{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T12:48:29Z","timestamp":1781354909241,"version":"3.54.1"},"reference-count":40,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,2,24]],"date-time":"2024-02-24T00:00:00Z","timestamp":1708732800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Science and Technology Directorate of the United States Department of Homeland Security","award":["D15PC00204"],"award-info":[{"award-number":["D15PC00204"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Things"],"published-print":{"date-parts":[[2024,5,31]]},"abstract":"<jats:p>With the growth of the Internet of Things (IoT), the number of cyber attacks on the Internet is on the rise. However, the resource-constrained nature of IoT devices and their networks makes many classical security systems ineffective or inapplicable. We introduce TWINKLE, a two-mode, adaptive security framework that allows an IoT network to be in regular mode for most of the time, which incurs a low resource consumption rate, and to switch to vigilant mode only when suspicious behavior is detected, which potentially incurs a higher overhead. Compared to the early version of this work, this article presents a more comprehensive design and architecture of TWINKLE, describes challenges and details in implementing TWINKLE, and reports evaluations of TWINKLE based on real-world IoT testbeds with more metrics. We show the efficacy of TWINKLE in two case studies where we examine two existing intrusion detection and prevention systems and transform both into new, improved systems using TWINKLE. Our evaluations show that TWINKLE is not only effective at securing resource-constrained IoT networks, but can also successfully detect and prevent attacks with a significantly lower overhead and detection latency than existing solutions.<\/jats:p>","DOI":"10.1145\/3617504","type":"journal-article","created":{"date-parts":[[2023,11,17]],"date-time":"2023-11-17T12:13:56Z","timestamp":1700223236000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["A Two-Mode, Adaptive Security Framework for Smart Home Security Applications"],"prefix":"10.1145","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2018-1406","authenticated-orcid":false,"given":"Devkishen","family":"Sisodia","sequence":"first","affiliation":[{"name":"University of Oregon, Eugene, OR, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5308-5672","authenticated-orcid":false,"given":"Jun","family":"Li","sequence":"additional","affiliation":[{"name":"University of Oregon, Eugene, OR, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-8333-4484","authenticated-orcid":false,"given":"Samuel","family":"Mergendahl","sequence":"additional","affiliation":[{"name":"University of Oregon, Eugene, OR, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3531-7003","authenticated-orcid":false,"given":"Hasan","family":"Cam","sequence":"additional","affiliation":[{"name":"Best Buy, Richfield, MN, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,2,24]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"2019. Snort - Network Intrusion Detection & Prevention System. Retrieved from https:\/\/www.snort.org\/"},{"key":"e_1_3_1_3_2","unstructured":"2019. Suricata - Open Source IDS \/ IPS \/ NSM Engine. Retrieved from https:\/\/suricata-ids.org\/"},{"issue":"3","key":"e_1_3_1_4_2","doi-asserted-by":"crossref","first-page":"1223","DOI":"10.1109\/SURV.2012.121912.00006","article-title":"On the vital areas of intrusion detection systems in wireless sensor networks","volume":"15","author":"Abduvaliyev Abror","year":"2013","unstructured":"Abror Abduvaliyev, Al-Sakib Khan Pathan, Jianying Zhou, Rodrigo Roman, and Wai-Choong Wong. 2013. On the vital areas of intrusion detection systems in wireless sensor networks. IEEE Communications Surveys & Tutorials 15, 3 (2013), 1223\u20131237.","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"e_1_3_1_5_2","first-page":"269","volume-title":"Proceedings of the 7th International Conference on Body Area Networks","author":"Abie Habtamu","year":"2012","unstructured":"Habtamu Abie and Ilangko Balasingham. 