Skip to main content

Advertisement

Springer Nature Link
Log in

Identifying SH-IoT devices from network traffic characteristics using random forest classifier

  • Original Paper
  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

In the cyberspace, device identification has become one of the most important factors in improving security of a network, containing both Internet of Things (IoT) and non-IoT devices. Resource-constraint IoT devices are generally more vulnerable than non-IoT devices, to different kinds of security threats, including Mirai botnet and spoofing attacks. In this paper, a device fingerprinting (DFP) scheme has been proposed based on the analysis of network traffic characteristics. Four statistical features from two device-specific features have been selected using statistical assessment to generate DFP for classification task using a supervised machine learning Random Forest classifier. Experimental results have shown that the proposed DFP scheme is able to classify device type with 99.81% accuracy on the public UNSW dataset, whilst accuracies of 99.50% and 97.10% have been reported for the identification of individual IoT and non-IoT devices, respectively. The proposed DFP scheme has also demonstrated superior performance as compared to other DFP methods in the literature, despite using less number of features and packets for DFP. These signify that the proposed DFP scheme can be used as a network security reinforcement tool in a heterogeneous network environment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Sivanathan, A., et al. (2018). Classifying IoT Devices in Smart environments using Network Traffic characteristics. Ieee Transactions on Mobile Computing, 18(8), 1745–1759. https://doi.org/10.1109/TMC.2018.2866249.

    Article  Google Scholar 

  2. Chowdhury, R. R., Aneja, S., Aneja, N., & Abas, P. E. (2021). Packet-level and IEEE 802.11 MAC frame-level network traffic traces data of the D-Link IoT devices. Data Brief, 37, 107208. https://doi.org/10.1016/j.dib.2021.107208.

    Article  Google Scholar 

  3. Garcia-Morchon, O., Kumar, S., & Sethi, M. (2018). State-of-the-Art and Challenges for the internet of Things Security draft-irtf-t2trg-iot-seccons-16.

  4. Bremler-Barr, A., Levy, H., & Yakhini, Z. (2020). “IoT or NoT: Identifying IoT Devices in a ShortTime Scale,” in NOMS 2020–2020 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9. https://doi.org/10.1109/NOMS47738.2020.9110451.

  5. Vailshery, L. S. (2020). “IoT and non-IoT connections worldwide 2010–2025,” Mar. 08, https://www.statista.com/statistics/1101442/iot-number-of-connected-devices-worldwide/ (accessed May 12, 2021).

  6. Markit, I. H. S. (2020). “The Internet of Things: A movement, not a market.&#8221.

  7. Song, Y., Huang, Q., Yang, J., Fan, M., Hu, A., & Jiang, Y. (2019). IoT device fingerprinting for relieving pressure in the access control. ACM International Conference Proceeding Series. https://doi.org/10.1145/3321408.3326671.

    Article  Google Scholar 

  8. Jafari, H., Omotere, O., Adesina, D., Wu, H. H., & Qian, L. (2019). IoT Devices Fingerprinting using deep learning. Proceedings - IEEE Military Communications Conference MILCOM, 2019-Octob, 901–906. https://doi.org/10.1109/MILCOM.2018.8599826.

    Article  Google Scholar 

  9. Hasan, M., Islam, M. M., Zarif, M. I. I., & Hashem, M. M. A. (2019). Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet of Things, 7, 100059. https://doi.org/10.1016/j.iot.2019.100059.

    Article  Google Scholar 

  10. Choi, J., et al. (2018). Detecting and identifying faulty IoT devices in smart home with context extraction. Proceedings – 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks DSN 2018, 610–621. https://doi.org/10.1109/DSN.2018.00068.

  11. Ramnath, S., Javali, A., Narang, B., Mishra, P., & Routray, S. K. (2017). IoT based localization and tracking. Oct. https://doi.org/10.1109/ICIOTA.2017.8073629.

    Article  Google Scholar 

  12. Ammar, N., Noirie, L., & Tixeuil, S. (2019). “Network-Protocol-Based IoT Device Identification,” Fourth International Conference on Fog and Mobile Edge Computing (FMEC), no. Section V, pp. 204–209, 2019, https://doi.org/10.1109/fmec.2019.8795318.

