4 Chapter 4
The Need for Intrusion Detection Systems in Securing Smart Homes
Jerin John Kutty
Adisheshan Vinodan
Sreelakshmi Prasad
Preamble
This study investigates the urgent need for effective cybersecurity measures in smart home environments, emphasising the role of Intrusion Detection Systems (IDS). As smart homes increasingly adopt IoT devices for convenience, automation, and efficiency, they also become vulnerable to a wide range of cyber threats. Devices such as smart locks, security cameras, thermostats, and lighting systems are installed with few security safeguards, making them prime targets for attackers. Given the growing integration of IoT in daily life, and the absence of unified security standards across manufacturers, smart homes represent a critical area for cybersecurity research.
The risks of inadequate monitoring are highlighted by previous incidents, such as malware campaigns like Mirai, unauthorised access via weak credentials (e.g., Ring camera hacks), and data leakage from devices like TP-Link smart bulbs.
This study attempts to develop a strong, multi-layered security framework based on IDS technology by assessing threats, vulnerabilities, and actual attacks. To reduce the risks of illegal access, data breaches, and service interruptions in smart home networks, the study evaluates the effectiveness of Hybrid IDS and suggests a workable implementation strategy.
Executive Summary
As smart homes have started widely implementing IoT technologies, cybersecurity has become more complex and compromised. smart home devices, such as voice assistants/cameras/thermostats/smart locks, are excellent targets for hackers since they usually have low or no form of built-in security to reduce costs. Because of the dynamicity of IoT systems and their limited resources, traditional security measures (i.e., firewalls, antivirus software) cannot be utilised in a decentralised, heterogeneous environment. This highlights the importance of IDS in smart home environments. The superior model for detection of known and unknown threats is the hybrid IDS, which utilises anomaly-based and signature-based. The study constructs its procedures methodically applies risk management techniques using the CIA triad (Confidentiality, Integrity, Availability) to assess and mitigate risk.
In order to exemplify the consequences of insufficient authentication, unpatched firmware, and insecure communication protocols, real-world events, such as the Mirai botnet and breaches against Ring cameras, are examined. Combining an IDS and a device management framework can follow a carefully planned implementation pathway, starting with an understanding of your assets (discovery), understanding how they behave (profiling), and segmenting critical from non-critical devices. Next, it is recommended to configure detection and response tools like Suricata (for detection at the network level) and OSSEC (response at the host level). In the long run, you will need to overcome secure update procedures, access control policies, and educate end-users about how to behave in a secure manner.
To reduce risks, strong authentication processes should be enforced, firmware updates should be secured, and users should be educated to be more aware of their activity. Future directions can include designing more intuitive incident response interfaces and integrating next-generation AI model design using behavioural profiling or dynamic learning to adapt to new threats.
So, this research argues, protecting smart homes as they relate to weak authentication, unpatched firmware, and insecure communications protocols requires an adaptable IDS device management architecture that supports user-empowerment and on-going risk mitigation and multi-layered adaptive security regime to protect failure-prone infrastructure, not just one-off controls.
1. Introduction
1.1 Background
Cybersecurity is increasingly critical with the rise of IoT devices, which exchange data with minimal human intervention (Mouha, 2021). These devices, including smart home systems and industrial sensors, often have weak security, making them prime cyberattack targets. An Intrusion Detection System (IDS) monitors network traffic and system activities for malicious actions, policy violations, or unauthorised access (Abdulganiyu et al., 2023). IDS enhances IoT security by detecting intrusions, unusual behaviour, and potential breaches, ensuring the integrity of IoT ecosystems.
This study examines the need for IDS in IoT, the vulnerabilities of IoT devices, and why traditional security measures like firewalls and antivirus software are insufficient for IoT networks.
1.2 Objectives
- To assess the necessity of IDS for IoT devices, as these devices often lack sufficient security features, making IDS an essential defense mechanism.
- To identify the most effective IDS solutions for IoT environments, considering both Network-Based IDS (NIDS) and Host-Based IDS (HIDS) for their respective strengths in protection.
- To evaluate the vulnerabilities and risks associated with IoT devices, recognising key weaknesses in IoT ecosystems and the necessary security measures to mitigate them.
- To assess why firewalls and antivirus tools are ineffective in securing IoT due to its unique architecture and traffic patterns.
1.3 Scope
The study focuses on cybersecurity risk management for IoT environments, particularly the role of IDS in securing IoT ecosystems such as smart homes. It covers key threats, vulnerabilities, and risk mitigation strategies.
1.4 Approach
The study follows best practices in cybersecurity risk management, incorporating frameworks such as NIS2 Cybersecurity Framework (Boban 2024). It evaluates real-world case studies and industry research to support the findings.
2. Risk Identification
2.1 Asset Identification and Risk Register
Effective risk management in the IoT ecosystem starts with recognising critical assets, as these are often the primary targets for cyber threats. IoT assets fall into three key categories: physical devices, digital components, and human stakeholders, each crucial for performance and security in smart homes and IoT applications.
A. Physical Assets
Smart appliances provide conveniences such as convenience. However, smart devices also typically introduce vulnerabilities due to weak authentication, lack of encryption, or outdated firmware. There have been many examples of how a smart appliance can expose one’s home network such as a vulnerability in the Philips Hue bulb line, which allowed remote attackers to send malicious Zigbee signals to the bulb, access the private network of the home, and bypass the Wi-Fi network entirely (Alim et al., 2024; De La Cruz and Bradley, n.d.).
Surveillance cameras, commonly found in smart home environments, are also risky devices because if compromised, attackers can access live feeds, and ultimately violate user privacy (Lean et al., 2022).
B. Digital Assets
Digital assets in the form of firmware and application software are critical components of the operation of these devices. For example, unpatched firmware, which is the basis of the Mirai botnet, typically installs hijacked devices that use infected devices to conduct DDoS attacks (Affinito et al., 2023). Using strong authentication and game planning on a regularly scheduled basis will be the best way for someone to defend against this attack landscape (Güven and Gürkaş-Aydın, 2023).
Also illustrative is the myriad number of mobile apps and web interfaces that allow some manipulation. Attackers can spoof commands from these applications and access smart locks, smart cameras, and in some industrial cases, insecure APIs allowed them to manipulate sensor readings and misuse resources (Challa and Soujanya, 2021).
C. Human resources
Individuals are a key part of smart home security. End users typically overlook security procedures such as firmware updates, default passwords, and incorrect installation, which expose the system. A Norton report in 2023 evidence said that 68% of users do not apply updates to their IoT devices at least once after the device is deployed (Prakash et al., 2022). This means there are exploitable access points. End users can also be exploited through social engineering and phishing attacks that circumvent technical defences. An IDS system is capable of identifying anomalous access resulting from human errors.
Distributed human aspects of security is the IoT vendor, IoT manufacturer, and IoT service provider. There has been a general increase in awareness of cybersecurity in IoT (Crawford, 2022), but human behaviour sometimes renders this awareness ineffective by causing risk through vulnerabilities in the supply chain. A well-publicised example of this is the 2020 SolarWinds attack. A security breach within SolarWinds resulted in the compromise of the servers of more than 18,000 clients, many of which are government entities, and introduced malicious code via software updates (Martínez and Durán, 2021; Buresh, 2022). This exemplifies that even insiders or known trusted partners, sometimes unintentionally, present a risk to entire IoT systems.
2.2 Threat Identification
IoT systems are inherently insecure because of their connected nature, lack of widespread security standardisation and generally constrained computational resources. This part describes important risks from attacks in IoT-based smart home systems, identifies their consequences, and explains the importance of IDS for detecting and mitigating these attacks.
