Smart Home Security: from a Risk Analysis Perspective to Network-based Security Approach

Douha N’guessan Yves-Roland (1911411)


The Internet of Things has revolutionized several fields, including traditional homes that have become smart homes. The smart home aims to improve in-house quality of life by supplying many services such as healthcare and energy management. Smart homes' success attracts normal users for convenience, but also, attackers, who intend to compromise security, safety, and privacy of users. Recently, several cyberattacks targeted smart homes endangering the privacy, safety, and security of inhabitants.

In this thesis, we propose a Gated Recurrent Unit-based intrusion detection system to identify and block malicious traffic from the smart home network following the risk analysis of the smart home ecosystem. First, we perform a risk analysis of smart homes to identify smart-home stakeholders at high risks and tackle the most realistic attack scenarios. We conduct this risk assessment using the EBIOS methodology, starting from identifying the smart home assets to the description of strategic scenarios. We used a 5-point Likert scale to collect data from security experts for the risk assessment. Our findings include threat evaluations of each smart home stakeholder classified into three zones: danger, control, and watch zones. The results showed that dwellers, home automation service providers, energy service providers, and network service providers are included in the danger zone, so among the smart-home stakeholders at high risks level. Considering these results and attack scenarios distinguishing the smart home network as a crucial entry point for attackers, we propose an intrusion detection system to identify anomaly traffics. The proposed architecture leverages the recurrent neural network called gated recurrent unit (GRU). The evaluation of our proposed model on Bot-IoT datasets indicates an anomaly detection performances of 98.95\% for accuracy and \textbf{0\% f}or False Positive Rate (FPR).