Behavior-Based Anomaly Detection in Access and Usage Control for Smart Home Environments

This paper proposes to enhance the security of smart home environments by integrating a behavior-based component in access and usage control systems to perform anomaly detection using machine learning. This component dynamically assesses each access request by assigning it an anomaly score based on its deviation from learned patterns of normal behavior. This enables context-sensitive and risk-aware policy enforcement, improving the system’s responsiveness to unusual or suspicious behavior. To train and evaluate anomaly detection models in the absence of real-world labeled datasets, we introduce an ontology-driven synthetic dataset generation method. This ontology encodes devices, contextual attributes, and subject behavior patterns to support scalable and customizable dataset creation across various domains. Based on this ontology, we generate different datasets of access requests for smart home scenarios and conduct an evaluation of standard performance metrics of both supervised and unsupervised machine learning models. Among the unsupervised models, Deep SVDD achieved the best results, with an accuracy of 88%, demonstrating strong generalization to unseen anomalous behavior. Supervised models, particularly SVM, reached 95% accuracy due to their training on a labeled dataset. While supervised models excel under controlled conditions, unsupervised models, especially Deep SVDD, proved more practical for real-world deployments where labeled anomalies are limited or unavailable. Our findings highlight the value of integrating anomaly detection into access and usage control systems and provide a reusable framework for detecting anomalous behavior patterns in smart environments.