Jingrun Ma,Yafei Sang,Yongzheng Zhang,Xiaolin Xu,Beibei Feng,Yuwei Zeng

DOI: https://doi.org/10.1007/978-3-031-24386-8_12

2022-01-01

Abstract:The Internet of Things (IoT) has developed rapidly in recent years and has been widely used in our daily life. An online report claimed that the connected IoT devices will reach the scale of 14.4 billion globally at the end of 2022. With the rapid and large-scale deployment of such devices, however, some severe security problems and challenges arised as well, especially in the field of IoT device management. Device identification is a prerequisite procedure to mitigate the above issues. Therefore, accurately identifying the deployed IoT devices plays a vital role in network management and cyber security. In this work, we come up with a spatio-temporal-based method that characterizes IoT device behaviors by leveraging the packet sequence features of IoT traffic, which is able to automatically extract the high-level features from raw IoT traffic. The further evaluation indicates that our method is capable of identifying diverse IoT devices with satisfactory accuracy.

Md Mainuddin,Zhenhai Duan,Yingfei Dong,Shaeke Salman,Tania Taami

DOI: https://doi.org/10.1109/GLOBECOM48099.2022.10001639

2022-12-17

Abstract:IoT device identification plays an important role in monitoring and improving the performance and security of IoT devices. Compared to traditional non-IoT devices, IoT devices provide us with both unique challenges and opportunities in detecting the types of IoT devices. Based on critical insights obtained in our previous work on understanding the network traffic characteristics of IoT devices, in this paper we develop an effective machine-learning based IoT device identification scheme, named iotID. In developing iotID, we extract 70 features of TCP flows from three complementary aspects: remote network servers and port numbers, packet-level traffic characteristics such as packet inter-arrival times, and flow-level traffic characteristics such as flow duration. Different from existing work, we take into account the imbalance nature of network traffic generated by various devices in both the learning and evaluation phases of iotID. Our performance studies based on network traffic collected on a typical smart home environment consisting of both IoT and non-IoT devices show that iotID can achieve a balanced accuracy score of above 99%.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Riccardo Lazzarini,Huaglory Tianfield,Vassilis Charissis

DOI: https://doi.org/10.1016/j.knosys.2023.110941

IF: 8.139

2023-11-01

Knowledge-Based Systems

Abstract:The number of Internet of Things (IoT) devices has increased considerably in the past few years, which resulted in an exponential growth of cyber attacks on IoT infrastructure. As a consequence, the prompt detection of attacks in IoT environments through the use of Intrusion Detection Systems (IDS) has become essential. This article proposes a novel approach to intrusion detection in IoT based on a stacking ensemble of deep learning (DL) models. This approach is named Deep Integrated Stacking for the IoT (DIS-IoT) and it combines four different DL models into a fully connected DL layer, creating a standalone ensemble model. DIS-IoT is evaluated on three open-source datasets, namely ToN_IoT, CICIDS2017 and SWaT, in binary and multi-class classification and compared results with other standard DL methods. Experiments demonstrate that DIS-IoT is capable of a high-level accuracy with a very low False Positive rate (FPR) in all datasets. Results were also compared against other state-of-the-art works available in the literature, which used similar methods on the same ToN_IoT dataset. DIS-IoT achieves comparable performance with others in binary classification and outperforms them in multi-class classification.

