IoT device identification via network-flow based fingerprinting and learning

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionResearchpeer-review

Abstract

Nowadays, increasing number of intelligent devices and smart sensors are connected by Internet of Things (IoT) techniques, and have helped people to manage and improve their lives. However, security issues are emerging in IoT, among which things identification is one of the challenges in that various solutions of different vendors, standards, protocols and communities groups coexist. In this paper, we address the challenge of IoT device identification by analyzing a sequence of packets from its high-level network traffic, i.e., network-flow data and extract unique flow-based features to create a fingerprint for each device. We adopt supervised machine learning techniques for the identification task. The proposed approach can automatically identify white-listed device types and individual device instances connected to a network. Moreover, we propose a security system model design that enables enforcement of rules for constraining the IoT device communications as per their given privileges. Unknown or suspicious devices with abnormal behaviour can be identified, and their communication is restricted for further monitoring. We show that the presented approach is effective in identifying white-listed device types with average accuracy up to 90.3% which is a 9.3% increase compared with the state-of-the-art technique. Individual device instances having the same model and vendor as well as unknown devices are correctly identified with minimal performance overhead.

LanguageEnglish
Title of host publicationProceedings of 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019
Place of PublicationLos Alamitos, CA
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages103-111
Number of pages9
ISBN (Electronic)9781728127767
DOIs
Publication statusPublished - 1 Aug 2019
Event18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019 - Rotorua, New Zealand
Duration: 5 Aug 20198 Aug 2019

Conference

Conference18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019
CountryNew Zealand
CityRotorua
Period5/08/198/08/19

Fingerprint

Smart sensors
Communication
Security systems
Learning systems
Identification (control systems)
Network protocols
Internet of things
Network flow
Monitoring
Vendors
Security issues
Sensor
Machine learning
System model
Enforcement

Keywords

  • Automatic IoT Authentication
  • Fingerprinting
  • IoT Identification
  • IoT Security
  • Machine Learning

Cite this

Hamad, S. A., Zhang, W. E., Sheng, Q. Z., & Nepal, S. (2019). IoT device identification via network-flow based fingerprinting and learning. In Proceedings of 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019 (pp. 103-111). Los Alamitos, CA: Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/TrustCom/BigDataSE.2019.00023
Hamad, Salma Abdalla ; Zhang, Wei Emma ; Sheng, Quan Z. ; Nepal, Surya. / IoT device identification via network-flow based fingerprinting and learning. Proceedings of 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019. Los Alamitos, CA : Institute of Electrical and Electronics Engineers (IEEE), 2019. pp. 103-111
@inproceedings{8c66fc0de68d4858af7d3d0b606a6d50,
title = "IoT device identification via network-flow based fingerprinting and learning",
abstract = "Nowadays, increasing number of intelligent devices and smart sensors are connected by Internet of Things (IoT) techniques, and have helped people to manage and improve their lives. However, security issues are emerging in IoT, among which things identification is one of the challenges in that various solutions of different vendors, standards, protocols and communities groups coexist. In this paper, we address the challenge of IoT device identification by analyzing a sequence of packets from its high-level network traffic, i.e., network-flow data and extract unique flow-based features to create a fingerprint for each device. We adopt supervised machine learning techniques for the identification task. The proposed approach can automatically identify white-listed device types and individual device instances connected to a network. Moreover, we propose a security system model design that enables enforcement of rules for constraining the IoT device communications as per their given privileges. Unknown or suspicious devices with abnormal behaviour can be identified, and their communication is restricted for further monitoring. We show that the presented approach is effective in identifying white-listed device types with average accuracy up to 90.3{\%} which is a 9.3{\%} increase compared with the state-of-the-art technique. Individual device instances having the same model and vendor as well as unknown devices are correctly identified with minimal performance overhead.",
keywords = "Automatic IoT Authentication, Fingerprinting, IoT Identification, IoT Security, Machine Learning",
author = "Hamad, {Salma Abdalla} and Zhang, {Wei Emma} and Sheng, {Quan Z.} and Surya Nepal",
year = "2019",
month = "8",
day = "1",
doi = "10.1109/TrustCom/BigDataSE.2019.00023",
language = "English",
pages = "103--111",
booktitle = "Proceedings of 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019",
publisher = "Institute of Electrical and Electronics Engineers (IEEE)",
address = "United States",

