DeviceRadar: Online IoT Device Fingerprinting in ISPs using Programmable Switches
- URL: http://arxiv.org/abs/2404.12738v1
- Date: Fri, 19 Apr 2024 09:31:11 GMT
- Title: DeviceRadar: Online IoT Device Fingerprinting in ISPs using Programmable Switches
- Authors: Ruoyu Li, Qing Li, Tao Lin, Qingsong Zou, Dan Zhao, Yucheng Huang, Gareth Tyson, Guorui Xie, Yong Jiang,
- Abstract summary: Device fingerprinting can be used by Internet Service Providers (ISPs) to identify vulnerable IoT devices for early prevention of threats.
This paper proposes DeviceRadar, an online IoT device fingerprinting framework that achieves accurate, real-time processing in ISPs using programmable switches.
- Score: 37.41464693677561
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Device fingerprinting can be used by Internet Service Providers (ISPs) to identify vulnerable IoT devices for early prevention of threats. However, due to the wide deployment of middleboxes in ISP networks, some important data, e.g., 5-tuples and flow statistics, are often obscured, rendering many existing approaches invalid. It is further challenged by the high-speed traffic of hundreds of terabytes per day in ISP networks. This paper proposes DeviceRadar, an online IoT device fingerprinting framework that achieves accurate, real-time processing in ISPs using programmable switches. We innovatively exploit "key packets" as a basis of fingerprints only using packet sizes and directions, which appear periodically while exhibiting differences across different IoT devices. To utilize them, we propose a packet size embedding model to discover the spatial relationships between packets. Meanwhile, we design an algorithm to extract the "key packets" of each device, and propose an approach that jointly considers the spatial relationships and the key packets to produce a neighboring key packet distribution, which can serve as a feature vector for machine learning models for inference. Last, we design a model transformation method and a feature extraction process to deploy the model on a programmable data plane within its constrained arithmetic operations and memory to achieve line-speed processing. Our experiments show that DeviceRadar can achieve state-of-the-art accuracy across 77 IoT devices with 40 Gbps throughput, and requires only 1.3% of the processing time compared to GPU-accelerated approaches.
Related papers
- Gotham Dataset 2025: A Reproducible Large-Scale IoT Network Dataset for Intrusion Detection and Security Research [2.056126049000989]
Gotham testbed is an emulated large-scale Internet of Things (IoT) network designed to provide a realistic and heterogeneous environment for network security research.
Network traffic was captured in Packetdump, and both benign and malicious traffic were recorded.
Malicious traffic was generated through scripted attacks, covering a variety of attack types, such as Denial of Service (DoS), Telnete Force, Network Scanning, CoAP Amplification, and various stages of Command and Control (C&C) communication.
The data repository includes the raw network traffic in PCAP format and the processed labelled data in CSV format.
arXiv Detail & Related papers (2025-02-05T12:51:18Z) - Edge AI-based Radio Frequency Fingerprinting for IoT Networks [0.0]
cryptography can often be resource-intensive for small-footprint resource-constrained (i.e., IoT) devices.
Radio Frequency Fingerprinting (RFF) offers a promising authentication alternative without resorting to cryptographic solutions.
We introduce two truly lightweight Edge AI-based RFF schemes tailored for resource-constrained devices.
arXiv Detail & Related papers (2024-12-13T20:55:10Z) - A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices [0.0]
Device Authentication and Key exchange are major challenges for the Internet of Things.
PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE.
We present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself.
arXiv Detail & Related papers (2023-11-07T15:42:14Z) - HeteroEdge: Addressing Asymmetry in Heterogeneous Collaborative
Autonomous Systems [1.274065448486689]
We propose a self-adaptive optimization framework for a testbed comprising two Unmanned Ground Vehicles (UGVs) and two NVIDIA Jetson devices.
This framework efficiently manages multiple tasks (storage, processing, computation, transmission, inference) on heterogeneous nodes concurrently.