computer science, artificial intelligence

Sajjad Hussain,Waqar Aslam,Arif Mehmood,Gyu Sang Choi,Imran Ashraf

DOI: https://doi.org/10.7717/peerj-cs.1834

2024-03-26

Abstract:Identification of the Internet of Things (IoT) devices has become an essential part of network management to secure the privacy of smart homes and offices. With its wide adoption in the current era, IoT has facilitated the modern age in many ways. However, such proliferation also has associated privacy and data security risks. In the case of smart homes and smart offices, unknown IoT devices increase vulnerabilities and chances of data theft. It is essential to identify the connected devices for secure communication. It is very difficult to maintain the list of rules when the number of connected devices increases and human involvement is necessary to check whether any intruder device has approached the network. Therefore, it is required to automate device identification using machine learning methods. In this article, we propose an accuracy boosting model (ABM) using machine learning models of random forest and extreme gradient boosting. Featuring engineering techniques are employed along with cross-validation to accurately identify IoT devices such as lights, smoke detectors, thermostat, motion sensors, baby monitors, socket, TV, security cameras, and watches. The proposed ensemble model utilizes random forest (RF) and extreme gradient boosting (XGB) as base learners with adaptive boosting. The proposed ensemble model is tested with extensive experiments involving the IoT Device Identification dataset from a public repository. Experimental results indicate a higher accuracy of 91%, precision of 93%, recall of 93%, and F1 score of 93%.

Abdulaziz Aldaej,Imdad Ullah,Tariq Ahamed Ahanger,Mohammed Atiquzzaman

DOI: https://doi.org/10.1038/s41598-024-62435-y

IF: 4.6

2024-05-24

Scientific Reports

Abstract:Internet of Things (IoT) technology has revolutionized modern industrial sectors. Moreover, IoT technology has been incorporated within several vital domains of applicability. However, security is overlooked due to the limited resources of IoT devices. Intrusion detection methods are crucial for detecting attacks and responding adequately to every IoT attack. Conspicuously, the current study outlines a two-stage procedure for the determination and identification of intrusions. In the first stage, a binary classifier termed an Extra Tree (E-Tree) is used to analyze the flow of IoT data traffic within the network. In the second stage, an Ensemble Technique (ET) comprising of E-Tree, Deep Neural Network (DNN), and Random Forest (RF) examines the invasive events that have been identified. The proposed approach is validated for performance analysis. Specifically, Bot-IoT, CICIDS2018, NSL-KDD, and IoTID20 dataset were used for an in-depth performance assessment. Experimental results showed that the suggested strategy was more effective than existing machine learning methods. Specifically, the proposed technique registered enhanced statistical measures of accuracy, normalized accuracy, recall measure, and stability.

multidisciplinary sciences

Linna Fan,Shize Zhang,Yichao Wu,Zhiliang Wang,Chenxin Duan,Jia Li,Jiahai Yang

DOI: https://doi.org/10.23919/cnsm50824.2020.9269044

2020-01-01

Abstract:With the rapid proliferation of IoT devices, device management and network security are becoming significant challenges. Knowing how many IoT devices are in the network and whether they are behaving normally is significant. IoT device identification is the first step to achieve these goals. Previous IoT identification works mainly use supervised learning and need lots of labeled data. Considering collecting labeled data is time-consuming and cannot be scaled, in this paper, we propose an IoT identification model based on semi-supervised learning. The model can differentiate IoT and non-IoT and classify specific IoT devices based on time interval features, traffic volume features, protocol features and TLS related features. The evaluation in a public dataset shows that our model only needs 5% labeled data and gets accuracy over 99%.

Yao Wang,Guozi Sun,Xiaochun Cao,Jiale Yang

DOI: https://doi.org/10.1155/2022/8614903

2022-01-01

Wireless Communications and Mobile Computing

Abstract:Recently, machine learning techniques, especially supervised learning techniques, have been adopted in the Intrusion Detection System (IDS). Due to the limit of supervised learning, most state-of-the-art IDSs do not perform well on unknown attacks and incur high computational overhead in the Internet of Things (IoT). To overcome these challenges, we propose a novel IDS based on unsupervised techniques, namely, UTEN-IDS. UTEN-IDS uses the ensemble of autoencoders to handle the network data and performs the anomaly detection by an Isolation Forest algorithm. The effectiveness of the proposed method is verified using two benchmark datasets. The results show that our approach has significant advantages in classification performance and proves its utility in the IoT network when compared to other approaches.

