A new approach enhances cybersecurity in smart homes

The number of smart homes, packed with devices connected to the internet, continues to grow. In the European Union, over 70% of the population have some type of connected device in their homes, not counting computers or smartphones, according to Eurostat data. Televisions, audio and gaming systems, virtual assistants, and home automation systems are the most common. All these devices offer convenience and efficiency, but they also open the door to new cybersecurity risks. However, detecting anomalies in smart home systems, such as those caused by cyberattacks, is fraught with challenges, largely stemming from the design of the algorithms used to detect them.

Led by Helena Rifà Pous, from the K-ryptography and Information Security for Open Networks (KISON) group, attached to the UOC-TECH Research Centre, and associate professor in the Faculty of Economics and Business and in the Faculty of Computer Science, Multimedia and Telecommunications, and Juan Ignacio Iturbe-Araya, researcher at the Universitat Oberta de Catalunya (UOC) UOC-TECH centre and in the Department of Computer Engineering at the University of Santiago de Chile, the new research project proposes a new working approach to optimize these algorithms.

Objective: to correct the imbalance of the algorithms

Traditional methods of detecting attacks have long been falling short in the face of the increasing variety and volume of threats faced by smart home systems. These methods, which require the system to know about every type of attack and the patterns that identify it in advance, are being displaced by unsupervised learning techniques, capable of identifying anomalous behaviour without the need for prior data regarding the threats. However, these techniques also have a weakness.

The performance of these systems depends largely on what method they use to adjust the internal parameters by which they evaluate anomalous behaviour so that the system can anticipate a possible attack. Choosing these values incorrectly can reduce their ability to detect new or infrequent attacks, especially in environments with imbalanced data. This applies to environments such as the home, where there are much more data on normal traffic than on anomalous traffic and where the frequencies of individual anomalies can vary greatly.

"Our work suggests that, even if unsupervised methods for detecting anomalies are used, these can work better if we automatically optimize the system configuration," Helena Rifà Pous said. "The study analyses how the selection of optimization metrics impacts the subsequent performance of these unsupervised learning models. It concludes that metrics based on the Matthews correlation coefficient (a scale used to rank predictions) perform best, as they allow systems to be more generalizable, balanced, and robust."

According to the UOC researcher, the study's findings (published in open access in the Journal of Network and Systems Management) underline how the use of more balanced metrics is important for advancing towards more reliable and effective security systems. "The different criteria suggested by our research will make it possible to create more flexible anomaly detection systems, which can be better adapted to the needs of individual users who do not have cybersecurity or IT expertise. Essentially, it will ensure that products that reach the market are better able to detect real and rare attacks and are not just good at confirming that traffic is normal," she said.

The challenges of reinforcing domestic cybersecurity

The study proposes a new approach to developing robust, optimized models that strengthen the security of connected homes. However, the researchers pointed out that applying this approach to widely used commercial services also involves three major challenges:

• Availability of real household data. Obtaining a significant volume of data from households that have suffered cyberattacks with which to properly validate the functioning of detection systems is costly and complicated.
• Future reliability. Normal household traffic changes over time for reasons such as the purchase of a new device or a change in consumption habits. It is therefore difficult to ensure that anomaly detection systems developed today will continue to be efficient in the future.
• Portability and standardization. Implementing an optimized model across different smart home and internet of things (IoT) platforms may be complicated, and it will not always be possible to maintain the performance of the model proposed.

"Our research focuses on finding other mechanisms we can use to ensure that systems for detecting anomalies in smart homes adapt to their environment and work correctly when users have little or no technical knowledge. We are looking for models that are not only accurate, but also autonomous and transparent," Rifà Pous said. "Our next step is to see how explainable artificial intelligence techniques can help us understand why these models fail or become obsolete," she concluded.

Iturbe-Araya, JI., Rifà-Pous, H. Hyperparameter Optimization and Evaluation Metrics for Unsupervised Anomaly-Based Cyberattack Detection in Imbalanced Smart Home Datasets. Journal of Network and Systems Management 33, 99 (2025). https://doi.org/10.1007/s10922-025-09973-6

This research, which is part of the UOC's Ethical and human-centred technology research mission, supports UN Sustainable Development Goals SDG 9, Build resilient infrastructure, promote sustainable industrialization and foster innovation, and SDG 11, Make cities inclusive, safe, resilient and sustainable.

Transformative, impactful research

At the UOC, we see research as a strategic tool to advance towards a future society that is more critical, responsible and nonconformist. With this vision, we conduct applied research that's interdisciplinary and linked to the most important social, technological and educational challenges.

The UOC’s over 500 researchers and more than 50 research groups are working in five research units focusing on five missions: lifelong learning; ethical and human-centred technology; digital transition and sustainability; culture for a critical society, and digital health and planetary well-being.

The university's Hubbik platform fosters knowledge transfer and entrepreneurship in the UOC community.

More information: www.uoc.edu/en/research