  13. Soltanieh, N., Norouzi, Y., Yang, Y., & Karmakar, N. C. (2020). A review of radio frequency fingerprinting techniques. IEEE Journal of Radio Frequency Identification, 4(3), 222–233. https://doi.org/10.1109/jrfid.2020.2968369.

    Article  Google Scholar 

  14. Chowdhury, R. R., & Ansary, M. A. A. (2014). A secured mutual authentication protocol for RFID System, International Journal of Scientific & Technology Research, vol. 3, no. 5, [Online]. Available: www.ijstr.org.

  15. Xu, Q., Zheng, R., Saad, W., & Han, Z. (2016). Device fingerprinting in wireless networks: Challenges and opportunities. IEEE Communications Surveys and Tutorials, 18(1), 94–104. https://doi.org/10.1109/COMST.2015.2476338.

    Article  Google Scholar 

  16. Cisco (2020). “Cisco Snmp Tool 2.2.5.&#8221.

  17. Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A. R., & Tarkoma, S. (2017). “IoT Sentinel: Automated device-type identification for security enforcement in IoT,” in IEEE 37th International Conference on Distributed Computing Systems (ICDCS), 2017, pp. 2177–2184.

  18. Chowdhury, R. R., Aneja, S., Aneja, N., & Abas, E. (2020). “Network Traffic Analysis based IoT Device Identification,” in ACM International Conference Proceeding Series, pp. 79–89. https://doi.org/10.1145/3421537.3421545.

  19. Gu, X., Wu, W., Gu, X., Ling, Z., Yang, M., & Song, A. (2020). Probe request based device identification attack and defense. Sensors (Switzerland), 20(16), 1–17. https://doi.org/10.3390/s20164620.

    Article  Google Scholar 

  20. Charyyev, B., & Gunes, M. H. (2020). “IoT Traffic Flow Identification using Locality Sensitive Hashes,&#8221.

  21. Radhakrishnan, S. V., Uluagac, A. S., & Beyah, R. (2015). GTID: A technique for physical device and device type fingerprinting. IEEE Trans Dependable Secure Comput, 12(5), 519–532. https://doi.org/10.1109/TDSC.2014.2369033.

    Article  Google Scholar 

  22. Yang, K., Li, Q., & Sun, L. (2019). Towards automatic fingerprinting of IoT devices in the cyberspace. Computer Networks, 148, 318–327. https://doi.org/10.1016/j.comnet.2018.11.013.

    Article  Google Scholar 

  23. Sivanathan, A. (“Characterizing and classifying IoT traffic in smart cities and campuses,” 2017). IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2017, pp. 559–564, 2017, https://doi.org/10.1109/INFCOMW.2017.8116438.

  24. Meidan, Y. (2017). “ProfilIoT: A Machine Learning Approach for IoT Device Identification Based on Network Traffic Analysis,” in Proceedings of the Symposium on Applied Computing - SAC ’17, pp. 506–509. https://doi.org/10.1145/3019612.3019878.

  25. Pinheiro, A. J., de Bezerra, J., Burgardt, C. A. P., & Campelo, D. R. (2019). “Identifying IoT devices and events based on packet length from encrypted traffic,” Comput Commun, vol. 144, no. May, pp. 8–17, https://doi.org/10.1016/j.comcom.2019.05.012.

  26. Ortiz, J., Crawford, C., & Le, F. (2019). “DeviceMien: Network device behavior modeling for identifying unknown IoT devices,” IoTDI 2019 - Proceedings of the 2019 Internet of Things Design and Implementation, pp. 106–117, https://doi.org/10.1145/3302505.3310073.

  27. Kumar, K. R., Hemanth, C., Kumar, C. A., Sahith, K. M., & Prasanth, G. A. (2020). IoT device identification through Network Traffic Analysis. International Research Journal of Modernization in Engineering Technology and Science, 02, 06.

    Google Scholar 

  28. Aneja, S., Aneja, N., Bhargava, B. K., & Chowdhury, R. R. (2022). Device fingerprinting using deep convolutional neural networks. International Journal of Communication Networks and Distributed Systems, 28(2), 171–198. https://doi.org/10.1504/ijcnds.2022.10041894.

