Policy-Based Identification of IoT Devices’ Vendor and Type by DNS Traffic Analysis

Franck Le, Jorge Ortiz, Dinesh Verma, Dilip Kandlur

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

The explosive growth of IoT devices and the weak security protection in some types of devices makes them an attractive target for attackers. IoT devices can become a vulnerable weak link for penetrating a secure IT infrastructure. The risks are exacerbated by the Bring-Your-Own-Device trend that allows employees to connect their own personal devices into an enterprise network. Currently, network administrators lack adequate tools to discover and manage IoT devices in their environments. A good tool to address this requirement can be created by adapting and applying natural language interpretation algorithms to network traffic. In this paper, we show that an application of algorithms like Term Frequency - Inverse Document Frequency (TF-IDF) to the domain name resolution process, a required first step in every Internet based communication, can be highly effective to determine IoT devices, their manufacturers and their type. By treating the domain names being resolved as words, and the set of domain names queried by a device as a document, then comparing these synthetic documents from a reference data set to real traffic results in a very effective approach for IoT discovery. Evaluation of our approach on a traffic data set shows that the approach can identify 84% of the instances, with an accuracy of 91% for the IoT devices’ vendor, and 100% of the instances with an accuracy of 94% for the IoT devices’ type. We believe that this is the first attempt to apply natural language processing algorithms for traffic analysis, and the promising results could open new venues for securing and understanding computer networks through natural language processing algorithms. These and other techniques require policies to determine how the large volume of data will be handled efficiently. By assisting in detecting potential malicious devices, this paper contributes to the topic of safe autonomy.

Original languageEnglish (US)
Title of host publicationPolicy-Based Autonomic Data Governance
EditorsElisa Bertino, Seraphin Calo, Dinesh Verma
PublisherSpringer Verlag
Pages180-201
Number of pages22
ISBN (Print)9783030172763
DOIs
StatePublished - Jan 1 2019
Event2nd International Workshop on Policy-based Autonomic Data Governance, PADG 2018 in conjunction with the 23rd European Symposium on Research in Computer Security, ESORICS 2018 - Barcelona, Spain
Duration: Sep 3 2018Sep 7 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11550 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference2nd International Workshop on Policy-based Autonomic Data Governance, PADG 2018 in conjunction with the 23rd European Symposium on Research in Computer Security, ESORICS 2018
CountrySpain
CityBarcelona
Period9/3/189/7/18

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Policy-Based Identification of IoT Devices’ Vendor and Type by DNS Traffic Analysis'. Together they form a unique fingerprint.

  • Cite this

    Le, F., Ortiz, J., Verma, D., & Kandlur, D. (2019). Policy-Based Identification of IoT Devices’ Vendor and Type by DNS Traffic Analysis. In E. Bertino, S. Calo, & D. Verma (Eds.), Policy-Based Autonomic Data Governance (pp. 180-201). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11550 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-17277-0_10