Jiahan Dong,Tong Jin,Bowen Li,Yinan Zhong,Guangxin Guo,Xiaohu Wang,Yanjiao Chen

DOI: https://doi.org/10.1109/cyberc62439.2024.00016

2024-01-01

Abstract:The Internet of Things (IoT) has significantly expanded the scope of the Internet by enabling seamless communication between devices and the cloud. However, the rapid proliferation of IoT devices has led to a surge in cyber-attacks, such as Distributed Denial of Service (DDoS) attacks, Man-in-the-Middle (MITM) attacks, and privacy data theft. These threats underscore the urgent need for robust device identification (DI) methods. However, current DI approaches often struggle with issues related to accuracy, generalizability across different network environments, privacy concerns, and real-time performance. To address these issues, we introduce DIFORMER, a novel method that leverages network packet data and advanced deep learning techniques, specifically the attention mechanism and residual networks. DIFORMER outperforms existing methods, even in privacy-limited scenarios, and is more generalizable as it does not strictly rely on features like MAC and IP addresses. Rigorous experiments confirm DIFORMER’s effectiveness and robustness, making it a promising solution for securing IoT environments.

Jianjin Zhao,Qi Li,Jintao Sun,Mianxiong Dong,Kaoru Ota,Meng Shen

DOI: https://doi.org/10.1109/jiot.2023.3305585

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Due to hardware limitations, Internet of Things (IoT) devices without integrated security become easy targets for network attacks. IoT device identification is significant for network security management. Despite many efforts, previous studies either require excessive features raising concerns about efficiency and privacy, or underutilize the data resources to fulfill the potential of simple features. Moreover, the severe data imbalance problem is unaddressed. In this paper, we present IoTProfile, an efficient IoT device identification framework via time series dictionary. It only considers simple packet-level attributes and maps them into different time windows. On this basis, it further follows a shuffle&split organization scheme to structure the imbalanced data as multi-channel time series. By performing random convolutional kernel transformations in two ways and aggregations, IoTProfile captures discriminative patterns and forms the frequency count of recurring patterns to profile the network behaviors of IoT devices over a period of time. The experimental results show that IoTProfile is superior to the other state-of-the-art methods in terms of both identification effectiveness and time overhead, achieving 99.81% and 97.65% Macro-F1 scores on UNSW and UNB datasets in under four minutes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Md Mainuddin,Zhenhai Duan,Yingfei Dong,Shaeke Salman,Tania Taami

DOI: https://doi.org/10.1109/GLOBECOM48099.2022.10001639

2022-12-17

Abstract:IoT device identification plays an important role in monitoring and improving the performance and security of IoT devices. Compared to traditional non-IoT devices, IoT devices provide us with both unique challenges and opportunities in detecting the types of IoT devices. Based on critical insights obtained in our previous work on understanding the network traffic characteristics of IoT devices, in this paper we develop an effective machine-learning based IoT device identification scheme, named iotID. In developing iotID, we extract 70 features of TCP flows from three complementary aspects: remote network servers and port numbers, packet-level traffic characteristics such as packet inter-arrival times, and flow-level traffic characteristics such as flow duration. Different from existing work, we take into account the imbalance nature of network traffic generated by various devices in both the learning and evaluation phases of iotID. Our performance studies based on network traffic collected on a typical smart home environment consisting of both IoT and non-IoT devices show that iotID can achieve a balanced accuracy score of above 99%.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Li, Shuai