Linna Fan,Lin He,Yichao Wu,Shize Zhang,Zhiliang Wang,Jia Li,Jiahai Yang,Chaocan Xiang,Xiaoqian Ma,Zhiliang Wang Wang

DOI: https://doi.org/10.1109/tmc.2022.3183118

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:IoT devices bring great convenience to a person's life and industrial production. However, their rapid proliferation also troubles device management and network security. Network administrators usually need to know how many IoT devices are in the network and whether they behave normally. IoT device identification is the first step to achieving these goals. Previous IoT device identification methods reach high accuracy in a closed environment. But they are not applicable in the continuously changing environment. When new types of devices are plugged in, they cannot update themselves automatically. Besides, they usually rely on supervised learning and need lots of labeled data, which is costly. To solve these problems, we propose a novel IoT device identification model named AutoIoT, updating itself automatically when new types of devices are plugged in. Besides, it only needs a few labeled data and identifies IoT devices with high accuracy. The evaluation on two public datasets shows that AutoIoT can identify new device types only using 1.5$\sim$∼2.5 hours’ traffic and still have high accuracy after updating. Moreover, it has a better performance than other works when there are only a few labeled data, especially in an environment with scanning traffic.

computer science, information systems,telecommunications

Jaidip Kotak,Yuval Elovici

DOI: https://doi.org/10.1007/978-3-030-57805-3_8

2020-02-25

Abstract:The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers due to the less secure nature of the devices. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In order to address this threat, organizations often implement security policies in which only the connection of white-listed IoT devices is permitted. To monitor adherence to such policies and protect their networks, organizations must be able to identify the IoT devices connected to their networks and, more specifically, to identify connected IoT devices that are not on the white-list (unknown devices). In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network. In contrast to previous work, our approach does not require that complex feature engineering be applied on the network traffic, since we represent the communication behavior of IoT devices using small images built from the IoT devices network traffic payloads. In our experiments, we trained a multiclass classifier on a publicly available dataset, successfully identifying 10 different IoT devices and the traffic of smartphones and computers, with over 99% accuracy. We also trained multiclass classifiers to detect unauthorized IoT devices connected to the network, achieving over 99% overall average detection accuracy.

Cryptography and Security,Machine Learning,Networking and Internet Architecture,Signal Processing

Jianjin Zhao,Qi Li,Jintao Sun,Mianxiong Dong,Kaoru Ota,Meng Shen

DOI: https://doi.org/10.1109/jiot.2023.3305585

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Due to hardware limitations, Internet of Things (IoT) devices without integrated security become easy targets for network attacks. IoT device identification is significant for network security management. Despite many efforts, previous studies either require excessive features raising concerns about efficiency and privacy, or underutilize the data resources to fulfill the potential of simple features. Moreover, the severe data imbalance problem is unaddressed. In this paper, we present IoTProfile, an efficient IoT device identification framework via time series dictionary. It only considers simple packet-level attributes and maps them into different time windows. On this basis, it further follows a shuffle&split organization scheme to structure the imbalanced data as multi-channel time series. By performing random convolutional kernel transformations in two ways and aggregations, IoTProfile captures discriminative patterns and forms the frequency count of recurring patterns to profile the network behaviors of IoT devices over a period of time. The experimental results show that IoTProfile is superior to the other state-of-the-art methods in terms of both identification effectiveness and time overhead, achieving 99.81% and 97.65% Macro-F1 scores on UNSW and UNB datasets in under four minutes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mamunur Rashid,Joarder Kamruzzaman,Tasadduq Imam,Santoso Wibowo,Steven Gordon

DOI: https://doi.org/10.1007/s10489-021-02968-1

IF: 5.3

2022-01-08

Applied Intelligence

Abstract:Several studies have used machine learning algorithms to develop intrusion systems (IDS), which differentiate anomalous behaviours from the normal activities of network systems. Due to the ease of automated data collection and subsequently an increased size of collected data on network traffic and activities, the complexity of intrusion analysis is increasing exponentially. A particular issue, due to statistical and computation limitations, a single classifier may not perform well for large scale data as existent in modern IDS contexts. Ensemble methods have been explored in literature in such big data contexts. Although more complicated and requiring additional computation, literature has a note that ensemble methods can result in better accuracy than single classifiers in different large scale data classification contexts, and it is interesting to explore how ensemble approaches can perform in IDS. In this research, we introduce a tree-based stacking ensemble technique (SET) and test the effectiveness of the proposed model on two intrusion datasets (NSL-KDD and UNSW-NB15). We further enhance incorporate feature selection techniques to select the best relevant features with the proposed SET. A comprehensive performance analysis shows that our proposed model can better identify the normal and anomaly traffic in network than other existing IDS models. This implies the potentials of our proposed system for cybersecurity in Internet of Things (IoT) and large scale networks.