2012. Risk-based adaptive security for smart IoT in eHealth. In Proceedings of the 7th International Conference on Body Area Networks. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 269\u2013275."},{"key":"e_1_3_1_6_2","first-page":"408","volume-title":"Proceedings of the International Conference on Ubiquitous Computing and Ambient Intelligence","author":"Bernabe Jorge Bernal","year":"2014","unstructured":"Jorge Bernal Bernabe, Jose Luis Hernandez, M. Victoria Moreno, and Antonio F. Skarmeta Gomez. 2014. Privacy-preserving security framework for a social-aware Internet of Things. In Proceedings of the International Conference on Ubiquitous Computing and Ambient Intelligence. Springer, 408\u2013415."},{"key":"e_1_3_1_7_2","doi-asserted-by":"crossref","first-page":"19066","DOI":"10.1109\/ACCESS.2021.3051469","article-title":"An IoT attribute-based security framework for topic-based publish\/subscribe systems","volume":"9","author":"Blazy Olivier","year":"2021","unstructured":"Olivier Blazy, Emmanuel Conchon, Mathieu Klingler, and Damien Sauveron. 2021. An IoT attribute-based security framework for topic-based publish\/subscribe systems. IEEE Access 9 (2021), 19066\u201319077.","journal-title":"IEEE Access"},{"key":"e_1_3_1_8_2","article-title":"Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities","author":"Celik Z. Berkay","year":"2018","unstructured":"Z. Berkay Celik, Earlence Fernandes, Eric Pauley, Gang Tan, and Patrick McDaniel. 2018. Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities. arXiv:1809.06962. Retrieved from https:\/\/arxiv.org\/abs\/1809.06962","journal-title":"arXiv:1809.06962"},{"key":"e_1_3_1_9_2","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS \u201919)","author":"Celik Z. Berkay","year":"2019","unstructured":"Z. Berkay Celik, Gang Tan, and Patrick McDaniel. 2019. IOTGUARD: Dynamic enforcement of security and safety policy in commodity IoT. In Proceedings of the Network and Distributed System Security Symposium (NDSS \u201919)."},{"key":"e_1_3_1_10_2","first-page":"606","volume-title":"Proceedings of the IFIP\/IEEE International Symposium on Integrated Network Management","author":"Cervantes Christian","year":"2015","unstructured":"Christian Cervantes, Diego Poplade, Michele Nogueira, and Aldri Santos. 2015. Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for Internet of Things. In Proceedings of the IFIP\/IEEE International Symposium on Integrated Network Management. IEEE, 606\u2013611."},{"key":"e_1_3_1_11_2","unstructured":"Tony Cheneau. 2013. SimpleRPL. Retrieved from https:\/\/github.com\/tcheneau\/simpleRPL"},{"issue":"1","key":"e_1_3_1_12_2","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1145\/2398356.2398377","article-title":"Computer security and the modern home","volume":"56","author":"Denning Tamara","year":"2013","unstructured":"Tamara Denning, Tadayoshi Kohno, and Henry M. Levy. 2013. Computer security and the modern home. ACM Communications 56, 1 (2013), 94\u2013103.","journal-title":"ACM Communications"},{"key":"e_1_3_1_13_2","first-page":"1548","volume-title":"Proceedings of the IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No. 01CH37213)","volume":"3","author":"Feeney Laura Marie","year":"2001","unstructured":"Laura Marie Feeney and Martin Nilsson. 2001. Investigating the energy consumption of a wireless network interface in an Ad Hoc networking environment. In Proceedings of the IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No. 01CH37213), Vol. 3. IEEE, 1548\u20131557."},{"key":"e_1_3_1_14_2","first-page":"636","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes, Jaeyeon Jung, and Atul Prakash. 2016. Security analysis of emerging smart home applications. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 636\u2013654."