TY - GEN
T1 - Automated IoT Device Identification using Network Traffic
AU - Aksoy, Ahmet
AU - Gunes, Mehmet Hadi
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/5
Y1 - 2019/5
N2 - IoT devices have been gaining popularity and become integral to our daily life. These devices are prone to be compromised as well as any computing system, but lack computing capabilities for cybersecurity software. An important measure for protecting attacks on IoT devices is through isolation of such devices by restriction of communications to the device from firewall/gateway. To this end identification of the IoT device is valuable for network administration and security. In this paper, we introduce a system for automated classification of device characteristics, called System IDentifier (SysID), based on their network traffic. SysID uses any single packet that is originated from the device to detect its kind. We use genetic algorithm (GA) to determine relevant features in different protocol headers and then deploy various machine learning (ML) algorithms (i.e., DecisionTable, J48 Decision Trees, OneR, and PART) to classify host device types by analyzing features selected by GA. GA helps reduce classification complexity and increases its accuracy by eliminating noisy features from the data. SysID allows the ability to have a completely automated way of classifying IoT devices using their TCP/IP packets without expert input for classification. In an experimental study with 23 IoT devices, SysID identified the device type from a single packet with over 95% accuracy.
AB - IoT devices have been gaining popularity and become integral to our daily life. These devices are prone to be compromised as well as any computing system, but lack computing capabilities for cybersecurity software. An important measure for protecting attacks on IoT devices is through isolation of such devices by restriction of communications to the device from firewall/gateway. To this end identification of the IoT device is valuable for network administration and security. In this paper, we introduce a system for automated classification of device characteristics, called System IDentifier (SysID), based on their network traffic. SysID uses any single packet that is originated from the device to detect its kind. We use genetic algorithm (GA) to determine relevant features in different protocol headers and then deploy various machine learning (ML) algorithms (i.e., DecisionTable, J48 Decision Trees, OneR, and PART) to classify host device types by analyzing features selected by GA. GA helps reduce classification complexity and increases its accuracy by eliminating noisy features from the data. SysID allows the ability to have a completely automated way of classifying IoT devices using their TCP/IP packets without expert input for classification. In an experimental study with 23 IoT devices, SysID identified the device type from a single packet with over 95% accuracy.
KW - Device fingerprinting
KW - Genetic algorithm
KW - Machine learning
KW - Passive measurements
UR - http://www.scopus.com/inward/record.url?scp=85070236048&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85070236048&partnerID=8YFLogxK
U2 - 10.1109/ICC.2019.8761559
DO - 10.1109/ICC.2019.8761559
M3 - Conference contribution
AN - SCOPUS:85070236048
T3 - IEEE International Conference on Communications
BT - 2019 IEEE International Conference on Communications, ICC 2019 - Proceedings
T2 - 2019 IEEE International Conference on Communications, ICC 2019
Y2 - 20 May 2019 through 24 May 2019
ER -