computer science, artificial intelligence

Xiaoyan Hu,Yuxin Shi,Guang Cheng,Ruidong Li,Hua Wu,Gang Wang

DOI: https://doi.org/10.1109/globecom54140.2023.10437132

2023-01-01

Abstract:With the rapid development of Internet of Things (IoT) technology, there is explosive growth in the number of IoT devices. Meanwhile, the low security and network heterogeneity of IoT networks have brought new challenges to implementing network management and security strategies in smart homes and small offices. Early and accurate IoT device-type identification is the first step towards the security management of IoT networks. The existing machine learning-based and deep learning-based models for IoT traffic classification have achieved decent results. However, most of these methods rely on a long-term window to collect IoT device traffic for identification, resulting in limited real-time performance. This work proposes IoT-GFCN, an early and accurate IoT device-type identification model with global attention mechanism. IoT-GFCN first constructs a multi-feature sequence for each device from a small packet window. Then IoT-GFCN resorts to the global attention mechanism to efficiently mine temporal information and feature relationships and obtain an updated embedding of each multi-feature sequence. Finally, a fully convolutional neural network is trained based on the updated embeddings of traffic features to identify IoT device types. Our experimental study suggests that IoT-GFCN can efficiently capture distinguishable representations for packet-level features of IoT traffic and outperforms state-of-the-art IoT identification methods. It achieves an average accuracy of 98.88% with a window size of 75 packets (the traffic of about three minutes) on the UNSW dataset.

Wenbin Yao,Longcan Hu,Yingying Hou,Xiaoyong Li

DOI: https://doi.org/10.3390/s23084141

IF: 3.9

2023-04-21

Sensors

Abstract:Network intrusion detection technology is key to cybersecurity regarding the Internet of Things (IoT). The traditional intrusion detection system targeting Binary or Multi-Classification can detect known attacks, but it is difficult to resist unknown attacks (such as zero-day attacks). Unknown attacks require security experts to confirm and retrain the model, but new models do not keep up to date. This paper proposes a Lightweight Intelligent NIDS using a One-Class Bidirectional GRU Autoencoder and Ensemble Learning. It can not only accurately identify normal and abnormal data, but also identify unknown attacks as the type most similar to known attacks. First, a One-Class Classification model based on a Bidirectional GRU Autoencoder is introduced. This model is trained with normal data, and has high prediction accuracy in the case of abnormal data and unknown attack data. Second, a multi-classification recognition method based on ensemble learning is proposed. It uses Soft Voting to evaluate the results of various base classifiers, and identify unknown attacks (novelty data) as the type most similar to known attacks, so that exception classification becomes more accurate. Experiments are conducted on WSN-DS, UNSW-NB15, and KDD CUP99 datasets, and the recognition rates of the proposed models in the three datasets are raised to 97.91%, 98.92%, and 98.23% respectively. The results verify the feasibility, efficiency, and portability of the algorithm proposed in the paper.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qi Chen,Yubo Song,Brendan Jennings,Fan Zhang,Bin Xiao,Shang Gao

DOI: https://doi.org/10.1109/GLOBECOM46510.2021.9685693

2021-01-01

Abstract:Internet of Things (IoT) devices deployed in publicly accessible locations increasingly encounter security threats from device replacement and impersonation attacks. Unfortunately, the limited memory and poor computing capability on such devices make solutions involving complex algorithms or enhanced authentication protocols untenable. To address this issue, device identification technologies based on traffic characteristics fingerprinting have been proposed to prevent illegal device intrusion and impersonation. However, because of time-dependent distribution of traffic characteristics, these approaches often become less accurate over time. Meanwhile insufficient attention has been paid to the impact of possible changes on the accuracy of device identification. Therefore, we propose a novel feature selection method based on degree of feature drift and genetic algorithm to keep high accuracy and stability of device identification. The degree of feature drift- relevance of features through time and gain ratio are combined as a composite metric to filter out stable features. Furthermore, in order to perform equally well in device identification, we use the genetic algorithm to select the most discriminate feature subset. Experiments show that the accuracy of device recognition compared with other methods is increased from 86.4% to 94.5%, and the robustness of recognition is also improved.

