2019 3rd Cyber Security in Networking Conference (CSNet)
IoT Cybersecurity based Smart Home Intrusion
Prevention System
Fathima James
University of Missouri–Kansas City, USA
Email: fjmb7@mail.umkc.edu
Abstract—The Internet of Things (IoT) devices are becom-
ing more popular in various domains such as e-Home, e-
Health, e-Commerce, e-banking, e-Enterprises, e-Learning and
e-Trafficking. The IoT is not only connecting computer and
mobile devices, it also interconnects smart homes, buildings,
companies and cities.With increased deployment of IoT devices
in domestic smart home environment, the threats and challenges
also need to be addressed in order to improve and build a
secure and resilient cybersecurity based IoT smart infrastructure.
Moreover, IoT smart environment tackles more security issues
than traditional computer networks usually do. While many
researchers are trying to explore the security challenges and
open problems in smart home based IoT infrastructure, there
is a lack of a systematic study of the security challenges in the
IoT cybersecurity landscape. However, Smart home environment
and IoT services will introduce significant security challenges due
to the substantial increase in the number of computing resources,
attack surface, communications infrastructure and attack rates.
In this paper, we intent to fulfil this gap by executing the IoT
cybersecurity-based attacks to detect the most critical attacks for
smart home IoT end devices. At the same time, we present our
intrusion prevention system methodology in order to protect the
affected system from future attacks.
Keywords—Cybersecurity, Internet of Things (IoT), Smart
Home, Risk Analysis Model, Attack Surface, Intrusion Prevention
System.
I. I NTRODUCTION
The Internet of Things (IoT) paradigm has gained expo-
nential growth and popularity in recent years. The growth is
expected to reach more than 50 billion devices by 2020 [1].
This major trend replaces many consumer products with con-
ventional non-networked home appliances that leads to intro-
duce new technologies into consumer homes. Most likely, the
future smart homes will be filled with many Inter-connected
devices that can also introduce significant privacy concerns.
The smart home IoT technology deployment with respect
to control process introduces new security challenges and
that requires a new level of security requirements. Therefore,
security is one of the highest priority areas while employing
smart home technology.
The nature of the interconnected smart home internet
resources can be attacked anytime from any location in the
world, and this makes cybersecurity a main issue. Cyber
security revolves around three main security aspects [2].
978-1-7281-3949-4/19/$31.00
2019
c IEEE
978-1-7281-3949-4/19/$31.00 ©2019Indonesia.
Authorized licensed use limited to: Universitas IEEE Downloaded107
on August 22,2020 at 16:42:08 UTC from IEEE Xplore. Restrictions apply.
Confidentiality deals with keeping data secure, so that only
authorized users can access the private data.
Authentication enables to keep the network secure by
allowing only authenticated users to access its protected re-
sources.
Access control denotes that only authorized users can
access data, communications infrastructure, services and com-
puting resources, and making sure that those authorized users
are not prohibited from such access.
These above specified cybersecurity aspects are important
key issues in smart home environment. Hence, information
security in IoT systems needs better research focus in order
to address cyber-related security concerns. For example, IoT-
based smart home faces security and privacy challenges that
traverse all over the IoT layer architecture [3]. The most
common causes of cyber-related vulnerabilities are inadequate
authentication procedures, limited software updating/patching,
poor product design, non-secure communications protocols,
improper implementation or device/application use [4]. There-
fore, it is disparagingly important to secure and protect the IoT
smart home environment operations against cyber attacks.
Over the last few years researchers [5], [6], [7], [3], [8],
[9] and [2] have described and proposed methodologies for
detecting cyber attacks in terms of confidentiality, authenticity,
and Integrity of the data sensed, collected and exchanged by
the IoT objects. Additionally, [6] proposed an intrusion detec-
tion and mitigation framework (IoT-IDM) in order to provide a
network-level protection for smart home IoT devices. However,
once an intrusion is detected, their proposed mitigation module
only aims to either block or redirect the intruder in accessing
the victim IoT device. Thus, [5], [6], [7], [3], [8], [9], [2] and
most of the research work did not discuss about IoT smart
home based cyber attack prevention methods/techniques and
their implementations. To rectify this problem, we examine
and propose an intrusion prevention system for the most critical
smart home based cyber attacks.
Our work has three prominent contributions beyond the
existing work.
• Since it is normally unfeasible to cover all the vulner-
abilities and all possible threats, the need of getting
know more about the attack surface infrastructure
is increased. Thus, we introduce cybersecurity based
smart home attack surface infrastructure along with
different IoT layers.
 2019 3rd Cyber Security in Networking Conference (CSNet)

