Fig 11 - available via license: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Content may be subject to copyright.
Source publication
As the Internet of Things (IoT) is rapidly expanding, a huge variety of devices is being connected to the Internet. Device management is becoming an important topic for IoT. Especially for using devices properly and securely, it is necessary to visualize what types of devices are in the network. However, most conventional device identification meth...
Citations
... Many studies have followed this approach and achieved high accuracy. Recent studies have extracted packet header fields or network layer features of IoT devices for device identification [11][12][13][14]. However, the network layer characteristics of many IoT devices exhibit consistency in patterns. ...
The Internet of Things (IoT) is rapidly transforming our lives and work, enabling a wide range of emerging services and applications. However, as the scale of the IoT expands, its security issues are becoming increasingly prominent. Malicious actors can exploit vulnerabilities in IoT devices to launch attacks. Protecting the IoT begins with device identification. Identified devices can have corresponding protective measures selected based on the information, thereby enhancing network security. In this study, we propose a dual-machine-learning-based IoT device identification algorithm, Dual-IoTID, which identifies devices based on the payload of IoT device sessions. In contrast to existing methods that rely on extracting header fields or network layer features, our approach attempts to obtain identification information from session payloads. Dual-IoTID first extracts frequent items from sessions and uses a first-layer classifier to obtain a confidence matrix for initial classification. Then, the confidence matrix, along with extracted session communication features, is fed into a second-layer classifier for IoT device identification. Our proposed method is applicable to any IoT device, and it is also suitable for networks with NAT enabled. Experimental results demonstrate that Dual-IoTID has higher accuracy than existing methods, achieving 99.48% accuracy in the UNSW dataset and accurately identifying IoT devices even in environments containing non-IoT devices.
... In particular for IoT devices, IoT device types are not specified in SIM and depend on users' inputs. In the latter approach, several works have presented traffic analysis-based ways in IoT-only networks, which can be further categorized into two sub-classes: to analyze traffic contents [6,7]; and to analyze only traffic behavior such as packet headers and statistics on the basis of encrypted traffic [8][9][10]. However, due to privacy-related laws that network operators must follow, network operators need to take a device classification approach without the contents of traffic. ...
... Behavior Classification Source device [6] [ 8,9] objectives Device type [7] [10], Proposed beyond 5G and 6G eras, various devices such as mobile phones and tablets as well as IoT devices are connected to networks. Therefore, network operators need a method to classify traffic into device types. ...
... However, network operators generally cannot see packet payloads. H. Noguchi et al. studied a method of device identification that identifies the model of devices by analyzing traffic feature similarities [8]. This method may not identify devices in networks where the connected devices and their traffic continuously change because the rules of the similarity threshold to identify devices as the same device defined in the database change. ...
In the beyond 5G and 6G networks, the number of connected devices and their types will greatly increase including not only user devices such as smartphones but also the Internet of Things (IoT). Moreover, Non-terrestrial networks (NTN) introduce dynamic changes in the types of connected devices as base stations or access points are moving objects. Therefore, continuous network capacity design is required to fulfill the network requirements of each device. However, continuous optimization of network capacity design for each device within a short time span becomes difficult because of the heavy calculation amount. We introduce device types as groups of devices whose traffic characteristics resemble and optimize network capacity per device type for efficient network capacity design. This paper proposes a method to classify device types by analyzing only encrypted traffic behavior without using payload and packets of specific protocols. In the first stage, general device types, such as IoT and non-IoT, are classified by analyzing packet header statistics using machine learning. Then, in the second stage, connected devices classified as IoT in the first stage are classified into IoT device types, by analyzing a time series of traffic behavior using deep learning. We demonstrate that the proposed method classifies device types by analyzing traffic datasets and outperforms the existing IoT-only device classification methods in terms of the number of types and the accuracy. In addition, the proposed model performs comparable as a state-of-the-art model of traffic classification, ResNet 1D model. The proposed method is suitable to grasp device types in terms of traffic characteristics toward efficient network capacity design in networks where massive devices for various services are connected and the connected devices continuously change.
... However, they generally require a large number of packets information to be effective in generating fingerprints; requiring packet information from either a large N number of traffic [1,23,24,26] or packets [17] , or a large number of packets within a long period of time [25]. Since IoT devices are specific-purpose devices [23,29] , and commonly, generate relatively less traffic as compared to general-purpose non-IoT devices [1,23] , a more efficient DFP method is required. In this paper, communication network traffic traces from both device types are analyzed, to identify device-specific features from a small number of packets to design an efficient DFP model. ...
