Skip to main content

New system to detect cyber-attacks on smart devices in the home

10 February 2020

Smart speaker on a table

A novel system capable of detecting and classifying cyber-attacks on smart devices around our homes has been developed by experts at Cardiff University.

The system can distinguish between malicious or benign activity and detect attacks on devices such as the Amazon Echo Dot and Apple TV with a 90 per cent accuracy.

The researchers say the lightweight tool could be used in a similar way to antivirus software and believe its implementation is imperative in order to keep up with the rapid development of smart devices.

In Western Europe the average household has around 5.4 smart devices with the global sector  expected to grow to 20.4 billion devices by this year.

Known collectively as the Internet of Things (IoT), smart devices are ubiquitous across society and have become key technologies in a range of sectors, from economy and energy to transport and healthcare.

This new development comes as the UK’s Department of Digital, Culture, Media and Sport recently declared that a new law would force companies to “explicitly state” the length for which they will provide security updates when customers purchase a smart device.

The new system, developed by experts at Cardiff University’s School of Computer Science and Informatics, has been described in the IEEE Internet of Things Journal.

In their study, the team developed a mock household environment containing eight different smart devices: Belkin NetCam camera; TP-Link NC200 Camera; TP-Link Smart Plug; Samsung Smart Things hub; Amazon Echo Dot; Apple TV; British Gas Hive connected to a motion sensor and a window/door sensor; and a Lifx Lamp.

They deployed several popular cyber-attacks on the network and applied a three-layer intrusion detection system to detect them.

In particular they classified the type and profiled the normal behaviour of each device connected to the network; identified malicious packets on the network when an attack was occurring; and classified the type of attack that was deployed.

The system was able to complete these three tasks with 96.2 per cent, 90 per cent, 98 per cent accuracy respectively.

Lead author of the study, Ms Eirini Anthi said: “The insufficient security measures and lack of dedicated detection systems for networks of smart devices make them vulnerable to a range of attacks, such as data leakage, spoofing, disruption of service and energy bleeding.

“These can lead to disastrous effects, causing damage to hardware, disrupting the system availability, causing system blackouts, and even physically harming individuals.

“A relatively simple and seemingly harmless deauthentication attack can cause no significant damage, but if performed on a device with critical significance, such as a steering wheel in a wireless car, it can pose a threat to human life.

What we’ve demonstrated is a system that can successfully distinguish between devices on the network, whether network activity is malicious or benign, and detect which attack was deployed on which device connected to the network automatically.

Eirini Anthi Cybersecurity Research Engineer

Professor Pete Burnap, co-author of the study and Director of Cardiff University’s NCSC-recognised Centre of Excellence in Cyber Security Research added: “This is another step forward in the early stage detection of disruptive cyber-attacks that is being integrated with our wider portfolio of research using advanced AI to predict and actively block malicious activity before it achieves major impact.

“The overarching goal of our cyber research programme is to pave the way for proactive and cost saving cyber defences, maximising the potential for AI in cybersecurity in line with the objectives of the UK’s industrial strategy.”

Share this story

The School is research-led with a reputation for excellent teaching and internationally accomplished research activities.