Skip to main content
Springer Nature Link
Log in

Automated IoT Device Fingerprinting Through Encrypted Stream Classification

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2019)

Abstract

The explosive growth of the Internet of Things (IoT) has enabled a wide range of new applications and services. Meanwhile, the massive scale and enormous heterogeneity (e.g., in device vendors and types) of IoT raise challenges in efficient network/device management, application QoS-aware provisioning, and security and privacy. Automated and accurate IoT device fingerprinting is a prerequisite step for realizing secure, reliable, and high-quality IoT applications. In this paper, we propose a novel data-driven approach for passive fingerprinting of IoT device types through automatic classification of encrypted IoT network flows. Based on an in-depth empirical study on the traffic of real-world IoT devices, we identify a variety of valuable data features for accurately characterizing IoT device communications. By leveraging these features, we develop a deep learning based classification model for IoT device fingerprinting. Experimental results using a real-world IoT dataset demonstrate that our method can achieve \(99\%\) accuracy in IoT device-type identification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Nmap, Network Security Scanner Tool (2012). https://nmap.org/

  2. 20 billion IoT devices by 2020 (2017). https://www.gartner.com/newsroom/id/3598917

  3. The Transport Layer Security (TLS) Protocol Version 1.3 (2018). https://datatracker.ietf.org/doc/rfc8446/

  4. Joy (2019). https://github.com/cisco/joy

  5. Keras: Deep Learning for humans (2019). https://github.com/keras-team/keras

  6. Shodan (2019). https://www.shodan.io/

  7. Abadi, M., et al.: TensorFlow: a system for large-scale machine learning. In: OSDI, vol. 16, pp. 265–283 (2016)

    Google Scholar 

  8. Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1723–1732. ACM (2017)

    Google Scholar 

  9. Antonakakis, M., et al.: Understanding the Mirai Botnet. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1093–1110 (2017)

    Google Scholar 

  10. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  Google Scholar 

  11. Brik, V., Banerjee, S., Gruteser, M., Oh, S.: Wireless device identification with radiometric signatures. In: Proceedings of the 14th ACM International Conference on Mobile Computing and Networking, pp. 116–127. ACM (2008)

    Google Scholar 

  12. Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)

    MATH  Google Scholar 

  13. Costin, A., Zaddach, J.: IoT malware: comprehensive survey, analysis framework and case studies. BlackHat USA (2018)

    Google Scholar 

  14. Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A search engine backed by internet-wide scanning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 (2015)

    Google Scholar 

  15. Feng, X., Li, Q., Wang, H., Sun, L.: Acquisitional rule-based engine for discovering internet-of-things devices. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 327–341 (2018)

    Google Scholar 

  16. Franklin, J., McCoy, D., Tabriz, P., Neagoe, V., Randwyk, J.V., Sicker, D.: Passive data link layer 802.11 wireless device driver fingerprinting. In: USENIX Security Symposium, vol. 3, pp. 16–89 (2006)

    Google Scholar 

  17. Fu, Y., Xiong, H., Lu, X., Yang, J., Chen, C.: Service usage classification with encrypted internet traffic in mobile messaging apps. IEEE Trans. Mob. Comput. 15(11), 2851–2864 (2016)

    Article  Google Scholar 

  18. Koh, K., Kim, S.J., Boyd, S.: An interior-point method for large-scale l1-regularized logistic regression. J. Mach. Learn. Res. 8(Jul), 1519–1555 (2007)

    MathSciNet  MATH  Google Scholar 

  19. Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. IEEE Trans. Dependable Secure Comput. 2(2), 93–108 (2005)

    Article  Google Scholar 

  20. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other Botnets. Computer 50(7), 80–84 (2017)

    Article  Google Scholar 

  21. Konečnỳ, J., McMahan, H.B., Yu, F.X., Richtárik, P., Suresh, A.T., Bacon, D.: Federated learning: strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492 (2016)

  22. Maiti, R.R., Siby, S., Sridharan, R., Tippenhauer, N.O.: Link-layer device type classification on encrypted wireless traffic with COTS radios. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 247–264. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_14

