Network Traffic Analysis based IoT Device Identification

• URL: http://arxiv.org/abs/2009.04682v1
• Date: Thu, 10 Sep 2020 06:28:11 GMT
• Title: Network Traffic Analysis based IoT Device Identification
• Authors: Rajarshi Roy Chowdhury, Sandhya Aneja, Nagender Aneja, Emeroylariffion Abas
• Abstract summary: Device identification is the process of identifying a device on Internet without using its assigned network or other credentials. In a network, conventional IoT devices identify each other by utilizing IP or MAC addresses, which are prone to spoofing. To mitigate the issue in IoT devices, fingerprint (DFP) for device identification can be used.
• Score: 1.3484794751207887
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Device identification is the process of identifying a device on Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a wide variety of devices, protocols and control interfaces. In a network, conventional IoT devices identify each other by utilizing IP or MAC addresses, which are prone to spoofing. Moreover, IoT devices are low power devices with minimal embedded security solution. To mitigate the issue in IoT devices, fingerprint (DFP) for device identification can be used. DFP identifies a device by using implicit identifiers, such as network traffic (or packets), radio signal, which a device used for its communication over the network. These identifiers are closely related to the device hardware and software features. In this paper, we exploit TCP/IP packet header features to create a device fingerprint utilizing device originated network packets. We present a set of three metrics which separate some features from a packet which contribute actively for device identification. To evaluate our approach, we used publicly accessible two datasets. We observed the accuracy of device genre classification 99.37% and 83.35% of accuracy in the identification of an individual device from IoT Sentinel dataset. However, using UNSW dataset device type identification accuracy reached up to 97.78%.

Related papers

• Communication Traffic Characteristics Reveal an IoT Devices Identity [0.0]
  This paper proposes a machine learning-based device fingerprinting (DFP) model for identifying network-connected IoT devices. Experimental results have shown that the proposed DFP method achieves over 98% in classifying individual IoT devices.
  arXiv  Detail & Related papers  (2024-02-25T18:58:09Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• IoTScent: Enhancing Forensic Capabilities in Internet of Things Gateways [45.44831696628473]
  This paper presents IoTScent, an open-source forensic tool that enables IoT gateways and Home Automation platforms to perform IoT traffic capture and analysis. IoTScent is specifically designed to operate over IEEE5.4-based traffic, which is the basis for many IoT-specific protocols such as Zigbee, 6LoWPAN and Thread. This work provides a comprehensive description of the IoTScent tool, including a practical use case that demonstrates the use of the tool to perform device identification from Zigbee traffic.
  arXiv  Detail & Related papers  (2023-10-05T09:10:05Z)
• IoT Device Identification Based on Network Communication Analysis Using Deep Learning [43.0717346071013]
  The risk of attacks on an organization's network has increased due to the growing use of less secure IoT devices. To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the network. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network.
  arXiv  Detail & Related papers  (2023-03-02T13:44:58Z)
• Internet of Things: Digital Footprints Carry A Device Identity [0.0]
  Device fingerprinting (DFP) model is able to distinguish between Internet of Things (IoT) and non-IoT devices. Four statistical features have been extracted from the consecutive five device-originated packets, to generate individual device fingerprints.
  arXiv  Detail & Related papers  (2023-01-01T02:18:02Z)
• Device identification using optimized digital footprints [0.0]
  A device fingerprinting (DFP) method has been proposed for device identification, based on digital footprints, which devices use for communication over a network. A subset of nine features have been selected from the network and transport layers of a single transmission control protocol/internet protocol packet to generate device-specific signatures. Results have shown that the method is able to distinguish device type with up to 100% precision using the random forest (RF) classifier, and classify individual devices with up to 95.7% precision.
  arXiv  Detail & Related papers  (2022-12-04T14:21:29Z)
• CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an In-Vehicle CAN Bus Based on Deep Features of Voltage Signals [48.813942331065206]
  We propose a security hardening system for in-vehicle networks. The proposed system includes two mechanisms that process deep features extracted from voltage signals measured on the CAN bus.
  arXiv  Detail & Related papers  (2021-06-15T06:12:33Z)
• Federated Learning-based Active Authentication on Mobile Devices [98.23904302910022]
  User active authentication on mobile devices aims to learn a model that can correctly recognize the enrolled user based on device sensor information. We propose a novel user active authentication training, termed as Federated Active Authentication (FAA) We show that existing FL/SL methods are suboptimal for FAA as they rely on the data to be distributed homogeneously.
  arXiv  Detail & Related papers  (2021-04-14T22:59:08Z)
• IoT Device Identification Using Deep Learning [43.0717346071013]
  The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
  arXiv  Detail & Related papers  (2020-02-25T12:24:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.