Rajarshi Roy Chowdhury,Azam Che Idris,Pg Emeroylariffion Abas

DOI: https://doi.org/10.11591/ijai.v12.i1.pp232-240

2022-12-04

Abstract:The rapidly increasing number of internet of things (IoT) and non-IoT devices has imposed new security challenges to network administrators. Accurate device identification in the increasingly complex network structures is necessary. In this paper, a device fingerprinting (DFP) method has been proposed for device identification, based on digital footprints, which devices use for communication over a network. A subset of nine features have been selected from the network and transport layers of a single transmission control protocol/internet protocol packet based on attribute evaluators in Weka, to generate device-specific signatures. The method has been evaluated on two online datasets, and an experimental dataset, using different supervised machine learning (ML) algorithms. Results have shown that the method is able to distinguish device type with up to 100% precision using the random forest (RF) classifier, and classify individual devices with up to 95.7% precision. These results demonstrate the applicability of the proposed DFP method for device identification, in order to provide a more secure and robust network.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Jiahan Dong,Tong Jin,Bowen Li,Yinan Zhong,Guangxin Guo,Xiaohu Wang,Yanjiao Chen

DOI: https://doi.org/10.1109/cyberc62439.2024.00016

2024-01-01

Abstract:The Internet of Things (IoT) has significantly expanded the scope of the Internet by enabling seamless communication between devices and the cloud. However, the rapid proliferation of IoT devices has led to a surge in cyber-attacks, such as Distributed Denial of Service (DDoS) attacks, Man-in-the-Middle (MITM) attacks, and privacy data theft. These threats underscore the urgent need for robust device identification (DI) methods. However, current DI approaches often struggle with issues related to accuracy, generalizability across different network environments, privacy concerns, and real-time performance. To address these issues, we introduce DIFORMER, a novel method that leverages network packet data and advanced deep learning techniques, specifically the attention mechanism and residual networks. DIFORMER outperforms existing methods, even in privacy-limited scenarios, and is more generalizable as it does not strictly rely on features like MAC and IP addresses. Rigorous experiments confirm DIFORMER’s effectiveness and robustness, making it a promising solution for securing IoT environments.

Rajarshi Roy Chowdhury,Debashish Roy,Pg Emeroylariffion Abas

2024-02-26

Abstract:Internet of Things (IoT) is one of the technological advancements of the twenty-first century which can improve living standards. However, it also imposes new types of security challenges, including device authentication, traffic types classification, and malicious traffic identification, in the network domain. Traditionally, internet protocol (IP) and media access control (MAC) addresses are utilized for identifying network-connected devices in a network, whilst these addressing schemes are prone to be compromised, including spoofing attacks and MAC randomization. Therefore, device identification using only explicit identifiers is a challenging task. Accurate device identification plays a key role in securing a network. In this paper, a supervised machine learning-based device fingerprinting (DFP) model has been proposed for identifying network-connected IoT devices using only communication traffic characteristics (or implicit identifiers). A single transmission control protocol/internet protocol (TCP/IP) packet header features have been utilized for generating unique fingerprints, with the fingerprints represented as a vector of 22 features. Experimental results have shown that the proposed DFP method achieves over 98% in classifying individual IoT devices using the UNSW dataset with 22 smart-home IoT devices. This signifies that the proposed approach is invaluable to network operators in making their networks more secure.

Artificial Intelligence,Networking and Internet Architecture

Rajarshi Roy Chowdhury,Sandhya Aneja,Nagender Aneja,Emeroylariffion Abas

DOI: https://doi.org/10.48550/arXiv.2009.04682

2020-09-10

Cryptography and Security

Abstract:Device identification is the process of identifying a device on Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a wide variety of devices, protocols and control interfaces. In a network, conventional IoT devices identify each other by utilizing IP or MAC addresses, which are prone to spoofing. Moreover, IoT devices are low power devices with minimal embedded security solution. To mitigate the issue in IoT devices, fingerprint (DFP) for device identification can be used. DFP identifies a device by using implicit identifiers, such as network traffic (or packets), radio signal, which a device used for its communication over the network. These identifiers are closely related to the device hardware and software features. In this paper, we exploit TCP/IP packet header features to create a device fingerprint utilizing device originated network packets. We present a set of three metrics which separate some features from a packet which contribute actively for device identification. To evaluate our approach, we used publicly accessible two datasets. We observed the accuracy of device genre classification 99.37% and 83.35% of accuracy in the identification of an individual device from IoT Sentinel dataset. However, using UNSW dataset device type identification accuracy reached up to 97.78%.

