Smart building automation systems are increasingly the target of hacking attacks. Moreover, they may be used as a tool for attacks against targets located out of the native Home Area Network (HAN). These attacks are often resulted in changes in traffic volume, damaged packets, increased message traffic, and so on. Symptoms of attacks can be detected as anomalies in traffic model and recognized by a software agent run on Home Gateway. Although these anomalies are detected locally, it may help network provider to protect his resources as well as other resources of his clients. For that purpose, network operator should be able to recognize anomalies and correlate them on the network level. In this way, the network operator has the ability to protect both its own network and HANs of its clients. This article shows that Smart Home security might be coupled with the providers' network security policy. For that reason, security tasks should be performed both in HAN and providers' data center. This article describes a novel strategy for anomaly detection that provides shared responsibility between a service client and the network provider. It uses a machine learning approach for classifying the monitoring data and correlation in searching suspicious behavior across the network resources at the service provider's data center.

中文翻译：

---

智能家居自动化物联网系统中的异常流量检测和关联

智能楼宇自动化系统越来越成为黑客攻击的目标。此外，它们可以用作攻击本地家庭区域网络 (HAN) 之外目标的工具。这些攻击往往会导致流量变化、数据包损坏、消息流量增加等。攻击的症状可以被检测为流量模型中的异常，并由在家庭网关上运行的软件代理识别。虽然这些异常是在本地检测到的，但它可以帮助网络提供商保护他的资源以及他的客户的其他资源。为此，网络运营商应该能够识别异常并在网络级别将它们关联起来。这样，网络运营商就有能力保护自己的网络和客户的 HAN。本文表明智能家居安全可能与提供商的网络安全策略相结合。出于这个原因，应该在 HAN 和提供商的数据中心执行安全任务。本文描述了一种新的异常检测策略，该策略在服务客户端和网络提供商之间提供共同责任。它使用机器学习方法对监控数据和相关性进行分类，以在服务提供商数据中心的网络资源中搜索可疑行为。