},{"key":"e_1_3_1_15_2","volume-title":"Proceedings of the Network and Distributed Security Symposium (NDSS \u201918)","author":"Fernandes Earlence","year":"2018","unstructured":"Earlence Fernandes, Amir Rahmati, Jaeyeon Jung, and Atul Prakash. 2018. Decentralized action integrity for trigger-action IoT platforms. In Proceedings of the Network and Distributed Security Symposium (NDSS \u201918)."},{"key":"e_1_3_1_16_2","first-page":"255","volume-title":"Proceedings of the 27th USENIX Security Symposium","author":"He Weijia","year":"2018","unstructured":"Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus D\u00fcrmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking access control and authentication for the home Internet of Things (IoT). In Proceedings of the 27th USENIX Security Symposium. 255\u2013272."},{"key":"e_1_3_1_17_2","unstructured":"Scott Hilton. 2016. Dyn Analysis Summary of Friday October 21 Attack. Retrieved from https:\/\/dyn.com\/blog\/dyn-analysis-summary-of-friday-october-21-attack"},{"key":"e_1_3_1_18_2","unstructured":"Ionut Ilascu. 2018. IoT Botnets Responsible for More Powerful DDoS Attacks. Retrieved from https:\/\/www.bitdefender.com\/box\/blog\/iot-news\/iot-botnets-responsible-powerful-ddos-attacks\/"},{"key":"e_1_3_1_19_2","first-page":"1","volume-title":"Proceedings of the IEEE 18th International Symposium on Personal, Indoor and Mobile Radio Communications","author":"Kalofonos Dimitris N.","year":"2007","unstructured":"Dimitris N. Kalofonos and Saad Shakhshir. 2007. IntuiSec: A framework for intuitive user interaction with smart home security using mobile devices. In Proceedings of the IEEE 18th International Symposium on Personal, Indoor and Mobile Radio Communications. IEEE, 1\u20135."},{"key":"e_1_3_1_20_2","first-page":"1","article-title":"An enhanced security framework for home appliances in smart home","author":"Kang Won Min","year":"2017","unstructured":"Won Min Kang, Seo Yeon Moon, and Jong Hyuk Park. 2017. An enhanced security framework for home appliances in smart home. Human-centric Computing and Information Sciences, 1\u20136.","journal-title":"Human-centric Computing and Information Sciences"},{"key":"e_1_3_1_21_2","unstructured":"S. Kent and R. Atkinson. 2015. RFC 2401: Security Architecture for the Internet Protocol. Retrieved from https:\/\/www.rfc-editor.org\/rfc\/rfc2401.html"},{"key":"e_1_3_1_22_2","doi-asserted-by":"crossref","first-page":"968","DOI":"10.1109\/TIFS.2016.2647225","article-title":"Anonymous secure framework in connected smart home environments","author":"Kumar Pardeep","year":"2017","unstructured":"Pardeep Kumar, An Braeken, Andrei Gurtov, Jari Iinatti, and Phuong Ha. 2017. Anonymous secure framework in connected smart home environments. IEEE Transactions on Information Forensics and Security, 968\u2013979.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"e_1_3_1_23_2","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1145\/3301293.3302371","volume-title":"Proceedings of the 20th International Workshop on Mobile Computing Systems and Applications","author":"Mare Shrirang","year":"2019","unstructured":"Shrirang Mare, Logan Girvin, Franziska Roesner, and Tadayoshi Kohno. 2019. Consumer smart homes: Where we are and where we need to go. In Proceedings of the 20th International Workshop on Mobile Computing Systems and Applications. ACM, 117\u2013122."},{"issue":"3","key":"e_1_3_1_24_2","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1109\/TDSC.2005.35","article-title":"D-WARD: A source-end defense against flooding denial-of-service attacks","volume":"2","author":"Mirkovic Jelena","year":"2005","unstructured":"Jelena Mirkovic and Peter Reiher. 2005. D-WARD: A source-end defense against flooding denial-of-service attacks. IEEE transactions on Dependable and Secure Computing 2, 3 (2005), 216\u2013232.","journal-title":"IEEE transactions on Dependable and Secure Computing"},{"key":"e_1_3_1_25_2","unstructured":"R. Moskowitz and P. Nikander. 