}

Hamad, SA, Zhang, WE, Sheng, QZ & Nepal, S 2019, IoT device identification via network-flow based fingerprinting and learning. in Proceedings of 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019. Institute of Electrical and Electronics Engineers (IEEE), Los Alamitos, CA, pp. 103-111, 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019, Rotorua, New Zealand, 5/08/19. https://doi.org/10.1109/TrustCom/BigDataSE.2019.00023

IoT device identification via network-flow based fingerprinting and learning. / Hamad, Salma Abdalla; Zhang, Wei Emma; Sheng, Quan Z.; Nepal, Surya.

Proceedings of 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019. Los Alamitos, CA : Institute of Electrical and Electronics Engineers (IEEE), 2019. p. 103-111.

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionResearchpeer-review

TY - GEN

T1 - IoT device identification via network-flow based fingerprinting and learning

AU - Hamad, Salma Abdalla

AU - Zhang, Wei Emma

AU - Sheng, Quan Z.

AU - Nepal, Surya

PY - 2019/8/1

Y1 - 2019/8/1

N2 - Nowadays, increasing number of intelligent devices and smart sensors are connected by Internet of Things (IoT) techniques, and have helped people to manage and improve their lives. However, security issues are emerging in IoT, among which things identification is one of the challenges in that various solutions of different vendors, standards, protocols and communities groups coexist. In this paper, we address the challenge of IoT device identification by analyzing a sequence of packets from its high-level network traffic, i.e., network-flow data and extract unique flow-based features to create a fingerprint for each device. We adopt supervised machine learning techniques for the identification task. The proposed approach can automatically identify white-listed device types and individual device instances connected to a network. Moreover, we propose a security system model design that enables enforcement of rules for constraining the IoT device communications as per their given privileges. Unknown or suspicious devices with abnormal behaviour can be identified, and their communication is restricted for further monitoring. We show that the presented approach is effective in identifying white-listed device types with average accuracy up to 90.3% which is a 9.3% increase compared with the state-of-the-art technique. Individual device instances having the same model and vendor as well as unknown devices are correctly identified with minimal performance overhead.

AB - Nowadays, increasing number of intelligent devices and smart sensors are connected by Internet of Things (IoT) techniques, and have helped people to manage and improve their lives. However, security issues are emerging in IoT, among which things identification is one of the challenges in that various solutions of different vendors, standards, protocols and communities groups coexist. In this paper, we address the challenge of IoT device identification by analyzing a sequence of packets from its high-level network traffic, i.e., network-flow data and extract unique flow-based features to create a fingerprint for each device. We adopt supervised machine learning techniques for the identification task. The proposed approach can automatically identify white-listed device types and individual device instances connected to a network. Moreover, we propose a security system model design that enables enforcement of rules for constraining the IoT device communications as per their given privileges. Unknown or suspicious devices with abnormal behaviour can be identified, and their communication is restricted for further monitoring. We show that the presented approach is effective in identifying white-listed device types with average accuracy up to 90.3% which is a 9.3% increase compared with the state-of-the-art technique. Individual device instances having the same model and vendor as well as unknown devices are correctly identified with minimal performance overhead.

KW - Automatic IoT Authentication

KW - Fingerprinting

KW - IoT Identification

KW - IoT Security

KW - Machine Learning

UR - http://www.scopus.com/inward/record.url?scp=85075160731&partnerID=8YFLogxK

U2 - 10.1109/TrustCom/BigDataSE.2019.00023

DO - 10.1109/TrustCom/BigDataSE.2019.00023

M3 - Conference proceeding contribution

SP - 103

EP - 111

BT - Proceedings of 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Los Alamitos, CA

ER -

Hamad SA, Zhang WE, Sheng QZ, Nepal S. IoT device identification via network-flow based fingerprinting and learning. In Proceedings of 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019. Los Alamitos, CA: Institute of Electrical and Electronics Engineers (IEEE). 2019. p. 103-111 https://doi.org/10.1109/TrustCom/BigDataSE.2019.00023