Consumer Internet of Things (CIoT) traffic analysis faces unique security and privacy challenges due to heterogeneous devices, constrained resources, and sensitive user data. Method: We conduct a systematic literature review (SLR) covering 303 papers published between 2018 and 2024, introducing the first CIoT-specific traffic analysis framework. Using a phased challenge analysis approach, we identify critical bottlenecks across four core tasks: device fingerprinting, user behavior inference, malicious traffic detection, and empirical measurement. Our methodology integrates topic modeling and cross-study comparative analysis across the full technical stack—traffic capture, feature engineering, ML-based detection, and privacy quantification. Contribution/Results: We propose the most comprehensive taxonomy for CIoT security and privacy traffic research to date; construct a structured knowledge graph; uncover high-stealth privacy leakage patterns; and deliver a reusable analytical paradigm—enabling both academic advancement and industry-aligned security design standards.

The Consumer Internet of Things (CIoT), a notable segment within the IoT domain, involves the integration of IoT technology into consumer electronics and devices, such as smart homes and smart wearables. Compared to traditional IoT fields, CIoT differs notably in target users, product types, and design approaches. While offering convenience to users, it also raises new security and privacy concerns. Network traffic analysis, a widely used technique in the security community, has been extensively applied to investigate these concerns about CIoT. Compared to network traffic analysis in other fields such as mobile apps and websites, CIoT presents unique characteristics, introducing new challenges and research opportunities. Researchers have made significant contributions in this area. To aid researchers in understanding the application of traffic analysis tools for studying CIoT security and privacy risks, this survey reviews 303 publications on traffic analysis within the CIoT security and privacy domain from January 2018 to June 2024, focusing on three research questions. Our work: 1) outlines the CIoT traffic analysis process and highlights its differences from general network traffic analysis. 2) summarizes and classifies existing research into four categories according to its application objectives: device fingerprinting, user activity inference, malicious traffic detection, and measurement. 3) explores emerging challenges and potential future research directions based on each step of the CIoT traffic analysis process. This will provide new insights to the community and guide the industry towards safer product designs.