SpyCon: Adaptation based spyware in human-in-the-loop IoT

Salma Elmalaki, Bo Jhang Ho, Moustafa Alzantot, Yasser Shoukry, Mani Srivastava

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

Personalized IoT adapt their behavior based on contextual information, such as user behavior and location. Unfortunately, the fact that personalized IoT adapt to user context opens a side-channel that leaks private information about the user. To that end, we start by studying the extent to which a malicious eavesdropper can monitor the actions taken by an IoT system and extract user's private information. In particular, we show two concrete instantiations (in the context of mobile phones and smart homes) of a new category of spyware which we refer to as Context-Aware Adaptation Based Spyware (SpyCon). Experimental evaluations show that the developed SpyCon can predict users' daily behavior with an accuracy of 90.3%. Being a new spyware with no known prior signature or behavior, traditional spyware detection that is based on code signature or system behavior are not adequate to detect SpyCon. We discuss possible detection and mitigation mechanisms that can hinder the effect of SpyCon.
Original languageEnglish (US)
Title of host publication2019 IEEE Security and Privacy Workshops (SPW)
PublisherIEEE
Pages163-168
Number of pages6
ISBN (Print)9781728135083
DOIs
StatePublished - May 2019
Externally publishedYes

Bibliographical note

KAUST Repository Item: Exported on 2022-06-30
Acknowledgements: This research was supported in part by the National Science Foundation under award CNS-1705135, the Army Research Laboratory (ARL) under Cooperative Agreement W911NF-17-2-0196, and the King Abdullah University of Science and Technology (KAUST) through its Sensor Innovation research program. Salma Elmalaki is supported by Microsoft Research Fellowship.
This publication acknowledges KAUST support, but has no KAUST affiliated authors.

Fingerprint

Dive into the research topics of 'SpyCon: Adaptation based spyware in human-in-the-loop IoT'. Together they form a unique fingerprint.

Cite this