Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway

Fabio Palmese, Anna Maria Mandalari, Hamed Haddadi, Alessandro Enrico Cesare Redondi

TL;DR

The paper tackles privacy risks in smart homes by enabling on-edge detection of non-essential IoT traffic through ML-IoTrim, a gateway-resident framework that learns to classify destinations from network patterns alone. It builds a ground-truth labeling pipeline, a feature-extraction process with a 204-feature per-destination representation, and evaluates both a Random Forest and a neural network, with the RFC achieving near-perfect F1 scores. Implemented on a home gateway with real-device testbeds, ML-IoTrim demonstrates real-time classification and blocking of non-essential traffic across hundreds of devices, while highlighting challenges in generalizing to unseen device types. The work advances practical privacy-preserving IoT management and opens avenues for broader deployment and per-category modeling, alongside releasing data and code for reproducible research.

Abstract

The rapid expansion of Internet of Things (IoT) devices, particularly in smart home environments, has introduced considerable security and privacy concerns due to their persistent connectivity and interaction with cloud services. Despite advancements in IoT security, effective privacy measures remain uncovered, with existing solutions often relying on cloud-based threat detection that exposes sensitive data or outdated allow-lists that inadequately restrict non-essential network traffic. This work presents ML-IoTrim, a system for detecting and mitigating non-essential IoT traffic (i.e., not influencing the device operations) by analyzing network behavior at the edge, leveraging Machine Learning to classify network destinations. Our approach includes building a labeled dataset based on IoT device behavior and employing a feature-extraction pipeline to enable a binary classification of essential vs. non-essential network destinations. We test our framework in a consumer smart home setup with IoT devices from five categories, demonstrating that the model can accurately identify and block non-essential traffic, including previously unseen destinations, without relying on traditional allow-lists. We implement our solution on a home access point, showing the framework has strong potential for scalable deployment, supporting near-real-time traffic classification in large-scale IoT environments with hundreds of devices. This research advances privacy-aware traffic control in smart homes, paving the way for future developments in IoT device privacy.

Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway

TL;DR

The paper tackles privacy risks in smart homes by enabling on-edge detection of non-essential IoT traffic through ML-IoTrim, a gateway-resident framework that learns to classify destinations from network patterns alone. It builds a ground-truth labeling pipeline, a feature-extraction process with a 204-feature per-destination representation, and evaluates both a Random Forest and a neural network, with the RFC achieving near-perfect F1 scores. Implemented on a home gateway with real-device testbeds, ML-IoTrim demonstrates real-time classification and blocking of non-essential traffic across hundreds of devices, while highlighting challenges in generalizing to unseen device types. The work advances practical privacy-preserving IoT management and opens avenues for broader deployment and per-category modeling, alongside releasing data and code for reproducible research.

Abstract

The rapid expansion of Internet of Things (IoT) devices, particularly in smart home environments, has introduced considerable security and privacy concerns due to their persistent connectivity and interaction with cloud services. Despite advancements in IoT security, effective privacy measures remain uncovered, with existing solutions often relying on cloud-based threat detection that exposes sensitive data or outdated allow-lists that inadequately restrict non-essential network traffic. This work presents ML-IoTrim, a system for detecting and mitigating non-essential IoT traffic (i.e., not influencing the device operations) by analyzing network behavior at the edge, leveraging Machine Learning to classify network destinations. Our approach includes building a labeled dataset based on IoT device behavior and employing a feature-extraction pipeline to enable a binary classification of essential vs. non-essential network destinations. We test our framework in a consumer smart home setup with IoT devices from five categories, demonstrating that the model can accurately identify and block non-essential traffic, including previously unseen destinations, without relying on traditional allow-lists. We implement our solution on a home access point, showing the framework has strong potential for scalable deployment, supporting near-real-time traffic classification in large-scale IoT environments with hundreds of devices. This research advances privacy-aware traffic control in smart homes, paving the way for future developments in IoT device privacy.

Paper Structure

This paper contains 11 sections, 7 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Overview
  4. Methodology
  5. Testbed
  6. Learning Module
  7. Feature Extraction
  8. Machine Learning Classification
  9. Results
  10. System Implementation
  11. Conclusions

Figures (7)

  • Figure 1: Sketch of the ML-IoTrim framework architecture
  • Figure 2: Data processing pipeline from raw traffic to Machine Learning classification.
  • Figure 3: F1 Score of the ANN classification evaluated on single devices
  • Figure 4: Long-term consistency of the global model over time. The model is trained on the first 30 days of data and evaluated for the remaining 3 months
  • Figure 5: Distribution of unique non-essential destinations contacted over time by the different IoT devices.
  • ...and 2 more figures