The Forest Behind the Tree: Revealing Hidden Smart Home Communication Patterns
François De Keersmaeker, Rémi Van Boxem, Cristel Pelsser, Ramin Sadre
TL;DR
The paper tackles the problem of incomplete profiling of Smart Home device network behavior by focusing on hidden communication patterns that emerge when default traffic fails. It introduces a largely automated framework that actively disturbs device communication, blocks targeted flows, and constructs multi-level event signature trees to reveal additional flows. Applied to ten real devices, the approach discovers 254 unique flows, including 70 hidden patterns, and introduces a robustness score to quantify backup strategies, with open-source tooling for replication. This method enables more accurate and resilient security configurations for home networks and provides deeper insights into device robustness under network perturbations.
Abstract
The widespread use of Smart Home devices has attracted significant research interest in understanding their behavior within home networks. Unlike general-purpose computers, these devices exhibit relatively simple and predictable network activity patterns. However, previous studies have primarily focused on normal network conditions, overlooking potential hidden patterns that emerge under challenging conditions. Discovering these hidden flows is crucial for assessing device robustness. This paper addresses this gap by presenting a framework that systematically and automatically reveals these hidden communication patterns. By actively disturbing communication and blocking observed traffic, the framework generates comprehensive profiles structured as behavior trees, uncovering flows that are missed by more shallow methods. This approach was applied to ten real-world devices, identifying 254 unique flows, with over 27% only discovered through this new method. These insights enhance our understanding of device robustness and can be leveraged to improve the accuracy of network security measures.