TY - GEN
T1 - SpyCon: Adaptation based spyware in human-in-the-loop IoT
AU - Elmalaki, Salma
AU - Ho, Bo Jhang
AU - Alzantot, Moustafa
AU - Shoukry, Yasser
AU - Srivastava, Mani
N1 - KAUST Repository Item: Exported on 2022-06-30
Acknowledgements: This research was supported in part by the National Science Foundation under award CNS-1705135, the Army Research Laboratory (ARL) under Cooperative Agreement W911NF-17-2-0196, and the King Abdullah University of Science and Technology (KAUST) through its Sensor Innovation research program. Salma Elmalaki is supported by Microsoft Research Fellowship.
This publication acknowledges KAUST support, but has no KAUST affiliated authors.
PY - 2019/5
Y1 - 2019/5
N2 - Personalized IoT adapt their behavior based on contextual information, such as user behavior and location. Unfortunately, the fact that personalized IoT adapt to user context opens a side-channel that leaks private information about the user. To that end, we start by studying the extent to which a malicious eavesdropper can monitor the actions taken by an IoT system and extract user's private information. In particular, we show two concrete instantiations (in the context of mobile phones and smart homes) of a new category of spyware which we refer to as Context-Aware Adaptation Based Spyware (SpyCon). Experimental evaluations show that the developed SpyCon can predict users' daily behavior with an accuracy of 90.3%. Being a new spyware with no known prior signature or behavior, traditional spyware detection that is based on code signature or system behavior are not adequate to detect SpyCon. We discuss possible detection and mitigation mechanisms that can hinder the effect of SpyCon.
AB - Personalized IoT adapt their behavior based on contextual information, such as user behavior and location. Unfortunately, the fact that personalized IoT adapt to user context opens a side-channel that leaks private information about the user. To that end, we start by studying the extent to which a malicious eavesdropper can monitor the actions taken by an IoT system and extract user's private information. In particular, we show two concrete instantiations (in the context of mobile phones and smart homes) of a new category of spyware which we refer to as Context-Aware Adaptation Based Spyware (SpyCon). Experimental evaluations show that the developed SpyCon can predict users' daily behavior with an accuracy of 90.3%. Being a new spyware with no known prior signature or behavior, traditional spyware detection that is based on code signature or system behavior are not adequate to detect SpyCon. We discuss possible detection and mitigation mechanisms that can hinder the effect of SpyCon.
UR - http://hdl.handle.net/10754/679466
UR - https://ieeexplore.ieee.org/document/8844601/
UR - http://www.scopus.com/inward/record.url?scp=85073170838&partnerID=8YFLogxK
U2 - 10.1109/SPW.2019.00039
DO - 10.1109/SPW.2019.00039
M3 - Conference contribution
SN - 9781728135083
SP - 163
EP - 168
BT - 2019 IEEE Security and Privacy Workshops (SPW)
PB - IEEE
ER -