Yinan Zhong,Mingyu Pan,Yanjiao Chen,Wenyuan Xu

DOI: https://doi.org/10.3390/sym16040443

2024-01-01

Abstract:The past few years have witnessed a wider adoption of Internet of Things (IoT) devices. Since IoT devices are usually deployed in an open and uncertain environment, device authentication is of great importance. However, traditional device fingerprint (DF) extraction methods have several disadvantages. First, existing DF extraction methods need private information from devices to compute DFs, which puts the privacy of devices at stake. Second, the manually designing features-based methods suffer from poor performance. To tackle these limitations, we propose a Linear Residual Neural Network-based DF extraction method, Res-DFNN, which utilizes network packet data in the pcap file to generate DF. The key block is designed according to symmetry, and it is verified by simulation that our method achieves better performance in both non-private and privacy-preserving scenarios.

Bruhadeshwar Bezawada,Maalvika Bachani,Jordan Peterson,Hossein Shirazi,Indrakshi Ray,Indrajit Ray

DOI: https://doi.org/10.48550/arXiv.1804.03852

2018-04-11

Abstract:The Internet-of-Things (IoT) has brought in new challenges in, device identification --what the device is, and, authentication --is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic protocol. However, the computational complexity of cryptographic protocols and/or scalability problems related to key management, render almost all cryptography based authentication protocols impractical for IoT. The problem of device identification is, on the other hand, sadly neglected. We believe that device fingerprinting can be used to solve both these problems effectively. In this work, we present a methodology to perform device behavioral fingerprinting that can be employed to undertake device type identification. A device behavior is approximated using features extracted from the network traffic of the device. These features are used to train a machine learning model that can be used to detect similar device types. We validate our approach using five-fold cross validation; we report a identification rate of 86-99% and a mean accuracy of 99%, across all our experiments. Our approach is successful even when a device uses encrypted communication. Furthermore, we show preliminary results for fingerprinting device categories, i.e., identifying different device types having similar functionality.

Cryptography and Security

Yiying Yu,Haixiang Wang,Dahua Zhang,Xiaojuan Zhang

DOI: https://doi.org/10.1109/ISAS61044.2024.10552505

2024-05-07

Abstract:In the realm of Industrial IoT, devices are characterized by their diversity and complexity. Upon connection, these devices are exposed to a myriad of security threats. Nevertheless, the adoption of unique device fingerprints facilitates the secure identification and authentication of these devices during access. In this study, we propose DevPF, a novel framework for IoT device identification based on passive traffic analysis. Unlike traditional active detection methods, DevPF analyzes network traffic characteristics without interacting with devices, ensuring minimal network load and no interference with device operations. The framework utilizes machine learning algorithms to classify devices based on extracted traffic features. Experimental results on a public IoT dataset demonstrate that DevPF achieves high classification accuracy, making it a promising solution for enhancing the security of IoT networks.

Computer Science,Engineering

Namin Hou,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603286

2024-01-01

Abstract:The advancement of Fifth-Generation (5G) technology has greatly enriched individuals' access to a broad array of convenient services, offering significant benefits in mobile communications, autonomous driving, smart homes, and the Internet of Things. However, with the increase in the number of network access devices, large and frequent data interactions have brought potential security risks to wireless networks, which are related to user privacy security, traffic safety, and even social security. Malicious intrusions targeting wireless communications have resulted in significant disruptions and incurred substantial losses. Presently, user identities in wireless communications rely on software-based data identifiers, which can be forged easily. This paper proposes a hardware-level device authentication mechanism that uses the intrinsic hardware characteristics of the transmitter (shown as impairments in the radio signal of the transmission link) for identity authentication. The resulting fingerprint is naturally distinctive and highly resistant to counterfeiting attempts. We use 5 devices across different models and 10 devices of the same model for experimental evaluation. Then we apply machine learning algorithms to construct a fingerprint database and device authentication, achieving an average of 82.4% precision, 89.9% recall, and 85.9% F1-score, which can help to safeguard the security of 5G communication.

