Protecting network devices from suspicious communications

The invention claimed is: 1. A method comprising: determining, based on detected Internet communication associated with a first device of a plurality of devices in a premises network and information associated with expected communication behavior for the first device, a degree of communication deviation; comparing the degree of communication deviation with a threshold; and restricting, based on the comparing, further communication to or from the first device. 2. The method of claim 1 , wherein the restricting further communication comprises one or more of: restricting a packet size sent from the first device; restricting a communication time for the first device; restricting a communication attempt from the first device to a second device in the premises network; or restricting a communication attempt from a third device to the first device in the premises network. 3. The method of claim 1 , wherein the comparing the degree of communication deviation with the threshold comprises comparing an expected size of data packets communicated by the first device with a current size of data packets communicated by the first device. 4. The method of claim 1 , wherein the comparing the degree of communication deviation with the threshold comprises comparing an expected frequency of communications of the first device with a current frequency of communications of the first device. 5. The method of claim 1 , further comprising: comparing the degree of communication deviation with a second threshold, wherein the restricting further communication comprises: applying a communication parameter to the first device based on the degree of communication deviation with the second threshold. 6. The method of claim 1 , further comprising: determining a communication attempt from a second device to the first device; determining a security status associated with the second device; and restricting, based on the determined security status, the communication attempt. 7. The method of claim 1 , further comprising: changing, based on the comparing, a security status of the first device, wherein restricting further communication to or from the first device is based on the security status. 8. A method comprising: determining, based on communication associated with a first security device of a plurality of security devices in a home security system and information associated with expected communication behavior for the first security device, a degree of communication deviation; comparing the degree of communication deviation with a threshold; and causing, based on whether the degree of communication deviation exceeds the threshold, application of one or more communication parameters to further communication to or from the first security device. 9. The method of claim 8 , wherein the causing application of the one or more communication parameters is based on whether a packet size associated with the communication associated with the first security device differs from the expected communication behavior by a first threshold level. 10. The method of claim 8 , wherein the causing application of the one or more communication parameters is based on whether a frequency of communication associated with the communication of the first security device differs from the expected communication behavior by a second threshold level. 11. The method of claim 8 , further comprising: setting, based on determining that a sensor type of a second security device corresponds to a sensor type of the first security device, a security status of the second security device by using the information associated with expected communication behavior for the first security device. 12. The method of claim 8 , wherein the causing application of one or more communication parameters comprises blocking further communication to or from the first security device. 13. The method of claim 8 , further comprising: changing, based on the comparing, a security status of the first security device, wherein causing application of one or more communication parameters to further communication to or from the first security device is based on the security status. 14. The method of claim 8 , further comprising: updating, based on another detected communication associated with the first security device, an expected communication behavior of the first security device. 15. A method comprising: determining a first change in communication behavior of detected Internet communication associated with a first device of a plurality of devices in a premises network; determining a second change in communication behavior of detected Internet communication associated with a second device of the plurality of devices in the premises network; and restricting, based on the first change in communication behavior and the second change in communication behavior, further communication between the first device and the second device. 16. The method of claim 15 , wherein restricting further communication between the first device and the second device comprises causing application of one or more different communication parameters to further communication between the first device and the second device. 17. The method of claim 15 , further comprising: determining a first communication attempt from the second device to the first device; blocking communication associated with the first communication attempt; determining, based on another communication associated with the second device, a third change in communication behavior of the second device; determining a second communication attempt from the second device to the first device; and allowing, based on the first change in communication behavior and the third change in communication behavior, communication associated with the second communication attempt. 18. The method of claim 15 , wherein each of the first change in communication behavior and the second change in communication behavior comprises one or more of: a change in a communication packet size; a change in a communication time; a change in a communication frequency; and/or a change in a communication target device. 19. The method of claim 15 , further comprising: setting, based on determining that a sensor type of the second device corresponds to a sensor type of the first device, a security status of the second device; and determining the second change in communication behavior of the second device is based on expected communication behavior for the first device. 20. The method of claim 15 , wherein restricting further communication between the first device and the second device comprises blocking further communication to or from the first device. 21. An apparatus comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to: determine, based on detected Internet communication associated with a first device of a plurality of devices in a premises network and information associated with expected communication behavior for the first device, a degree of communication deviation; compare the degree of communication deviation with a threshold; and restrict, based on the comparing, further communication to or from the first device. 22. The apparatus of claim 21 , wherein the instructions, when executed by the one or more processors, cause the apparatus to restrict further communication by one or more of: restricting a packet size sent from the first