Malware Attacks
Malware and other threats are constantly emerging and acts as primary threats to IoT devices. Malware provides the means for attackers to access devices and tools because it is designed to spread through devices with default credentials or device-driven software updates. While not harmless, the Mirai botnet simply took advantage of compromised smart cameras and routers to execute a massive Distributed Denial of Service (DDoS) attack that crippled much of Twitter and Netflix’s services. Mozi malware provides similar but not identical harm to IoT devices, by spreading code to attach to IoT devices to make persistent peer-to-peer botnets. In smart homes, malware will commandeer cameras, deactivate alarms, and send data to the attackers. IDS—especially hybrid that leverage early warnings—can be used as a means to identify abnormal behaviour, as well as known malware definitions and alerts
Man-in-the-Middle (MitM) attacks
The main concept of MitM attacks is exploiting the unsecure communication occurring between devices to intercept and modify data. In general, many smart home devices send data without encryption or with weak protocol encryption, making for easy targets (Chhetri and Motti, 2020). There were two high-profile cases involving Nest and Ring cameras where attackers were able to intercept video streams and even talk to users using two-way audio (Barua et al., 2022; Davis et al., 2020). In both of these breaches, poor encryption and weak authentication were cited. IDS solutions can help block these attacks by either isolating the suspect traffic or observing communications that are not what they are supposed to be.
Unauthorised Access
IoT devices are susceptible to brute-force and credential-stuffing attacks due to weak or default passwords. Users are typically lax in updating their credentials and using best practices for passwords (Pathak et al. 2022). In one instance, DolphinAttack took advantage of smart assistants by using inaudible ultrasonic commands which facilitated attack persistence and the unauthorised control of home devices such as locks or thermostats. Strong authentication & firmware updates are important but having IDS can give another layer to protecting the device. IDS can identify anomaly based on login activity, such as too many failed login attempts, logins from unusual login locations, and activating the device in abnormal ways – enough to make it clear of intrusion attempts or success (Zhang et al., 2021).
2.3 Vulnerability Assessment
Vulnerability assessment is an important part of cybersecurity risk management when it comes to smart home IoT environments. These are typically heterogeneous environments, with an array of devices from different manufacturers that operate on different firmware versions that are managed with different levels of security proficiency. We then discuss the major weaknesses in smart home security that create attack surfaces and then highlight the role of (IDS) in early detection of the smart home compromise.
Outdated Software
A major IoT security risk is the lack of automatic firmware updates, leaving devices vulnerable even after patches are available. The 2016 Mirai Botnet Attack exposed this flaw, as hackers exploited outdated firmware and default credentials in routers and security cameras. This led to a massive botnet launching DDoS attacks that took down major platforms like Dyn’s DNS services, Twitter, and Netflix (Affinito et al., 2023).
In 2022, Nozomi Networks researchers found that smart home routers from popular vendors, including D-Link and Netgear, were still being shipped with old firmware that included unpatched vulnerabilities such as command injection and privilege escalation flaws (Nozomi Networks, 2020).
An IDS can detect indications of compromised firmware, like, but not limited, to outbound weird traffic, scanning, or offending against well-known malicious IP addresses.
Weak Authentication
Many IoT devices use default or hardcoded passwords, making them vulnerable to brute-force attacks (Huszti et al., 2022). The 2020 Ring Camera Breaches exposed security flaws as attackers exploited recycled passwords from past data breaches. Once inside, they conducted surveillance, harassed families via two-way audio, and even disrupted children’s bedrooms with alarming sounds (Pétursson, 2023). An IDS can serve as an added layer of protection, identifying failed login attempts, brute-force behaviour, or sudden logins from unusual geographic location
Insecure Communication
Unencrypted data transmission between IoT devices and servers makes it easy for attackers to intercept and steal sensitive information (Wang et al., 2021).
Security researchers found that TP-Link smart bulbs (Bonaventura et al., 2023) transmitted unencrypted Wi-Fi credentials during setup, allowing attackers to capture them and gain unauthorised access to the home network. Once inside, cybercriminals could target other connected IoT devices, leading to data theft or further attacks. This highlights the need for end-to-end encryption (e.g., TLS), secure pairing, and network segmentation in IoT systems.
Lack of Network Segmentation
IoT devices are frequently connected to the same network as work devices, phones, and PCs in smart homes. Lateral movement is made possible by this flat network topology, which makes it simple for an attacker to switch to more valuable targets within the same local network if one device is compromised (Pöhls et al., 2025)
A laptop holding financial or personal information could be attacked using a compromised smart TV or lightbulb as an entry point. IDS allows users to stop attacks before they spread by keeping an eye on inter-device communication and flagging unauthorised cross-network traffic.
2.4 Risk Scenarios
A. Unauthorised Access & Data Breach (Confidentiality Compromise)
Attackers exploit weak authentication, such as default passwords and lack of multi-factor authentication (MFA), to gain unauthorised access to IoT devices, leading to data theft, surveillance, and network infiltration (Huszti et al., 2022).
The 2020 Ring Camera Hacks are a prime example, where cybercriminals used credential stuffing to exploit stolen passwords from previous breaches. They accessed live feeds, spied on homeowners, harassed families through two-way audio, and even communicated with children. The breach led to privacy violations and regulatory action, with the FTC fining Ring $5.8 million for failing to enforce basic security measures, such as strong passwords, MFA, and monitoring for leaked credentials (Li, 2021).
B. IoT Botnet Attacks (Availability Disruption)
Compromised IoT devices, such as cameras and routers, are often hijacked into botnets to launch DDoS attacks, disrupting critical online services (Injadat et al., 2020).
A key example is the 2016 Mirai Botnet Attack, where hackers exploited default credentials to infect over 500,000 IoT devices, primarily cameras and routers. These devices were then used to launch a massive DDoS attack on Dyn DNS, disrupting major websites like Twitter, Netflix, Reddit, and PayPal for hours. The attack stemmed from weak password policies and the lack of automatic firmware updates, leaving IoT devices vulnerable (Sharma et al., 2023).
Availability was compromised on a massive scale. The attack didn’t just impact the compromised devices but caused widespread service outages across the internet (Böck et al., 2023).
C. Eavesdropping via Unencrypted Communications (Confidentiality Risk)
Attackers can exploit unencrypted IoT communications to intercept sensitive data. A real-world case occurred in 2022 with TP-Link smart bulbs (Kim and Suh, 2021). During setup, the bulbs transmitted Wi-Fi credentials in plaintext, allowing attackers within range to capture them and gain unauthorised network access. This posed a major security risk, enabling further compromises of connected devices (Formosinho, 2024).
IDS with deep packet inspection (DPI) can detect plaintext credential transmission and flag traffic anomalies, warning users of insecure communication channels. Confidentiality is compromised when attackers obtain private information, such as credentials, audio/video data, or sensor readings (Bonaventura et.al, 2023).
D. Denial-of-Service (Availability Risk)
Attackers exploit IoT device availability by launching Denial-of-Service (DoS) attacks, rendering them unusable (Abughazaleh et al., 2020).
In 2023, Eufy security cameras were discovered to be susceptible to Wi-Fi deauthentication attacks because hackers could repeatedly disconnect the cameras from the network, temporarily disabling video monitoring and leaving households unprotected. This scenario compromises availability because devices are unable to function during the attack, potentially leading to security blind spots. (Valenzuela, 2024).
IDS systems that monitor wireless traffic can detect repeated deauthentication frames or traffic volume spikes, flagging DoS conditions even when initiated locally (Hammi et al., 2022).
3.Risk Assessment
Risk assessment plays an important role in the identification and management of cyberattacks that target security exposures in IoT smart home environments. In contrast to conventional IT environments, the diversity of devices, limited computational capacity, and stripped-down security controls in the smart home environment can introduce additional difficulties. This section performs a systematic risk assessment by presenting a framework explicitly related to smart home IoT devices which aims to assess threats to the Confidentiality, Integrity, and Availability (CIA) of these smart home environments.
The case we present follows risk assessment standards of best practice, and we draw upon examples of potential security exposures from smart home examples such as internet-enabled cameras, lighting control, smart locks and thermostats where cyber criminals may be able to infiltrate and infiltrate the smart home environment. The focus of the analysis revolves around the threat assessment based on the CIA triad — Confidentiality, Integrity, and Availability. These three principles are foundational aspects of information security (Roman et al., 2011).
