Network traffic analysis based iot device identification
Published in Proceedings of the 2020 the 4th International Conference on Big Data and Internet of Things, 2020
Recommended citation: Rajarshi Chowdhury, Sandhya Aneja, Nagender Aneja, Emeroylariffion Abas "Network traffic analysis based iot device identification." Proceedings of the 2020 the 4th International Conference on Big Data and Internet of Things, 2020. pp. 79--89 doi: 10.1145/3421537.3421545 https://dl.acm.org/doi/10.1145/3421537.3421545
(Conference Publication)
Abstract: Device identification is identifying a device on the Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a wide variety of devices, protocols and control interfaces. In a network, conventional IoT devices identify each other by utilizing IP or MAC addresses, which are prone to spoofing. Moreover, IoT devices are low-power devices with minimal embedded security solutions. To mitigate the issue in IoT devices, fingerprint (DFP) for device identification can be used. DFP identifies a device using implicit identifiers, such as network traffic (or packets) and radio signals, which a device uses to communicate over the network. These identifiers are closely related to the device’s hardware and software features. In this paper, we exploit TCP/IP packet header features to create a device fingerprint utilizing device-originated network packets. We present a set of three metrics that separate some features from a packet that contribute actively to device identification. To evaluate our approach, we used two publicly accessible datasets. We observed the accuracy of device genre classification of 99.37% and 83.35% in identifying an individual device from the IoT Sentinel dataset. However, using the UNSW dataset, device type identification accuracy reached 97.78%.