CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


College of Computing and Engineering


Wei Li

Committee Member

Kurtis B. Kredo

Committee Member

Yair Levy


Smart home devices control a home’s environmental and security settings. This includes devices that control home thermostats, sprinkler systems, light bulbs, and home appliances. Malicious manipulation of the settings of these devices by an outside adversary has caused emotional distress and could even cause physical harm. For example, researchers have reported that there is a rise in domestic abuse perpetrated via smart home devices; victims have reported their thermostat settings being unwittingly manipulated and being locked out of their house due to their smart lock code being changed. Rapid adoption of smart home devices by consumers has led to an urgent need to research mitigation strategies to protect consumers from device takeover.

Currently there is not an easy way for home users to detect that a malicious actor is making unwanted changes to their smart home devices. Change requests to smart home devices travel across the network in the form of network packets. Most of time the payloads of the packets are encrypted using strong encryption methods, so it is not possible to simply read the contents of the packet to learn if the packet contains instructions for the smart device to change states. Previous research has successfully trained machine learning algorithms to identify unique network traffic patterns indicative of state change requests sent to smart home devices. This research extends previous research by identifying state change requests of smart home devices made by residents via a smart home device app on their smart phones or tablets. This research identified 13 key attributes of 3,178 encrypted network traffic connections. The attributes were used as features to train three machine learning algorithms to recognize state change requests. Four smart home devices were used chosen from the following categories: 1) devices with simple behaviors (turns on and off), 2) devices with complex behaviors (can be turned on for a set amount of time), and 3) devices that send a large amount of data (i.e. video camera).

The success of identifying state change requests over encrypted traffic from a mobile app, combined with previous research that identified state changes sent to the smart home device, allows for the development of a system that could block unwanted state changes that originate from a malicious user located outside of the house. Therefore, this research contributes to the body of knowledge of smart home device security and could be extended to the identification of other networking patterns based on encrypted traffic.