    Chapter  Google Scholar 

  23. Maurice, C., Onno, S., Neumann, C., Heen, O., Francillon, A.: Improving 802.11 fingerprinting of similar devices by cooperative fingerprinting. In: 2013 International Conference on Security and Cryptography (SECRYPT), pp. 1–8. IEEE (2013)

    Google Scholar 

  24. Meidan, Y., et al.: Detection of unauthorized IoT devices using machine learning techniques. arXiv preprint arXiv:1709.04647 (2017)

  25. Merino, B.: Instant Traffic Analysis with Tshark How-to. Packt Publishing Ltd (2013)

    Google Scholar 

  26. Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.R., Tarkoma, S.: IoT sentinel: automated device-type identification for security enforcement in IoT. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2177–2184. IEEE (2017)

    Google Scholar 

  27. Nguyen, T.D., Marchal, S., Miettinen, M., Dang, M.H., Asokan, N., Sadeghi, A.R.: DIoT: a crowdsourced self-learning approach for detecting compromised IoT devices. arXiv preprint arXiv:1804.07474 (2018)

  28. Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  29. Radhakrishnan, S.V., Uluagac, A.S., Beyah, R.: GTID: a technique for physical deviceanddevice type fingerprinting. IEEE Trans. Dependable Secure Comput. 12(5), 519–532 (2015)

    Article  Google Scholar 

  30. Shamsi, Z., Nandwani, A., Leonard, D., Loguinov, D.: Hershel: single-packet OS fingerprinting. IEEE/ACM Trans. Network. 24(4), 2196–2209 (2016)

    Article  Google Scholar 

  31. Shamsi, Z., Cline, D.B., Loguinov, D.: Faulds: a non-parametric iterative classifier for internet-wide OS fingerprinting. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 (2017)

    Google Scholar 

  32. Sivanathan, A., et al.: Characterizing and classifying IoT traffic in smart cities and campuses. In: 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)

    Google Scholar 

  33. Sugiyama, Y., Goto, K.: Design and implementation of a network emulator using virtual network stack. In: 7th International Symposium on Operations Research and Its Applications (ISORA 2008), pp. 351–358 (2008)

    Google Scholar 

  34. Taylor, V.F., Spolaor, R., Conti, M., Martinovic, I.: Robust smartphone app identification via encrypted network traffic analysis. IEEE Trans. Inf. Forensics Secur. 13(1), 63–78 (2018)

    Article  Google Scholar 

  35. Zalewski, M.: p0f v3 (2012). http://lcamtuf.coredump.cx/p0f3/

  36. Zarpelao, B.B., Miani, R.S., Kawakani, C.T., de Alvarenga, S.C.: A survey of intrusion detection in internet of things. J. Netw. Comput. Appl. 84, 25–37 (2017)

    Article  Google Scholar 

Download references

Acknowledgment

This work is partially supported by the U.S. ONR grants N00014-16-1-3214, N00014-16-1-3216, and N00014-18-2893 and U.S. ARO grant W911NF-17-1-0447.

Author information

Authors and Affiliations

  1. College of William and Mary, Williamsburg, USA

    Jianhua Sun

  2. George Mason University, Fairfax, USA

    Kun Sun

  3. Cisco Systems, Inc., Raleigh, USA

    Chris Shenefiel

Authors
  1. Jianhua Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kun Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chris Shenefiel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kun Sun .

Editor information

Editors and Affiliations

  1. George Mason University, Fairfax, VA, USA

    Songqing Chen

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. Boston University, Lowell, MA, USA

    Xinwen Fu

  4. Virginia Tech, Blacksburg, VA, USA

    Wenjing Lou

  5. University of Central Florida, Orlando, FL, USA

    Aziz Mohaisen

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sun, J., Sun, K., Shenefiel, C. (2019). Automated IoT Device Fingerprinting Through Encrypted Stream Classification. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 304. Springer, Cham. https://doi.org/10.1007/978-3-030-37228-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37228-6_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37227-9

  • Online ISBN: 978-3-030-37228-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation