Abstract
Internet-of-Things (IoT) device-type fingerprinting is the process of identification of the specific type of an IoT device based on its characteristics, such as network behavior. Such fingerprinting can be used to detect anomalous behavior of the device, or even predict its behavior should it get compromised. The typical approach to fingerprint an IoT device-type is by collecting a significant number of short network trace samples from these devices when it performs various activities and use machine learning on these samples to construct the fingerprint. There are several challenges to this approach. The first challenge is identifying the exact set of packets that correspond to the observed device-type behavior when it is performing some activity. The second challenge is that a single organization may not have enough data corresponding to all possible activities of the IoT device. We propose techniques to overcome the above mentioned challenges. First, to enhance device-type fingerprinting from small data sets, we designed a sliding-window based packet analysis behavioral model that provides improved data coverage associated with the activities of the tasks. Second, to get a model of the network behavior for the different activities of IoT devices deployed at various organizations, we use distributed deep-learning model so as to protect the privacy and confidentiality of the data. Finally, we alleviate the issue of data shortage by supplementing the training data with synthetic data generated using an Adversarial Autoencoder (AAE) neural network. We evaluated our approach using three different sets of experiments using a small set of representative devices. We estimate the best sliding window size for modeling device behavior by comparing the distributed learning performance over a range of window sizes. For our distributed approach, we achieve fingerprinting accuracy in the range of 94–99%, which is an improvement over the centralized approach for the same data sets and experiments. We demonstrate accuracy of \(97\%\), on-par with state-of-the-art fingerprinting approaches, when using synthetic training data generated by our AAE. We note that, this is the first such method of fingerprinting device-types in a collaborative privacy preserving manner while alleviating small data sets.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Krebs, B.: Mirai IoT botnet co-authors plead guilty? Krebs on security, November 2017
Acar, A., et al.: Peek-a-boo: i see your smart home activities, even encrypted! In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 207–218 (2020)
OConnor, T.J., Mohamed, R., Miettinen, M., Enck, W., Reaves, B., Sadeghi, A.-R.: HomeSnitch: behavior transparency and control for smart home IoT devices. In: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, pp. 128–138 (2019)
Bai, L., Yao, L., Kanhere, S.S., Wang, X., Yang, Z.: Automatic device classification from network traffic streams of Internet of Things. In: 2018 IEEE 43rd Conference on Local Computer Networks (LCN), pp. 1–9. IEEE (2018)
Sivanathan, A., et al.: Classifying IoT devices in smart environments using network traffic characteristics. IEEE Trans. Mob. Comput. 18(8), 1745–1759 (2018)
Dong, S., Li, Z., Tang, D., Chen, J., Sun, M., Zhang, K.: Your smart home can’t keep a secret: towards automated fingerprinting of IoT traffic. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 47–59 (2020)
Perdisci, R., Papastergiou, T., Alrawi, O., Antonakakis, M.: IoTFinder: efficient large-scale identification of IoT devices via passive DNS traffic analysis. In: 2020 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 474–489. IEEE (2020)
Ahmed, D., Das, A., Zaffar, F.: Analyzing the feasibility and generalizability of fingerprinting Internet of Things devices. Proc. Priv. Enhancing Technol. 2, 2022 (2022)
Sharma, R.A., Soltanaghaei, E., Rowe, A., Sekar, V.: Lumos: identifying and localizing diverse hidden \(\{\)IoT\(\}\) devices in an unfamiliar environment. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 1095–1112 (2022)
Franklin, J., McCoy, D.: Passive data link layer 802.11 wireless device driver fingerprinting. In: Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, 31 July–4 August 2006
Pang, J., Greenstein, B., Gummadi, R., Seshan, S., Wetherall, D.: 802.11 user fingerprinting. In: Proceedings of the 13th ACM MOBICOM, pp. 99–110. ACM (2007)
François, J., Abdelnur, H.J., State, R., Festor, O.: Automated behavioral fingerprinting. In: Proceedings of the 12th RAID Symposium, pp. 182–201 (2009)
Arackaparambil, C., Bratus, S., Shubina, A., Kotz, D.: On the reliability of wireless fingerprinting using clock skews. In: Proceedings of the Third ACM WiSec, pp. 169–174, New York, NY, USA. ACM (2010)
Kurtz, A., Gascon, H., Becker, T., Rieck, K., Freiling, F.: Fingerprinting mobile devices using personalized configurations. Proc. Priv. Enhancing Technol. 1, 4–19 (2016)
Martin, A., Doddington, G., Kamm, T., Ordowski, M., Przybocki, M.: The DET curve in assessment of detection task performance. Technical report, National Institute of Standards and Technology Gaithersburg MD (1997)
