SysGuard-2024

SysGuard-2024.github.io

Detecting and Handling WoT Violations by Learning Physical Interactions from Device Logs

We propose a novel WoT violation detecting and handling approach, named SysGuard. SysGuard models physical interactions between actuators and environment attributes as a Physical Interaction Graph (PIG) and learns these interactions from device logs. SysGuard monitors device logs during runtime and infers the PIG to predict violation states and generate handling policies that can transition the violation states to the target states.
To evaluate SysGuard, we construct the first real-world WoT violation dataset by collecting device logs from two WoT systems, and annotate the collected logs with ten frequently reported violation types.

Dataset

We continuously collect four weeks of device logs starting from the initial states of two typical real-world WoT systems, including a smart home WoT system and a intelligent building WoT system.
In the smart home WoT system, there are 45 actuators of 16 different types and 43 sensors of 9 different types deployed in 7 spaces. In the intelligent building WoT system, there are 36 actuators of 13 different types and 34 sensors of 8 different types deployed in 5 spaces. The deployed devices and spatial layout are illustrated as follows:

For each WoT system, we also use the graph database neo4j to represent the spatial layout of deployed devices, the relationships between environmental spaces, and the attribute states of devices and spaces.
The environment representation of the smart home WoT system: LINK (bolt port: 7688, username: neo4j, password: 12345678)
The environment representation of the intelligent building WoT system: LINK (bolt port: 7687, username: neo4j, password: 12345678)

Each device corresponds to a device description model that documents its functionality, as well as a device proxy service that integrates the device into WoT system and generates device logs. Additionally, we also access the daytime, outdoor weather, air quality, temperature, humidity, and ultraviolet conditions through online weather forecasting services. For each WoT system, multiple trigger-action style automation applications are developed to meet the daily needs of users, listed as follows:

In the smart home WoT system, an average of 350 device logs are collected per day, with a total of 9981 valid device logs collected. In the intelligent building WoT system, an average of 1,250 device logs are collected per day, with a total of 34,916 device logs collected. For each device log, we anonymize the sensitive data such as user information, and record it in the following format:

To make the dataset more realistic and targeted, we summarize 10 types of frequently reported real-world violations according to the previous user studies and our interviews with the stakeholders and individuals of each environment, as shown below. Each violation involves the effect of physical interactions that may occur in the smart home WoT system (marked as H) or the intelligent building WoT system (marked as B). For each type of violation, we manually review the collected device logs and label a total of 1,571 violations in the “violationLabel” field of the device logs.

Violation Description Tool

To help non-technical users customize violation rules, SysGuard provides a GUI tool to simplify this process. The tool is designed similarly to the popular WoT application construction tools such as IFTTT, which automatically initializes using environment information, and allows users to easily configure violation and target states through mouse clicks. The GUI of the violation description tool is shown below.

Additionally, we also provide the example violation rules constructed for the ten violations in the smart home WoT system and intelligent building WoT system.
Example violation rules in smart home WoT system: LINK
Example violation rules in intelligent building WoT system: LINK

Code

The source code of SysGuard is provided to support future research efforts.