DOI: https://doi.org/10.1007/s11276-024-03736-y

IF: 2.701

2024-04-24

Wireless Networks

Abstract:Nowadays, the Internet of Things is booming and more and more IoT devices are connected to the Internet. However, due to design and configuration vulnerabilities, as well as the pursuit of cheap IoT devices, these IoT devices are often vulnerable. Therefore, effective identification of IoT devices is essential to maintain security. In this paper, in order to better classify and accurately identify IoT devices of the same type, a combination of traffic-based and machine-learning methods are used to identify IoT devices and hierarchize the model. In the first layer, the IoT devices are classified according to their types or features. In the second layer, feature extraction is performed based on TCP/UDP flows to perform specific device identification under each type of iot device. The final experimental results show that we reduced the data volume by 35%, compared to the benchmark experiment,and achieved an overall recognition accuracy of 99.9% after classification of iot devices.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rajarshi Roy Chowdhury,Sandhya Aneja,Nagender Aneja,Emeroylariffion Abas

DOI: https://doi.org/10.48550/arXiv.2009.04682

2020-09-10

Cryptography and Security

Abstract:Device identification is the process of identifying a device on Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a wide variety of devices, protocols and control interfaces. In a network, conventional IoT devices identify each other by utilizing IP or MAC addresses, which are prone to spoofing. Moreover, IoT devices are low power devices with minimal embedded security solution. To mitigate the issue in IoT devices, fingerprint (DFP) for device identification can be used. DFP identifies a device by using implicit identifiers, such as network traffic (or packets), radio signal, which a device used for its communication over the network. These identifiers are closely related to the device hardware and software features. In this paper, we exploit TCP/IP packet header features to create a device fingerprint utilizing device originated network packets. We present a set of three metrics which separate some features from a packet which contribute actively for device identification. To evaluate our approach, we used publicly accessible two datasets. We observed the accuracy of device genre classification 99.37% and 83.35% of accuracy in the identification of an individual device from IoT Sentinel dataset. However, using UNSW dataset device type identification accuracy reached up to 97.78%.

Yichao Wu,Chenglong Li,Jiahai Yang,Zhiliang Wang,Wei Hu,Ang Xia,Yong Jiang,Yao Wang,Liuli Wu

DOI: https://doi.org/10.1109/iscc55528.2022.9912915

2022-01-01

Abstract:The number of Internet of Things (IoT) devices connected to the Internet has been growing rapidly. Such a large number of IoT devices bring significant challenges to device man-agement and cyberspace security. The discovery and classification of IoT devices are the prerequisites for monitoring and protecting them. However, existing Internet-scale IoT device classification methods mainly rely on textual analysis of the device response data, whose performance can be affected by the complexity or the multilingualism of the response texts. In this paper, we propose WebIoT, which mainly utilizes the image characteristics of the IoT devices' web interfaces to classify them for the first time. We leverage the observation that many IoT devices have web interfaces for device configuration and device status display, whose visual presentations contain abundant characteristics for device classification. Experiment results show that our method achieves 95.4% precision and 91.5% recall, which significantly outperforms other text analysis-based methods.

Yongxin Liu,Jian Wang,Jianqiang Li,Houbing Song,Thomas Yang,Shuteng Niu,Zhong Ming

DOI: https://doi.org/10.1109/JIOT.2020.3018677

2020-08-28

Abstract:The Internet of Things (IoT) provides applications and services that would otherwise not be possible. However, the open nature of IoT make it vulnerable to cybersecurity threats. Especially, identity spoofing attacks, where an adversary passively listens to existing radio communications and then mimic the identity of legitimate devices to conduct malicious activities. Existing solutions employ cryptographic signatures to verify the trustworthiness of received information. In prevalent IoT, secret keys for cryptography can potentially be disclosed and disable the verification mechanism. Non-cryptographic device verification is needed to ensure trustworthy IoT. In this paper, we propose an enhanced deep learning framework for IoT device identification using physical layer signals. Specifically, we enable our framework to report unseen IoT devices and introduce the zero-bias layer to deep neural networks to increase robustness and interpretability. We have evaluated the effectiveness of the proposed framework using real data from ADS-B (Automatic Dependent Surveillance-Broadcast), an application of IoT in aviation. The proposed framework has the potential to be applied to accurate identification of IoT devices in a variety of IoT applications and services. Codes and data are available in IEEE Dataport.