3.1 Risk Register & Analysis
A risk register is vital to identifying, evaluating, and monitoring threats in smart home IoT environments. In this research, Table 1 (Appendix) outlines four significant risks: (1) unauthorised access to device due to weak passwords, (2) malware, (3) unencrypted data transmission, and (4) IoT botnet use (ISO, 2018).
As mentioned above, we used a hybrid risk analysis method, which combined mixed methods: qualitative and quantitative. Using a qualitative method, we relied on expert opinion and industry information to predict likelihood and impact when limited data was available (Östlund et al., 2011). For example, weak default passwords are a common challenge for consumer IoT devices, and this was scored high in likelihood and in impact.
In quantitative analysis, numerical scoring was employed. Likelihood was scored and rated 1 (low) to 5 (high) and then impact was scored and rated 1 (low) to 5 (high). The risk score calculated by multiplying the rating for likelihood and impact. An example of a finding may include unauthorised access to a smart security camera (like Ring) with a likelihood score of 4, and an impact score of 5, which produces a high risk score of 20 (Paul et al., 2021).
With a mixed-methodological approach, we were able to combine numbers driven scoring and expert opinion in our analysis. This helped with evaluating credibility and reliability for priority risk ranking, with a more reliable basis for planning security considered in a smart home environment.
3.2 Risk Evaluation
Once risks are identified and analysed, they must be evaluated based on the organisation’s risk tolerance. Risk evaluation determines the importance of each risk and the impact it can have on business continuity and security of IoT networks.
Criteria for Risk Evaluation
- Impact on Business Operations: How the risk affects critical IoT functions.
- Legal & Regulatory Implications: Compliance with laws like GDPR, NIS2, and IoT Security Improvement Act.
- Financial Consequences: Cost of mitigation vs. cost of impact.
- Reputational damage: Trust implications if customer data is leaked.
- Safety Risks: In sectors like healthcare IoT, cyber risks may endanger human lives.
Risk Prioritisation
Risks are categorised into four priority levels based on likelihood and impact (Salah et al. 2023):
|
Risk Category |
Action Required |
|
Critical (High Likelihood, High Impact) |
Immediate mitigation required |
|
High (Medium Likelihood, High Impact) |
Prioritise mitigation within short-term strategy |
|
Medium (Medium Likelihood, Medium Impact) |
Address in routine security updates |
|
Low (Low Likelihood, Low Impact) |
Monitor and reassess periodically |
For instance, an IoT DDoS attack is a critical risk and demands immediate action, whereas an outdated IoT firmware vulnerability may be of medium priority, requiring regular patching.
3.3 Risk Matrix
We created a risk matrix to help prioritise our work, that shows the possible likelihood and impact of each threat we found. Similarly to a risk matrix, sometimes called a heat map, it maps the risks according to some score of Likelihood × Impact, to be able to plan our future work (Kerimkhule et al. 2023).
The risk map, a 3×3 matrix, is easier to read using colour coding which represents the severity level. The colour used is consistent with any risk assessment approach; i.e., green (low), yellow (medium), orange (high), and red (critical). For example, unencrypted communication remains as serious threats in smart homes. A lot of devices still use HTTP or insecure Bluetooth which allows for eavesdropping on some level. While the unencrypted communication risks arise everywhere, I marked the likelihood as 4 (high) and the impact, for example, of exposed credentials or commands, again as 4. I gave this risk, therefore, a score of 16. This would be classed as Critical (Kim and Suh, 2021).
There will be risks with higher scores than the cybersecurity of our smart homes as Critical regardless of our risk mitigation in-place, and low scores to be managed as Critical risks are between 16-25. The rest of the risk management is as follows: High risk: 11-15: provided some short-term mitigation, medium risk: 6-10: part of your regular maintenance, Low risk: 1-5: monitor.
Appendix table 2 presents a high-level matrix, with detailed criteria located in the appendix. This matrix provides a clear overview of prevention and detection options, especially when funding or technical skill is restricted. It connects abstract concepts in cyber security and provides concrete references for all involved parties – homeowners to manufacturers of devices, while emphasising the importance of IDS and other layered defence mechanisms in smart home protection.
4. Risk Mitigation Strategies & Controls
4.1. Preventive Measures
Technical Controls:
There is an implication that a combination of technical controls must be applied throughout smart home IoT environments for security purposes. Taking a strong approach to authentication and including Multi-Factor Authentication (MFA) limits the ability for an unauthorised user to connect to the IoT smart home. Additionally, removing default credentials and replacing them with random, complex characters will help reduce the attack surface (Syed Rizvi et al., 2020). Making sure that any personal data taken by smart cameras, doorbells, or sensors is encrypted and taking measures to limit exposure will ensure privacy, security against Man-in-the-Middle (MitM) attacks and increased resistance from unauthorised access (Fereidouni et al., 2025). Firmware updates will apply to software-enabled devices also and can provide timely application of security patches for known vulnerabilities in many software versions, (Alqahtani et al., 2021). Use of firewalls and segmentation is an additional good practice that will limit the extent to which cyber threat can spread and the number of devices accessible on untrusted networks (Farooq et al., 2023).
Procedural Controls:
Businesses must work towards compliance to regulations such as the GDPR to avoid large financial penalties and statutory considerations, while at the same time preserving the privacy of people utilising smart home systems (European Data Protection Board, 2021). The end game is if they can supply chain security to make sure there is no tampered software or hardware introduced into the smart home space, they (European Data Protection Board, 2021).
People:
A main responsibility and a big challenge are educating homeowners about password hygiene and the threat of phishing, which is probably the simplest thing to do (ProQuest, n.d). Applying the least privilege concept will reduce the ability for unintentional user error or inadvertent attacks, and to ensure that an account only has access to the data they require at a point in time will ensure users are not over-permissioned (Plachkinova and Knapp, 2022). By identifying key areas – technical controls, procedural controls and people – a resilient cyber security function can be established within smart home systems.
4.2. Detective Measures
Although preventative measures can greatly reduce risk, they cannot provide total protection. Likewise, detective measures provide great value by identifying potential hazards as they develop so that action can be taken prior to an incident happening. In the smart home context, IDS are the primary detective control and are especially effective when used in a hybrid configuration.
A hybrid IDS must include both signature and anomaly detection components. Signature-based IDS relies on past predetermined patterns of known threats, such as malware signatures or exploit code, working well for documented attacks. As an example, it could identify traffic patterns associated with the Mirai botnet (Sharma et al., 2023). Anomaly-based IDS relies on machine learning algorithms that first build a baseline of normal device behaviours to identify abnormal behaviours, making it possible to identify new or unknown (zero-day) attacks (Tahsien et al., 2020).
Host-Based IDS (HIDS) and Network-Based IDS (NIDS) are also important components for smart home applications. HIDS is used to monitor audit logs and file integrity of individual IoT devices, while NIDS is used to check network traffic and find anomalies. Using both HIDS and NIDS provides a unique advantage of being covered at both the device and network layers.
Research supports that using HIDS and NIDS together with a hybrid IDS improves detection effectiveness as well as the reduction of false positives (Diana et al., 2025). Furthermore, machine learning models may help the overall effectiveness of detection with detecting subtle signs of compromise like abnormal command patterns or unplanned/unknown periods of communication which may show MitM or data exfiltration activity.
As IoT threats continue to evolve, using continual learning and potentially retraining models indicates that continual or real-time updates will be necessary for NIDS and HIDS as reasonable forms of IDS.
4.3. Corrective Actions & Incident Response
It is essential to act efficiently and in an orderly manner during cyber events to limit damage and restore systems. An incident response plan includes a multi-step process with the detection stage first, followed by response, recovery, forensic investigation, and post-incident improvement.
The containment process is the next stage after detection has occurred. The goal of containment is to cut off compromised devices—like a hacked smart door lock—from the broader network, the overall goal of containment involves granting limited or least privilege access and applying network segregation to fully eliminate lateral attack capability. For instance, if a smart thermostat is compromised, it can be placed in quarantine status while also being able to continue to operate the smart locks and cameras (Plachkinova and Knapp, 2022)
The recovery stage includes the process of applying any necessary firmware patches, restoring any services from a clean backup, and checking service integrity before putting that service back into general use. After recovering services, a digital forensics investigation should be done to follow the attacking pattern, confirming if the compromise resulted from a user error, historical out-of-date software, or unrecognised vulnerabilities (Diana et al., 2025).