In the cyberspace, device identification has become one of the most important factors in improving security of a network, containing both Internet of Things (IoT) and non-IoT devices. Resource-constraint IoT devices are generally more vulnerable than non-IoT devices, to different kinds of security threats, including Mirai botnet and spoofing attacks. In this paper, a device fingerprinting (DFP) scheme has been proposed based on the analysis of network traffic characteristics. Four statistical features from two device-specific features have been selected using statistical assessment to generate DFP for classification task using a supervised machine learning Random Forest classifier. Experimental results have shown that the proposed DFP scheme is able to classify device type with 99.81% accuracy on the public UNSW dataset, whilst accuracies of 99.50% and 97.10% have been reported for the identification of individual IoT and non-IoT devices, respectively. The proposed DFP scheme has also demonstrated superior performance as compared to other DFP methods in the literature, despite using less number of features and packets for DFP. These signify that the proposed DFP scheme can be used as a network security reinforcement tool in a heterogeneous network environment.
... We have observed some important issues. Firstly, although some current IoT research may share almost similar contributions, such as identifying the type and behavior of an IoT device [14] or understanding its fingerprint [15], methods used in analyzing and extracting features from IoT traffic differ, depending on the specific goal of the research. Secondly, we have found that not all IoT researchers have the same level of knowledge about IoT network features, such as their significance, usage, purpose, or weight, which can have a negative impact on their research outcomes. ...
... Despite this, researchers still spend significant time and effort extracting IoT network features and understanding their importance in order to identify features that suit their research. Finally, we have noticed that many IoT researchers tend to focus on particular features rather than taking a comprehensive approach to identifying the usage and importance of each feature [15,16]. ...
... For example, the main objective of extracting IoT features in [15] is to identify the type and model of IoT devices. The authors profiled the devices based on the communication pattern of each device by adopting the header information extracted from their network packets. ...
The Internet of Things (IoT) is an emerging technology that attracted considerable attention in the last decade to become one of the most researched topics in computer science studies. This research aims to develop a benchmark framework for a public multi-task IoT traffic analyzer tool that holistically extracts network traffic features from an IoT device in a smart home environment that researchers in various IoT industries can implement to collect information about IoT network behavior. A custom testbed with four IoT devices is created to collect real-time network traffic data based on seventeen comprehensive scenarios of these devices’ possible interactions. The output data is fed into the IoT traffic analyzer tool for both flow and packet levels analysis to extract all possible features. Such features are ultimately classified into five categories: IoT device type, IoT device behavior, Human interaction type, IoT behavior within the network, and Abnormal behavior. The tool is then evaluated by 20 users considering three variables: usefulness, accuracy of information being extracted, performance and usability. Users in three groups were highly satisfied with the interface and ease of use of the tool, with scores ranging from 90.5% to 93.8% and with an average score between 4.52 and 4.69 with a low standard deviation range, indicating that most of the data revolve around the mean
... Device identification refers to as the process of seeking distinct characteristics or features that can identify and discriminate devices [1]. Most of the prior work have utilized network layer features of IoT devices for their device identification [6,8,9]. However, network layer features show constancy in their pattern as compared to application layer features which are distinct and unique in nature. ...
... Network layer feature used in this model is inter arrival time of packets and this model have gained an accuracy rate of 86.7%. Additionally, in [6], researchers have done device identification on the basis of communication analysis of IoT. In their research, they have considered network layer features for device identification which are packet length between specific time intervals, burst time occurrence, single header information, stats between each time interval, presence or absence of the burst of the communication packet and change of port number. ...
The wide adoption of Internet of Things (IoT) in
traditional networks and critical infrastructures has brought
many advantages. At the same time, insecure IoT devices provide
a loophole in existing infrastructure that miscreants can exploit.
Mirai incident is a well-known example, where attackers
exploited the internet using IoT devices. Hence, a quick, accurate
and energy-efficient IoT device identification mechanism is
required to cope with these emerging challenges. In this research,
we have proposed a generic set of application layer features for
IoT device identification. To show the effectiveness of proposed
generic application layer features we have compared them with
network layer features using machine learning models and IoT
devices traces. Previously most of the work was done on network
layer features. However, for IoT devices network layer features
show constancy in their pattern as compared to application layer
features which are distinct and unique in nature. As a
consequence, large number of network layer features are
required for identification of devices causing use of higher
prediction time, computational and feature extraction cost. We
have also developed the first available open-source application
layer feature extractor tool. Researchers can utilize this tool for
acquiring application layer datasets and utilize them in different
research domains.
... Another framework was proposed to identify the IoT devices based on their communication patterns. 24 The conducted experiments using the traffic generated by different network cameras show the effectiveness of the proposed identification scheme. ...
