IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems

Internet of Things (IoT) apps provide great convenience but exposes us to new safety threats. Unlike traditional software systems, threats may emerge from the joint behavior of multiple apps. While prior studies use handcrafted safety and security policies to detect these threats, these policies may...

Full description

Saved in:
Bibliographic Details
Main Authors: KANG, Hong Jin, SIM, Sheng Qin, LO, David
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2021
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/6892
https://ink.library.smu.edu.sg/context/sis_research/article/7895/viewcontent/IoTBox.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-7895
record_format dspace
spelling sg-smu-ink.sis_research-78952022-02-07T10:55:20Z IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems KANG, Hong Jin SIM, Sheng Qin LO, David Internet of Things (IoT) apps provide great convenience but exposes us to new safety threats. Unlike traditional software systems, threats may emerge from the joint behavior of multiple apps. While prior studies use handcrafted safety and security policies to detect these threats, these policies may not anticipate all usages of the devices and apps in a smart home, causing false alarms. In this study, we propose to use the technique of mining sandboxes for securing an IoT environment. After a set of behaviors are analyzed from a bundle of apps and devices, a sandbox is deployed, which enforces that previously unseen behaviors are disallowed. Hence, the execution of malicious behavior, introduced from software updates or obscured through methods to hinder program analysis, is blocked.While sandbox mining techniques have been proposed for Android apps, we show and discuss why they are insufficient for detecting malicious behavior in a more complex IoT system. We prototype IoTBox to address these limitations. IoTBox explores behavior through a formal model of a smart home. In our empirical evaluation to detect malicious code changes, we find that IoTBox achieves substantially higher precision and recall compared to existing techniques for mining sandboxes. 2021-04-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/6892 info:doi/10.1109/ICST49551.2021.00029 https://ink.library.smu.edu.sg/context/sis_research/article/7895/viewcontent/IoTBox.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Databases and Information Systems
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Databases and Information Systems
spellingShingle Databases and Information Systems
KANG, Hong Jin
SIM, Sheng Qin
LO, David
IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems
description Internet of Things (IoT) apps provide great convenience but exposes us to new safety threats. Unlike traditional software systems, threats may emerge from the joint behavior of multiple apps. While prior studies use handcrafted safety and security policies to detect these threats, these policies may not anticipate all usages of the devices and apps in a smart home, causing false alarms. In this study, we propose to use the technique of mining sandboxes for securing an IoT environment. After a set of behaviors are analyzed from a bundle of apps and devices, a sandbox is deployed, which enforces that previously unseen behaviors are disallowed. Hence, the execution of malicious behavior, introduced from software updates or obscured through methods to hinder program analysis, is blocked.While sandbox mining techniques have been proposed for Android apps, we show and discuss why they are insufficient for detecting malicious behavior in a more complex IoT system. We prototype IoTBox to address these limitations. IoTBox explores behavior through a formal model of a smart home. In our empirical evaluation to detect malicious code changes, we find that IoTBox achieves substantially higher precision and recall compared to existing techniques for mining sandboxes.
format text
author KANG, Hong Jin
SIM, Sheng Qin
LO, David
author_facet KANG, Hong Jin
SIM, Sheng Qin
LO, David
author_sort KANG, Hong Jin
title IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems
title_short IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems
title_full IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems
title_fullStr IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems
title_full_unstemmed IoTBox: Sandbox Mining to Prevent Interaction Threats in IoT Systems
title_sort iotbox: sandbox mining to prevent interaction threats in iot systems
publisher Institutional Knowledge at Singapore Management University
publishDate 2021
url https://ink.library.smu.edu.sg/sis_research/6892
https://ink.library.smu.edu.sg/context/sis_research/article/7895/viewcontent/IoTBox.pdf
_version_ 1770576114670895104