Two-tier anomaly detection based on traffic profiling of the home automation system

Mariusz Gajewski, Jordi Mongay Batalla, Albert Levi, Cengiz Togay, Constandinos X. Mavromoustakis, George Mastorakis

Research output: Contribution to journalArticlepeer-review

8 Citations (Scopus)


Smart building equipment and automation systems often become a target of attacks and are used for attacking other targets located out of the Home Area Network. Attacks are often related to changes in traffic volume, disturbed packet flow or excessive energy consumption. Their symptoms can be recognized and interpreted locally, using software agent at Home Gateway. Although anomalies are detected locally at the Home Gateway, they can be exploited globally. Thus, it is significantly important to detect global attack attempts through anomalies correlation. Our proposal in this paper is the involvement of the Network Operator in Home Area Network security. Our paper describes a novel strategy for anomaly detection that consists of shared responsibilities between user and network provider. The proposed two-tier Intrusion Detection System uses a machine learning method for classifying the monitoring records and searching suspicious anomalies across the network at the service provider's data center. Result show that local anomaly detection combined with anomaly correlation at the service providers level can provide reliable information on the most frequent IoT devices misbehavior which may be caused by infection.

Original languageEnglish
Pages (from-to)46-60
Number of pages15
JournalComputer Networks
Publication statusPublished - 20 Jul 2019


  • Anomaly detection
  • Home gateway
  • Internet of Things
  • Smart home
  • Wireless sensor networks


Dive into the research topics of 'Two-tier anomaly detection based on traffic profiling of the home automation system'. Together they form a unique fingerprint.

Cite this