Fangfang Dang,Lijing Yan,Ying Yang,Shuai Li,Dingding Li,Dong Niu

DOI: https://doi.org/10.1088/1742-6596/2781/1/012024

2024-06-16

Journal of Physics Conference Series

Abstract:With the rapid development of Electric Power Internet of Things (IoT) technology, a large number of devices are being networked and exposed to cyberspace. Due to the disparity in security design levels and lax management during usage, electric power terminals are susceptible targets for network attackers. This not only causes losses to device owners but also poses a threat to the overall cybersecurity of the network, as compromised devices can serve as nodes for botnets. The importance of addressing this issue cannot be underestimated. Asset identification is a prerequisite for the secure management of IoT devices. This paper analyzes and studies existing asset identification technologies. Existing device identification methods based on message content features have problems such as reliance on textual features of message content and difficulties in labeling large-scale data. To overcome these limitations, a machine learning-based classification method for IoT devices is proposed. This method extracts features from the web homepage of devices and generates feature vector fingerprints. By leveraging the random forest algorithm, the accuracy of IoT device classification is improved. This approach is suitable for asset identification of IoT devices and provides support for the precise implementation of vulnerability scanning for IoT devices.

Sandhya Aneja,Nagender Aneja,Md Shohidul Islam

DOI: https://doi.org/10.1109/IOTAIS.2018.8600824

2019-01-18

Abstract:Device Fingerprinting (DFP) is the identification of a device without using its network or other assigned identities including IP address, Medium Access Control (MAC) address, or International Mobile Equipment Identity (IMEI) number. DFP identifies a device using information from the packets which the device uses to communicate over the network. Packets are received at a router and processed to extract the information. In this paper, we worked on the DFP using Inter Arrival Time (IAT). IAT is the time interval between the two consecutive packets received. This has been observed that the IAT is unique for a device because of different hardware and the software used for the device. The existing work on the DFP uses the statistical techniques to analyze the IAT and to further generate the information using which a device can be identified uniquely. This work presents a novel idea of DFP by plotting graphs of IAT for packets with each graph plotting 100 IATs and subsequently processing the resulting graphs for the identification of the device. This approach improves the efficiency to identify a device DFP due to achieved benchmark of the deep learning libraries in the image processing. We configured Raspberry Pi to work as a router and installed our packet sniffer application on the Raspberry Pi . The packet sniffer application captured the packet information from the connected devices in a log file. We connected two Apple devices iPad4 and iPhone 7 Plus to the router and created IAT graphs for these two devices. We used Convolution Neural Network (CNN) to identify the devices and observed the accuracy of 86.7%.

Networking and Internet Architecture,Computer Vision and Pattern Recognition,Machine Learning

Jaidip Kotak,Yuval Elovici

DOI: https://doi.org/10.1007/978-3-030-57805-3_8

2020-02-25

Abstract:The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers due to the less secure nature of the devices. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In order to address this threat, organizations often implement security policies in which only the connection of white-listed IoT devices is permitted. To monitor adherence to such policies and protect their networks, organizations must be able to identify the IoT devices connected to their networks and, more specifically, to identify connected IoT devices that are not on the white-list (unknown devices). In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network. In contrast to previous work, our approach does not require that complex feature engineering be applied on the network traffic, since we represent the communication behavior of IoT devices using small images built from the IoT devices network traffic payloads. In our experiments, we trained a multiclass classifier on a publicly available dataset, successfully identifying 10 different IoT devices and the traffic of smartphones and computers, with over 99% accuracy. We also trained multiclass classifiers to detect unauthorized IoT devices connected to the network, achieving over 99% overall average detection accuracy.

Cryptography and Security,Machine Learning,Networking and Internet Architecture,Signal Processing

Yuan Ji,Tian Ye,Xiang -Yang Li

DOI: https://doi.org/10.1109/bigcom57025.2022.00027

2022-01-01

Abstract:With the gradual development of the Internet of Things, people rely more and more on the Internet of Things devices to assist their daily lives. The permissions of IoT devices make it easy for them to rescue or destroy our lives. This paper proposes a new scalable IoT security framework (ISDF), which uses the unforgeable physical layer characteristics of IoT devices as the verification basis to identify illegal devices. This framework combined with the identifier generation algorithm to generate a unique trusted identifier. Under the verification of more than a dozen devices such as bluetooth, wifi, and voice, the identifiers we generate have high robustness and stability, the accuracy of verification is more than 93%. Compared with existing solutions, our framework has the advantages of supporting multimodality and high verification success rate.

