The rapid proliferation of Internet of Things (IoT) devices has increased the attack surface for cyber threats. Traditional intrusion detection systems often struggle to keep pace with novel or evolving threats. This study proposes an end-to-end generative AI-based intrusion detection and response pipeline designed for automated threat mitigation in smart home IoT environments. It leverages a Variational Autoencoder (VAE) trained on benign traffic to flag anomalies, a fine-tuned Bidirectional Encoder Representations from Transformers (BERT) model to classify anomalies into five attack categories (C&C, DDoS, Okiru, PortScan, and benign), and Grok3—a large language model—to generate tailored countermeasure recommendations. Using the Aposemat IoT-23 dataset, the VAE model achieves a recall of 0.999 and a precision of 0.961 for anomaly detection. The BERT model achieves an overall accuracy of 99.90% with per-class F1 scores exceeding 0.99. End-to-end prototype simulation involving 10,000 network traffic samples demonstrate a 98% accuracy in identifying cyber attacks and generating countermeasures to mitigate them. The pipeline integrates generative models for improved detection and automated security policy formulation in IoT settings, enhancing detection and enabling quicker and actionable security responses to mitigate cyber threats targeting smart home environments.

A number of challenging aspects have to be considered, when the Internet of Things (IoT) and Artificial Intelligence (AI) are combined into intelligent IoT systems. A key aspect that demands high attention is trustworthiness. As part of the investigations we conduct in this area in collaboration with partner companies, the need of a holistic view for trustworthiness in Intelligent IoT systems has emerged. To address such need, and to identify suitable support for it, we analyzed existing ISO standards and literature and we found out that they lack a holistic view for trustworthiness in intelligent IoT systems.To bridge this gap, we propose a conceptual model for trustworthiness in intelligent IoT systems that includes stakeholders, systems, and primary concerns, and is built upon existing standards and literature. Our model can support the design, development, operations, evolution of and communication about intelligent IoT systems. We received positive confirmation of the validity of the conceptual model from industrial practitioners working in four companies in the intelligent IoT systems area. Together with our partner companies, we plan to develop and operate approaches leveraging the conceptual model as next step.

The concept of smart building is based on the deployment of Internet of Things (IoT) technologies to develop various building applications and services. Aided by the proliferation of smart devices, research in building automation has grown significantly. Nevertheless, these smart devices are integrated with sensors that can collect and share sensitive data and private information related to the building occupants, exposing them to a variety of privacy threats. Although research efforts to promote the development of privacy-aware solutions for smart buildings have been on the rise, a comprehensive review that summarizes these studies is lacking in the literature. This paper provides an extensive review of the studies related to sensing in smart buildings. It highlights privacy issues connected to sensing in smart buildings, provides mitigation strategies that can be deployed to minimize occupants’ privacy invasions, and discusses future research directions towards realising privacy-aware smart buildings. To fulfill the aim of this study, five research questions are formulated, which enable systematic navigation through existing studies related to the topic. These research questions are directed to providing answers to privacy related to data leakage, privacy connected to sensor types, privacy related to different applications, privacy concerns with sensor deployment locations and building types, privacy issues with data processing methods, and to highlight mitigation strategies for reducing privacy invasion. It further discusses the technical approaches, general principles, and design choices for privacy-aware applications which are relevant for guiding relevant stakeholders.

As the proliferation of Internet of Things (IoT) devices grows, challenges in security, privacy, and interoperability become increasingly significant. IoT devices often have resource constraints, such as limited computational power, energy efficiency, bandwidth, and storage, making it difficult to implement advanced security measures. Additionally, the diversity of IoT devices creates vulnerabilities and threats that attackers can exploit, including spoofing, routing, man-in-the-middle, and denial-of-service. To address these evolving threats, Intrusion Detection Systems (IDSs) have become a vital solution. IDS actively monitors network traffic, analyzing incoming and outgoing data to detect potential security breaches, ensuring IoT systems remain safeguarded against malicious activity. This study introduces an IDS framework that integrates ensemble learning with rule induction for enhanced model explainability. We study the performance of five ensemble algorithms (Random Forest, AdaBoost, XGBoost, LightGBM, and CatBoost) for developing effective IDS for IoT. The results show that XGBoost outperformed the other ensemble algorithms on two publicly available datasets for intrusion detection. XGBoost achieved 99.91% accuracy and 99.88% AUC-ROC on the CIC-IDS2017 dataset, as well as 98.54% accuracy and 93.06% AUC-ROC on the CICIoT2023 dataset, respectively. We integrate model explainability to provide transparent IDS system using a rule induction method. The experimental results confirm the efficacy of the proposed approach for providing a lightweight, transparent, and trustworthy IDS system that supports security analysts, end-users, and different stakeholders when making decisions regarding intrusion and non-intrusion events.