• The techniques for identifying and assessing the se-

curity risk are required to protect the IoT based
smart home infrastructure. Thus, we present our risk
analysis model in order to develop the appropriate
countermeasures to reduce the existing exploitations.
• Finally, we present our intrusion prevention system
with the purpose of detecting and preventing the most
critical cyber attacks in different layers of IoT smart
home infrastructure.
The rest of the paper is ordered as follows. In Section II, we
provide background information about the IoT cybersecurity
and attack surface infrastructure. In Section III, we discuss
the related work and Section IV, we present our intrusion
prevention system methodology and then we discuss our
simulation setup and results in Section V. Finally, we conclude
the paper with future work in Section VI.

II. BACKGROUND
A. IoT Cybersecurity
Cybersecurity has established as a crucial factor of in-
formation system. The recent survey in 2019 [10] specifies
that security holes are on the increase growth; 90% of large
organizations encountered cyber attacks in 2019 compared
to 81% in 2018. Thus, as cybersecurity is advanced, cyber-
crime is also growing to be more extensive, more critical
and more sophisticated. Unlike more traditional computing
network systems, IoT smart home environment brings together
the physical, human and cyber aspects of a system. Each can be
used to compromise the other and each can contribute towards
monitoring and protecting the other. Thus, it0 s very important
to learn about the weaknesses of smart home network in order
to detect or handle cyber attacks.
On the other hand, the diverse and dynamic use of re-
sources have made security a crucial challenge in a smart home
environment. Traditional IT security solutions are not appro-
priate to cyber security based IoT infrastructure due to the
following issues [11]: 1) The modern internet can be extended
by IoT through the traditional internet, mobile network, non IP
networks, sensor network and cloud computing; 2) Computing
techniques, limitations in memory and processing ability which
may not be continuously supported the complicated security
algorithms; 3) Since all things will communicate with each
other, the multiple access points can be used to exploit existing
vulnerabilities; 4) Most of the time, IoT devices and services
either be shared or could have different ownership, policy and
connectivity domains as well.
B. Attack Surface
The main purpose of attack surface is to understand,
explore and validate security threats in the cyber world [11]
and, it is required to understand the motive of the attacker
that the attack source (local or public network), how they
deploy attacks and what information could be targeted. Fig-
ure 2 describes the attack surface infrastructure along with
cybersecurity challenges in the different IoT layers. Most
of the smart home IoT devices face access control-based
cybersecurity problem in the local home network area under
the perception layer. Authentication related risks arise between
Fig. 1: Attack surface infrastructure along with cybersecurity
challenges in the different IoT layers [3]
TABLE I: SMART HOME ATTACK SURFACE
Attack Surface
Local Network Attack Public Network Attack
Device to device User to IoT services
Device to controller Service to service
Controller to gateway Application to service
User to gateway IoT device to service
smart home gateway and public network/internet in the net-
work layer. The third class of cybersecurity challenge concerns
the confidentiality between IoT services and applications in
the application layer. Confidentiality problems occur when the
attacker eavesdrops on the private data in the smart home IoT
system.
Smart home technologies have large attack surfaces that
have several vulnerabilities, especially legacy components (us-
ing old software which has not been regularly patched). Attack
on a system can take place by initiating an attack within
the smart operating system environment i.e. insider or local
network attack and by initiating an attack from an external
source i.e. outsider or public network attack [3]. In both
scenarios, attackers will use the smart home resources such
as methods, channels, devices and data to initiate attacks [5].
Thus, our proposed approach analyzes these two sides of the
IoT network attacks, namely local (insiders) and public net-
works (outsiders). Local networks contain IP, non-IP networks,
end devices, gateways and controllers. Public networks contain
user controllers, applications, internet/cloud and IoT services
[1]. Table 1 shows the IoT smart home environment attack
surface including possibilities of the attacks in both sides as
well.

Authorized licensed use limited to: Universitas Indonesia. Downloaded108

on August 22,2020 at 16:42:08 UTC from IEEE Xplore. Restrictions apply.
 2019 3rd Cyber Security in Networking Conference (CSNet)
III. R ELATED W ORK
Security and privacy of IoT based smart home infrastruc-
ture is in its development phase and most of the research work
is on understanding and identifying the IoT based smart home
security threats. Thus, there is always a need to search for
the existing security prevention techniques to look for proper
solutions [11].
In [12], the authors presented a smart home risk analysis
using the Information Security Risk Analysis (ISRA) method.
The devices risk factor was exposed with respect to the
confidentiality, integrity and availability. The risk analysis
considered five system components such as sensors, cloud
servers, in-house gateway, smart phone apps and application
programming interfaces (APIs). Even though, this work is
mainly focused on cyber security risks, the proposed work
done in this research considers a holistic view of smart
home environment by identifying cyber and physical security
vulnerabilities using the OCTAVE Allegro methodology [7].
[13] examined security attacks in smart home environment
based on several scenarios and then suggested to establish
security goals for the smart home environment. Finally, the
authors forecasted security attacks like malware, virus etc. and
predicted that how many attacks are anticipated to be launched
in coming years based on historical data.
[5] presented a methodology to develop thread model that
can be used to identify potential attacks against smart infras-
tructure, their impacts and how to mitigate and recover from
these attacks. They also discussed their Anomaly Behavior
Analysis methodology and its characterized operations. The
ABA (Abnormal Behavior Analysis) approach can detect both
known and unknown attacks with high detection rates.
It is essential to protect smart home devices against attacks,
at both the backbone network level and the control level.
Usually an attack can happen at the traffic level, the control
level or the backbone level [14]. Smart homes are always
vulnerable to different attacks even though many benefits are
obtained from IoT-based smart homes [8].
An attacker can easily attack an interconnection device
such as gateway or smart home appliance device using its
network or local communication interface [15] and also an
IoT device can be impersonated using its faulty authentication.
Thus, an attack against the home gateway can directly lead to
an attack against the whole home network, as it is the point
at which an outside connection can be made [16].
[3] presented a detailed survey of the recent IDSs and their
corresponding methods, features, and mechanisms. These IDSs
mainly designed for the IoT model with a focus of cyber-
security. [17] considered the electricity pricing cyberattacks
in the smart home system. The main motive of this kind of
cyberattacks is to reduce the monetary based cyberattacks and
increase the peak energy usage in the local power system. The
authors proposed a countermeasure technique based on support
vector regression and maximum tolerable impact difference.
Most of the previous research work either partially ad-
dressing the problem or usually propose a high-level security
architecture design which will change the way IoT devices are
currently designed and communicating. To move forward and
Authorized licensed use limited to: Universitas Indonesia. Downloaded109
on August 22,2020 at 16:42:08 UTC from IEEE Xplore. Restrictions apply.
make an innovative change in IoT smart home environment,
the IoT device manufacturers can easily come up with an idea
that an IoT device can be embedded with security solution that
provides all security threats in advance and along with varying
capabilities [18].
In brief, the studies on smart home specified above focused
more on possible security issues that may happen in smart
home environments. There is no clear research study that
covers the entire IoT architecture from the cyber security
perspective. On the other hand, the specified related works
focused precisely more on the IoT paradigm or some parts
of smart environment systems. However, our study takes a
step further by carrying out a security risk assessment of IoT-
enabled smart homes from the cybersecurity viewpoint.
IV. INTRUSION PREVENTION SYSTEM
METHODOLOGY
A. Risk Analysis Model
To improve security and reduce risks in smart home infor-
mation systems, some attack threat factors such as analyzing
attacks, threats, attack risks, and vulnerabilities should be
examined in order to develop the appropriate countermeasures
to reduce the existing exploitations [19]. To better understand
cybersecurity based IoT security landscape, a general IoT risk
analysis model needs to be developed [20]. The risk analysis
model concentrates more on analyzing threats and its circum-
stances with associated risk distributions. Thus, it helps mostly
in analyzing a security problem, designing mitigation strategies
and evaluating mitigation solutions in a smart environment [5].
When the risk analysis model is created for a deployed
system, it can be used to rank the mitigation actions [19]. The
common steps for creating the risk analysis model in a smart
home environment are:
1) Identify the attacks/risks: In order to identify the
cyber-attacks, we deploy anomaly behavior detection
system. The main purpose of the anomaly detection
approach is their ability in detecting novel and new
unknown attacks. This anomaly behavior detection
approach defines a baseline model for abnormal be-
havior of the system through off-line training and
consider any activity which lies outside of this abnor-
mal model as well [21]. Thus, this detection system
can detect any attack, misconfiguration or misuse
with less false alarm.
2) Prioritize the attacks/risks: The attacks can be prior-
itized based on what vulnerabilities are most likely
to be targeted. It helps to understand that successful
attacks have a higher probability of recurring. Which