It involves compressing and masking input image frames, identifying similar frames, and profiling devices to obtain boundary conditions for optimization.
arXiv Detail & Related papers (2023-05-05T02:43:16Z) - Internet of Things: Digital Footprints Carry A Device Identity [0.0]
Device fingerprinting (DFP) model is able to distinguish between Internet of Things (IoT) and non-IoT devices.
Four statistical features have been extracted from the consecutive five device-originated packets, to generate individual device fingerprints.
arXiv Detail & Related papers (2023-01-01T02:18:02Z) - Device identification using optimized digital footprints [0.0]
A device fingerprinting (DFP) method has been proposed for device identification, based on digital footprints, which devices use for communication over a network.
A subset of nine features have been selected from the network and transport layers of a single transmission control protocol/internet protocol packet to generate device-specific signatures.
Results have shown that the method is able to distinguish device type with up to 100% precision using the random forest (RF) classifier, and classify individual devices with up to 95.7% precision.
arXiv Detail & Related papers (2022-12-04T14:21:29Z) - An Adaptive Device-Edge Co-Inference Framework Based on Soft
Actor-Critic [72.35307086274912]
High-dimension parameter model and large-scale mathematical calculation restrict execution efficiency, especially for Internet of Things (IoT) devices.
We propose a new Deep Reinforcement Learning (DRL)-Soft Actor Critic for discrete (SAC-d), which generates the emphexit point, emphexit point, and emphcompressing bits by soft policy iterations.
Based on the latency and accuracy aware reward design, such an computation can well adapt to the complex environment like dynamic wireless channel and arbitrary processing, and is capable of supporting the 5G URL
arXiv Detail & Related papers (2022-01-09T09:31:50Z) - Computational Intelligence and Deep Learning for Next-Generation
Edge-Enabled Industrial IoT [51.68933585002123]
We investigate how to deploy computational intelligence and deep learning (DL) in edge-enabled industrial IoT networks.
In this paper, we propose a novel multi-exit-based federated edge learning (ME-FEEL) framework.
In particular, the proposed ME-FEEL can achieve an accuracy gain up to 32.7% in the industrial IoT networks with the severely limited resources.
arXiv Detail & Related papers (2021-10-28T08:14:57Z) - Multi-Exit Semantic Segmentation Networks [78.44441236864057]
We propose a framework for converting state-of-the-art segmentation models to MESS networks.
specially trained CNNs that employ parametrised early exits along their depth to save during inference on easier samples.
We co-optimise the number, placement and architecture of the attached segmentation heads, along with the exit policy, to adapt to the device capabilities and application-specific requirements.
arXiv Detail & Related papers (2021-06-07T11:37:03Z) - Optimizing Resource-Efficiency for Federated Edge Intelligence in IoT
Networks [96.24723959137218]
We study an edge intelligence-based IoT network in which a set of edge servers learn a shared model using federated learning (FL)
We propose a novel framework, called federated edge intelligence (FEI), that allows edge servers to evaluate the required number of data samples according to the energy cost of the IoT network.
We prove that our proposed algorithm does not cause any data leakage nor disclose any topological information of the IoT network.
arXiv Detail & Related papers (2020-11-25T12:51:59Z) - The Case for Retraining of ML Models for IoT Device Identification at
the Edge [0.026215338446228163]
We show how to identify IoT devices based on their network behavior using resources available at the edge of the network.
It is possible to achieve device identification and categorization with over 80% and 90% accuracy respectively at the edge.
arXiv Detail & Related papers (2020-11-17T13:01:04Z) - Taurus: A Data Plane Architecture for Per-Packet ML [59.1343317736213]
We present the design and implementation of Taurus, a data plane for line-rate inference.
Our evaluation of a Taurus switch ASIC shows that Taurus operates orders of magnitude faster than a server-based control plane.
arXiv Detail & Related papers (2020-02-12T09:18:36Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.