Abstract
The explosive growth of the Internet of Things (IoT) has enabled a wide range of new applications and services. Meanwhile, the massive scale and enormous heterogeneity (e.g., in device vendors and types) of IoT raise challenges in efficient network/device management, application QoS-aware provisioning, and security and privacy. Automated and accurate IoT device fingerprinting is a prerequisite step for realizing secure, reliable, and high-quality IoT applications. In this paper, we propose a novel data-driven approach for passive fingerprinting of IoT device types through automatic classification of encrypted IoT network flows. Based on an in-depth empirical study on the traffic of real-world IoT devices, we identify a variety of valuable data features for accurately characterizing IoT device communications. By leveraging these features, we develop a deep learning based classification model for IoT device fingerprinting. Experimental results using a real-world IoT dataset demonstrate that our method can achieve \(99\%\) accuracy in IoT device-type identification.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Nmap, Network Security Scanner Tool (2012). https://nmap.org/
20 billion IoT devices by 2020 (2017). https://www.gartner.com/newsroom/id/3598917
The Transport Layer Security (TLS) Protocol Version 1.3 (2018). https://datatracker.ietf.org/doc/rfc8446/
Joy (2019). https://github.com/cisco/joy
Keras: Deep Learning for humans (2019). https://github.com/keras-team/keras
Shodan (2019). https://www.shodan.io/
Abadi, M., et al.: TensorFlow: a system for large-scale machine learning. In: OSDI, vol. 16, pp. 265–283 (2016)
Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732. ACM (2017)
Antonakakis, M., et al.: Understanding the Mirai Botnet. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1093–1110 (2017)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Brik, V., Banerjee, S., Gruteser, M., Oh, S.: Wireless device identification with radiometric signatures. In: Proceedings of the 14th ACM International Conference on Mobile Computing and Networking, pp. 116–127. ACM (2008)
Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)
Costin, A., Zaddach, J.: IoT malware: comprehensive survey, analysis framework and case studies. BlackHat USA (2018)
Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A search engine backed by internet-wide scanning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 (2015)
Feng, X., Li, Q., Wang, H., Sun, L.: Acquisitional rule-based engine for discovering internet-of-things devices. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 327–341 (2018)
Franklin, J., McCoy, D., Tabriz, P., Neagoe, V., Randwyk, J.V., Sicker, D.: Passive data link layer 802.11 wireless device driver fingerprinting. In: USENIX Security Symposium, vol. 3, pp. 16–89 (2006)
Fu, Y., Xiong, H., Lu, X., Yang, J., Chen, C.: Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans. Mob. Comput. 15(11), 2851–2864 (2016)
Koh, K., Kim, S.J., Boyd, S.: An interior-point method for large-scale l1-regularized logistic regression. J. Mach. Learn. Res. 8(Jul), 1519–1555 (2007)
Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. IEEE Trans. Dependable Secure Comput. 2(2), 93–108 (2005)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other Botnets. Computer 50(7), 80–84 (2017)
Konečnỳ, J., McMahan, H.B., Yu, F.X., Richtárik, P., Suresh, A.T., Bacon, D.: Federated learning: strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492 (2016)
Maiti, R.R., Siby, S., Sridharan, R., Tippenhauer, N.O.: Link-layer device type classification on encrypted wireless traffic with COTS radios. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 247–264. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_14
Maurice, C., Onno, S., Neumann, C., Heen, O., Francillon, A.: Improving 802.11 fingerprinting of similar devices by cooperative fingerprinting. In: 2013 International Conference on Security and Cryptography (SECRYPT), pp. 1–8. IEEE (2013)
Meidan, Y., et al.: Detection of unauthorized IoT devices using machine learning techniques. arXiv preprint arXiv:1709.04647 (2017)
Merino, B.: Instant Traffic Analysis with Tshark How-to. Packt Publishing Ltd (2013)
Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.R., Tarkoma, S.: IoT sentinel: automated device-type identification for security enforcement in IoT. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2177–2184. IEEE (2017)
Nguyen, T.D., Marchal, S., Miettinen, M., Dang, M.H., Asokan, N., Sadeghi, A.R.: DIoT: a crowdsourced self-learning approach for detecting compromised IoT devices. arXiv preprint arXiv:1804.07474 (2018)
Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2011)
Radhakrishnan, S.V., Uluagac, A.S., Beyah, R.: GTID: a technique for physical deviceanddevice type fingerprinting. IEEE Trans. Dependable Secure Comput. 12(5), 519–532 (2015)
Shamsi, Z., Nandwani, A., Leonard, D., Loguinov, D.: Hershel: single-packet OS fingerprinting. IEEE/ACM Trans. Network. 24(4), 2196–2209 (2016)
Shamsi, Z., Cline, D.B., Loguinov, D.: Faulds: a non-parametric iterative classifier for internet-wide OS fingerprinting. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 (2017)
Sivanathan, A., et al.: Characterizing and classifying IoT traffic in smart cities and campuses. In: 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)
Sugiyama, Y., Goto, K.: Design and implementation of a network emulator using virtual network stack. In: 7th International Symposium on Operations Research and Its Applications (ISORA 2008), pp. 351–358 (2008)
Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63–78 (2018)
Zalewski, M.: p0f v3 (2012). http://lcamtuf.coredump.cx/p0f3/
Zarpelao, B.B., Miani, R.S., Kawakani, C.T., de Alvarenga, S.C.: A survey of intrusion detection in internet of things. J. Netw. Comput. Appl. 84, 25–37 (2017)
Acknowledgment
This work is partially supported by the U.S. ONR grants N00014-16-1-3214, N00014-16-1-3216, and N00014-18-2893 and U.S. ARO grant W911NF-17-1-0447.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Sun, J., Sun, K., Shenefiel, C. (2019). Automated IoT Device Fingerprinting Through Encrypted Stream Classification. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 304. Springer, Cham. https://doi.org/10.1007/978-3-030-37228-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-37228-6_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37227-9
Online ISBN: 978-3-030-37228-6
eBook Packages: Computer ScienceComputer Science (R0)