DeviceMien: Network device behavior modeling for identifying unknown IoT devices

Jorge Ortiz, Catherine Crawford, Franck Le

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

With the explosion of IoT device use, networks are becoming more vulnerable to attack. Network administrators need better tools to verify and discover these devices in order to minimize attack risk. Existing tools provide rule-based assessment capabilities that cannot keep pace with the proliferation of devices. Current techniques demonstrate that given a rich set of labeled packet traces, one could design a pipeline that identifes all the devices in that trace with over 99% accuracy [30, 32]. However, it has also been observed [25], that such techniques are brittle when no labels are available. More perniciously, they provide false confdence scores about the label they do ascribe to a sample. This paper introduces a probabilistic framework for providing meaningful feedback in device identifcation, particularly when the device has not been previously observed. In our work, we use stacked autoencoders for automatically learning features from device trafc, learn the classes of trafc observed, and probabilistically model each device as a distribution of trafc classes. Our experiments show that we are able to identify previously seen devices after only 18.9 TCP-flow samples with 100% accuracy for devices where at least 50 samples are observed. We also show that we can distinguish between two broad classes of devices - IoT and Non-IoT - by examining the average number of flow classes observed over a set of samples. Our experiments show that we can infer the correct class of unseen devices with an over 82% average F1 score and 70% accuracy.

Original languageEnglish (US)
Title of host publicationIoTDI 2019 - Proceedings of the 2019 Internet of Things Design and Implementation
EditorsGowri Sankar Ramachandran, Jorge Ortiz
PublisherAssociation for Computing Machinery, Inc
Pages106-117
Number of pages12
ISBN (Electronic)9781450362832
DOIs
StatePublished - Apr 15 2019
Event4th ACM/IEEE International Conference on Internet of Things Design and Implementation, IoTDI 2019 - Montreal, Canada
Duration: Apr 15 2019Apr 18 2019

Publication series

NameIoTDI 2019 - Proceedings of the 2019 Internet of Things Design and Implementation

Conference

Conference4th ACM/IEEE International Conference on Internet of Things Design and Implementation, IoTDI 2019
CountryCanada
CityMontreal
Period4/15/194/18/19

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'DeviceMien: Network device behavior modeling for identifying unknown IoT devices'. Together they form a unique fingerprint.

Cite this