Federated IoT Interaction Vulnerability Analysis

Abstract

IoT devices provide users with great convenience in smart homes. However, the interdependent behaviors across devices may yield unexpected interactions. To analyze the potential IoT interaction vulnerabilities, in this paper, we propose a federated and explicable IoT interaction data management system FexIoT. To address the lack of information in the closed-source platforms, FexIoT captures causality information by fusing multi-domain data, including the descriptions of apps and real-time event logs, into interaction graphs. The interaction graph representation is encoded by graph neural networks (GNNs). To collaboratively train the GNN model without sharing the raw data, we design a layer-wise clustering-based federated GNN framework for learning intrinsic clustering relationships among GNN model weights, which copes with the statistical heterogeneity and the concept drift problem of graph data. In addition, we propose the Monte Carlo beam search with the SHAP method to search and measure the risk of subgraphs, in order to explain the potential vulnerability causes. We evaluate our prototype on datasets collected from five IoT automation platforms. The results show that FexIoT achieves more than 90% average accuracy for interaction vulnerability detection, outperforming the existing methods. Moreover, FexIoT offers an explainable result for the detected vulnerabilities.