Machine Learning,Signal Processing

Nik Aqil,Faiz Zaki,Firdaus Afifi,Hazim Hanif,Miss Laiha Mat Kiah,Nor Badrul Anuar

DOI: https://doi.org/10.7717/peerj-cs.2145

2024-07-09

Abstract:The Internet of Things (IoT) is becoming more prevalent in our daily lives. A recent industry report projected the global IoT market to be worth more than USD 4 trillion by 2032. To cope with the ever-increasing IoT devices in use, identifying and securing IoT devices has become highly crucial for network administrators. In that regard, network traffic classification offers a promising solution by precisely identifying IoT devices to enhance network visibility, allowing better network security. Currently, most IoT device identification solutions revolve around machine learning, outperforming prior solutions like port and behavioural-based. Although performant, these solutions often experience performance degradation over time due to statistical changes in the data. As a result, they require frequent retraining, which is computationally expensive. Therefore, this article aims to improve the model performance through a robust alternative feature set. The improved feature set leverages payload lengths to model the unique characteristics of IoT devices and remains stable over time. Besides that, this article utilizes the proposed feature set with Random Forest and OneVSRest to optimize the learning process, particularly concerning the easier addition of new IoT devices. On the other hand, this article introduces weekly dataset segmentation to ensure fair evaluation over different time frames. Evaluation on two datasets, a public dataset, IoT Traffic Traces, and a self-collected dataset, IoT-FSCIT, show that the proposed feature set maintained above 80% accuracy throughout all weeks on the IoT Traffic Traces dataset, outperforming selected benchmark studies while improving accuracy over time by +10.13% on the IoT-FSCIT dataset.

Yu Zhang,Bei Gong,Qian Wang

DOI: https://doi.org/10.1016/j.dcan.2022.10.003

IF: 6.348

2022-10-01

Digital Communications and Networks

Abstract:The popularity of the Internet of Things (IoT) has enabled a large number of vulnerable devices to connect to the Internet, bringing huge security risks. As a network-level security authentication method, device fingerprint based on machine learning has attracted considerable attention because it can detect vulnerable devices in complex and heterogeneous access phases. However, flexible and diversified IoT devices with limited resources increase difficulty of the device fingerprint authentication method executed in IoT, because it needs to retrain the model network to deal with incremental features or types. To address this problem, a device fingerprinting mechanism based on a Broad Learning System (BLS) is proposed in this paper. The mechanism firstly characterizes IoT devices by traffic analysis based on the identifiable differences of the traffic data of IoT devices, and extracts feature parameters of the traffic packets. A hierarchical hybrid sampling method is designed at the preprocessing phase to improve the imbalanced data distribution and reconstruct the fingerprint dataset. The complexity of the dataset is reduced using Principal Component Analysis (PCA) and the device type is identified by training weights using BLS. The experimental results show that the proposed method can achieve state-of-the-art accuracy and spend less training time than other existing methods.

telecommunications

Jaidip Kotak,Yuval Elovici

DOI: https://doi.org/10.1007/s12652-022-04415-6

2023-03-02

Abstract:Attack vectors for adversaries have increased in organizations because of the growing use of less secure IoT devices. The risk of attacks on an organization's network has also increased due to the bring your own device (BYOD) policy which permits employees to bring IoT devices onto the premises and attach them to the organization's network. To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the organization's network. To monitor compliance with such policies, it has become essential to distinguish IoT devices permitted within an organization's network from non white listed (unknown) IoT devices. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network. In contrast to existing methods, the proposed approach does not require complex feature engineering of the network communication, because the 'communication behavior' of IoT devices is represented as small images which are generated from the device's network communication payload. The proposed approach is applicable for any IoT device, regardless of the protocol used for communication. As our approach relies on the network communication payload, it is also applicable for the IoT devices behind a network address translation (NAT) enabled router. In this study, we trained various classifiers on a publicly accessible dataset to identify IoT devices in different scenarios, including the identification of known and unknown IoT devices, achieving over 99% overall average detection accuracy.

