compared the proposed model to our previous methods using data collected from real homes. Compared with the estimation-based method, the proposed method achieved a 15.4% higher detection ratio with fewer than 10% misdetections. Compared with the sequence-based method, the proposed method achieved a 46.0% higher detection ratio with fewer than 10% misdetections.
翻译:互联网(IoT)装置易受攻击者恶意操作的伤害,这可能会对用户造成物质和经济伤害;因此,我们以前曾提出一个以序列为基础的方法,将用户行为模拟为家庭内事件的序列和基本母国状态,以检测异常操作;然而,这种方法基于白天的时间,模拟了用户的家庭状态;因此,袭击者可以利用该系统最大限度地扩大攻击机会。因此,我们随后提出一个基于估计的检测方法,不仅利用白天的时间,而且使用家用IoT传感器和装置的可观测值来估计母国。然而,它忽视了短期操作行为。因此,在目前的工作中,我们提出了一种行为模型方法,将家庭内IoT装置的家庭状态估计和事件序列结合起来,以便能够详细了解长期和短期用户行为。我们比较了拟议模式与我们以前使用从实际住户收集的数据的方法。与基于估计的方法相比,拟议方法实现了15.4%更高的检测率,低于10%的误读率。与拟议的方法相比,与10 %的测算方法比较了。