After remediation occurs, improvements should be made so that an incident does not occur again. Examples of improvements could be tightening firewall rules, revising anomaly detection thresholds, and MFA rules. Authoritative reporting is also required if personal data breaches. Organisations must communicate with authorities, and the affected users according to laws such as GDPR (Wachter, 2018).
4.4. Compliance Measures
Legal and regulatory compliance is critical to smart home IoT cybersecurity. In the European Union, regulations such as the General Data Protection Regulation (GDPR), the NIS2 Directive, and the future IoT Security Improvement Act create baseline standards for data protection and ensuring the resilience of connected devices within home environments.
Under GDPR, manufacturers of smart home devices must demonstrate compliance with GDPR’s privacy by design which requires data to be protected throughout data collection, transport and storage. This will include appropriate technology like encryption, obtaining user consent, instituting access controls, etc. (European Data Protection Board, 2021). The NIS2 Directive goes further and states that the operators of essential services which include healthcare (think smart medical devices), and energy (think smart buildings) must carry out repeated risk assessments and maintain incident response plans and business continuity.
New legislation, such as the IoT Security Improvement Act, is increasing emphasis on security in smart home product design and post-market security measure compliance. Manufacturers will be required to ensure secure out-of-the-box defaults and a means for them to continue making secure software updates and mechanisms for vulnerability disclosure. In a smart home environment, these will help to protect the homeowner from both imminent security threats and future legal liabilities arising from security compromises.
Compliance does not mean simply completing a checklist and can provide a means of building trust. Smart home vendors and service vendors can substantially endorse their reputation by making their privacy and security behaviours aligned to the standards set by regulatory bodies in their own industries and in which they compete and, therefore, to complying and improving protections for end-users.
4.5. Residual Risk, Risk Acceptance & Transfer
Residual risk will always be present in smart homes, even with rigorous security controls. This risk may include false positives or false negatives from IDS, human error, and adversarial attacks on machine learning control strategies. For example, false alerts may mean a legitimate device is forced to stop, and false negatives will simply allow a threat to linger undetected. While tuning IDS algorithms can reduce risk it’s impossible to eliminate it.
Other residual risk will include poor configurations, user-provided risk like poor password practices (e.g., reusing passwords or skipping updates), etc. Education and automation can help and while in some cases a portion of the residual risk may need to be transferred, cyber insurance can mitigate losses and continua best practice (Schütz et al., 2023). Detaching detection from the smart home and allowing a third-party vendor to monitor may improve monitoring, however one should consider the loss of “ownership” over their data and vendor reliance (Harris and Wiles, 2022).
Ultimately, each homeowner’s level of comfortability with residual risk must determine their level of accept or transfer. Regular reviews of the risk, documentation of decisions, and adaptive controls will help keep residual risks manageable.
5. Implementation and Monitoring
Since smart homes are growing more commonly put in place, cybersecurity threats are also on the rise, emanating from the insecure devices in question such as locks, cameras, and the like. Traditionally agnostic measures stemming from the static and homogenous paradigm will hardly suffice anymore in these diverse and dynamic contexts. To counter against occurrences, the implementation of Hybrid Intrusion Detection System, which uses signature-based approach for known threats and anomaly-based detection for unknown threats.
Hybrid IDS designed for the complexity of smart homes can address threats in a proactive manner. This hybrid system, by combining signature- and anomaly-based systems, ensures that a wide range of protection is available to disparate IoT devices, and in environments where traditional security mechanisms cannot keep pace with the evolving and unpredictable attack patterns (Almiani et al., 2020).
5.1. Implementation Plan
The implementation process is asset discovery and network mapping. Smart home devices often come from diverse manufacturers and operate across multiple protocols. Mapping out every device connected to the home network—from smart locks and thermostats to surveillance cameras and voice assistants—lays the groundwork for effective monitoring. This stage is essential in building a device behaviour profile, which forms the baseline for anomaly detection in hybrid IDS systems (Atri et al., 2024).
Next, based on assessed risks, the plan progresses to segmenting the network and categorising devices according to their exposure level. Devices with increased risks, including older surveillance systems and essentially unsecured IoT light bulbs operating with known firmware vulnerabilities, should be isolated from devices utilised for personal communication or financial transactions. This would limit the risk of lateral attacks within the network, where the compromise of a single device could facilitate an intrusion across the home network (Hareesh et al., 2022).
At the heart of the implementation, is the deployment of a Hybrid IDS, which includes the benefits of both signature-based and anomaly-based detection. In this scenario, network-based IDS (NIDS) tools, such as Zeek or Suricata, will be deployed at the configuration point on the network overwriting all internet traffic to gain an understanding of what/when/where traffic is present in real-time, and host-based IDS (HIDS) including something like OSSEC, for deployment on specific smart hubs where it is possible, or as a bare minimum on any IoT devices where either exists. In essence, this two- layered approach will be materially better than no protection at all (Alsakran et al., 2020).
The time scheme is laid out for thirteen weeks. The first three weeks are dedicated to research and identifying or selecting the best IDS models. The next four weeks will involve testing out how hybrid IDS compares to typical detection systems. By week eleven, all the IDS components (configuration and fine tuning) will have been specified and configured. The last two weeks are spent evaluating the results and preparing reports to share with stakeholders, and further recommendations can be made (Alghayadh and Debnath, 2020).
Human participation is equally important. Homeowners and administrators need to be trained to interpret the IDS alerts, how to response to anomalies, and periodic maintenance (e.g., firmware updates). This closes the technology loop for real world usability.
The steps for implementation plan are mentioned in appendix table 3.
5.2. Monitoring & Review
The success of a strategy lies in being continuously monitored and regularly reviewed. Going by how dynamic the IoT world is with newly discovered vulnerabilities and quick adaptations by threat actors, an IDS must evolve with changes in the environment it is set to protect (Thakur and Kumar, 2020).
The priority in monitoring would be traffic and behavioural monitoring in real time through the interface IDS provides. Dashboards would include crucial details involving all users’ access attempts, a sharp rise in traffic, and alerts due to unexpected behaviour. This information gives the user the power to respond to any device in question promptly, investigate the matter, and restore services with minimum disruption to operating services (Arrington et al., 2016).
There should be periodic reviewing of sessions and system performance, auditing logged events, and evaluating threat reports. These reviews should be designed to consider changes to the anomaly threshold or remove alerts that may induce alert fatigue. For instance, if the smart camera too often uploads large files just before midnight, the review may identify that as scheduled backup rather than a threat-and allow such pattern on a whitelisting basis (Bridges et al., 2019).
IDS tools equipped with machine learning capabilities should be retrained at regular intervals to adapt to updated device behaviors and new attack vectors. A feedback mechanism must be in place to capture user interactions with alerts, whether they mark them as benign, actionable, or false positives. Essentially, this feedback forms the basis for the IDS enhancing its detection accuracy over time.
Now, reviews become even more critical whenever new devices are introduced into the network. Any additions or replacements like, upgrading to newer smart locks or installing a voice assistant—must be assessed against current security configurations to prevent the creation of unforeseen security gaps.
5.3. Metrics & Reporting
Cybersecurity effectiveness is measured not in the absence of actual threats but on how well they are detected, responded to, and prevented from recurring. Therefore, a solid metric and reporting framework is necessary.
Key performance indicators (KPIs) are Detection Accuracy, False Positive rate, Mean Time to Detect (MTTD), and Mean Time to Respond (MTTR). Where accuracy indicates the system’s actual identification of threats and refraining from reacting to normal activities, Hybrid IDS solutions (with machine-learning capabilities) have demonstrated higher accuracy levels in academic evaluations (Moore, 2022).