Lippmann, R., Fried, D., Piwowarski, K., Streilein, W.: Passive operating system identification from TCP/IP packet headers. In: Workshop on Data Mining for Computer Security, p. 40 (2003)
Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. IEEE Trans. Dependable Secure Comput. 2(2), 93–108 (2005)
Brik, V., Banerjee, S., Gruteser, M., Oh, S.: Wireless device identification with radiometric signatures. In: Proceedings of the 14th ACM MOBICOM, pp. 116–127. ACM (2008)
Jana, S., Kasera, S.K.: On fast and accurate detection of unauthorized wireless access points using clock skews. IEEE Trans. Mobile Comput. 9(3), 449–462 (2010)
Radhakrishnan, S.V., Uluagac, A.S., Beyah, R.A.: GTID: a technique for physical device and device type fingerprinting. IEEE Trans. Dependable Secure Comput. 12(5), 519–532 (2015)
Formby, D., Srinivasan, P., Leonard, A., Rogers, J., Beyah, R.A.: Who’s in control of your control system? Device fingerprinting for cyber-physical systems. In: 23rd Annual ISOC NDSS (2016)
Van Goethem, T., Scheepers, W., Preuveneers, D., Joosen, W.: Accelerometer-based device fingerprinting for multi-factor mobile authentication. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 106–121. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30806-7_7
François, J., Abdelnur, H.J., State, R., Festor, O.: Machine learning techniques for passive network inventory. IEEE Trans. Netw. Serv. Manage. 7(4), 244–257 (2010)
Gao, K., Corbett, C., Beyah, R.: A passive approach to wireless device fingerprinting. In: Proceedings of IEEE/IFIP DSN, pp. 383–392. IEEE (2010)
Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.-R., Tarkoma, S.: IoT SENTINEL: automated device-type identification for security enforcement in IoT. In: Proceedings of 37th IEEE ICDCS, pp. 2177–2184 (2017)
Siby, S., Maiti, R.R., Tippenhauer, N.: IoTScanner: detecting and classifying privacy threats in IoT neighborhoods. arXiv preprint arXiv:1701.05007 (2017)
Bezawada, B., Bachani, M., Peterson, J., Shirazi, H., Ray, I., Ray, I.: Behavioral fingerprinting of IoT devices. In: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, ASHES CCS 2018, Toronto, ON, Canada, 19 October 2018, pp. 41–50. ACM (2018)
Shokri, R., Shmatikov, V.: Privacy-preserving deep learning. In: 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 909–910 (2015)
McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, AISTATS 2017, 20–22 April 2017, Fort Lauderdale, FL, USA, vol. 54, pp. 1273–1282. PMLR (2017)
Gupta, O., Raskar, R.: Distributed learning of deep neural network over multiple agents. J. Netw. Comput. Appl. 116, 1–8 (2018)
Lévy, D., Jain, A.: Breast mass classification from mammograms using deep convolutional neural networks. CoRR, abs/1612.00542 (2016)
Vepakomma, P., Gupta, O., Swedish, T., Raskar, R.: Split learning for health: distributed deep learning without sharing raw patient data. CoRR, abs/1812.00564 (2018)
Vepakomma, P., Raskar, R.: Split learning: a resource efficient model and data parallel approach for distributed deep learning. In: Ludwig, H., Baracaldo, N. (eds.) Federated Learning - A Comprehensive Overview of Methods and Applications, pp. 439–451. Springer, Cham (2022)
Niyaz, Q., Sun, W., Javaid, A.Y.: A deep learning based DDoS detection system in software-defined networking (SDN). EAI Endorsed Trans. Secur. Saf. 4(12), 12 (2017)
Deval, S.K., Tripathi, M., Bezawada, B., Ray, I.: “X-Phish: Days of Future Past”: adaptive & privacy preserving phishing detection. In: 2021 IEEE Conference on Communications and Network Security (CNS), pp. 227–235 (2021)
Phong, L.T., Phuong, T.T.: Privacy-preserving deep learning via weight transmission. IEEE Trans. Inf. Forensics Secur. 14(11), 3003–3015 (2019)
Wang, H., Eklund, D., Oprea, A., Raza, S.: FL4IoT: IoT device fingerprinting and identification using federated learning. ACM Trans. Internet Things 4, 1–24 (2023)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. In: 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, 7–9 May 2015, Conference Track Proceedings (2015)
Makhzani, A., Shlens, J., Jaitly, N., Goodfellow, I., Frey, B.: Adversarial autoencoders. arXiv preprint arXiv:1511.05644 (2015)
Acknowledgement
This work has been partially supported by funding from the NIST under award number 60NANB18D204, from NSF under award numbers DMS 2123761, CNS 2027750, CNS 1822118 and from the member partner of the NSF IUCRC Center for Cybersecurity Analytics and Automation – Statnett, Cyber Risk Research, AMI, NewPush, and ARL.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bar-on, M., Bezawada, B., Ray, I., Ray, I. (2024). A Small World–Privacy Preserving IoT Device-Type Fingerprinting with Small Datasets. In: Mosbah, M., Sèdes, F., Tawbi, N., Ahmed, T., Boulahia-Cuppens, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2023. Lecture Notes in Computer Science, vol 14551. Springer, Cham. https://doi.org/10.1007/978-3-031-57537-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-57537-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57536-5
Online ISBN: 978-3-031-57537-2
eBook Packages: Computer ScienceComputer Science (R0)