As the number of Internet of Things (IoT) devices continues to grow, understanding and mitigating potential vulnerabilities and threats is crucial. With IoT devices becoming ubiquitous in critical sectors like healthcare, transportation, energy, and industrial automation, identifying and addressing risks is increasingly important. A comprehensive risk management approach enables IoT stakeholders to safeguard user data and privacy, as well as system integrity. Existing risk assessment frameworks focus on qualitative risk analysis methodologies, such as operationally critical threat, asset, and vulnerability evaluation (OCTAVE). However, security risk assessment, particularly for IoT ecosystem, demands both qualitative and quantitative risk assessment. This paper proposes RAM-IoT, a risk assessment model for IoT-based critical assets that integrates qualitative and quantitative risk assessment approaches. A multi-criteria decision making (MCDM) approach based on fuzzy Analytic Hierarchy Process (fuzzy AHP) is proposed to address the subjective assessment of the IoT risk analysts and their corresponding stakeholders. The applicability of the proposed model is illustrated through a use case connected to service delivery in the IoT. The proposed model provides a guideline to researchers and practitioners on how to quantify the risks targeting assets in IoT, thereby providing adequate support for protecting IoT ecosystems.

Nowadays, a growing interest from industry has caused the smart home to evolve from a place that was focused on automation of home appliances to an intelligent Internet‐connected environment. This environment features sensors, actuators, and systems implementing services that enhance the comfort and convenience as well as contribute to a more energy‐efficient and safe society. The modern home has become a complex information system with huge potential gains, but also in need of a broad scientific approach. This chapter introduces smart connected homes, describing their underlying technologies, architectures, and offered services that surround this domain. Based on the idea of the smart connected home as a system of systems, a discussion of ongoing and emerging research challenges with respect to security and privacy, interoperability support, reliability, and usability, is also provided.

Smart homes are increasingly popular and offer users multiple benefits, such as increased security, entertainment, health, and energy efficiency. But smart homes also raise ethical challenges. Analyzing ethical risks in smart homes requires an approach that can reveal and analyze the complex consequences of unethical IoT use. Such an analysis, however, is cumbersome and requires including many aspects and stakeholder perspectives. There is a lack of methods to analyze smart homes ethically and document such research results for continual evaluation over time as the smart home and our understanding of its ethics inevitably evolve and change. This work aims to design a workshop methodology to support systematic ethical analyses of smart homes. It builds on previous work considering smart homes as digital ecosystems to contextually examine ethical risks and challenges. A group of research participants were asked to undergo the workshop to evaluate its usefulness in supporting ethical discussions and documenting insights systematically. The results show the feasibility of the workshop design in conducting ethical analyses and eliciting system requirements for smart homes. Several unethical use cases are discussed, such as IoT gaslighting and surveillance concerns related to child users.

Connected smart homes (CSH) have benefited immensely from emerging Internet of Things (IoT) technology. CSH is intended to support everyday life in the private seclusion of the home, and typically covers the integration of smart devices such as smart meters, heating, ventilation, and air conditioning (HVAC), intelligent lightening, and voice-activated assistants among others. Nevertheless, the risks associated with CSH assets are often of high concern. For instance, energy consumption monitoring through smart meters can reveal sensitive information that may pose a privacy risk to home occupants if not properly managed. Existing risk assessment approaches for CSH tend to focus on qualitative risk assessment methodologies, such as operationally critical threat, asset, and vulnerability evaluation (OCTAVE). However, security risk assessment, particularly for IoT environments, demands both qualitative and quantitative risk assessment. This paper proposes assets-based risk assessment model that integrates both qualitative and quantitative risk assessment to determine the risk related to assets in CSH when a specific service is used. We apply fuzzy Analytic Hierarchy Process (fuzzy AHP) to address the subjective assessment of the IoT risk analysts and stakeholders. The applicability of the proposed model is illustrated through a use case that constitutes a scenario connected to service delivery in CSH. The proposed model provides a guideline to researchers and practitioners on how to quantify the risks targeting assets in CSH.

N/A.

The proliferation of smart home technology has the potential to enhance the quality of life for individuals and families, as well as for mitigating larger societal challenges, such as those of sustainability, safety, and energy efficiency. However, it also raises concerns about potential risks and unintended consequences, primarily those that pertain to security and privacy. Despite ongoing discussions by experts and the wider research community, there is a lack of consensus and expertise on addressing these issues in an efficient, unanimous, and foremost responsible way. This paper takes its starting point from the center of the issue, i.e., the ethics that underlie the provision of the products and services intended for smart homes. It subsequently proposes guidelines for the responsible development of smart home technologies. These guidelines offer specific considerations tailored to the unique characteristics of the smart home, providing developers and businesses with a foundation to prioritize responsible technology usage in the ever so personal and private home environment. By adhering to these guidelines, stakeholders can establish a solid foundation for ethical deci-sion-making and ensure the responsible integration of technology in smart homes.