BehavIoT

Modeling and Controlling Internet of Things Behavior Using Network-Inferred State Machines

For the IMC’23 paper “BehavIoT: Measuring Smart Home IoT Behavior Using Network-Inferred Behavior Models” please visit the dedicated page.

---

Internet of Things (IoT) devices are increasingly found in homes, providing useful functionality for devices such as TVs, smart speakers, and video doorbells. Along with their benefits come potential risks, since these devices can communicate information (audio recordings, video recordings, television viewing habits) about their users to other parties over the Internet. However, understanding these risks is difficult since IoT systems are traditionally closed systems that provide independent third parties with little-to-no information about whether a device (or set of devices) is behaving in ways that might violate expectations such as privacy, security, and correctness.

Project Goals. To help understand and mitigate these risks, the goal of this project is to build BehavIoT: an approach that explores the extent to which network-inferred behavioral analysis of IoT deployments, combined with control over the network traffic they generate, can identify and mitigate misbehavior of IoT systems. Our key insight is that we can model IoT device behavior by inferring their states and transition events based on the network traffic they generate, identify misbehavior as deviations from previously recorded state transitions, and mitigate these misbehaviors by manipulating the network traffic that causes undesirable state transitions.

Research Challenges. To reach the above goal, this project will address the following three research challenges. First, we will investigate how to model IoT devices behavior based on the network traffic they generate using a new formalism called NISM (network-inferred state machine) in which states represent the global behavior of the system (i.e., what the system as a whole is doing), and transitions represent the probability that such global behavior leads to a different global behavior. Second, we will investigate how to use NISM models to distinguish expected behavior from misbehavior by employing statistical process analysis (e.g., by combining and expressing the NISMs of past behavior as a Markov process with hidden states), and compare any newly observed behavior of the system with the probabilities of such Markov process. The third and final challenge is the creation of new systems, algorithms, and heuristics that leverage NISM models to control (i.e., block or modify) any unwanted or unexpected IoT behavior, which should happen transparently, without breaking the expected functionalities of the IoT device.

Impact. BehavIoT will improve safety and security for IoT users; further, by raising awareness of new and existing threats, this project can encourage device manufacturers to improve the privacy, security, and correctness of their deployments.

Dates of the project: October 2019 – October 2022.

Research publications

• BehavIoT: Measuring Smart Home IoT Behavior Using Network-Inferred Behavior Models (IMC ’23)
  Tianrui Hu, Daniel J. Dubois, David Choffnes
• A Haystack Full of Needles: Scalable Detection of IoT Devices in the Wild. Said Jawad Saidi, Anna Maria Mandalari, Roman Kolcun, Hamed Haddadi, Daniel J. Dubois, David Choffnes, Georgios Smaragdakis, Anja Feldmann (IMC 2020)
• When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers. Daniel J. Dubois, Roman Kolcun, Anna Maria Mandalari, Muhammad Talha Paracha, David Choffnes, Hamed Haddadi (PETS 2020)
• Towards Automatic Identification and Blocking of Non-Critical IoT Traffic Destinations. Anna Maria Mandalari , Roman Kolcun , Hamed Haddadi , Daniel J. Dubois , David Choffnes (CONPRO 2020)
• FLOWPRINT: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. Thijs van Ede, Riccardo Bortolameotti, Andrea Continella, Jingjing Ren, Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen, Andreas Peter (NDSS 2020). See the dedicated page for details.

Software

• The Mon(IoT)r IoT Testbed
• IoT behavioral model inference
• Flowprint: fingerprinting from network traffic
• Smart speakers misbehavior analysis

Datasets

• Dataset containing samples of IoT activity from the Mon(IoT)r Lab (IMC ’19)
• Dataset containing samples of IoT activity from the Mon(IoT)r Lab (IMC ’23)
• Dataset containing smart speakers experiments data

Press

• 2020-04: The New York Times – Privacy Cannot Be a Casualty of the Coronavirus
• 2020-04: Channel 4 – The Truth About Amazon
• 2020-02: BBC News – Why Amazon knows so much about you
• 2020-02: BBC One (Panorama program) – Amazon: What They Know About Us (YouTube Link)
• 2020-02: USA Today – It’s not you, it’s them: Google, Alexa and Siri may answer even if you haven’t called
• 2020-02: The Independent – Smart Speakers Could Accidentally Record Users up to 19 Times Per Day, Study Reveals
• 2020-02: The New York Times –  Are Alexa and Google Assistant spying on us?
• 2020-01: Which? – Are Alexa and Google Assistant spying on us?

Contacts

Prof. David Choffnes (Associate Professor, Principal Investigator)
Dott. Daniel J. Dubois (Associate Research Scientist)

Acknowledgements

This project has been funded by the NSF’s Division of Computer and Network Systems (CNS-1909020).

We also thank the following students for their contributions to the project: Abhijit Menon, Derek Ng, Shu Zhang