Skip to main content

Advertisement

SpringerLink
Log in

Fingerprinting IIoT Devices Through Machine Learning Techniques

  • Published:
Journal of Signal Processing Systems Aims and scope Submit manuscript

Abstract

From a security perspective, identifying Industrial Internet of Things (IIoT) devices connected to a network has multiple applications such as penetration testing, vulnerability assessment, etc. In this work, we propose a feature-based methodology to perform device-type fingerprinting. A device fingerprint consists of the TCP/IP header features and port-based features extracted from the network traffic of the device. These features are collected by a hybrid mechanism which has a negligible impact on device functionality and can avoid the problem of the long TCP connection. Once the fingerprint of a device is generated, it will be fed to the classifiers based on Gradient Boosting to predict its type details. Based on our proposed method, we implement a prototype application called IIoT Device Type Fingerprinting (IDTF) which capable of automatically identifying the types of devices being connected to an IIoT network. We collect a dataset consisting of 19,174 fingerprints from real-world Internet-facing IIoT devices indexed by Shodan to train and evaluate the classifiers using ten-fold cross-validation. And we conduct comparative experiments in an IIoT testbed to compare the effectiveness of IDTF with two famous fingerprinting tools. The experimental result shows that the ability of our approach is confirmed by a high mean F-Measure of 95.76%. It also demonstrates that IDTF achieves the highest identification rate in the testbed and is non-intrusive for IIoT devices. Compared with existing works, our approach is more generic as it does not rely on a specific protocol or deep packet inspection and can distinguish almost all IIoT device-types.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11
Figure 12
Figure 13

Similar content being viewed by others

References

  1. Bai, L., Yao, L., Kanhere, S.S., Wang, X., & Yang, Z. (2018). Automatic device classification from network traffic streams of internet of things. arXiv:1812.09882.

  2. Bates, A.M., Leonard, R., Pruse, H., & Lowd, D. (2014). Leveraging usb to establish host identity using commodity devices. In NDSS.

  3. Bezawada, B., Bachani, M., Peterson, J., Shirazi, H., Ray, I., & Ray, I. (2018). Iotsense: behavioral fingerprinting of IoT devices. arXiv:1804.03852.

  4. Bodenheim, R., Butts, J., Dunlap, S., & Mullins, B. (2014). Evaluation of the ability of the shodan search engine to identify internet-facing industrial control devices. International Journal of Critical Infrastructure Protection, 7, 114–123.

    Article  Google Scholar 

  5. Caselli, M., Hadžiosmanović, D., Zambon, E., & Kargl, F. (2013). On the feasibility of device fingerprinting in industrial control systems. Springer International Publishing.

  6. Chen, T., & Guestrin, C. (2016). Xgboost: a scalable tree boosting system. In Proceedings of the 22nd ACM sigkdd international conference on knowledge discovery and data mining (pp. 785–794): ACM.

  7. Endi, M., Elhalwagy, Y., & et al. (2010). Three-layer plc/scada system architecture in process automation and data monitoring. In 2010 the 2nd international conference on computer and automation engineering (ICCAE) (pp. 774–779): IEEE.

  8. Falco, G., Caldera, C., & Shrobe, H. (2018). IIOT cybersecurity risk modeling for scada systems. IEEE Internet of Things Journal, 5, 4486–4495.

    Article  Google Scholar 

  9. Formby, D., Srinivasan, P., Leonard, A., Rogers, J., & Beyah, R.A. (2016). Who’s in control of your control system? device fingerprinting for cyber-physical systems. In NDSS.

  10. Gao, K., Corbett, C., & Beyah, R. (2010). A passive approach to wireless device fingerprinting. In 2010 IEEE/IFIP international conference on dependable systems & networks (DSN) (pp. 383–392): IEEE.

  11. He, H., & Garcia, E.A. (2009). Learning from imbalanced data. IEEE Transactions on Knowledge and Data Engineering, 21(9), 1263–1284.

    Article  Google Scholar 

  12. Helms, J., Salazar, B., Scheibel, P., Engels, M., & Reiger, C. (2017). Safe active scanning for energy delivery systems final report. Technical Report Lawrence Livermore National Lab. (LLNL), Livermore, CA, USA.

  13. Jeon, S., Yun, J.H., Choi, S., & Kim, W.N. (2016). Passive fingerprinting of scada in critical infrastructure network without deep packet inspection. arXiv:1608.07679.

  14. Keliris, A., & Maniatakos, M. (2016). Remote field device fingerprinting using device-specific modbus information. In 2016 IEEE 59th international midwest symposium on circuits and systems (MWSCAS) (pp. 1–4): IEEE.