Md Mainuddin,Zhenhai Duan,Yingfei Dong,Shaeke Salman,Tania Taami

DOI: https://doi.org/10.1109/GLOBECOM48099.2022.10001639

2022-12-17

Abstract:IoT device identification plays an important role in monitoring and improving the performance and security of IoT devices. Compared to traditional non-IoT devices, IoT devices provide us with both unique challenges and opportunities in detecting the types of IoT devices. Based on critical insights obtained in our previous work on understanding the network traffic characteristics of IoT devices, in this paper we develop an effective machine-learning based IoT device identification scheme, named iotID. In developing iotID, we extract 70 features of TCP flows from three complementary aspects: remote network servers and port numbers, packet-level traffic characteristics such as packet inter-arrival times, and flow-level traffic characteristics such as flow duration. Different from existing work, we take into account the imbalance nature of network traffic generated by various devices in both the learning and evaluation phases of iotID. Our performance studies based on network traffic collected on a typical smart home environment consisting of both IoT and non-IoT devices show that iotID can achieve a balanced accuracy score of above 99%.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Miraqa Safi,Sajjad Dadkhah,Farzaneh Shoeleh,Hassan Mahdikhani,Heather Molyneaux,Ali A. Ghorbani

DOI: https://doi.org/10.1145/3539736

2022-09-06

ACM Transactions on Internet of Things

Abstract:The proliferation of heterogeneous Internet of things (IoT) devices connected to the Internet produces several operational and security challenges, such as monitoring, detecting, and recognizing millions of interconnected IoT devices. Network and system administrators must correctly identify which devices are functional, need security updates, or are vulnerable to specific attacks. IoT profiling is an emerging technique to identify and validate the connected devices’ specific behaviour and isolate the suspected and vulnerable devices within the network for further monitoring. This article provides a comprehensive review of various IoT device profiling methods and provides a clear taxonomy for IoT profiling techniques based on different security perspectives. We first investigate several current IoT device profiling techniques and their applications. Next, we analyzed various IoT device vulnerabilities, outlined multiple features, and provided detailed information to implement profiling algorithms’ risk assessment/mitigation stage. By reviewing approaches for profiling IoT devices, we identify various state-of-the-art methods that organizations of different domains can implement to satisfy profiling needs. Furthermore, this article also discusses several machine learning and deep learning algorithms utilized for IoT device profiling. Finally, we discuss challenges and future research possibilities in this domain.

Jaidip Kotak,Yuval Elovici

DOI: https://doi.org/10.1007/s12652-022-04415-6

2023-03-02

Abstract:Attack vectors for adversaries have increased in organizations because of the growing use of less secure IoT devices. The risk of attacks on an organization's network has also increased due to the bring your own device (BYOD) policy which permits employees to bring IoT devices onto the premises and attach them to the organization's network. To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the organization's network. To monitor compliance with such policies, it has become essential to distinguish IoT devices permitted within an organization's network from non white listed (unknown) IoT devices. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network. In contrast to existing methods, the proposed approach does not require complex feature engineering of the network communication, because the 'communication behavior' of IoT devices is represented as small images which are generated from the device's network communication payload. The proposed approach is applicable for any IoT device, regardless of the protocol used for communication. As our approach relies on the network communication payload, it is also applicable for the IoT devices behind a network address translation (NAT) enabled router. In this study, we trained various classifiers on a publicly accessible dataset to identify IoT devices in different scenarios, including the identification of known and unknown IoT devices, achieving over 99% overall average detection accuracy.

Networking and Internet Architecture,Artificial Intelligence,Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Mohamed Abdel‐Basset,Nour Moustafa,Hossam Hawash,Weiping Ding

DOI: https://doi.org/10.1007/978-3-030-89025-4_4

2021-01-01

Abstract:As IoT technology becomes an integral part of everyday life, enhancing productivity for businesses through automation, it should come as no surprise that attackers would seek to exploit these systems and the services they provide for profit.

Jianjin Zhao,Qi Li,Jintao Sun,Mianxiong Dong,Kaoru Ota,Meng Shen

DOI: https://doi.org/10.1109/jiot.2023.3305585

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Due to hardware limitations, Internet of Things (IoT) devices without integrated security become easy targets for network attacks. IoT device identification is significant for network security management. Despite many efforts, previous studies either require excessive features raising concerns about efficiency and privacy, or underutilize the data resources to fulfill the potential of simple features. Moreover, the severe data imbalance problem is unaddressed. In this paper, we present IoTProfile, an efficient IoT device identification framework via time series dictionary. It only considers simple packet-level attributes and maps them into different time windows. On this basis, it further follows a shuffle&split organization scheme to structure the imbalanced data as multi-channel time series. By performing random convolutional kernel transformations in two ways and aggregations, IoTProfile captures discriminative patterns and forms the frequency count of recurring patterns to profile the network behaviors of IoT devices over a period of time. The experimental results show that IoTProfile is superior to the other state-of-the-art methods in terms of both identification effectiveness and time overhead, achieving 99.81% and 97.65% Macro-F1 scores on UNSW and UNB datasets in under four minutes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yu Zhang,Bei Gong,Qian Wang

