For the past few years, the Consumer Internet of Things (CIoT) has entered public lives. While CIoT has improved the convenience of people's daily lives, it has also brought new security and privacy concerns. In this survey, we try to figure out what researchers can learn about the security and privacy of CIoT by traffic analysis, a popular method in the security community. From the security and privacy perspective, this survey seeks out the new characteristics in CIoT traffic analysis, the state-of-the-art progress in CIoT traffic analysis, and the challenges yet to be solved. We collected 310 papers from January 2018 to December 2023 related to CIoT traffic analysis from the security and privacy perspective and summarized the process of CIoT traffic analysis in which the new characteristics of CIoT are identified. Then, we detail existing works based on five application goals: device fingerprinting, user activity inference, malicious traffic analysis, security analysis, and measurement. At last, we discuss the new challenges and future research directions.

翻译：近年来，消费物联网（CIoT）已深入公众生活。CIoT在提升日常生活便利性的同时，也带来了新的安全与隐私隐患。本综述试图探究研究人员如何通过流量分析——安全领域的一种常用方法——来理解CIoT的安全与隐私问题。从安全与隐私视角出发，本综述梳理了CIoT流量分析中呈现的新特征、该领域的最新研究进展，以及尚待解决的挑战。我们收集了2018年1月至2023年12月期间与CIoT流量分析相关的310篇论文，从安全与隐私角度总结了CIoT流量分析的流程，并识别出CIoT的新特征。随后，基于五项应用目标（设备指纹识别、用户行为推断、恶意流量分析、安全性分析与测量）详细阐述了现有工作。最后，我们讨论了新出现的挑战及未来研究方向。