当前位置: X-MOL 学术arXiv.cs.NI › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Network Traffic Analysis based IoT Device Identification
arXiv - CS - Networking and Internet Architecture Pub Date : 2020-09-10 , DOI: arxiv-2009.04682
Rajarshi Roy Chowdhury, Sandhya Aneja, Nagender Aneja, Emeroylariffion Abas

Device identification is the process of identifying a device on Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a wide variety of devices, protocols and control interfaces. In a network, conventional IoT devices identify each other by utilizing IP or MAC addresses, which are prone to spoofing. Moreover, IoT devices are low power devices with minimal embedded security solution. To mitigate the issue in IoT devices, fingerprint (DFP) for device identification can be used. DFP identifies a device by using implicit identifiers, such as network traffic (or packets), radio signal, which a device used for its communication over the network. These identifiers are closely related to the device hardware and software features. In this paper, we exploit TCP/IP packet header features to create a device fingerprint utilizing device originated network packets. We present a set of three metrics which separate some features from a packet which contribute actively for device identification. To evaluate our approach, we used publicly accessible two datasets. We observed the accuracy of device genre classification 99.37% and 83.35% of accuracy in the identification of an individual device from IoT Sentinel dataset. However, using UNSW dataset device type identification accuracy reached up to 97.78%.

中文翻译:

基于网络流量分析的物联网设备识别

设备识别是在不使用其分配的网络或其他凭据的情况下识别 Internet 上设备的过程。由于各种各样的设备、协议和控制接口,物联网 (IoT) 设备使用量的急剧增加给设备识别带来了新的挑战。在网络中,传统的物联网设备通过使用容易被欺骗的 IP 或 MAC 地址来相互识别。此外,物联网设备是具有最少嵌入式安全解决方案的低功耗设备。为了缓解 IoT 设备中的问题,可以使用指纹 (DFP) 进行设备识别。DFP 使用隐式标识符来识别设备,例如网络流量(或数据包)、无线电信号,设备使用这些标识符通过网络进行通信。这些标识符与设备的硬件和软件特性密切相关。在本文中,我们利用 TCP/IP 数据包头特征来利用设备发起的网络数据包创建设备指纹。我们提出了一组三个指标,它们将一些特征与数据包分开,这些特征对设备识别有积极贡献。为了评估我们的方法,我们使用了可公开访问的两个数据集。我们观察到,从 IoT Sentinel 数据集中识别单个设备的设备类型分类准确度为 99.37% 和 83.35%。但是,使用UNSW数据集设备类型识别准确率高达97.78%。我们提出了一组三个指标,它们将一些特征与数据包分开,这些特征对设备识别有积极贡献。为了评估我们的方法,我们使用了可公开访问的两个数据集。我们观察到,从 IoT Sentinel 数据集中识别单个设备的设备类型分类准确度为 99.37% 和 83.35%。但是,使用UNSW数据集设备类型识别准确率高达97.78%。我们提出了一组三个指标,它们将一些特征与数据包分开,这些特征对设备识别有积极贡献。为了评估我们的方法,我们使用了可公开访问的两个数据集。我们观察到,从 IoT Sentinel 数据集中识别单个设备的设备类型分类准确度为 99.37% 和 83.35%。但是,使用UNSW数据集设备类型识别准确率高达97.78%。
更新日期:2020-09-11
down
wechat
bug