The Internet of Things (IoT), which has played a significant role in various scenarios nowadays, is increasing in popularity and facilitating human life. However, IoT devices are vulnerable due to their inadequate security defense mechanisms and increasing security vulnerabilities during rapid proliferation. A bi-layer intrusion detection system (IDS) based on device behavior profiling is proposed in this paper for smart home IoT networks. The system is composed of a supervised learning model and a novel rule set module, which enable the IDS to conduct detection duties more rapidly and accurately. The proposed IDS accomplishes three main functions: 1) detect malicious network traffic targeted at IoT devices, 2) reveal the attack types represented by malicious traffic, and 3) automatically construct the rule set reflecting benign device behaviors to expedite detection. A testbed is established to capture network traffic from real smart home IoT devices in order to conduct device profile investigations. To evaluate the performance of the proposed IDS, a unique test dataset is constructed. False Alarm Rate (FAR) and Missing Alarm Rate (MAR) values are calculated for evaluation. The system performance is evaluated in terms of detection and classification accuracy. The accuracy of detection is shown by FAR and MAR, both of which can reach 0%. The accuracy of classification is given by the F1 score, which can reach 99.51%.