means that whenever an anomaly detection alarm
makes the update, the attack vectors need to be
checked in order to see if the same exposure exists in
the smart home environment. If so, make it a priority
to reduce that acquaintance or eliminate it completely.
Therefore, knowing the types of vulnerabilities and
impact of an attack can help to determine which
assets require patching [22].
3) Choose suitable mitigation strategies: Risk mitigation
strategies have been chosen based on the following
 2019 3rd Cyber Security in Networking Conference (CSNet)
factors: the root causes of risks that have been iden-
tified and measured, evaluate risk connections and
common causes, identify the appropriate mitigation
approaches, methods, and tools for each major attack,
evaluate and rank mitigation techniques, select and
commit the required resources [23].
4) Build mitigation solutions based on the mitigation
strategies and techniques. Our proposed intrusion
prevention system will be discussed in further details
with suitable test cases.
The proposed risk analysis model approach is mainly
used to reduce the security threats as well as the potential
risks. However, increasing system security by applying more
security solutions will impact the overall system usability [14].
Therefore, when some of the proposed countermeasures have
been taken place, both system security and usability should be
balanced.
B. Intrusion Prevention System
Existing cybersecurity solutions are far enough from being
reasonable to stop the exponential growth of the complex
cyber attacks [24]. Figure 2 shows the process flow of smart
home intrusion prevention system. Once the attacker hits the
smart home envrionment through public or private netwrok,
the risk analysis model executes the risk analysis process steps.
After prioritizing the attacks, the mitigation strategy has been
chosen based on the set of mitigation factors. When the suit-
able mitigation strategy gets accepted, the selected mitigation
strategy has been processed. If the mitigation strategy gets
rejected while evaluating, we can assess and process different
mitigation strategy as well.
In the next section, the smart home intrusion prevention
system process flow has been examined with three test cases
based on the three cybersecurity aspects such as Confidential-
ity, Authentication and Access Control. Thus, the attack can be
detected based on each of the cybersecurity aspects. The attack
surface may change as per the risk factors and vulnerability
circumstances. The three most critical cyber attacks have
been launched under each test case and then the intrusion
prevention system has been examined that how efficiently the
proposed system protect the smart home infrastructure from
future attacks.
To inspect the proposed intrusion prevention system, the
same cyber attacks have been executed in the affected smart
home environment and then the risk factors and vulnerability
circumstances have been continuously monitored. If there is
any chance for the same attack to happen again, the risk
analysis will process the different mitigation strategy after a
couple of strict validations.
1) Test case 1: (Confidentiality : Attack surface - User
controller to IoT service) In this scenario, eavesdropping attack
is a major threat to most of the smart home environment as
it is hard to discover that the network transmission does not
seem to be operating abnormally. Based on the intrusion pre-
vention system, the suitable mitigation method of preventing
eavesdropping attack is encryption. Moreover, encryption is
a trustworthy secure transmission method and can be found
in almost every major protocol. We use 3DES (Triple Data
Encryption Standard) because it uses the 168 bits key size
Authorized licensed use limited to: Universitas Indonesia. Downloaded110
on August 22,2020 at 16:42:08 UTC from IEEE Xplore. Restrictions apply.
Fig. 2: Smart home intrusion prevention system
TABLE II: AVERAGE TIME REQUIRED FOR INTENSIVE
KEY SEARCH
Key Size No of Keys Time required at one decryption
32-bits 232 = 4.3109 231 µs= 35.8 mins
56-bits 2 = 7.2×1016
56
255 µs = 1142 years
128-bits 2128 = 3.4×1038 2127 µs= 5.4×1024 years
168-bits 2168 = 3.7×1050 2167 µs= 5.9×1036 years
and the key length for the 3DES is 112 bits and 168 bits, the
number of rounds 48 and the block size is 64 bits [25]. The
main goal of this algorithm is to increase the system security
with lengthier key length.
Since 3DES algorithm utilizes keys as a combination and
each level with different key size, the benefit of the 3DES
algorithm is three times secure having key size 2168 [25]. Table
2 shows the average time required for intensive key search.
Therefore, we can prevent unauthorized access or attack in the
smart home environment by enabling the encryption in every
single transmission.
2) Test case 2: (Authentication: Attack surface - Attacker
to home network) When the attacker executes brute force
attack via public or local network, they initially try to hack the
login credentials by making number of wrong login attempts.
The main important defense against a brute force attack must
be execution of a strong password policy. Practically, the best
mitigation method of brute force attack is progress delay. The
user accounts are locked out for a set of periods of time
after a few failed login attempts. The lock-out time increases
with each subsequent failed attempt. This prevention method
stops automated tools from performing a brute force attack and
effectively makes it impractical to perform such an attack.
3) Test case 3: : (Access control: Attack Surface - User to
gateway) In this scenario, Denial-of-service (DoS) attack is a
major critical attack in local network smart home environment.
Denial-of-service (DoS) attacks typically flood servers, sys-
tems, devices or networks with traffic in order to overwhelm
the victim resources and make it difficult or impossible for
authentic users to use them. In order to prevent this access
control-based DoS attack, we can create set of controller
 2019 3rd Cyber Security in Networking Conference (CSNet)

