research-article

DeviceMien: network device behavior modeling for identifying unknown IoT devices

Authors:

Catherine Crawford,

Franck LeAuthors Info & Claims

IoTDI '19: Proceedings of the International Conference on Internet of Things Design and Implementation

Pages 106 - 117

https://doi.org/10.1145/3302505.3310073

Published: 15 April 2019 Publication History

Abstract

With the explosion of IoT device use, networks are becoming more vulnerable to attack. Network administrators need better tools to verify and discover these devices in order to minimize attack risk. Existing tools provide rule-based assessment capabilities that cannot keep pace with the proliferation of devices. Current techniques demonstrate that given a rich set of labeled packet traces, one could design a pipeline that identifies all the devices in that trace with over 99% accuracy [30, 32]. However, it has also been observed [25], that such techniques are brittle when no labels are available. More perniciously, they provide false confidence scores about the label they do ascribe to a sample. This paper introduces a probabilistic framework for providing meaningful feedback in device identification, particularly when the device has not been previously observed. In our work, we use stacked autoencoders for automatically learning features from device traffic, learn the classes of traffic observed, and probabilistically model each device as a distribution of traffic classes. Our experiments show that we are able to identify previously seen devices after only 18.9 TCP-flow samples with 100% accuracy for devices where at least 50 samples are observed. We also show that we can distinguish between two broad classes of devices - IoT and Non-IoT - by examining the average number of flow classes observed over a set of samples. Our experiments show that we can infer the correct class of unseen devices with an over 82% average F1 score and 70% accuracy.

References

[1]

Apple. 2010. Bonjour Service Discovery Suite. https://developer.apple.com/bonjour/.

[2]

N. Apthorpe, D. Reissman, and N. Feamster. 2016. A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic. In Workshop on Data and Algorithmic Transparency (DAT).

[3]

UNSW Australia. 2017. Testbed Setup for IoT Data Collection. http://149.171.189.1.

[4]

Avahi. 2010. Avahi Service Discovery Suite. http://www.avahi.org/.

[5]

Y. Bengio, P. Simard, and P. Frasconi. 1994. Learning long-term dependencies with gradient descent is difficult. IEEE Transactions on Neural Networks 5, 2 (March 1994), 157--166.

Digital Library

[6]

Léon Bottou. 1991. Stochastic gradient learning in neural networks. Proceedings of Neuro-Nimes 91, 8 (1991).

[7]

CNBC. 2014. Suddenly hot smart home devices are ripe for hacking, experts warn. https://www.cnbc.com/2016/12/25/suddenly-hot-smart-home-devices-are-ripe-for-hacking-experts-warn.html.

[8]

Felix A. Gers, JÃijrgen Schmidhuber, and Fred Cummins. 1999. Learning to Forget: Continual Prediction with LSTM. Neural Computation 12 (1999), 2451--2471.

Digital Library

[9]

Felix A. Gers, Nicol N. Schraudolph, and Jürgen Schmidhuber. 2003. Learning Precise Timing with Lstm Recurrent Networks. J. Mach. Learn. Res. 3 (March 2003), 115--143.

Digital Library

[10]

A. Graves, M. Liwicki, S. FernÃαndez, R. Bertolami, H. Bunke, and J. Schmidhuber. 2009. A Novel Connectionist System for Unconstrained Handwriting Recognition. IEEE Transactions on Pattern Analysis and Machine Intelligence 31, 5 (May 2009), 855--868.

Digital Library

[11]

The Guardian. 2013. Will giving the internet eyes and ears mean the end of privacy? https://www.theguardian.com/technology/2013/may/16/internet-of-things-privacy-google.

[12]

Geoffrey Hinton, Li Deng, Dong Yu, George E Dahl, Abdel-rahman Mohamed, Navdeep Jaitly, Andrew Senior, Vincent Vanhoucke, Patrick Nguyen, Tara N Sainath, et al. 2012. Deep neural networks for acoustic modeling in speech recognition: The shared views of four research groups. IEEE Signal Processing Magazine 29, 6 (2012), 82--97.

[13]

Geoffrey E Hinton and Ruslan R Salakhutdinov. 2006. Reducing the dimensionality of data with neural networks. Science (2006).

[14]

Sepp Hochreiter and Jürgen Schmidhuber. 1997. Long short-term memory. Neural computation 9, 8 (1997), 1735--1780.

Digital Library

[15]

Diederik P. Kingma and Max Welling. 2013. Auto-Encoding Variational Bayes. CoRR abs/1312.6114 (2013).

[16]

Honglak Lee, Chaitanya Ekanadham, and Andrew Y Ng. 2008. Sparse deep belief net model for visual area V2. In Advances in neural information processing systems. 873--880.

Digital Library

[17]

M. Lopez-Martin, B. Carro, A. Sanchez-Esguevillas, and J. Lloret. 2017. Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things. IEEE Access 5 (2017), 18042--18050.

[18]

Wired Magazine. 2014. The Internet of Things is Wildly Insecure - and Often Unpatchable. https://goo.gl/cuKnLN.

[19]

Wired Magazine. 2015. Hackers Remotely Kill a Jeep on the Highway - With Me In It. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.

[20]

F.J. Massey. 1951. The Kolmogorov-Smirnov test for goodness of fit. J. Amer. Statist. Assoc. 46, 253 (1951), 68--78.