Reports inform immediate action and provide support for strategic oversight. Alerts and incident summaries should be offered on a real-time basis to homeowners or system administrators through neat and easy-to-use interfaces such as mobile applications or email notifications. Monthly or quarterly reports should summarise all incidents, bring forth any recurring vulnerabilities, and monitor how mitigation strategies perform, thus also aimed at an oversight level.
The records should help companies remain within regulatory frameworks, especially in cases where smart home systems act in commercial buildings or shared residential properties. Seen from the perspective of GDPR, for example, one might have to provide proof of when exactly a breach was detected, notified, and when an adequate response was initiated.
5.4 Continuous Improvement
Devices grow old, users learn new habits, and hackers are forever adding new tricks to exploit vulnerabilities. This provides us with a conscientious reason to regard smart home security as never a one-time solution but rather a constant process of learning and improving.
Being at the heart of a smart home security framework, Hybrid IDS must keep evolving on an online learning premise. Such systems must be able to update threat signatures and retrain anomaly detection models with new data periodically. More recently, with the advent of federated learning, users can work together to enhance detection capabilities without encroaching on one another’s privacy.
But the issue is a bit deeper than just the algorithms. Periodic penetration testing and simulated attacks-for instance-the Red Team exercises-go a long way in putting the system under stress and in exposing its blind spots. The best sign rests are user feedback. Something else worth bearing in mind is that if homeowners find it hard to interpret alerts, they should improve the system by simplifying the language in those alerts or perhaps by providing some visual prompts.
Equally essential is the establishment of a secure smart home culture. Best practices such as periodically changing passwords and granting role-based access to users should be common knowledge. The best way to enforce the above would be to institute a cybersecurity awareness and resilience policy, directly translating good practice into shared responsibility (Douha et al., 2023) (Heiding et al., 2023).
6. Conclusion and Recommendations
6.1 Summary
The explosive growth of IoT in smart homes has not only provided comfort but has also exposed people and their smart homes to higher levels of cyber threats. The basic built-in options in products like smart locks and cameras, for the most part, are weak, thus susceptible to being cracked by unauthorised people, or they could be infected by malware and there can be botnet attacks too. In the research, the authors perform a risk management exercise, and they find that Hybrid IDS as the best option. The Hybrid IDS can detect both signature-based and anomaly-based attack techniques, thus offers more security cover to the user as they operate even in a dynamic environment. Apart from other, multi-factor authentication, encryption, firmware updates, and network segmentation added to the security networks made it more secure. The use of risk registers and matrices generated the need for action. Together with the technical controls, the user’s awareness of the attacks and compliance with data protection regulations like GDPR and NIS2 were stressed. The research results confirm that protective measures in smart homes are not the answer, but the use of an adaptive multi-layer containing the central part of Hybrid IDS and continuous monitoring is a must-have for keeping free from possible hazards.
6.2 Recommendations
Strong Authentication and Access Controls
The most direct action to create a safe Smart Home is by implementing strong authentication mechanisms. In the previous sections, one of the common attack vectors in an IoT environment is the use of credentials that are either weak or default ones. The issue here is that most devices are shipped with credentials that are rarely changed by users, thus making them vulnerable to brute-force or credential-stuffing attacks. Hence, it is important that users be alerted to create unique, strong passwords during the setup stage. It can be also the best idea to employ multi-factor authentication (MFA) where it is possible since it gives a second verification layer, thus strengthening access control.
The manufacturers should be responsible that their gadgets plan to change passwords right after they are first used and fully integrate encrypted login methods. The utilisation of biometric identification or a token-based way of getting access is suggested to eliminate the chance of unauthorised access. Furthermore, encouraging the least privilege principle (user permissions are restricted to minimum necessary) is also helpful, as it isolates any potential breach and limits the lateral movement within the network (Goutam et.al, n.d.).
Firmware and Software Updates
Firmware and software are at the core of creating a secure and smart home security environment, which is commonly overlooked at the same time. The recent well-publicised IoT attacks have made sure that all the available patches were not employed in the system in time and that is the most dangerous part. This problem has been doubled by the fact that home environments have so far taken the form of not one single but many ecosystems being operated by each of them. Devices from various producers can be part of one single ecosystem but they still may not have a single joint update process.
For a manufacturer to lessen a risk, the updating processes featured by them must be very secure and have updates made automatically with the least user intervention, which include tools for validating the authenticity of updates based on digital signatures and rollback protection which disallows third-party versions. On the other hand, the users should have automatic updates enabled and pay attention to the notices of the updates. Clearly stating the changes and alerts through the interface can promote trust and timely action. This comprehensive updating prevents previous vulnerabilities already identified, and those influencing an overall reduction in the exploitation of the system through elimination of the unwanted access points (Prakash et.al, 2022).
Promoting User Awareness and Cyber Hygiene
A high number of security breaches are usually a result of the users’ lack of attention and ignorance of facts, such as giving in to phishing emails, connecting unknown, unverified devices, or doing wrong basic configuration settings. For that reason, capacity building on cyber security awareness and hygiene is urgently needed among smart home users.
Attention-grabbing educational activities must be included in the user experience. Interactive guides should be the most suitable approach while setting up the device, as they will not only show how to create secure passwords that hackers cannot crack but also set up MFA, and review permission settings. Device management apps also could be used to send real-time tips and alerts to their users, and it is anticipated that they will comply with these suggestions. Moreover, a broader audience on safety awareness campaigns, mostly through websites, social media, and community support groups, would be beneficial in improving cybersecurity practices. Strengthening the user’s role in his home’s security management is a major step towards reducing human error and gaining a tougher digital environment (Douha et al., 2023).
6.3 Future Work
Incident Response for Non-Technical Users
A prominent gap in smart home security is the lack of user-friendly tools for non-technical users to understand and respond to threats. Even when a Hybrid IDS detects a threat and sends an alert, the average homeowner may not grasp the urgency or know how to act, leading to delays that benefit the attacker. Future development should focus on mobile-based incident response tools that translate complex alerts into simple, actionable instructions. These tools should allow users to identify compromised devices, reset credentials, contact vendor support, or restore secure system states—all through a clear and intuitive interface. Further efficiency can be achieved by integrating these tools with smart speakers or hubs, enabling voice-command responses that streamline access and speed. By making security response more accessible and responsive, these tools would close the gap between detection and action, significantly enhancing the overall effectiveness and usability of smart home cybersecurity systems (Utsanok et.al, 2024).
Hybrid IDS is incapable of fending off new, highly targeted threats. The intrusions of today are getting more sophisticated and bad actors are using methods like adversarial machine learning, a case where the attackers slightly change inputs to escape detection. Due to which, IDS must be equipped with the capabilities to be more resistant. Future research should deal with the task of enhancing the anomaly detection by means of adversarial training and ensemble learning, and XAI (explainable AI) features should be integrated to clarify alerts and build user trust.
Furthermore, the inclusion of user behaviour profiling would instigate IDS to be familiar with daily routines in households and thus the system would be capable of detecting anomalies in a more precise manner and of making mistakes in the detection of false positives less likely to occur. These improvements will not only make the detection system more accurate but will also enable the IDS to reconfigure itself dynamically based on the heterogeneous and ever-changing nature of smart home environments, where usage patterns of devices are different even in similar households. A more intelligent IDS, i.e. the one that can explain, learn and adapt, is a must in the quickly changing cyber threats landscape in the connected living spaces (Dixit et al., 2024).
References
A new model for enhancing IoT security through hybrid optimization of intrusion detection (2024). https://ieeexplore.ieee.org/abstract/document/10737546
A secure architecture for IoT with supply chain risk management (2017). https://ieeexplore.ieee.org/abstract/document/8095118
Abdulganiyu, O.H., Ait Tchakoucht, T. & Saheed, Y.K., 2023. A systematic literature review for network intrusion detection system (IDS). International Journal of Information Security, 22, pp.1125–1162. Available at: https://doi.org/10.1007/s10207-023-00773-z
Abughazaleh, N., bin Jabal, R. and M., H. (2020) ‘DoS attacks in IoT systems and proposed solutions’, International Journal of Computer Applications, 176(33), June. Available at: https://www.researchgate.net/profile/Nada-Abughazaleh-3/publication/342280827_DoS_Attacks_in_IoT_Systems_and_Proposed_Solutions/links/5fce358392851c00f858eb84/DoS-Attacks-in-IoT-Systems-and-Proposed-Solutions.pdf
Affinito, A., Zinno, S., Stanco, G., Botta, A. and Ventre, G., 2023. The evolution of Mirai botnet scans over a six-year period. Journal of Information Security and Applications, 79, p.103629. Available at: https://doi.org/10.1016/j.jisa.2023.103629.