    Article  Google Scholar 

  29. Noguchi, H., Kataoka, M., & Yamato, Y. (2019). “Device identification based on communication analysis for the internet of things,” IEEE Access, vol. 7, no. c, pp. 52903–52912, https://doi.org/10.1109/ACCESS.2019.2910848.

  30. Ravali, P. (2015). A comparative evaluation of OSI and TCP/IP Models, International Journal of Science and Research, https://www.ijsr.net/get_abstract.php?paper_id=SUB155737.

  31. Aksoy, A., & Gunes, M. H. (2019). “Automated iot device identification using network traffic,” in ICC –2019 IEEE International Conference on Communications (ICC), 2019, pp. 1–7.

  32. Alshammari, R., & Zincir-Heywood, A. N. (2011). Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Computer Networks, 55(6), 1326–1350. https://doi.org/10.1016/j.comnet.2010.12.002.

    Article  Google Scholar 

  33. Hercog, D., & Protocol, A. R. P. (2020). ” Communication Protocols, pp. 321–322, https://doi.org/10.1007/978-3-030-50405-2_19.

  34. Hernandez-Ramos, J. L., Pawlowski, M. P., Jara, A. J., Skarmeta, A. F., & Ladid, L. (2015). “Toward a lightweight authentication and authorization framework for smart objects,” IEEE Journal on Selected Areas in Communications, vol. 33, no. 4, pp. 690–702, Apr. https://doi.org/10.1109/JSAC.2015.2393436.

  35. Frank, E., Hall, M. A., & Witten, I. H. (Eds.). (2016). The WEKA Workbench. Online Appendix for “Data Mining: Practical Machine Learning Tools and Techniques,” 4th ed. Morgan Kaufmann, Accessed: May 08, 2021. [Online]. Available: https://www.cs.waikato.ac.nz/ml/weka/Witten_et_al_2016_appendix.pdf.

  36. Fortunato, T. (2016). “Network Analysis: TCP Window Size,” Nov. 17, https://www.networkcomputing.com/data-centers/network-analysis-tcp-window-size (accessed Aug. 19, 2021).

  37. Bezawada, B., Bachani, M., Peterson, J., Shirazi, H., Ray, I., & Ray, I. (2018). “Behavioral fingerprinting of iot devices,” in Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, pp. 41–50.

  38. Aksoy, A., Louis, S., & Gunes, M. H. (2017). “Operating system fingerprinting via automated network traffic analysis,” in 2017 IEEE Congress on Evolutionary Computation (CEC), pp. 2502–2509.

  39. Hamad, S. A., Zhang, W. E., Sheng, Q. Z., & Nepal, S. (2019). “IoT device Identification via network-flow based fingerprinting and learning,” in 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2019, pp. 103–111.

  40. Hall, E. (accessed Aug. 19, 2021). “Total Packet Length - Internet Core Protocols: The Definitive Guide [Book],” O’Reilly Media, Inchttps://www.oreilly.com/library/view/internet-core-protocols/1565925726/re04.html.

  41. Hajjar, A., Khalife, J., & Díaz-Verdejo, J. (2015). Network traffic application identification based on message size analysis. Journal of Network and Computer Applications, 58, 130–143. https://doi.org/10.1016/j.jnca.2015.10.003.

    Article  Google Scholar 

  42. Ammar, N., Noirie, L., & Tixeuil, S. (2019). Autonomous IoT device identification prototype, pp. 195–196, https://doi.org/10.23919/tma.2019.8784517.

  43. Mussumeci, E., Codeço, F., & Coelho (Nov. 2020). Large-scale multivariate forecasting models for dengue - LSTM versus random forest regression. Spat Spatiotemporal Epidemiol, 35, 100372, https://doi.org/10.1016/j.sste.2020.100372.

  44. Yousefnezhad, N., Madhikermi, M., & Framling, K. (2018). “MeDI: Measurement-based Device Identification Framework for Internet of Things,” Proceedings - IEEE 16th International Conference on Industrial Informatics, INDIN pp. 95–100, 2018, https://doi.org/10.1109/INDIN.2018.8472080.

  45. Mostafiz, R., Uddin, M. S., Alam, N. A., Mahfuz Reza, M., & Rahman, M. M. (2021). “Covid-19 detection in chest X-ray through random forest classifier using a hybridization of deep CNN and DWT optimized features,” Journal of King Saud University - Computer and Information Sciences, no. xxxx, https://doi.org/10.1016/j.jksuci.2020.12.010.

