SmartTracer: Anomaly-Driven Provenance Analysis Based on Device Correlation in Smart Home Systems.

As a typical application of the Internet of Things (IoT), smart home systems facilitate home setup where appliances and devices can be controlled automatically and remotely from anywhere with an Internet connection. Devices within a smart home system are usually correlated according to the automation rules/programs preconfigured by system owners. However, attackers can exploit these complex correlations among devices to conduct indirect attacks, making it challenging for owners to locate the root cause of a security incident and identify compromised devices. In this paper, we propose SMARTTRACER, an anomaly-driven provenance analysis approach based on inter-device correlation extraction and tracing. Specifically, we extract correlations from the smart home systems automation setup and physical interaction configuration. We define a unified dependency graph to describe the event causality among devices based on the event correlation and device run-time states. We then present an identification algorithm to profile trigger-action sequences from the abnormal run-time dependency graph and identify root cause nodes of anomalies. We prototype our approach and evaluate it on a self-developed testbed. The experiment results show that SMARTTRACER effectively provides a complete and precise provenance analysis for attacks exploited by the execution chains of automation. SMARTTRACER can generate a dependency graph for around 100 automation rules in 0.03 seconds and identify anomalies within 0.14 seconds.