Privacy Preserving Threat Hunting in Smart Home Environments

  • Ahmed M. ElmiseryEmail author
  • Mirela Sertovic
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1132)


The recent proliferation of smart home environments offers new and transformative circumstances for various domains with a commitment to enhancing the quality of life and experience of their inhabitants. However, most of these environments combine different gadgets offered by multiple stakeholders in a dynamic and decentralized manner, which in turn presents new challenges from the perspective of digital investigation. In addition, a plentiful amount of data records got generated because of the day-to-day interactions between smart home’s gadgets and homeowners, which poses difficulty in managing and analyzing such data. The analysts should endorse new digital investigation approaches and practices to tackle the current limitations in traditional digital investigations when used in these environments. The digital evidence in such environments can be found inside the records of log-files that store the historical events and various actions occurred inside the smart home. Threat hunting can leverage the collective nature of these gadgets, the vengeful artifacts observed on smart home environments can be shared between each other to gain deeper insights into the best way for responding to new threats, which in turn can be valuable in reducing the impact of breaches. Nevertheless, this approach depends mainly on the readiness of smart homeowners to share their own personal usage logs that have been extracted from their smart home environments. However, they might disincline to employ such service due to the sensitive nature of the information logged by their personal gateways. In this paper, we presented an approach to enable smart homeowners to share their usage logs in a privacy-preserving manner. A distributed threat hunting approach has been developed to elicit the various threat reputations with effective privacy guarantees. The proposed approach permits the composition of diverse threat classes without revealing the logged records to other involved parties. Furthermore, a scenario was proposed to depict a proactive threat Intelligence sharing for the detection of potential threats in smart home environments with some experimental results.


Smart home IoT Secure-multiparty computation Privacy Threat hunting Digital investigations 