2015. RFC 4423: Host Identity Protocol Architecture. Retrieved from https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-hip-arch"},{"key":"e_1_3_1_26_2","first-page":"165","volume-title":"Proceedings of the IEEE 10th International Conference on Wireless and Mobile Computing","author":"Neisse Ricardo","year":"2014","unstructured":"Ricardo Neisse, Gary Steri, and Gianmarco Baldini. 2014. Enforcement of security policy rules for the Internet of Things. In Proceedings of the IEEE 10th International Conference on Wireless and Mobile Computing. IEEE, 165\u2013172."},{"key":"e_1_3_1_27_2","first-page":"79","volume-title":"Proceedings of the IEEE Conference on Communications and Network Security","author":"Notra Sukhvir","year":"2014","unstructured":"Sukhvir Notra, Muhammad Siddiqi, Hassan Habibi Gharakheili, Vijay Sivaraman, and Roksana Boreli. 2014. An experimental study of security and privacy risks with emerging household appliances. In Proceedings of the IEEE Conference on Communications and Network Security. IEEE, 79\u201384."},{"issue":"23","key":"e_1_3_1_28_2","doi-asserted-by":"crossref","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","article-title":"Bro: A system for detecting network intruders in real-time","volume":"31","author":"Paxson Vern","year":"1999","unstructured":"Vern Paxson. 1999. Bro: A system for detecting network intruders in real-time. Computer Networks 31, 23-24 (1999), 2435\u20132463. Retrieved from http:\/\/www.icir.org\/vern\/papers\/bro-CN99.pdf","journal-title":"Computer Networks"},{"key":"e_1_3_1_29_2","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1109\/SecDev.2018.00012","volume-title":"Proceedings of the IEEE Cybersecurity Development (SecDev \u201918)","author":"Rahmati Amir","year":"2018","unstructured":"Amir Rahmati, Earlence Fernandes, Kevin Eykholt, and Atul Prakash. 2018. Tyche: A risk-based permission model for smart homes. In Proceedings of the IEEE Cybersecurity Development (SecDev \u201918). IEEE, 29\u201336."},{"key":"e_1_3_1_30_2","doi-asserted-by":"crossref","first-page":"90075","DOI":"10.1109\/ACCESS.2021.3077069","article-title":"Deep learning and blockchain-empowered security framework for intelligent 5G-Enabled IoT","volume":"9","author":"Rathore Shailendra","year":"2021","unstructured":"Shailendra Rathore, Jong Hyuk Park, and Hangbae Chang. 2021. Deep learning and blockchain-empowered security framework for intelligent 5G-Enabled IoT. IEEE Access 9 (2021), 90075\u201390083.","journal-title":"IEEE Access"},{"issue":"8","key":"e_1_3_1_31_2","doi-asserted-by":"crossref","first-page":"2661","DOI":"10.1016\/j.adhoc.2013.04.014","article-title":"SVELTE: Real-time intrusion detection in the Internet of Things","volume":"11","author":"Raza Shahid","year":"2013","unstructured":"Shahid Raza, Linus Wallgren, and Thiemo Voigt. 2013. SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc Networks 11, 8 (2013), 2661\u20132674.","journal-title":"Ad hoc Networks"},{"key":"e_1_3_1_32_2","first-page":"640","volume-title":"Proceedings of the IEEE Consumer Communications & Networking Conference","author":"Roman Rodrigo","year":"2006","unstructured":"Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2006. Applying intrusion detection systems to wireless sensor networks. In Proceedings of the IEEE Consumer Communications & Networking Conference. IEEE, 640\u2013644."},{"issue":"12","key":"e_1_3_1_33_2","article-title":"Management of resource constrained devices in the Internet of Things","volume":"50","author":"Sehgal Anuj","year":"2012","unstructured":"Anuj Sehgal, Vladislav Perelman, Siarhei Kuryla, and Jurgen Schonwalder. 