Ahmed, Z., Danish, S. M., Qureshi, H. K. and Lestas, M. (2019) ‘Protecting IoTs from Mirai botnet attacks using blockchains’, 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), pp. 1–6. IEEE. Available at: https://doi.org/10.1109/CAMAD.2019.8858484
Alaba, F.A., Othman, M., Hashem, I.A.T. and Alotaibi, F. (2017) ‘Internet of Things security: A survey’, Journal of Network and Computer Applications, 88, pp. 10–28. Available at: https://doi.org/10.1016/j.jnca.2017.04.002
Alghayadh, F., & Debnath, D. (2020). A hybrid intrusion detection system for smart home security. In 2020 IEEE International Conference on Electro Information Technology (EIT) (pp. 319–323). IEEE. https://ieeexplore.ieee.org/document/9208296
Alim, S.A., Shobowale, K.O., Nwafor, D.C., Mahmood, M.N. & Ismail, N., 2024. Development of smart home automation system for light, sockets, and fan control with mobile application. Journal of Engineering for Development, 16(4), pp.40–54.
Almiani, M., Alauthman, M., Al-Maolegi, M., Alarood, A. A., & Alzubi, J. A. (2020). A survey on intrusion detection systems in Internet of Things: A state-of-the-art review. IEEE Access, 8, 219648–219670. https://ieeexplore.ieee.org/abstract/document/9031177?casa_token=tdBg8rvKMIcAAAAA:HefH8MRYP-HSIVSSSe_Gs-YLcj2UGzDWzEZ3ppQnSlzf0d2mNHtDfskGZqR6Ef1bM36l7iLs0Pg
Alqahtani, A., Alsulami, A.A., Alqahtani, N., Alturki, B. and Alghamdi, B.M., 2024. ‘A comprehensive security framework for asymmetrical IoT network environments to monitor and classify cyber-attacks via machine learning’, Symmetry, 16 (9), 1121.Available: https://doi.org/10.3390/sym16091121
Alsakran, F., Bendiab, G., Shiaeles, S., & Kolokotronis, N. (2020). Intrusion Detection Systems for Smart home IoT Devices: Experimental Comparison study. In Communications in computer and information science (pp. 87–98). https://doi.org/10.1007/978-981-15-4825-3_7
Anatomy of threats to the internet of things (2019). https://ieeexplore.ieee.org/abstract/document/8489954
Anomaly detection based on CNN and regularization techniques against Zero-Day attacks in IoT networks (2022). https://ieeexplore.ieee.org/abstract/document/9888105
Arrington, B., Barnett, L., Rufus, R., & Esterline, A. (2016). Behavioral modeling intrusion detection system (BMIDS) using Internet of Things (IoT) behavior-based anomaly detection via immunity-inspired algorithms. In 2016 25th International Conference on Computer Communication and Networks (ICCCN) (pp. 1–6). IEEE. https://ieeexplore.ieee.org/abstract/document/7568495
Atri, H., Sharma, A., Mehrotra, T., & Saxena, S. (2024). Optimization of network mapping for screening and intrusion sensing devices. In Lecture notes in networks and systems (pp. 1–19). https://doi.org/10.1007/978-981-97-0641-9_1
Barua, A., Al Alamin, M.A., Hossain, M.S. and Hossain, E., 2022. Security and privacy threats for Bluetooth Low Energy in IoT and wearable devices: A comprehensive survey. Journal of Network and Computer Applications, [online] 204, p.103012. Available at: https://doi.org/10.1016/j.jnca.2022.103012.
Boban, M., 2024. Cybersecurity in the Digital Age: Regulatory Framework Based on the Implementation of the NIS2 Directive. Paper presented at the 112th International Scientific Conference on Economic and Social Development – “Creating a Unified Foundation for Sustainable Development: Interdisciplinarity in Research and Education,” Varazdin, 4-5 June 2024.Available:Social-transformations-and-social-programming.pdf
Böck, L., Sundermann, V., Fusari, I., Karuppayah, S., Mühlhäuser, M. and Levin, D., 2023. The End of the Canonical IoT Botnet: A Measurement Study of Mirai’s Descendants. arXiv preprint arXiv:2309.01130. Available at: https://arxiv.org/abs/2309.01130.
Bonaventura, D., Esposito, S. & Bella, G. (2023) ‘Smart Bulbs can be Hacked to Hack into your Household’, In Proceedings of the 20th International Conference on Security and Cryptography, pp. 218–229. Available at: https://doi.org/10.48550/arXiv.2308.09019
Bridges, R. A., Glass-Vanderlan, T. R., Iannacone, M. D., Vincent, M. S., & Chen, Q. (2019). A survey of intrusion detection systems leveraging host data. ACM Computing Surveys, 52(6), 1–35. https://doi.org/10.1145/3344382
Brous, P., Janssen, M. and Herder, P. (2019) ‘The dual effects of the Internet of Things (IoT): A systematic review of the benefits and risks of IoT adoption by organizations,’ International Journal of Information Management, 51, p. 101952. https://doi.org/10.1016/j.ijinfomgt.2019.05.008
Buresh, D.L. (2022) ‘The SolarWinds cyber-attack, the federal and private sector response, and the recommendations and lessons learned’, International Journal of Innovation Scientific Research and Review, 4(10), pp. 3469–3479. Available at: https://www.academia.edu/96839243.
Challa, M.L. & Soujanya, K.L.S., 2021. Secured smart mobile app for smart home environment. Materials Today: Proceedings, 37(2), pp.2109–2113. https://doi.org/10.1016/j.matpr.2020.07.536
Chhetri, C. and Motti, V. (2020) ‘Identifying vulnerabilities in security and privacy of smart home devices’, in National Cyber Summit (NCS) Research Track 2020, pp. 211–231. Springer. Available at: https://doi.org/10.1007/978-3-030-61218-4_15
Cybersecurity, internet of things, and risk management for businesses – ProQuest (no date). https://www.proquest.com/docview/2555130767?pq-origsite=gscholar&fromopenview=true&sourcetype=Dissertations%20&%20Theses
De Donno, M., Dragoni, N., Giaretta, A. and Spognardi, A. (2018) ‘DDoS-capable IoT malwares: Comparative analysis and Mirai investigation’, Security and Communication Networks, 2018, Article 7178164. Available at: https://doi.org/10.1155/2018/7178164
De La Cruz, J. & Bradley, M. (n.d.). Computer security technical report: Philips Hue bulb & IoT app security vulnerability analysis. [Technical Report]. Available: https://www.researchgate.net/publication/354674719_Security_Evaluation_of_IoT_Smart_Bulb_Attack_Surface_in_a_Smart_Home_SOA
Diana, L., Dini, P. and Paolini, D. (2025) ‘Overview on Intrusion detection Systems for Computers Networking Security,’ Computers, 14(3), p. 87. https://doi.org/10.3390/computers14030087
Dixit, M., Siby, S.M., J., J., Vetriveeran, D., Sambandam, R.K. and D., V., 2024. Theoretical framework for integrating IoT and explainable AI in a smart home intrusion detection system. In: 2024 IEEE International Conference on Contemporary Computing and Communications (InC4). Bangalore, India, pp.1–5. IEEE. Available: https://ieeexplore.ieee.org/abstract/document/10649233?casa_token=_q7Zx7t4qyAAAAAA:vURgUXBtVnIsxk9ngMd6h6XKPEHMAxqSeVIYPY4zGAebH-FLMDI7QKYTSY_NEZmsB8TLb1y2p-k
Dos Santos, R.R., a et al. (2023) Federated learning for reliable model updates in network-based intrusion detection, Computers & Security. journal-article, p. 103413. https://secplab.ppgia.pucpr.br/reliablefedlearningids
Douha, N.Y.-R. et al. (2023) ‘Smart home cybersecurity awareness and behavioral incentives,’ Information and Computer Security, 31(5), pp. 545–575. https://doi.org/10.1108/ics-03-2023-0032
European Data Protection Board (EDPB), 2021. Guidelines, recommendations and best practices under the GDPR. Brussels: EDPB. Available at: https://edpb.europa.eu/
Eustis, A. G. (2019) ‘The Mirai botnet and the importance of IoT device security’, in 16th International Conference on Information Technology–New Generations (ITNG 2019), pp. 85–89. Springer. Available at: https://doi.org/10.1007/978-3-030-14070-0_13
Farooq, M., Khan, R., & Khan, M. H. (2023) ‘Stout Implementation of Firewall and Network Segmentation for Securing IoT Devices’, Indian Journal of Science and Technology, 16(33), pp. 2609–2621. Available at: https://doi.org/10.17485/IJST/v16i33.1262
Fereidouni, H., Fadeitcheva, O. and Zalai, M. (2025) IoT and Man‐in‐the‐Middle Attacks, Security and Privacy, 8(2). https://doi.org/10.1002/spy2.70016
Formosinho, F. (2024) Illuminating threats: Exploring cybersecurity threats in smart bulbs and illuminating a path to enhanced protection (Dissertation). Available at: https://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-23960
Goutam, S., Enck, W. and Reaves, B., n.d. Hestia: Simple least privilege network policies for smart homes. North Carolina State University. Available at: https://arxiv.org/abs/2005.05195
Güven, E.Y. and Gürkaş-Aydın, Z., 2023. Mirai botnet attack detection in low-scale network traffic. Intelligent Automation & Soft Computing, 37(1), pp.419–431. Available at: https://doi.org/10.32604/iasc.2023.038043.
