CADeSH: Collaborative anomaly detection for smart homes

Yair Meidan, Dan Avraham, Hanan Libhaber, Asaf Shabtai

IEEE Internet of Things Journal, 2022

Although home Internet of Things (IoT) devices are typically plain and task oriented, the context of their daily use may affect their traffic patterns. That is, a given IoT device will probably not generate the exact same traffic data when operated by different people in different environments and when connected to different networks with different topologies and communication components. For this reason, anomaly-based intrusion detection systems tend to suffer from a high false positive rate (FPR). To overcome this, we propose a two-step collaborative anomaly detection method which first uses an autoencoder to differentiate frequent (“benign”) and infrequent (possibly “malicious”) traffic flows. Clustering is then used to analyze only the infrequent flows and classify them as either known (“rare yet benign”) or unknown (malicious). Our method is collaborative, in that 1) normal behaviors are characterized more robustly, as …