policies to prevent the attack. Whenever a system or network

admin gets false requests from other IoT devices, services, or
applications, the controller can set a policy to drop the false
request packets or services. By avoiding the false requests, we
can save smart home network resources from making them as
an inaccessible.

V. SIMULATION SETUP AND RESULT ANALYSIS

The three most critical and frequently occuring cyber
attacks are launched over the smart home environment setup
under three test cases. We simulated all three cyber attacks us-
ing NS3 (Network Simulator 3) with the following simulation
setups: simulation time: 5 minutes, processing time for a single
packet (4 ms), Packet size (512 Kbits), Transmission delay (2 Fig. 3: Brute force attack
ms) and server queuing delay (0 sec). We implemented this
setup with 3 set of IoT devices such as 7, 11 and 15 devices.
For test case 1 scenario, as shown in the Table 3, the
controller starts the transmission by sending a packet with a
message LIGHTS ON. Since the transmission is happening
over the public network, the packet will hit the server first and
then pass through the home gateway controller. The attacker
takes privilege during the weak connection between user de-
vice and public internet. At 1.5sec, the attacker can eavesdrop
the original content and modify the content into LIGHTS OFF.
By using the same weak connection, the attacker can stay and
eavesdrop other data communication which is initiated by the
same user device as shown in the Table 3.
As shown in the Table 4, the packet private data can be
encrypted at each transmission and only the right people who Fig. 4: Brute force attack prevention
know the key can read the private information. If the attacker
tries to break the encrypted data, he must try three times 2128
combinations to break the encrypted data as per the 3DES algo-
rithm. Thus, encryption is a reliable prevention method for an
eavesdropping attack. For test case 2 scenario, to understand
the impact of giving wrong username/password attempts on
the brute force attack, we have performed simulations when
the number of attempts is 5, 15, 20, 25, and 30 respectively.
A pair of username/password is randomly chosen from its
dictionary of 32 pairs of username/password every time. Once

TABLE III: EAVESDROPPING ATTACK

S.No Time Device ID Packet Attack

(sec) Message
1 1.5 1 - 3 (controller to Lights on Lights off
device)
Fig. 5: DOS attack
2 2.0 1 -2 AC - 72F AC - 75F
3 2.5 1-4 Alarm ON Alarm OFF
4 3.0 1-6 Preheat ON Preheat OFF
5 3.5 1-9 Zoom in Zoom out
a correct username/password is selected, the attacker will stop
the attempt. Figure 3 shows that as the number of false attempts
increase, the propagation delay also increases. This can be
TABLE IV: EAVESDROPPING ATTACK PREVENTION caused by the extra generated traffic due to the increasing
number of attempts and congestion in the same home network
S.No Time Device Packet Message 3DES Encryption environment. Progress delay plays a key role against brute
(sec) ID
1 1.5 1-3 Lights on 0X7F8788D16940 force attack. As shown in Figure 4, in the first 3 seconds the
2 2.0 1 -2 AC - 72F 0X8D8789D17899 system got locked due to wrong login attempts and the regular
3 2.5 1-4 Alarm ON 0F7F8788D19479 transmission resumed exactly at 3.1 seconds. Therefore, the
4 3.0 1-6 Preheat ON 0C7FD788DX194
5 3.5 1-9 Zoom in 0D99XF7168FC7 processing time increases, as the failed attempts decrease.
This prevention method stops automated tools from performing