  1. 1.
    Seralathan, Y., et al.: IoT security vulnerability: a case study of a Web camera, pp. 172–177 (2018)Google Scholar
  2. 2.
    Boztas, A., Riethoven, A., Roeloffs, M.: Smart TV forensics: digital traces on televisions. Digit. Investig. 12, S72–S80 (2015)CrossRefGoogle Scholar
  3. 3.
    Gao, C., Chandrasekaran, V., Fawaz, K., Banerjee, S.: Traversing the quagmire that is privacy in your smart home, pp. 22–28 (2018)Google Scholar
  4. 4.
    Biswas, K., Muthukkumarasamy, V.: Securing smart cities using blockchain technology, pp. 1392–1393 (2016)Google Scholar
  5. 5.
    Chandok, P., Shin, C., Liu, R., Nielson, S.J., Leschke, T.R.: Potential forensic analysis of IoT data: an overview of the state-of-the-art and future possibilities. In: 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Exeter (2017)Google Scholar
  6. 6.
    Ryu, J.H., Sharma, P.K., Jo, J.H., Park, J.H.: A blockchain-based decentralized efficient investigation framework for IoT digital forensics, pp. 1–16 (2019)Google Scholar
  7. 7.
    Adedayo, O.M.: Big data and digital forensics. In: 2016 IEEE International Conference on Cybercrime and Computer Forensic (ICCCF), Vancouver, BC, Canada, pp. 1–7 (2016)Google Scholar
  8. 8.
    KPMG Australia: Cyber Threat Intelligence and the Lessons from Law Enforcement. KPMG Australia (2015)Google Scholar
  9. 9.
    Lord, N.: What is threat hunting? The emerging focus in threat detection. Digit. Guard. (2018)Google Scholar
  10. 10.
    Sqrrl. Cyber Threat Hunting.
  11. 11.
    Bhatt, P., Yano, E.T., Gustavsson, P.: Towards a framework to detect multi-stage advanced persistent threats attacks, pp. 390–395 (2014)Google Scholar
  12. 12.
    Scarabeo, N., Fung, B.C., Khokhar, R.H.: Mining known attack patterns from security-related events. PeerJ Comput. Sci. 1, e25 (2015)CrossRefGoogle Scholar
  13. 13.
    Mahyari, A.G., Aviyente, S.: A multi-scale energy detector for anomaly detection in dynamic networks, pp. 962–965 (2013)Google Scholar
  14. 14.
    Miller, B.A., Beard, M.S., Bliss, N.T.: Eigenspace analysis for threat detection in social networks, pp. 1–7 (2011)Google Scholar
  15. 15.
    Bhardwaj, A.K., Singh, M.: Data mining-based integrated network traffic visualization framework for threat detection. Neural Comput. Appl. 26(1), 117–130 (2015)CrossRefGoogle Scholar
  16. 16.
    Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: clustering analysis of network traffic for protocol-and structure-independent botnet detection (2008)Google Scholar
  17. 17.
    Afanasyev, M., et al.: Privacy-preserving network forensics. Commun. ACM 54(5), 78–87 (2011)CrossRefGoogle Scholar
  18. 18.
    Antoniou, G., Sterling, L., Gritzalis, S., Udaya, P.: Privacy and forensics investigation process: the ERPINA protocol. Comput. Stand. Interfaces 30(4), 229–236 (2008)CrossRefGoogle Scholar
  19. 19.
    Rubinstein, I.S.: Regulating privacy by design. Berkeley Technol. Law J. 26(3), 1409–1456 (2011)Google Scholar
  20. 20.
    Elmisery, A.M., Doolin, K., Botvich, D.: Privacy aware community based recommender service for conferences attendees. IOS Press (2012).
  21. 21.
    Elmisery, A.M., Doolin, K., Roussaki, I., Botvich, D.: Enhanced middleware for collaborative privacy in community based recommendations services. In: Yeo, S.S., Pan, Y., Lee, Y., Chang, H. (eds.) Computer Science and its Applications. Lecture Notes in Electrical Engineering, vol. 203, pp. 313–328. Springer, Dordrecht (2012). Scholar
  22. 22.
    Beil, F., Ester, M., Xu, X.: Frequent term-based text clustering. In: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Alberta, Canada, pp. 436–442 (2002)Google Scholar
  23. 23.
    Fung, B.C.M.: Hierarchical document clustering using frequent item sets. Master’s thesis, Simon Fraser University (2002)Google Scholar
  24. 24.
    Elmisery, A.M., Rho, S., Botvich, D.: Privacy-enhanced middleware for location-based sub-community discovery in implicit social groups. J. Supercomput. 72(1), 247–274 (2015). Scholar
  25. 25.
    Elmisery, A.M., Rho, S., Botvich, D.: Collaborative privacy framework for minimizing privacy risks in an IPTV social recommender service. Multimedia Tools Appl. 75(22), 14927–14957 (2016). Scholar
  26. 26.
    Elmisery, A.M.: Private personalized social recommendations in an IPTV system. New Rev. Hypermedia Multimedia 20(2), 145–167 (2014). Scholar
  27. 27.
    Elmisery, A., Botvich, D.: Enhanced middleware for collaborative privacy in IPTV recommender services. J. Converg. 2(2), 10 (2011)Google Scholar
  28. 28.
    Elmisery, A.M., Botvich, D.: Agent based middleware for maintaining user privacy in IPTV recommender services. In: Prasad, R., Farkas, K., Schmidt, A.U., Lioy, A., Russello, G., Luccio, F.L. (eds.) MobiSec 2011. LNICST, vol. 94, pp. 64–75. Springer, Heidelberg (2012). Scholar
  29. 29.
    Elmisery, A.M., Botvich, D.: An agent based middleware for privacy aware recommender systems in IPTV networks. In: Watada, J., Phillips-Wren, G., Jain, L.C., Howlett, R.J. (eds.) Intelligent Decision Technologies. Smart Innovation, Systems and Technologies, vol. 10, pp. 821–832. Springer, Heidelberg (2011). Scholar
  30. 30.
    Sebastiani, F.: Machine learning in automated text categorization. ACM Comput. Surv. 34(1), 1–47 (2002)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Cheung, D.W., Han, J., Ng, V.T., Fu, A.W., Fu, Y.: A fast distributed algorithm for mining association rules. In: Proceedings of the Fourth International Conference on Parallel and Distributed Information Systems, Miami Beach, Florida, United States, pp. 31–43 (1996)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Faculty of Computing, Engineering and ScienceUniversity of South WalesPontypriddUK
  2. 2.Faculty of Humanities and Social SciencesUniversity of ZagrebZagrebCroatia

Personalised recommendations