2012. Management of resource constrained devices in the Internet of Things. IEEE Communications Magazine 50, 12 (2012).","journal-title":"IEEE Communications Magazine"},{"issue":"1","key":"e_1_3_1_34_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3428026","article-title":"Aegis+ A context-aware platform-independent security framework for smart home systems","volume":"2","author":"Sikder Amit Kumar","year":"2021","unstructured":"Amit Kumar Sikder, Leonardo Babun, and A Selcuk Uluagac. 2021. Aegis+ A context-aware platform-independent security framework for smart home systems. Digital Threats: Research and Practice 2, 1 (2021), 1\u201333.","journal-title":"Digital Threats: Research and Practice"},{"key":"e_1_3_1_35_2","first-page":"551","volume-title":"Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops","author":"Simpson Anna Kornfeld","year":"2017","unstructured":"Anna Kornfeld Simpson, Franziska Roesner, and Tadayoshi Kohno. 2017. Securing vulnerable home IoT devices with an in-hub security manager. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops. IEEE, 551\u2013556."},{"key":"e_1_3_1_36_2","first-page":"22","volume-title":"Proceedings of the 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm \u201918)","author":"Sisodia Devkishen","year":"2018","unstructured":"Devkishen Sisodia, Samuel Mergendahl, Jun Li, and Hasan Cam. 2018. Securing the smart home via a two-mode security framework. In Proceedings of the 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm \u201918). Springer, 22\u201342."},{"issue":"2","key":"e_1_3_1_37_2","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1109\/MTS.2018.2826079","article-title":"Smart IoT devices in the home: Security and privacy implications","volume":"37","author":"Sivaraman Vijay","year":"2018","unstructured":"Vijay Sivaraman, Hassan Habibi Gharakheili, Clinton Fernandes, Narelle Clark, and Tanya Karliychuk. 2018. Smart IoT devices in the home: Security and privacy implications. IEEE Technology and Society Magazine 37, 2 (2018), 71\u201379.","journal-title":"IEEE Technology and Society Magazine"},{"key":"e_1_3_1_38_2","unstructured":"Julie Song. 2019. The Realities Of Smart City Development. Retrieved from https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2019\/05\/14\/the-realities-of-smart-city-development"},{"key":"e_1_3_1_39_2","unstructured":"OSSEC Project Team. 2019. OSSEC: Open Source HIDS SECurity. Retrieved from https:\/\/ossec.github.io\/index.html"},{"issue":"8","key":"e_1_3_1_40_2","first-page":"1","article-title":"Routing attacks and countermeasures in the RPL-based Internet of Things","volume":"9","author":"Wallgren Linus","year":"2013","unstructured":"Linus Wallgren, Shahid Raza, and Thiemo Voigt. 2013. Routing attacks and countermeasures in the RPL-based Internet of Things. International Journal of Distributed Sensor Networks 9, 8 (2013), 1\u201311.","journal-title":"International Journal of Distributed Sensor Networks"},{"key":"e_1_3_1_41_2","unstructured":"T. Winter P. Thubert A. Brandt J. W. Hui and R. Kelsey. 2012. RFC 6550: RPL: IPv6 Routing Protocol for Low-power and Lossy Networks. Retrieved from https:\/\/tools.ietf.org\/html\/rfc6550"}],"container-title":["ACM Transactions on Internet of Things"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3617504","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3617504","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:45:58Z","timestamp":1750178758000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3617504"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,24]]},"references-count":40,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,5,31]]}},"alternative-id":["10.1145\/3617504"],"URL":"https:\/\/doi.org\/10.1145\/3617504","relation":{},"ISSN":["2691-1914","2577-6207"],"issn-type":[{"value":"2691-1914","type":"print"},{"value":"2577-6207","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,2,24]]},"assertion":[{"value":"2021-11-30","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-05-31","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-02-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}