Authorized licensed use limited to: Universitas Indonesia. Downloaded111

on August 22,2020 at 16:42:08 UTC from IEEE Xplore. Restrictions apply.
 2019 3rd Cyber Security in Networking Conference (CSNet)
Fig. 6: DOS attack prevention
a brute force attack and effectively makes it impractical to
perform such an attack.
For test case 3 scenario, based on the observation (Figure
5), as the false request increases, the traffic rate also increases.
At some point, all legitimate systems transmission rate goes
down and subsequently the access got denied. As shown in
Figure 6, as the false request increases, the processing time
decreases, and finally the false request access got denied.
In order to examine and validate our proposed intrusion
prevention system, we conducted the same cyber attacks in
the affected smart home environment. As shown in Table
4, Figure 4 and 6, our proposed system totally prevented
the critical attacks. Hence, we predicted that the possibility
of recurring the same cyber attacks is very less. Thus, our
proposed intrusion prevention system protects the IoT smart
home devices from critical cyber attacks.
VI. C ONCLUSIONS AND F UTURE WORK
In this paper, we analyzed and addressed the most critical
cyber attacks for smart home IoT end devices with three
test cases. Due to lack of cybersecurity mechanism in IoT
end devices, many smart home devices become soft targets
for adversaries, and it is happening without victims proper
knowledge of being infected. In this paper, we presented our
intrusion prevention system methodology based on three cy-
ber security aspects confidentiality, authentication, and access
control. Under each of the cybersecurity aspect, we conducted
three major attacks which would seem like a nightmare to most
of the smart home owners. To overcome these attack surfaces,
we introduced the risk ananlysis model which helps to choose
a suitable mitigation strategy for each cyber-attack. Finally,
we predicted that the probability of occuring the same cyber
attacks is very less. Thus, our proposed intrusion prevention
system ensures to build a secure and robust cybersecurity based
IoT smart home infrastructure.
We are currently executing the unknown cyber attacks
with less false alarm in a multiple smart home environment.
Subsequently, we will do robustness analysis in terms of
resource overhead and complexity of possible attacks.
Authorized licensed use limited to: Universitas Indonesia. Downloaded112
on August 22,2020 at 16:42:08 UTC from IEEE Xplore. Restrictions apply.
ACKNOWLEDGEMENT
I offer my sincere gratitude to my advisor Dr. Deep Medhi,
(University of Missouri Kansas City) for his support and
valuable feedback, which made this work possible.
R EFERENCES
[1] “Verizon (january 2015). create intelligent, more meaningful business
connections.” [Online]. Available: http://aws.amazon.com/ec2/
[2] H. Lin and N. W. Bergmann, “Iot privacy and security challenges for
smart home environments,” Information, vol. 7, no. 3, p. 44, 2016.
[3] M. F. Elrawy, A. I. Awad, and H. F. A. Hamed, “Intrusion detection
systems for iot-based smart environments: a survey,” Journal of Cloud
Computing, 2018.
[4] “Cybersecurity consideration for connected smart homes and devices.”
[Online]. Available: https://industrie-4-0.ul.com/wp-content/uploads/
2018/02/UL Cybersecurity SmartHome White Paper en.pdf
[5] J. Pacheco and S. Hariri, “Iot security framework for smart cyber
infrastructures,” in Foundations and Applications of Self* Systems, IEEE
International Workshops on. IEEE, 2016, pp. 242–247.
[6] M. Nobakht, V. Sivaraman, and R. Boreli, “A host-based intrusion
detection and mitigation framework for smart home iot using openflow,”
in 2016 11th International Conference on Availability, Reliability and