DOI: https://doi.org/10.1016/j.dcan.2022.10.003

IF: 6.348

2022-10-01

Digital Communications and Networks

Abstract:The popularity of the Internet of Things (IoT) has enabled a large number of vulnerable devices to connect to the Internet, bringing huge security risks. As a network-level security authentication method, device fingerprint based on machine learning has attracted considerable attention because it can detect vulnerable devices in complex and heterogeneous access phases. However, flexible and diversified IoT devices with limited resources increase difficulty of the device fingerprint authentication method executed in IoT, because it needs to retrain the model network to deal with incremental features or types. To address this problem, a device fingerprinting mechanism based on a Broad Learning System (BLS) is proposed in this paper. The mechanism firstly characterizes IoT devices by traffic analysis based on the identifiable differences of the traffic data of IoT devices, and extracts feature parameters of the traffic packets. A hierarchical hybrid sampling method is designed at the preprocessing phase to improve the imbalanced data distribution and reconstruct the fingerprint dataset. The complexity of the dataset is reduced using Principal Component Analysis (PCA) and the device type is identified by training weights using BLS. The experimental results show that the proposed method can achieve state-of-the-art accuracy and spend less training time than other existing methods.

telecommunications

Nik Aqil,Faiz Zaki,Firdaus Afifi,Hazim Hanif,Miss Laiha Mat Kiah,Nor Badrul Anuar

DOI: https://doi.org/10.7717/peerj-cs.2145

2024-07-09

Abstract:The Internet of Things (IoT) is becoming more prevalent in our daily lives. A recent industry report projected the global IoT market to be worth more than USD 4 trillion by 2032. To cope with the ever-increasing IoT devices in use, identifying and securing IoT devices has become highly crucial for network administrators. In that regard, network traffic classification offers a promising solution by precisely identifying IoT devices to enhance network visibility, allowing better network security. Currently, most IoT device identification solutions revolve around machine learning, outperforming prior solutions like port and behavioural-based. Although performant, these solutions often experience performance degradation over time due to statistical changes in the data. As a result, they require frequent retraining, which is computationally expensive. Therefore, this article aims to improve the model performance through a robust alternative feature set. The improved feature set leverages payload lengths to model the unique characteristics of IoT devices and remains stable over time. Besides that, this article utilizes the proposed feature set with Random Forest and OneVSRest to optimize the learning process, particularly concerning the easier addition of new IoT devices. On the other hand, this article introduces weekly dataset segmentation to ensure fair evaluation over different time frames. Evaluation on two datasets, a public dataset, IoT Traffic Traces, and a self-collected dataset, IoT-FSCIT, show that the proposed feature set maintained above 80% accuracy throughout all weeks on the IoT Traffic Traces dataset, outperforming selected benchmark studies while improving accuracy over time by +10.13% on the IoT-FSCIT dataset.

Qinxia Hao,Zheng Rong

DOI: https://doi.org/10.1109/access.2023.3284542

IF: 3.9

2023-06-20

IEEE Access

Abstract:Driven by 5G communication technology, IoT devices are widely deployed in various scenarios to provide automated services. However, a large number of IoT devices cannot install strong encryption suites and become the preferred target of cyber attackers. Specific vulnerabilities target specific types of IoT devices. Screening and repairing corresponding vulnerabilities based on device information can improve device protection capabilities. Traditional device identification models are static and have limitations in the identification range. The model needs to be trained from scratch to identity new types of devices, which consumes a lot of computing resources and training time. To overcome these limitations, we propose IoTTFID, an incremental IoT device identification model based on traffic fingerprint. Extract the traffic fingerprint of the new device, convert it into an input vector after preprocessing, and input it to the original model to update some network parameters, so that the model has the ability to identify new devices. The results of evaluation on two open datasets show that the accuracy of IoTTFID is 98.09% on UNSW dataset and 98.29% on Yourthings dataset, which outperforms the existing methods. IoTTFID has an accuracy rate of 80.4% after five incremental learning stages, and an F1 of over 96% for encrypted IoT devices. IoTTFID can dynamically adjust with the actual environment to increase the range of identifiable device types, providing strong support for the security management of IoT devices.

computer science, information systems,telecommunications,engineering, electrical & electronic