Hachmi, F., Boujenfa, K. and Limam, M. (2018) ‘Enhancing the accuracy of intrusion detection systems by reducing the rates of false positives and false negatives through multi-objective optimization,’ Journal of Network and Systems Management, 27(1), pp. 93–120. https://doi.org/10.1007/s10922-018-9459-y
Hammi, B., Zeadally, S., Khatoun, R. and Nebhen, J., 2022. Survey on smart homes: Vulnerabilities, risks, and countermeasures. Computers & Security, 117, p.102677. Available at: https://doi.org/10.1016/j.cose.2022.102677.
Hareesh, R., Kumar, R. K. S., Kalluri, R., & Bindhumadhava, B. S. (2022). Critical infrastructure asset discovery and monitoring for cyber security. In Lecture notes in electrical engineering (pp. 289–300). https://doi.org/10.1007/978-981-16-9008-2_27
Heiding, F., Süren, E., Olegård, J. and Lagerström, R., 2023. Penetration testing of connected households. Computers & Security, 126, p.103067. Available at: https://doi.org/10.1016/j.cose.2022.103067
Huszti, A., Kovács, S. and Oláh, N. (2022) ‘Scalable, password-based and threshold authentication for smart homes’, International Journal of Information Security, 21, pp. 707–723. Available at: https://doi.org/10.1007/s10207-022-00578-7
Injadat, M., Moubayed, A. and Shami, A. (2020) ‘Detecting botnet attacks in IoT environments: An optimized machine learning approach’, 2020 32nd International Conference on Microelectronics (ICM), Aqaba, Jordan, pp. 1–4. doi: 10.1109/ICM50269.2020.9331794.
International Organization for Standardization (ISO), 2018. ISO/IEC 27005:2018 Information technology — Security techniques — Information security risk management. Geneva: ISO.
Jedh, M., Ben Othmane, L., Ahmed, N. & Bhargava, B. (2021) ‘Detection of message injection attacks onto the CAN bus using similarities of successive messages-sequence graphs’, IEEE Transactions on Information Forensics and Security, 16, pp. 4133–4146. doi: 10.1109/TIFS.2021.3098162.
Kerimkhulle, S., Dildebayeva, Z., Tokhmetov, A., Amirova, A., Tussupov, J., Makhazhanova, U., Adalbek, A., Taberkhan, R., Zakirova, A., & Salykbayeva, A. (2023) ‘Fuzzy Logic and Its Application in the Assessment of Information Security Risk of Industrial Internet of Things’, Symmetry, 15(10), p. 1958. Available at: https://doi.org/10.3390/sym15101958
Kim, M. and Suh, T., 2021. Eavesdropping vulnerability and countermeasure in infrared communication for IoT devices. Sensors, 21(24), p.8207. Available: https://doi.org/10.3390/s21248207.
Lean, C.P., Ying, T.Y., Ganesan, S. & Ravi, P., 2022. An overview of IoT based smart home surveillance and control system: Challenges and prospects. Special Issue: International Conference on Contemporary Issues 2022, Manipal Journal of Science and Technology, 2(S1), pp.121. https://doi.org/10.56532/mjsat.v2iS1.121
Lee, I. (2020) ‘Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management’, Future Internet, 12(9), p. 157. Available at: https://doi.org/10.3390/fi12090157
Li, J. (2021) ‘Cyber-attacks on cameras in the IoT networks’, 2021 2nd International Conference on Computer Communication and Network Security (CCNS), Xining, China, pp. 94–97. doi: 10.1109/CCNS53852.2021.00027.
Magara, T. & Zhou, Y., 2024. Internet of Things (IoT) of smart homes: Privacy and security. Journal of Electrical and Computer Engineering, 2024(1), 7716956. https://doi.org/10.1155/2024/7716956
Malik, M.S. (2024) ‘IoT Malware: A Comprehensive Survey of Threats, Vulnerabilities, and Mitigation Strategies’, International Journal for Electronic Crime Investigation, 8(1), pp. 1–20. Available at: https://doi.org/10.54692/ijeci.2024.0801187
Margolis, J., Oh, T. T., Jadhav, S., Kim, Y. H. and Kim, J. N. (2017) ‘An in-depth analysis of the Mirai botnet’, 2017 International Conference on Software Security and Assurance (ICSSA), pp. 6–12. IEEE. Available at: https://doi.org/10.1109/ICSSA.2017.12
Martínez, J. and Durán, J.M. (2021) ‘Software supply chain attacks, a threat to global cybersecurity: SolarWinds’ case study’, International Journal of Safety and Security Engineering, 11(5), pp. 537–545. doi: https://doi.org/10.18280/ijsse.110505.
Moore, S., 2022. Improving reliability in the Internet of Things through anomaly detection. PhD thesis. Ulster University. Available at: https://pure.ulster.ac.uk/ws/portalfiles/portal/106853347/2022MooreSPhD.pdf
Mouha, R.A., 2021. Internet of Things (IoT). Journal of Data Analysis and Information Processing, 9(2), pp.108574. Available at: https://doi.org/10.4236/jdaip.2021.92006
Nozomi Networks, 2020. OT/IoT security report. Network Security, 2020(8), p.4. [online] Available at: https://doi.org/10.1016/S1353-4858(20)30088-X.
Östlund, U., Kidd, L., Wengström, Y. and Rowa-Dewar, N. (2011) ‘Combining qualitative and quantitative research within mixed method research designs: A methodological review’, International Journal of Nursing Studies, 48(3), pp. 369–383. Available at: https://doi.org/10.1016/j.ijnurstu.2010.10.005
Pathak, S., Islam, S. A., Jiang, H., Xu, L. and Tomai, E. (2022) ‘A survey on security analysis of Amazon Echo devices’, Human-Centric Computing and Information Sciences, 12, Article 100087. Available at: https://doi.org/10.1016/j.hcc.2022.100087.
