A distributed IDS architecture model for Smart Home systems

The common use of smart devices encourages potential attackers to violate privacy. Sometimes taking control of one device allows the attacker to obtain secret data (such as password for home WiFi network) or tools to carry out DoS attack, and this, despite the limited resources of such devices. One of the solutions for gaining users’ confidence is to assign responsibility for detecting attacks to the service provider, particularly Internet Service Provider (ISP). It is possible, since ISP often provides also the Home Gateway (HG)—device that has multiple roles: residential router, entertainment center, and home’s “command and control” center which allows to manage the Smart Home entities. The ISP may extend this set of functionalities by implementing an intrusion detection software in HG provisioned to their customers. In this article we propose an Intrusion Detection System (IDS) distributed between devices residing at user’s and ISP’s premises. The Home Gateway IDS and the ISP’s IDS constitute together a distributed structure which allows spreading computations related to attacks against Smart Home ecosystem. On the other hand, it also leverages the operator’s knowledge of security incidents across the customer premises. This distributed structure is supported by the ISP’s expert system that helps to detect distributed attacks i.e., using botnets.