The rise of traffic classification in IoT networks: A survey

Abstract

With the proliferation of the Internet of Things (IoT), the integration and communication of various objects have become a prevalent practice. The huge growth of IoT devices and different characteristics in the IoT traffic patterns have brought attention to traffic classification methods to address various raised issues in IoT applications. While network traffic classification has been well discussed in a number of surveys and review papers, it is still immature in IoT due to the differences in traffic characteristics in IoT and Non-IoT devices. This survey looks at the emerging trends of network traffic classification in IoT and the utilization of traffic classification in its applications. It also compares the legacy of traffic classification methods and presents an overview of traditional models. This paper extends the discussion with a taxonomy of the current network traffic classification within the IoT context. We then expose commercial and real-world use cases of the IoT traffic classification and finally outline open research issues and challenges in this domain.

Introduction

The notion of the Internet-of-Things (IoT) is envisioned to improve the quality of modern life. IoT solutions have significantly changed various perspectives of today's life in many forms through different standards. It has engaged various fields including industry, healthcare, homes, automotive, sport, entertainment, and many others (Ammar et al., 2018). This is obtained via the large-scale deployment of Sensor Nodes (SN) or smart devices with the ability of sensing and reporting. However, this engagement raises serious issues since a lot of traffic needs to get through the network. As such, different classes of network traffic; for example, those generated from voice, financial transaction, driverless cars, SNs, and others are critical for their counterpart sectors and need to get through quickly or be filtered due to security concerns. As such, the requirements for various applications in IoT are rapidly being increased that result in the demand for more accurate classification of network traffic.

Network traffic classification has been a topic of interest from the early stage of the Internet (Finsterbusch et al., 2014). It began by presenting port-based approaches by which the network traffic is classified based on the used ports, to the sophisticated statistical and behavioral approaches where the network traffic is deeply analysed in a fine-grained manner by employing machine/deep learning approaches. Due to the strength of classification of network traffic as the first step to identify and classify unknown network classes, it has been the main interest of Internet Service Providers (ISP) in order to manage the overall performance of their network (Shafiq et al., 2016). However, one of the most primary aspects of the Internet that specifically benefits from the traffic classification of network, is security. This is because the security policies can be enforced after analysing the network traffic (i.e. filtering or blocking) (Al Khater and Overill, 2015). Due to the importance of security and privacy for different parties (i.e. providers and end-users), network traffic classification has received the most attentions in IoT. However, besides security aspects, classification of network traffic offers many solutions for other domains such as wireless communication, healthcare, and smart home.

Although the majority of efforts in network traffic classification have been published in IP networks, it has recently been discussed in a broader domain that provides solutions to address various angles of the Internet of Things (IoT). This broadness is due to the wide integration of various objects such as sensors and nodes that engage IoT to deal with numerous issues. Motivated by the fact that IoT traffic is different from other types of network traffic that follows a stable pattern and a predictable network behavior (Shahid et al., 2018), we present a comprehensive review of the existing issues and solutions in IoT that have been addressed by network traffic classification.

Over the last decade, there are plenty of survey papers that have been conducted for reviewing the existing solutions and applications for IoT. There are also a number of review papers that identify new challenges from different perspectives. For example (Atzori et al., 2010), presents a comprehensive survey of the Internet of Things paradigm and enabling technologies followed by an analysis of the major research issues on IoT (Al-Fuqaha et al., 2015). surveys relevant protocols and application issues in IoT. It also discusses recent technologies such as big data analytics and cloud and fog computing related to IoT. Security threats and vulnerabilities in IoT were reviewed by (Alaba et al., 2017). It was followed by proposing a taxonomy of the current security threats in the contexts of application, architecture, and communication in IoT. Besides IoT, several attempts were conducted to review network traffic classification issues and challenges. For instance (Gomes et al., 2013), provides a review of the literature on the classification and detection solutions in peer-to-peer traffic. It also provides a detailed analysis of network traffic monitoring techniques. Another traffic classification review with the focus on payload approach was published in (Velan et al., 2015) proposing a taxonomy by reviewing the literature on classification methods based on packet payload and feature from encrypted traffics (Pacheco et al., 2018). presents a systematic survey of machine learning solutions in network traffic classification at the IP level, followed by a discussion of a set of challenges, issues, and directions. The paper also presents an overview of the studies that aimed to improve the QoS at the operator network level.

However, despite the profound views in IoT and network traffic classification in the existing surveys, no published work has shown the importance of traffic classification in IoT. In this paper, the main focus is dedicated to the traffic features of IoT devices and different patterns such as machine type communication (MTC) and Human type Communication (HTC). This is because, IoT generates traffic different from traffic generated by other individual devices, such as smartphones, routers or tablets (Shafiq et al., 2013). Besides, traffic of the IoT network follows a stable pattern and the generated network traffic being very predictable which is different from the traffic in ISPs (Shahid et al., 2018). Although these facts have triggered most of the recent works to offer various solutions in IoT traffic classification, no survey paper has been conducted to review classification techniques for IoT network traffic. Thus, in this paper, we provide a generic view of the published works pertaining to different solutions that have been addressed by network traffic classification in IoT. This paper aims to shed light on the roadmap of the IoT network traffic classification. It also proposes possible future directions by providing a comprehensive review of the state-of-the-art network traffic classification in various fields of IoT in terms of application deployments, such as smart environment, and the healthcare system. We also investigate security aspects, in particular; authentication, device recognition/identification, and anomaly detection. The main goal of this paper is to expose different issues raised in IoT that have been addressed with traffic classification.

The main contributions of this paper are as follows:

• We provide a comprehensive review of the network traffic classification methods in the IoT environment. To the best of our knowledge, this attempt is one of the first survey papers that focus solely on the classification of IoT network traffic.

• We explain the differences between network traffic in ordinary networks and IoT followed by its driven traffic known as MTC.

• We introduce the enabling technologies by classifying the existing literature and devising a taxonomy of current network traffic classification within the IoT context.

• We outline applications of Traffic classification in IoT by reviewing real-world use cases and products.

• Finally, we highlight several important research issues and challenges from both the theoretical and practical viewpoints.

The remainder of this paper is organized as follows. Section 2 justifies motivation for IoT traffic classification and its characteristics. Section 3 draws an overview of the traffic classification in ordinary networks and a roadmap to IoT-based traffic classification. The section is followed by providing IoT application features and the difference between IoT traffic features and traffic in the conventional network. Section 4 describes the threats and vulnerabilities identified by IoT traffic and the importance of IoT traffic classification in vulnerability identification. Section 5 provides a comprehensive taxonomy of existing issues and solutions in IoT traffic classification and patterns. Section 6 describes the real-world use cases and commercial products. Section 7 illustrates the available datasets being used for IoT studies. Section 8 offers open issues, challenges, and future directions. Finally, Section 9 concludes the study.