DOI: https://doi.org/10.1007/s11235-023-01009-1

2023-04-27

Telecommunication Systems

Abstract:IoT device identification is an effective security measure to track different devices, helping analyze and defend against potential vulnerabilities of various IoT devices. However, existing IoT device identification works mainly use hand-designed features generated from relevant prior knowledge in the field, resulting in additional labor costs, low efficiency, and loss of some potential features. In addition, most of these works only identify known devices in the training set, without considering unknown devices. In this paper, we propose a quick and efficient IoT device identification method. Our method employs the convolutional neural network and converts raw network traffic into images as the model input, automatically extracting features from images instead of manually extracting features. Our method can identifies device types including unknown device types, and detects abnormal traffic of devices. We achieve over 98% accuracy on public datasets with few time consume, demonstrating the accuracy and practicality of our method.

telecommunications

Jaidip Kotak,Yuval Elovici

DOI: https://doi.org/10.1007/s12652-022-04415-6

2023-03-02

Abstract:Attack vectors for adversaries have increased in organizations because of the growing use of less secure IoT devices. The risk of attacks on an organization's network has also increased due to the bring your own device (BYOD) policy which permits employees to bring IoT devices onto the premises and attach them to the organization's network. To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the organization's network. To monitor compliance with such policies, it has become essential to distinguish IoT devices permitted within an organization's network from non white listed (unknown) IoT devices. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network. In contrast to existing methods, the proposed approach does not require complex feature engineering of the network communication, because the 'communication behavior' of IoT devices is represented as small images which are generated from the device's network communication payload. The proposed approach is applicable for any IoT device, regardless of the protocol used for communication. As our approach relies on the network communication payload, it is also applicable for the IoT devices behind a network address translation (NAT) enabled router. In this study, we trained various classifiers on a publicly accessible dataset to identify IoT devices in different scenarios, including the identification of known and unknown IoT devices, achieving over 99% overall average detection accuracy.

Networking and Internet Architecture,Artificial Intelligence,Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Anahita Namvar,Chandra Thapa,Salil S. Kanhere

DOI: https://doi.org/10.48550/arXiv.2307.08955

2023-07-18

Abstract:IoT device identification is the process of recognizing and verifying connected IoT devices to the network. This is an essential process for ensuring that only authorized devices can access the network, and it is necessary for network management and maintenance. In recent years, machine learning models have been used widely for automating the process of identifying devices in the network. However, these models are vulnerable to adversarial attacks that can compromise their accuracy and effectiveness. To better secure device identification models, discretization techniques enable reduction in the sensitivity of machine learning models to adversarial attacks contributing to the stability and reliability of the model. On the other hand, Ensemble methods combine multiple heterogeneous models to reduce the impact of remaining noise or errors in the model. Therefore, in this paper, we integrate discretization techniques and ensemble methods and examine it on model robustness against adversarial attacks. In other words, we propose a discretization-based ensemble stacking technique to improve the security of our ML models. We evaluate the performance of different ML-based IoT device identification models against white box and black box attacks using a real-world dataset comprised of network traffic from 28 IoT devices. We demonstrate that the proposed method enables robustness to the models for IoT device identification.

