Modeling and Controlling Internet of Things Behavior Using Network-Inferred State Machines

Internet of Things (IoT) devices are increasingly found in homes, providing useful functionality for devices such as TVs, smart speakers, and video doorbells. Along with their benefits come potential risks, since these devices can communicate information (audio recordings, video recordings, television viewing habits) about their users to other parties over the Internet. However, understanding these risks is difficult since IoT systems are traditionally closed systems that provide independent third parties with little-to-no information about whether a device (or set of devices) is behaving in ways that might violate expectations such as privacy, security, and correctness.

Project Goals. To help understand and mitigate these risks, the goal of this project is to build BehavIoT: an approach that explores the extent to which network-inferred behavioral analysis of IoT deployments, combined with control over the network traffic they generate, can identify and mitigate misbehavior of IoT systems. Our key insight is that we can model IoT device behavior by inferring their states and transition events based on the network traffic they generate, identify misbehavior as deviations from previously recorded state transitions, and mitigate these misbehaviors by manipulating the network traffic that causes undesirable state transitions.

Research Challenges. To reach the above goal, this project will address the following three research challenges. First, we will investigate how to model IoT devices behavior based on the network traffic they generate using a new formalism called NISM (network-inferred state machine) in which states represent the global behavior of the system (i.e., what the system as a whole is doing), and transitions represent the probability that such global behavior leads to a different global behavior. Second, we will investigate how to use NISM models to distinguish expected behavior from misbehavior by employing statistical process analysis (e.g., by combining and expressing the NISMs of past behavior as a Markov process with hidden states), and compare any newly observed behavior of the system with the probabilities of such Markov process. The third and final challenge is the creation of new systems, algorithms, and heuristics that leverage NISM models to control (i.e., block or modify) any unwanted or unexpected IoT behavior, which should happen transparently, without breaking the expected functionalities of the IoT device.

Impact. BehavIoT will improve safety and security for IoT users; further, by raising awareness of new and existing threats, this project can encourage device manufacturers to improve the privacy, security, and correctness of their deployments.

Dates of the project: October 2019 – October 2022.

Research publications





Prof. David Choffnes (Associate Professor, Principal Investigator)
Dott. Daniel J. Dubois (Associate Research Scientist)


This project has been funded by the NSF’s Division of Computer and Network Systems (CNS-1909020).

We also thank the following students for their contributions to the project: Abhijit Menon, Derek Ng, Shu Zhang