Networking and Internet Architecture,Artificial Intelligence,Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Jiajie Ling,Siwei Miao,Xiaojuan Zhang,Changyu Chen,Cheng Peng,Quanyuan Jiang

DOI: https://doi.org/10.1109/ei250167.2020.9346941

2020-01-01

Abstract:With the accelerating development of the Internet of Things (IoT), its applications in power system are gradually becoming various and comphcated, followed by the diversity of relevant technical requirements. In order to identify the characteristics of these requirements of IoT in power system, this paper proposes a refined characterization approach to define, classify and summarize them from three different aspects, namely, performance-criticaL security-critical and reachability critical. In multiple IoT enabled apphcation scenarios, performance-critical index and security-critical index mainly focus on data transmission and calculation, while reachability-critical index focuses on the communication coverage and quality of service, which creates a new perspective to characterize power system IoT applications and their technical requirements.

Rajarshi Roy Chowdhury,Debashish Roy,Pg Emeroylariffion Abas

2024-02-26

Abstract:Internet of Things (IoT) is one of the technological advancements of the twenty-first century which can improve living standards. However, it also imposes new types of security challenges, including device authentication, traffic types classification, and malicious traffic identification, in the network domain. Traditionally, internet protocol (IP) and media access control (MAC) addresses are utilized for identifying network-connected devices in a network, whilst these addressing schemes are prone to be compromised, including spoofing attacks and MAC randomization. Therefore, device identification using only explicit identifiers is a challenging task. Accurate device identification plays a key role in securing a network. In this paper, a supervised machine learning-based device fingerprinting (DFP) model has been proposed for identifying network-connected IoT devices using only communication traffic characteristics (or implicit identifiers). A single transmission control protocol/internet protocol (TCP/IP) packet header features have been utilized for generating unique fingerprints, with the fingerprints represented as a vector of 22 features. Experimental results have shown that the proposed DFP method achieves over 98% in classifying individual IoT devices using the UNSW dataset with 22 smart-home IoT devices. This signifies that the proposed approach is invaluable to network operators in making their networks more secure.

Artificial Intelligence,Networking and Internet Architecture

Yiying Yu,Haixiang Wang,Dahua Zhang,Xiaojuan Zhang

DOI: https://doi.org/10.1109/ISAS61044.2024.10552505

2024-05-07

Abstract:In the realm of Industrial IoT, devices are characterized by their diversity and complexity. Upon connection, these devices are exposed to a myriad of security threats. Nevertheless, the adoption of unique device fingerprints facilitates the secure identification and authentication of these devices during access. In this study, we propose DevPF, a novel framework for IoT device identification based on passive traffic analysis. Unlike traditional active detection methods, DevPF analyzes network traffic characteristics without interacting with devices, ensuring minimal network load and no interference with device operations. The framework utilizes machine learning algorithms to classify devices based on extracted traffic features. Experimental results on a public IoT dataset demonstrate that DevPF achieves high classification accuracy, making it a promising solution for enhancing the security of IoT networks.

