The introduction of modern Smart Home Systems (SHSs) is redefining the way we perform everyday activities. Today, myriad SHS applications and the devices they control are widely available to users. Specifically, users can easily download and install the apps from vendor-specific app markets, or develop their own, to effectively implement their SHS solutions. However, despite their benefits, app-based SHSs unfold diverse security risks. Several attacks have already been reported to SHSs and current security solutions only consider smart home devices and apps individually to detect malicious actions, rather than the context of the SHS as a whole. Thus, the current security solutions applied to SHSs cannot capture user activities and sensor-device-user interactions in a holistic fashion. To address these limitations, in this article, we introduce Aegis+, a novel context-aware platform-independent security framework to detect malicious behavior in an SHS. Specifically, Aegis+ observes the states of the connected smart home entities (sensors and devices) for different user activities and usage patterns in an SHS and builds a contextual model to differentiate between malicious and benign behavior. We evaluated the efficacy and performance of Aegis+ in multiple smart home settings (i.e., single bedroom, double bedroom, duplex) and platforms (i.e., Samsung SmartThings, Amazon Alexa) where real users perform day-to-day activities using real SHS devices. We also measured the performance of Aegis+ against five different malicious behaviors. Our detailed evaluation shows that Aegis+ can detect malicious behavior in SHS with high accuracy (over 95%) and secure the SHS regardless of the smart home layout and platforms, device configurations, installed apps, controller devices, and enforced user policies. Finally, Aegis+ yields minimum overhead to the SHS, ensuring effective deployability in real-life smart environments.
