智能家居已成为现代生活的重要组成，使用户得以体验便捷的生活。然而，物联网（IoT）设备的安全和隐私隐患也愈发暴露，智能家居成为了网络攻击和物理攻击的主要目标。IoT网络异常检测系统（NADS）是上述问题的有效解决方案。现有的NADS主要采用基于规则或基于机器学习的方法来检测异常。然而，在实际应用中，人们常常需要平衡检测系统的高效性、有效性、可解释性和可管理性。一方面，基于规则的NADS通常易于解释，但在复杂问题上可能无法足够有效,且依赖专家更新管理，管理维护较难。基于机器学习的NADS通常提供更好的有效性，但缺乏可解释性，并且可能无法满足监管和合规要求。另一方面，网络侧的NADS虽然具有高效性，但因为信息有限往往有效性不足，端侧的NADS则通常不够高效。此外，现有的NADS通常将IoT设备视为独立实体，并通过欧几里得空间特征来建模。因为缺少语义信息,这些方法对新攻击的检测准确性较低。在本文中，我们提出了两种新型针对智慧家庭的NADS，包括一种基于网络流量的异常检测系统（IoTSky）和一种事件验证系统（SeIoT），以检测和预防网络攻击和物理攻击。IoTSky是个两阶段网络流量异常检测模型，旨在同时利用监督学习和无监督学习技术检测网络攻击。它由两个主要组件Metis和Hermes组成。Metis是一个高效且可解释的基于监督学习的正则表达式匹配系统，实现数据包级别的防御来对抗现有的网络攻击。针对当前IoT设备的流量特征，Hermes实现了一种基于规则聚类和无监督学习的异常检测系统，在流级别重新检测Metis判定为良性的流量，以识别未知攻击，进而更新Metis。SeIoT是个基于知识图谱和图神经网络的事件验证系统，旨在通过分析设备流量，获取智慧家庭整体状态来检测物理攻击。它由四个组件组成：数据包解析器、行为指纹、特征提取和异常检测。SeIoT使用行为指纹从流量中直接获取物联网设备和环境属性的状态，并更新知识图谱以表示智慧家庭的状态。之后，异常检测模块使用基于特征分离的异构图注意力网络（FS-HAN）和基于自动机的规则模型，利用交互相关语义信息和时间相关语义信息实现双模态异常检测。为了有效评估上述两个方案，基于米家平台，我们构建了真实的智慧家庭数据集，包含多类家庭常用的IoT设备。实验结果表明本文所提出的两个系统可以高精度地检测网络攻击和物理攻击，为智慧家庭提供稳定而安全的环境。

Smart homes have become an integral part of modern living, providing convenience and comfort to their inhabitants. However, with the increasing number of Internet of Things (IoT) devices, smart homes are becoming vulnerable to cyberattacks and physical attacks. The IoT Network Anomaly Detection System (NADS) is a deployable method to protect smart homes.Existing IoT NADSs mainly apply rule-based or machine learning-based methods to detect anomalies.However, in practical applications, people often need to balance efficiency, effectiveness, interpretability, and manageability. Rule-based NADSs are usually easy to interpret and manage, but may not achieve high effectiveness in complex problems. Machine learning-based NADSs often provide better effectiveness, but often lacks interpretability and manageability, and may not meet some regulatory and compliance requirements. Besides, although NADSs in network are efficient, they often lack effectiveness due to limited information. Instead, NADSs in terminal are typically lack efficiency.Moreover, existing IoT NADSs typically treat IoT devices as independent entities and model them by Euclidean space features. These approaches suffer from low accuracies on new attacks (e.g. physical attacks and evasion attacks), since they miss out the semantics.In this thesis, we propose two smart home NADSs including a network traffic-based anomaly detection system (IoTSky) and an event verification system (SeIoT) to detect and prevent cyberattacks and physical attacks.IoTSky is designed to detect cyberattacks using both supervised learning and unsupervised learning techniques. It consists of two major components, Metis and Hermes.Metis, an efficient and interpretable supervised learning-based regular expression matching system, is utilized to achieve packet-level blocking defense against existing cyberattacks. Hermes implements an effective unsupervised learning-based anomaly detection customized for smart homes to detect flow-level traffic judged as benign by Metis, thus discovering zero-day attacks.SeIoT is designed to detect physical attacks using IoT device traffic analysis. It consists of four components: Packet Parser, Action Fingerprint, Feature Extraction, and Anomaly Detection. SeIoT acquires the states of IoT devices and environment attributes using traffic analysis and updates the knowledge graph to represent the smart home‘s state. The Anomaly Detection module then achieves bimodal anomaly detection for interaction-related and time-related semantic information using a feature separation-based heterogeneous graph attention network (FS-HAN) and flow-level feature counting, respectively.For evaluation, we construct a real-world testbed of more than 40 off-the-shelf smart devices and evaluate the detection performance on both cyberattacks and physical attacks.The results showed that IoTSky and SeIoT can effectively detect cyberattacks and physical attacks, respectively, with high accuracy. These two systems can provide a robust and secure environment for smart homes, ensuring the safety and privacy of their inhabitants.