Paul, S., Ganin, A.A., Avetisov, K., Eubank, S. and Linkov, I., 2021. Improving resilience for the Internet of Things with quantitative cyber risk assessment. Environment Systems and Decisions, 41, pp.32–44. Available: https://doi.org/10.1007/s10669-020-09780-w
Pétursson, A. (2023) ‘Ethical Hacking of a Ring Doorbell’, KTH Royal Institute of Technology. Available at: https://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1751192&dswid=-3882
Plachkinova, M. and Knapp, K. (2022) ‘Least Privilege across People, Process, and Technology: Endpoint Security Framework,’ Journal of Computer Information Systems, 63(5), pp. 1153–1165. https://doi.org/10.1080/08874417.2022.2128937
Pöhls, H.C., Kügler, F., Geloczi, E. and Klement, F., 2025. Segmentation and filtering are still the gold standard for privacy in IoT—An in-depth STRIDE and LINDDUN analysis of smart homes. Future Internet, 17(2), p.77. Available at: https://doi.org/10.3390/fi17020077.
Prakash, V., Xie, S. and Huang, D.Y. (2022) ‘Software update practices on smart home IoT devices’, arXiv preprint arXiv:2208.14367v2 . Available: https://arxiv.org/abs/2208.14367v2
Roman, R., Najera, P. and Lopez, J., 2011. Securing the Internet of Things. Computer, 44(9), pp.51–58. Available at: https://doi.org/10.1109/MC.2011.291
Salah, B., Alnahhal, M. and Ali, M. (2023) ‘Risk prioritization using a modified FMEA analysis in Industry 4.0’, Journal of Engineering Research, 11(4), pp. 460–468. Available at: https://doi.org/10.1016/j.jer.2023.07.001
Schütz, F. et al. (2023) ‘Consumer Cyber Insurance as Risk Transfer: A Coverage analysis,’ Procedia Computer Science, 219, pp. 521–528. https://doi.org/10.1016/j.procs.2023.01.320
Security Threats and Artificial intelligence based Countermeasures for Internet of Things Networks: A Comprehensive survey (2021b). https://ieeexplore.ieee.org/abstract/document/9456954
Sharma, A., Mansotra, V. and Singh, K. (2023) ‘Detection of Mirai Botnet Attacks on IoT devices Using Deep Learning’, Journal of Scientific Research and Technology, 1(6), pp. 174–187. Available at: https://doi.org/10.5281/zenodo.8330561
Smys, N.Dr.S., Basar, N.Dr.A. and Wang, N.Dr.H. (2020) ‘Hybrid Intrusion Detection System for Internet of things (IoT),’ Journal of ISMAC, 2(4), pp. 190–199. https://doi.org/10.36548/jismac.2020.4.002 https://doi.org/10.36548/jismac.2020.4.002
Suleski, T., Ahmed, M., Yang, W., & Wang, E. (2023) ‘A review of multi-factor authentication in the Internet of Healthcare Things’, Digital Health, 9, pp. 1–20. Available at: https://doi.org/10.1177/20552076231177144
Syed Rizvi PhD et al. (2020) Threat model for securing internet of things (IoT) network at device-level. https://www.sciencedirect.com/science/article/pii/S2542660520300731
Tahsien, Karimipour and Spachos (2020) Machine learning based solutions for security of Internet of Things (IoT): A survey. https://www.sciencedirect.com/science/article/pii/S1084804520301041
Thakur, K., & Kumar, G. (2020). Nature inspired Techniques and Applications in Intrusion Detection Systems: recent progress and updated perspective. Archives of Computational Methods in Engineering, 28(4), 2897–2919. https://doi.org/10.1007/s11831-020-09481-7
Utsanok, T., Rukhiran, M. and Klongdee, S., 2024. Enhancing smart home security using IoT: A socio-technical perspective. IoT, 5(1), pp.79–99. Available at: https://doi.org/10.3390/iot5010005
Valenzuela, S. (2024) Ethical hacking of a network security camera: Penetration testing the camera system EufyCam S330 and HomeBase S380 (Dissertation). Available at: https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-360616
Viegas, Santin, A.O.S. and Oliveira, L.S. (2017) Toward a reliable anomaly-based intrusion detection in real-world environments. https://www.sciencedirect.com/science/article/pii/S1389128617303225
Wachter, S. (2018) ‘Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR,’ Computer Law & Security Review, 34(3), pp. 436–449. https://doi.org/10.1016/j.clsr.2018.02.002
Wang, S., Tu, G.-H., Lei, X., Xie, T., Li, C.-Y., Chou, P.-Y., Hsieh, F., Hu, Y., Xiao, L. & Peng, C. (2021) ‘Insecurity of operational cellular IoT service: new vulnerabilities, attacks, and countermeasures’, MobiCom ’21: Proceedings of the 27th Annual International Conference on Mobile Computing and Networking, pp. 437–450. Available at: https://doi.org/10.1145/3447993.3483239
Xie, X., Jiang, K., Dai, R., Lu, J., Wang, L., Li, Q. & Yu, J. (2023) Access Your Tesla without Your Awareness: Compromising Keyless Entry System of Model 3. Network and Distributed System Security (NDSS) Symposium 2023, 27 February – 3 March, San Diego, CA, USA. Available at: https://dx.doi.org/10.14722/ndss.2023.24082.
Zhang, G., Ji, X., Li, X., Qu, G. and Xu, W. (2021) ‘EarArray: Defending against DolphinAttack via acoustic attenuation’, Network and Distributed Systems Security (NDSS) Symposium 2021, 21–25 February 2021, Virtual. Available at: https://dx.doi.org/10.14722/ndss.2021.24551.
Appendices
Table 1
|
Risk ID |
Threat Description |
Likelihood |
Impact |
Risk Score |
Mitigation |
|
R-001 |
Unauthorized access to IoT devices due to weak passwords |
High |
High |
Critical |
Implement multi-factor authentication (MFA), strong password policies (Suleski et al., 2023) |
|
R-002 |
Malware infection via compromised IoT firmware |
Medium |
High |
High |
Regular firmware updates, implement IDS to detect anomalies (Malik, 2024) |
|
R-003 |
Data leakage due to unencrypted communication |
High |
Medium |
High |
Use TLS encryption, network segmentation (Farooq, Khan and Khan, 2023) |
|
R-004 |
IoT botnet attack (e.g., Mirai) |
High |
High |
Critical |
IDS with anomaly detection, firewall to block malicious traffic (Sharma, Mansotra and Singh, 2023) |
Table 2
|
Likelihood → / Impact ↓ |
Low |
Medium |
High |
|
High (Almost Certain) |
Moderate |
High |
Critical |
|
Medium (Possible) |
Low |
Moderate |
High |
|
Low (Unlikely) |
Low |
Low |
Moderate |
Table 3
|
Step |
Activity |
What Happens |
Who’s Involved |
Time Period |
|
1. |
Device Discovery |
Identify all smart devices and map the home network. |
Homeowner, Installer
|
Week1 |
|
2. |
Behavior Baseline Setup |
Monitor normal device behavior to build detection model |
IDS System, Technician |
Week 2–3 |
|
3. |
Install & Configure Hybrid IDS |
Deploy IDS combining rule-based and anomaly-based detection |
Security Expert |
Week 4 |
|
4. |
Set Access Rules |
Define strong passwords, MFA, and limited user access |
Homeowner, Vendor |
Week 5 |
|
5. |
Link with Smart App or Hub |
Connect IDS to app or voice hub for alerts and control
|
Developer, Homeowner |
Week 6 |
|
6. |
Test & Simulate Threats |
Run test attacks to see how IDS responds
|
Tester, Consultant |
Week 7 |
|
7. |
Enable Auto Updates |
Turn on secure automatic software/firmware updates |
Vendor, Homeowner |
Week 7 |
|
8. |
Train the User |
Provide simple security tips and response guides
|
Vendor, Support Team |
Week 8 |
|
9. |
Set Monitoring & Reports |
Define how alerts are tracked and shared |
Homeowner, IDS Admin |
Week 9 |
|
10. |
Regular Updates & Improvements |
Keep IDS updated with new threats and user feedback |
Vendor, Research Partners |
Periodically |
