Due to insecure design and configuration, the Internet-of-Things (IoT) devices are vulnerable to various security issues. In most attacks against IoT, e.g., Mirai, attackers control devices to perform malicious behaviors that are not expected by owners and administrators. Therefore, how to effectively detect malicious behaviors is crucial to protect the security of IoT devices. Different from powerful PCs and servers, resource-constrained IoT devices are generally used to execute the specific function and their behaviors are limited. Based on this observation, we propose IoT-Praetor, an undesired behavior security detection system for IoT devices. In IoT-Praetor, a new device usage description (DUD) model is proposed to construct an IoT device behavior specification, including communication and interaction behaviors. Furthermore, automatic behavior extraction approaches are presented. We also design a behavior rule engine to detect device behaviors in real time. To evaluate the effectiveness of IoT-Praetor, we implemented our methods on Samsung SmartThings and performed a security test. The evaluation results show that the successful detection rate of malicious interaction behavior is 94.5% on average, and the detection rate of malicious communication behavior is above 98%, and system running time delay is only in millisecond level.
₹10000 (INR)
IEEE-2021