Computer Science,Engineering

Shuodi Hui,Huandong Wang,Dianlei Xu,Jing Wu,Yong Li,Depeng Jin

DOI: https://doi.org/10.1109/jiot.2021.3078879

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) devices are increasingly growing in mobile networks with the ubiquity of various IoT services. They share the same infrastructure with smartphones while having different requirements for communication resources and security defense mechanisms. Distinguishing IoT devices from smartphones has far-reaching implications on effective network design, resource allocation scheme, pricing scheme, etc. In this article, we distinguish between 12 107 IoT devices and 12 693 smartphones in the real world via characterizing their network traffic. The IoT devices fall into five categories, namely, locating, monitoring, portable, point of sale (POS), and vehicle. We analyze the device behaviors from the network domain, physical domain, and time domain, make comparisons between each kind of IoT devices and smartphones, and design effective features based on the distinguishable network behavior characteristics at packet level, traffic level, and mobility level. Then, we train several classifiers based on our feature set to identify different kinds of mobile devices. Specifically, the accuracy of identifying IoT devices from smartphones achieves 95.86%, and the accuracies of distinguishing IoT devices in each category from smartphones are all over 95%. In the trained classifiers, feature importance verifies the discriminability of different network traffic characteristics observed in our multidomain measurement. Our study reveals the network traffic behavior characteristics for IoT devices, and successfully distinguishes them from smartphones, which paves the way for better network design, resource allocation, pricing scheme, and security defense mechanisms.

Jaidip Kotak,Yuval Elovici

DOI: https://doi.org/10.1007/978-3-030-57805-3_8

2020-02-25

Abstract:The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers due to the less secure nature of the devices. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In order to address this threat, organizations often implement security policies in which only the connection of white-listed IoT devices is permitted. To monitor adherence to such policies and protect their networks, organizations must be able to identify the IoT devices connected to their networks and, more specifically, to identify connected IoT devices that are not on the white-list (unknown devices). In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network. In contrast to previous work, our approach does not require that complex feature engineering be applied on the network traffic, since we represent the communication behavior of IoT devices using small images built from the IoT devices network traffic payloads. In our experiments, we trained a multiclass classifier on a publicly available dataset, successfully identifying 10 different IoT devices and the traffic of smartphones and computers, with over 99% accuracy. We also trained multiclass classifiers to detect unauthorized IoT devices connected to the network, achieving over 99% overall average detection accuracy.

Cryptography and Security,Machine Learning,Networking and Internet Architecture,Signal Processing

Fangfang Dang,Lijing Yan,Ying Yang,Shuai Li,Dingding Li,Dong Niu

DOI: https://doi.org/10.1088/1742-6596/2781/1/012024

2024-06-16

Journal of Physics Conference Series

Abstract:With the rapid development of Electric Power Internet of Things (IoT) technology, a large number of devices are being networked and exposed to cyberspace. Due to the disparity in security design levels and lax management during usage, electric power terminals are susceptible targets for network attackers. This not only causes losses to device owners but also poses a threat to the overall cybersecurity of the network, as compromised devices can serve as nodes for botnets. The importance of addressing this issue cannot be underestimated. Asset identification is a prerequisite for the secure management of IoT devices. This paper analyzes and studies existing asset identification technologies. Existing device identification methods based on message content features have problems such as reliance on textual features of message content and difficulties in labeling large-scale data. To overcome these limitations, a machine learning-based classification method for IoT devices is proposed. This method extracts features from the web homepage of devices and generates feature vector fingerprints. By leveraging the random forest algorithm, the accuracy of IoT device classification is improved. This approach is suitable for asset identification of IoT devices and provides support for the precise implementation of vulnerability scanning for IoT devices.

Md Mainuddin,Zhenhai Duan,Yingfei Dong

DOI: https://doi.org/10.1109/ICCCN52240.2021.9522168

2021-09-04

Abstract:Understanding network traffic characteristics of IoT devices plays a critical role in improving both the performance and security of IoT devices, including IoT device identification, classification, and anomaly detection. Although a number of existing research efforts have developed machine-learning based algorithms to help address the challenges in improving the security of IoT devices, none of them have provided detailed studies on the network traffic characteristics of IoT devices. In this paper we collect and analyze the network traffic generated in a typical smart homes environment consisting of a set of common IoT (and non-IoT) devices. We analyze the network traffic characteristics of IoT devices from three complementary aspects: remote network servers and port numbers that IoT devices connect to, flow-level traffic characteristics such as flow duration, and packet-level traffic characteristics such as packet inter-arrival time. Our study provides critical insights into the operational and behavioral characteristics of IoT devices, which can help develop more effective security and performance algorithms for IoT devices.

