The Consumer Internet of Things (CIoT), a notable segment within the IoT domain, involves the integration of IoT technology into consumer electronics and devices, such as smart homes and smart wearables. Compared to traditional IoT fields, CIoT differs notably in target users, product types, and design approaches. While offering convenience to users, it also raises new security and privacy concerns. Network traffic analysis, a widely used technique in the security community, has been extensively applied to investigate these concerns about CIoT. Compared to network traffic analysis in other fields such as mobile apps and websites, CIoT presents unique characteristics, introducing new challenges and research opportunities. Researchers have made significant contributions in this area. To aid researchers in understanding the application of traffic analysis tools for studying CIoT security and privacy risks, this survey reviews 303 publications on traffic analysis within the CIoT security and privacy domain from January 2018 to June 2024, focusing on three research questions. Our work: 1) outlines the CIoT traffic analysis process and highlights its differences from general network traffic analysis. 2) summarizes and classifies existing research into four categories according to its application objectives: device fingerprinting, user activity inference, malicious traffic detection, and measurement. 3) explores emerging challenges and potential future research directions based on each step of the CIoT traffic analysis process. This will provide new insights to the community and guide the industry towards safer product designs.

翻译：消费物联网（CIoT）作为物联网领域的一个重要分支，涉及将物联网技术集成到消费电子与设备中，例如智能家居和智能可穿戴设备。与传统物联网领域相比，CIoT在目标用户、产品类型和设计方法上存在显著差异。它在为用户提供便利的同时，也引发了新的安全与隐私问题。网络流量分析作为安全社区广泛采用的技术，已被大量应用于探究CIoT相关的这些关切。与移动应用和网站等其他领域的网络流量分析相比，CIoT呈现出独特的特性，带来了新的挑战与研究机遇。研究人员已在该领域做出了重要贡献。为帮助研究者理解如何应用流量分析工具来研究CIoT的安全与隐私风险，本综述回顾了2018年1月至2024年6月期间关于CIoT安全与隐私领域流量分析的303篇文献，并聚焦于三个研究问题。我们的工作：1) 概述了CIoT流量分析流程，并强调了其与通用网络流量分析的差异。2) 根据应用目标将现有研究总结并归类为四类：设备指纹识别、用户活动推断、恶意流量检测以及测量分析。3) 基于CIoT流量分析流程的每个步骤，探讨了新兴挑战及未来潜在的研究方向。这将为该领域提供新的见解，并引导产业界朝着更安全的产品设计方向发展。