IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems
Internet of Things (IoT) apps provide great convenience but exposes us to new safety threats. Unlike traditional software systems, threats may emerge from the joint behavior of multiple apps. While prior studies use handcrafted safety and security policies to detect these threats, these policies may...
Saved in:
Main Authors: | , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2021
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/6892 https://ink.library.smu.edu.sg/context/sis_research/article/7895/viewcontent/IoTBox.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-7895 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-78952022-02-07T10:55:20Z IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems KANG, Hong Jin SIM, Sheng Qin LO, David Internet of Things (IoT) apps provide great convenience but exposes us to new safety threats. Unlike traditional software systems, threats may emerge from the joint behavior of multiple apps. While prior studies use handcrafted safety and security policies to detect these threats, these policies may not anticipate all usages of the devices and apps in a smart home, causing false alarms. In this study, we propose to use the technique of mining sandboxes for securing an IoT environment. After a set of behaviors are analyzed from a bundle of apps and devices, a sandbox is deployed, which enforces that previously unseen behaviors are disallowed. Hence, the execution of malicious behavior, introduced from software updates or obscured through methods to hinder program analysis, is blocked.While sandbox mining techniques have been proposed for Android apps, we show and discuss why they are insufficient for detecting malicious behavior in a more complex IoT system. We prototype IoTBox to address these limitations. IoTBox explores behavior through a formal model of a smart home. In our empirical evaluation to detect malicious code changes, we find that IoTBox achieves substantially higher precision and recall compared to existing techniques for mining sandboxes. 2021-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/6892 info:doi/10.1109/ICST49551.2021.00029 https://ink.library.smu.edu.sg/context/sis_research/article/7895/viewcontent/IoTBox.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Databases and Information Systems |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Databases and Information Systems |
spellingShingle |
Databases and Information Systems KANG, Hong Jin SIM, Sheng Qin LO, David IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems |
description |
Internet of Things (IoT) apps provide great convenience but exposes us to new safety threats. Unlike traditional software systems, threats may emerge from the joint behavior of multiple apps. While prior studies use handcrafted safety and security policies to detect these threats, these policies may not anticipate all usages of the devices and apps in a smart home, causing false alarms. In this study, we propose to use the technique of mining sandboxes for securing an IoT environment. After a set of behaviors are analyzed from a bundle of apps and devices, a sandbox is deployed, which enforces that previously unseen behaviors are disallowed. Hence, the execution of malicious behavior, introduced from software updates or obscured through methods to hinder program analysis, is blocked.While sandbox mining techniques have been proposed for Android apps, we show and discuss why they are insufficient for detecting malicious behavior in a more complex IoT system. We prototype IoTBox to address these limitations. IoTBox explores behavior through a formal model of a smart home. In our empirical evaluation to detect malicious code changes, we find that IoTBox achieves substantially higher precision and recall compared to existing techniques for mining sandboxes. |
format |
text |
author |
KANG, Hong Jin SIM, Sheng Qin LO, David |
author_facet |
KANG, Hong Jin SIM, Sheng Qin LO, David |
author_sort |
KANG, Hong Jin |
title |
IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems |
title_short |
IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems |
title_full |
IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems |
title_fullStr |
IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems |
title_full_unstemmed |
IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems |
title_sort |
iotbox: sandbox mining to prevent interaction threats in iot systems |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2021 |
url |
https://ink.library.smu.edu.sg/sis_research/6892 https://ink.library.smu.edu.sg/context/sis_research/article/7895/viewcontent/IoTBox.pdf |
_version_ |
1770576114670895104 |