ARGUS Paper on Detecting Stealthy Infiltration Attacks against Smart-Homes Accepted at USENIX Security Conference

2023/02/24

Nowadays, living without internet-connected devices is hard to imagine. With the rapid evolution of the Internet of Things, our daily lives have been transformed in many ways. Smart devices like TVs, speakers, thermostats, and cameras have become commonplace in homes across the globe. However, many of these devices have security flaws, such as weak default credentials that are not changed and thus can be easily exploited by attackers. Another hidden danger is that the cloud infrastructure, i.e., the cloud server of the manufacturer, could be maliciously exploited to control these devices. An attacker can abuse these devices to create serious damage to smart home users. For example, an attacker could turn off the heating in the winter when the homeowner is on vacation, open the smart lock to break into the house or abuse the smart cameras to spy on the smart homeowner. In our paper “ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks”, we present ARGUS – a system that can detect such attacks.

ARGUS monitors the behavior of smart devices to detect anomalous actions, empowering users to respond quickly to situations such as doors being opened when the owner is absent. Our system leverages a Deep Neural Network, in particular an under-complete Auto-Encoder made of recurrent unit layers, to model the smart-home owner's behavior. This allows ARGUS to calculate anomaly scores that are then compared against a dynamically calculated threshold value to distinguish benign actions from attacks. This enables ARGUS to work effectively when facing new attacks that were not known at training time. We tested ARGUS on 5 real smart homes. We observed a very low false detection rate of at most 0.03% and an attack detection rate of 100% for the evaluated attacks. Our paper will be presented at the USENIX Security Symposium in August, one of the top 4 security conferences. You can also find a preprint of the paper available at https://arxiv.org/abs/2302.07589. Stay tuned for more updates on this exciting new development in IoT security!