  46. Yang, L., et al. (2020). Study of cardiovascular disease prediction model based on random forest in eastern china. Scientific Reports, 10(1), 1–8.

    MathSciNet  Google Scholar 

  47. Kuncheva, L. I. (2014). “Combining Pattern Classifiers: Methods and Algorithms: Second Edition,” Combining Pattern Classifiers: Methods and Algorithms: Second Edition, vol. 9781118315, pp. 1–357, Sep. https://doi.org/10.1002/9781118914564.

  48. Ho, T. K. (1995). “Random decision forests,” in Proceedings of 3rd international conference on document analysis and recognition, vol. 1, pp. 278–282.

  49. Mishra, A. K., & Ratha, B. K., “Study of Random Tree and Random Forest Data Mining Algorithms for Microarray Data Analysis,” International Journal on Advanced Electrical and Computer Engineering (IJAECE), vol. 3, no. 4, pp. 5–7, 2016, Accessed: Jun. 18, 2021. [Online]. Available: http://www.irdindia.in/journal_ijaece/pdf/vol3_iss4/2.pdf.

  50. Wu, X. (2008). Top 10 algorithms in data mining, vol. 14, no. 1. https://doi.org/10.1007/s10115-007-0114-2.

  51. Chowdhury, R. R., Aneja, S., Aneja, N., & Abas, E. (2020). “Network Traffic Analysis based IoT Device Identification,” in ACM International Conference Proceeding Series, pp. 79–89. https://doi.org/10.1145/3421537.3421545.

  52. Roy Chowdhury, R. (2022). Packet-level and IEEE 802.11 MAC frame-level analysis for IoT device identification device identification. Turkish Journal of Electrical Engineering and Computer Sciences, 30, 1–1. https://doi.org/10.3906/elk-1300-0632.3915.

    Article  Google Scholar 

  53. Anthi, E., Williams, L., Slowinska, M., Theodorakopoulos, G., & Burnap, P. (2019). A supervised intrusion detection system for Smart Home IoT Devices. IEEE Internet Things J, 6(5), 9042–9053. https://doi.org/10.1109/JIOT.2019.2926365.

    Article  Google Scholar 

  54. Hasan, M., Islam, M. M., Zarif, M. I. I., & Hashem, M. M. A. (Sep. 2019). Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet of Things, 7, 100059. https://doi.org/10.1016/j.iot.2019.100059.

  55. Ortega, J. H. J. C., Resureccion, M. R., Natividad, L. R. Q., Bantug, E. T., Lagman, A. C., & Lopez, S. R. (2020). An analysis of classification of breast Cancer dataset using J48 algorithm, International Journal, vol. 9, no. 1.3.

  56. Gayathri, S., Krishna, A. K., Gopi, V. P., & Palanisamy, P. (2020). Automated binary and Multiclass classification of Diabetic Retinopathy using Haralick and Multiresolution features. Ieee Access : Practical Innovations, Open Solutions, 8, 57497–57504. https://doi.org/10.1109/ACCESS.2020.2979753.

    Article  Google Scholar 

  57. Chowdhury, R. R., Idris, A. C., & Abas, P. E. (2022). Internet of things device classification using transport and Network Layers Communication Traffic traces. International Journal of Computing and Digital Systems, 12(1), 2210–2142. https://doi.org/10.12785/ijcds/120144.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Integrated Technologies, Universiti Brunei Darussalam, Gadong, Brunei Darussalam

    Rajarshi Roy Chowdhury, Azam Che Idris & Pg Emeroylariffion Abas

Authors
  1. Rajarshi Roy Chowdhury
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Azam Che Idris
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pg Emeroylariffion Abas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rajarshi Roy Chowdhury.

Ethics declarations

Competing Interests

The authors declare that they have no known competing economical interests and personal relationships that could have appeared to influence this research work.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chowdhury, R.R., Idris, A.C. & Abas, P.E. Identifying SH-IoT devices from network traffic characteristics using random forest classifier. Wireless Netw 30, 405–419 (2024). https://doi.org/10.1007/s11276-023-03478-3

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-023-03478-3

Keywords