Networking and Internet Architecture

Bruhadeshwar Bezawada,Maalvika Bachani,Jordan Peterson,Hossein Shirazi,Indrakshi Ray,Indrajit Ray

DOI: https://doi.org/10.48550/arXiv.1804.03852

2018-04-11

Abstract:The Internet-of-Things (IoT) has brought in new challenges in, device identification --what the device is, and, authentication --is the device the one it claims to be. Traditionally, the authentication problem is solved by means of a cryptographic protocol. However, the computational complexity of cryptographic protocols and/or scalability problems related to key management, render almost all cryptography based authentication protocols impractical for IoT. The problem of device identification is, on the other hand, sadly neglected. We believe that device fingerprinting can be used to solve both these problems effectively. In this work, we present a methodology to perform device behavioral fingerprinting that can be employed to undertake device type identification. A device behavior is approximated using features extracted from the network traffic of the device. These features are used to train a machine learning model that can be used to detect similar device types. We validate our approach using five-fold cross validation; we report a identification rate of 86-99% and a mean accuracy of 99%, across all our experiments. Our approach is successful even when a device uses encrypted communication. Furthermore, we show preliminary results for fingerprinting device categories, i.e., identifying different device types having similar functionality.

Cryptography and Security

Lei Bai,Lina Yao,Salil S. Kanhere,Xianzhi Wang,Zheng Yang

DOI: https://doi.org/10.1109/lcn.2018.8638232

2018-01-01

Abstract:With the widespread adoption of Internet of Things (IoT), billions of everyday objects are being connected to the Internet. Effective management of these devices to support reliable, secure and high quality applications becomes challenging due to the scale. As one of the key cornerstones of IoT device management, automatic cross-device classification aims to identify the semantic type of a device by analyzing its network traffic. It has the potential to underpin a broad range of novel features such as enhanced security (by imposing the appropriate rules for constraining the communications of certain types of devices) or context-awareness (by the utilization and interoperability of IoT devices and their high-level semantics) of IoT applications. We propose an automatic IoT device classification method to identify new and unseen devices. The method uses the rich information carried by the traffic flows of IoT networks to characterize the attributes of various devices. We first specify a set of discriminating features from raw network traffic flows, and then propose a LSTM-CNN cascade model to automatically identify the semantic type of a device. Our experimental results using a real-world IoT dataset demonstrate that our proposed method is capable of delivering satisfactory performance. We also present interesting insights and discuss the potential extensions and applications.

Carson Kuzniar,Miguel Neves,Vladimir Gurevich,Israat Haque

DOI: https://doi.org/10.1109/tnet.2024.3395278

2024-08-25

IEEE/ACM Transactions on Networking

Abstract:The massive growth in popularity of household IoT devices has brought new capabilities to our lives while also bringing new challenges to network providers. In particular, large numbers of devices have been used to cause disruptions to critical Internet services. Understanding which devices are connected to a network empowers administrators to mitigate threats with target-specific interventions. This information is obtained by analyzing traffic through a process known as device fingerprinting. Current device fingerprinting solutions face major scalability issues in high-speed and high-volume networks, either relying on middleboxes to perform their tasks or targeting a single household. This paper introduces a novel in-network fingerprinting system, PoirIoT, capable of real-time, accurate, and scalable IoT device fingerprinting. Specifically, PoirIoT takes advantage of recent programmable switches and use standard packet metadata, length, and direction information to gain high-throughput and per-packet fingerprinting granularity. We show the effectiveness (100% device detection accuracy) of our solution using a publicly available dataset on a testbed consisting of Intel Tofino switches. Moreover, PoirIoT adds no additional latency to the regular traffic flow and utilizes minimal switch resources (e.g., memory).

telecommunications,computer science, theory & methods,engineering, electrical & electronic, hardware & architecture