Security (ARES), 2016.
[7] B. Ali and A. I. Awad, “Cyber and physical security vulnerability
assessment for iot-based smart homes,” Sensors, vol. 18, no. 3, 2018.
[8] J. He, Q. Xiao, P. He, and M. S. Pathan, “An adaptive privacy protection
method for smart home environments using supervised learning,” Future
Internet, vol. 9, no. 1, 2017.
[9] D. Chowdhry, R. Paranjape, and P. Laforge, “Smart home automation
system for intrusion detection,” in 2015 IEEE 14th Canadian Workshop
on Information Theory (CWIT), 2015.
[10] “Information security breaches survey 2019, statistical release: London,
uk,2019.” [Online]. Available: https://assets.publishing.service.gov.
uk/government/uploads/system/uploads/attachment data/file/813599/
Cyber Security Breaches Survey 2019 - Main Report.pdf
[11] H. Suo, J. Wan, C. Zou, and J. Liu, “Security in the internet of things: a
review,” in Computer Science and Electronics Engineering (ICCSEE),
2012 international conference on, vol. 3. IEEE, 2012, pp. 648–651.
[12] A. Jacobsson, M. Boldt, and B. Carlsson, “A risk analysis of a
smart home automation system,” Future Generation Computer Systems,
vol. 56, 2015.
[13] W. Ali, G. Dustgeer, M. Awais, and M. A. Shah, “Iot based smart home:
Security challenges, security requirements and solutions,” in 2017 23rd
International Conference on Automation and Computing (ICAC), Sep.
2017, pp. 1–6.
[14] B. Ali and A. I. Awad, “Cyber and physical security vulnerability
assessment for iot-based smart homes,” Sensors, vol. 18, no. 3, p. 817,
2018.
[15] W. Granzer, W. Kastner, G. Neugschw, and F. Praus, “Security in
networked building automation systems,” Tech. Rep., 2005.
[16] V. Ricquebourg, D. Menga, D. Durand, B. Marhic, L. Delahoche, and
C. Loge, “The smart home concept : our immediate future,” in 2006 1ST
IEEE International Conference on E-Learning in Industrial Electronics,
Dec 2006, pp. 23–28.
[17] Y. Liu, S. Hu, and T. Ho, “Vulnerability assessment and defense technol-
ogy for smart home cybersecurity considering pricing cyberattacks,” in
2014 IEEE/ACM International Conference on Computer-Aided Design
(ICCAD), 2014.
[18] S. Notra, M. Siddiqi, H. H. Gharakheili, V. Sivaraman, and R. Boreli,
“An experimental study of security and privacy risks with emerg-
ing household appliances,” in Communications and Network Security
(CNS), 2014 IEEE Conference on. IEEE, 2014, pp. 79–84.
[19] S. Musman, M. Tanner, A. Temin, E. Elsaesser, and L. Loren, “Com-
puting the impact of cyber attacks on complex missions,” in Systems
Conference (SysCon), 2011 IEEE International. IEEE, 2011, pp. 46–
51.
 2019 3rd Cyber Security in Networking Conference (CSNet)

[20] D. Xu, M. Tu, M. Sanford, L. Thomas, D. Woodraska, and W. Xu,

“Automated security test generation with formal threat models,” IEEE
transactions on dependable and secure computing, vol. 9, no. 4, pp.
526–540, 2012.
[21] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, “A survey on security and
privacy issues in internet-of-things,” IEEE Internet of Things Journal,
2017.
[22] “Prioritizing your security.” [Online]. Available: https://www.csoonline.
com/article/3247304/prioritizing-your-security-where-do-you-begin.
html
[23] “The owner’s role in project mitigation.” [Online]. Available:
https://www.nap.edu/read/11183/chapter/7
[24] S. Greengard, “Cybersecurity gets smart,” Communications of the ACM,
vol. 59, no. 5, pp. 29–31, 2016.
[25] S. S. Thapar and H. Sarangal, “A study of data threats and the role of
cryptography algorithms,” in 2018 IEEE 9th Annual Information Tech-
nology, Electronics and Mobile Communication Conference (IEMCON),
Nov 2018, pp. 819–824.

Authorized licensed use limited to: Universitas Indonesia. Downloaded113

on August 22,2020 at 16:42:08 UTC from IEEE Xplore. Restrictions apply.