Machine Learning,Cryptography and Security

Yuanlong Li,Yiyang Wang,Xuewen Liu,Peiliang Zuo,Haoliang Li,Hua Jiang

DOI: https://doi.org/10.3390/sym15071404

2023-07-13

Symmetry

Abstract:Internet of Things (IoT) technology has permeated into all aspects of today's society and is playing an increasingly important role. Identity authentication is crucial for IoT devices to access the network, because the open wireless transmission environment of the IoT may suffer from various forms of network attacks. The asymmetry in the comprehensive capabilities of gateways and terminals in the IoT poses significant challenges to reliability and security. Traditional encryption-based identity authentication methods are difficult to apply to IoT terminals with limited capabilities due to high algorithm complexity and low computational efficiency. This paper explores physical layer identity identification based on channel state information (CSI) and proposes an intelligent identification method based on deep reinforcement learning (DRL). Specifically, by analyzing and extracting the features of the real received CSI information and a setting low-complexity state, as well as action and reward parameters for the deep neural network of deep reinforcement learning oriented to the scenario, we obtained an authentication method that can efficiently identify identities. The validation of the proposed method using collected CSI data demonstrates that it has good convergence properties. Compared with several existing machine-learning-based identity recognition methods, the proposed method has higher recognition accuracy.

multidisciplinary sciences

Qasem Abu Al-Haija,Ahmad Al-Badawi

DOI: https://doi.org/10.3390/s22010241

2021-12-29

Abstract:Network Intrusion Detection Systems (NIDSs) are indispensable defensive tools against various cyberattacks. Lightweight, multipurpose, and anomaly-based detection NIDSs employ several methods to build profiles for normal and malicious behaviors. In this paper, we design, implement, and evaluate the performance of machine-learning-based NIDS in IoT networks. Specifically, we study six supervised learning methods that belong to three different classes: (1) ensemble methods, (2) neural network methods, and (3) kernel methods. To evaluate the developed NIDSs, we use the distilled-Kitsune-2018 and NSL-KDD datasets, both consisting of a contemporary real-world IoT network traffic subjected to different network attacks. Standard performance evaluation metrics from the machine-learning literature are used to evaluate the identification accuracy, error rates, and inference speed. Our empirical analysis indicates that ensemble methods provide better accuracy and lower error rates compared with neural network and kernel methods. On the other hand, neural network methods provide the highest inference speed which proves their suitability for high-bandwidth networks. We also provide a comparison with state-of-the-art solutions and show that our best results are better than any prior art by 1~20%.

Yongxin Liu,Jian Wang,Jianqiang Li,Shuteng Niu,Houbing Song

DOI: https://doi.org/10.48550/arXiv.2105.06381

2021-05-08

Abstract:Deep Learning (DL) has been utilized pervasively in the Internet of Things (IoT). One typical application of DL in IoT is device identification from wireless signals, namely Non-cryptographic Device Identification (NDI). However, learning components in NDI systems have to evolve to adapt to operational variations, such a paradigm is termed as Incremental Learning (IL). Various IL algorithms have been proposed and many of them require dedicated space to store the increasing amount of historical data, and therefore, they are not suitable for IoT or mobile applications. However, conventional IL schemes can not provide satisfying performance when historical data are not available. In this paper, we address the IL problem in NDI from a new perspective, firstly, we provide a new metric to measure the degree of topological maturity of DNN models from the degree of conflict of class-specific fingerprints. We discover that an important cause for performance degradation in IL enabled NDI is owing to the conflict of devices' fingerprints. Second, we also show that the conventional IL schemes can lead to low topological maturity of DNN models in NDI systems. Thirdly, we propose a new Channel Separation Enabled Incremental Learning (CSIL) scheme without using historical data, in which our strategy can automatically separate devices' fingerprints in different learning stages and avoid potential conflict. Finally, We evaluated the effectiveness of the proposed framework using real data from ADS-B (Automatic Dependent Surveillance-Broadcast), an application of IoT in aviation. The proposed framework has the potential to be applied to accurate identification of IoT devices in a variety of IoT applications and services. Data and code available at IEEE Dataport (DOI: <a class="link-https link-external" data-doi="10.21227/1bxc-ke87" href="https://doi.org/10.21227/1bxc-ke87" rel="external noopener nofollow">https://doi.org/10.21227/1bxc-ke87</a>) and \url{<a class="link-external link-https" href="https://github.com/pcwhy/CSIL" rel="external noopener nofollow">this https URL</a>}}

Machine Learning,Artificial Intelligence,Cryptography and Security,Neural and Evolutionary Computing