  15. Kohno, T., Broido, A., & Claffy, K.C. (2005). Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2, 93–108.

    Article  Google Scholar 

  16. Li, Q., Feng, X., Wang, H., & Sun, L. (2018). Understanding the usage of industrial control system devices on the internet. IEEE Internet of Things Journal, 5, 2178–2189.

    Article  Google Scholar 

  17. Lippmann, R., Fried, D., Piwowarski, K., & Streilein, W. (2003). Passive operating system identification from tcp/ip packet headers. In Workshop on data mining for computer security, Citeseer (p. 40).

  18. Lontorfos, G., Fairbanks, K.D., Watkins, L., & Robinson, W.H. (2015). Remotely inferring device manipulation of industrial control systems via network behavior. In Local computer networks conference workshops (LCN Workshops), 2015 IEEE 40th (pp. 603–610): IEEE.

  19. Lyon, G.F. (2009). Nmap network scanning: the official Nmap project guide to network discovery and security scanning. Insecure.

  20. Mason, L., Baxter, J., Bartlett, P.L., & Frean, M.R. (2000). Boosting algorithms as gradient descent. In Advances in neural information processing systems (pp. 512–518).

  21. Mavrakis, C. (2015). Passive asset discovery and operating system fingerprinting in industrial control system networks.

  22. Miettinen, M., Marchal, S., Hafeez, I., Asokan, N., Sadeghi, A.R., & Tarkoma, S. (2017). IoT sentinel: automated device-type identification for security enforcement in IoT. In 2017 IEEE 37th international conference on distributed computing systems, ICDCS (pp. 2177–2184): IEEE.

  23. Milinković, S.A., & Lazić, L.R. (2012). Industrial plc security issues. In Telecommunications Forum (TELFOR), 2012 20th (pp. 1536–1539): IEEE.

  24. Oser, P., Kargl, F., & Lüders, S. (2018). Identifying devices of the internet of things using machine learning on clock characteristics. In International conference on security, privacy and anonymity in computation, communication and storage (pp. 417–427): Springer.

  25. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., & et al. (2011). Scikit-learn: machine learning in python. Journal of Machine Learning Research, 12, 2825–2830.

    MathSciNet  MATH  Google Scholar 

  26. Peng, L., Hu, A., Zhang, J., Jiang, Y., Yu, J., & Yan, Y. (2019). Design of a hybrid rf fingerprint extraction and device classification scheme. IEEE Internet of Things Journal, 6, 349–360.

    Article  Google Scholar 

  27. Radhakrishnan, S.V., Uluagac, A.S., & Beyah, R. (2015). Gtid: a technique for physical device and device type fingerprinting. IEEE Transactions on Dependable and Secure Computing, 12, 519–532.

    Article  Google Scholar 

  28. Rodofile, N.R., Radke, K., & Foo, E. (2016). Dnp3 network scanning and reconnaissance for critical infrastructure. In Proceedings of the Australasian computer science week multiconference (p. 39): ACM.

  29. Shahid, M.R., Blanc, G., Zhang, Z., & Debar, H. (2018). Iot devices recognition through network traffic analysis. In 2018 IEEE international conference on big data (Big Data) (pp. 5187–5192): IEEE.

  30. Thangavelu, V., Divakaran, D.M., Sairam, R., Bhunia, S.S., & Gurusamy, M. (2018). Deft: a distributed IoT fingerprinting technique. IEEE Internet of Things Journal.

  31. Wiberg, K.C. (2006). Identifying supervisory control and data acquisition (SCADA) systems on a network via remote reconnaissance. Technical Report. NAVAL POSTGRADUATE SCHOOL MONTEREY CA.

  32. Zalewski, M. (2014). p0f v3 (version 3.08 b).

Download references

Acknowledgments

The authors gratefully acknowledge the anonymous reviewers for their helpful suggestions and insightful comments to improve the quality of the paper. The work reported in this paper has been partially supported by the Opening Project of Shanghai Trusted Industrial Control Platform.

Author information

Authors and Affiliations

  1. Xi’an Jiaotong University, Xi’an, China

    Feng Zhou & Hua Qu

  2. China Software Testing Center, Beijing, China

    Feng Zhou

  3. School of Computer Science and Engineering, Beijing Advanced Innovation Center for Big Data and Brain Computing, Beihang University, Beijing, 100191, China

    Hailong Liu & Bo Li

  4. The School of Software Engineering, East China Normal University, Shanghai, China

    Hong Liu

  5. The Shanghai Trusted Industrial Control Platform Co., Ltd, Shanghai, China

    Hong Liu

Authors
  1. Feng Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hua Qu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hailong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bo Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bo Li.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhou, F., Qu, H., Liu, H. et al. Fingerprinting IIoT Devices Through Machine Learning Techniques. J Sign Process Syst 93, 779–794 (2021). https://doi.org/10.1007/s11265-021-01656-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11265-021-01656-0

Keywords

Search

Navigation