Network security is a key challenge for the deployment of Internet of Things (IoT). New attacks have been developed to exploit the vulnerabilities of IoT devices. Moreover, IoT immense scale will amplify traditional network attacks. Machine learning has been extensively applied for traffic classification and intrusion detection. In this paper, we propose a framework, specifically for IoT devices identification and malicious traffic detection. Pushing the intelligence to the network edge, this framework extracts features per network flow to identify the source, the type of the generated traffic, and to detect network attacks. Different machine learning algorithms are compared with random forest, which gives the best results: Up to 94.5% accuracy for device‐type identification, up to 93.5% accuracy for traffic‐type classification, and up to 97% accuracy for abnormal traffic detection. In this paper, we propose a framework for IoT device identification and attack traffic detection. Pushing the intelligence to the network edge, this framework extracts features per network flow to identify the source, the type of the generated traffic, and to detect network attacks. Different machine learning algorithms are compared with random forest, which gives the best results.
... In future research, we intend to develop an algorithm that can determine the optimal DC and number of receiving nodes that can effectively reduce data latency with minimal energy through deep learning [18][19][20]. We also plan to improve it to the point of being a preemption MAC that can be applied in real time in the real-world IoT [21][22][23] environment. ...
This paper proposes a new duty-cycle-based protocol for transmitting emergent data with high priority and low latency in a sensor network environment. To reduce power consumption, the duty cycle protocol is divided into a listen section and a sleep section, and data can only be received when the receiving node is in the listen section. In this paper, high-priority transmission preempts low-priority transmission by distinguishing between high-priority preamble and low-priority preamble. However, even when a high priority transmission preempts a low priority transmission such that the high priority transmission is received first, if the sleep period is very long, the delay may be large. To solve this problem, the high priority short preamble and high priority data reduce receiver sensitivity and increase coverage through repeated transmission. If there are several receiving nodes within a wide coverage, the receiving node that wakes up first can receive the transmission, thus reducing the delay. The delay can also be further reduced by alternately reducing the sleep cycle of one node among the receiving nodes that can receive it. This paper shows that emergent data can be transmitted effectively and reliably by reducing the delay of high-priority data to a minimum through the use of preemption, coverage extension, and an asymmetric sleep cycle.
... Equipment such as cameras and factory-used devices can be detected by their communication behavior [18]. By studying network flow delivered and received, Qusay, et al. [19] chooses To experiment with a smart home network, a dataset modified from Pcap files was developed to generate network traffic statistics. ...
... Header information has been adopted extensively for device identification methods in the literature. A device identification technique has been proposed for the identification of the device model and type based on header information's similarity calculation and this method is built for factory-used devices and network cameras by relying on general communication information [20]. Another method employs device fingerprinting for authentication and identification purposes by training an ML method based on extracted features from the network traffic for the detection of similar types of devices [21]. ...
In an Internet of Things (IoT) environment, a large volume of potentially confidential
data might be leaked from sensors installed everywhere. To ensure the authenticity of such sensitive data, it is important to initially verify the source of data and its identity. Practically, IoT device identification is the primary step toward a secure IoT system. An appropriate device identification approach can counteract malicious activities such as sending false data that trigger irreparable security issues in vital or emergency situations. Recent research indicates that primary identity metrics such as Internet Protocol (IP) or Media Access Control (MAC) addresses are insufficient due to their instability or easy accessibility. Thus, to identify an IoT device, analysis of the header information of
packets by the sensors is of imperative consideration. This paper proposes a combination of sensor measurement and statistical feature sets in addition to a header feature set using a classification-based device identification framework. Various machine Learning algorithms have been adopted to identify different combinations of these feature sets to provide enhanced security in IoT devices. The proposed method has been evaluated through normal and under-attack circumstances by collecting real-time data from IoT devices connected in a lab setting to show the system robustness.
... Noguchi et al. [21] use profiles generated from communication pattern of each device and subsequently compare these with collected communication patterns from unknown devices in real-time to identify device type. For comparison, they use a simple euclidean distance-based metric. ...
Abstract With the proliferation of IoT devices, network management and security monitoring are becoming a challenge. For the timely detection of IoT device status and their behaviour, traffic classification methods are used. Herein, IoTHunter, a Deep Packet Inspection based IoT traffic classifier, is described. It extracts unique keywords comprising domain names, device names etc. to identify flows belonging to a particular device. IoTHunter automates the keyword extraction using the frequency of occurrence of words belonging to flows of different devices. To further enhance the performance, IoTHunter combines device specific keywords with MAC address of device for subsequent flow labelling. A publicly available IoT dataset is experimented and a good classification accuracy of it over a range of IoT devices is demonstrated.