[21]

Markus Miettinen, Samuel Marchal, Ibbad Hafeez, Tommaso Frassetto, N. Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. 2017. IoT Sentinel Demo: Automated Device-Type Identification for Security Enforcement in IoT. In Proc. 37th IEEE International Conference on Distributed Computing Systems (ICDCS 2017). IEEE.

[22]

Tomas Mikolov, Martin KarafiÃαt, LukÃαs Burget, Jan CernockÃ¡, and Sanjeev Khudanpur. 2010. Recurrent neural network based language model. In INTER-SPEECH, Takao Kobayashi, Keikichi Hirose, and Satoshi Nakamura (Eds.). ISCA, 1045--1048. http://dblp.uni-trier.de/db/conf/interspeech/interspeech2010.html#MikolovKBCK10

[23]

Andrew W. Moore and Denis Zuev. 2005. Internet Traffic Classification Using Bayesian Analysis Techniques. In Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS '05). ACM, New York, NY, USA, 50--60.

Digital Library

[24]

BBC News. 2014. Smart meters can be hacked to cut power bills. http://www.bbc.com/news/technology-29643276.

[25]

Jorge Ortiz, Catherine Crawford, Franck Le, and Ali Hasan. 2017. Strange (Internet of) Things: Towards Automatic Identification of IoT Devices in the Wild. https://goo.gl/ExWQ6A.

[26]

Razvan Pascanu, Tomas Mikolov, and Yoshua Bengio. 2013. On the Difficulty of Training Recurrent Neural Networks. In Proceedings of the 30th International Conference on International Conference on Machine Learning - Volume 28 (ICML '13). JMLR.org, III-1310--III-1318. http://dl.acm.org/citation.cfm?id=3042817.3043083

Digital Library

[27]

Gartner Research. 2017. Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 2017, Up 31 Percent From 2016. http://www.gartner.com/newsroom/id/3598917.

[28]

Peter Rousseeuw. 1987. Silhouettes: A Graphical Aid to the Interpretation and Validation of Cluster Analysis. J. Comput. Appl. Math. 20, 1 (Nov. 1987), 53--65.

Digital Library

[29]

Bernhard Schölkopf, John C. Platt, John C. Shawe-Taylor, Alex J. Smola, and Robert C. Williamson. 2001. Estimating the Support of a High-Dimensional Distribution. Neural Comput. 13, 7 (July 2001), 1443--1471.

Digital Library

[30]

A. Sivanathan, H. Habibi Gharakheili, F. Loi, A. Radford, C. Wijenayake, A. Vishwanath, and V. Sivaraman. 2018. Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics. IEEE Transactions on Mobile Computing (2018), 1--1.

[31]

Arunan Sivanathan, Daniel Sherratt, Hassan Habibi Gharakheili, and Vijay Sivaraman amd Arun Vishwanath. 2016. Low-cost flow-based security solutions for smart-home IoT devices. In Advanced Networks and Telecommunications Systems (ANTS).

[32]

Arunan Sivanathan, Daniel Sherratt, Hassan Habibi Gharakheili, Adam Radford, Chamith Wijenayake, Arun Vishwanath, and Vijay Sivaraman. 2017. Characterizing and Classifying IoT Traffic in Smart Cities and Campuses. In IEEE INFOCOM Workshop on SmartCity: Smart Cities and Urban Computing. Atlanta, GA.

[33]

Jasper Snoek, Hugo Larochelle, and Ryan P. Adams. 2012. Practical Bayesian Optimization of Machine Learning Algorithms. In Proceedings of the 25th International Conference on Neural Information Processing Systems (NIPS'12). Curran Associates Inc., USA, 2951--2959. http://dl.acm.org/citation.cfm?id=2999325.2999464

Digital Library

[34]

The Verge. 2014. How an army of vulnerable gadgets took down the web today. https://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-explained.

[35]

Pascal Vincent, Hugo Larochelle, Yoshua Bengio, and Pierre-Antoine Manzagol. 2008. Extracting and composing robust features with denoising autoencoders. In Proceedings of the 25th international conference on Machine learning. ACM, 1096--1103.

Digital Library

[36]

Security Week. 2014. Hackers Attack Shipping and Logistics Firms Using Malware-Laden Handheld Scanners. https://goo.gl/BTppBy.

[37]

Tianlong Yu, Vyas Sekar, Srinivasan Seshan, Yuvraj Agarwal, and Chenren Xu. 2015. Handling a Trillion (Unfixable) Flaws on a Billion Devices: Rethinking Network Security for the Internet-of-Things. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (HotNets-XIV).

Digital Library

Cited By

Yu KLi QChen DHu L(2024)Safeguarding User-Centric Privacy in Smart HomesACM Transactions on Internet Technology10.1145/370172624:4(1-33)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3701726
Gu YChen JWu CHe KZhao ZDu R(2024)LocCamsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36314327:4(1-24)Online publication date: 12-Jan-2024
https://dl.acm.org/doi/10.1145/3631432
Yin YXie KHe SLi YWen JDiao ZZhang DXie G(2024)GraphIoT: Lightweight IoT Device Detection based on Graph Classifiers and Incremental LearningIEEE Transactions on Services Computing10.1109/TSC.2024.3466854(1-14)Online publication date: 2024
https://doi.org/10.1109/TSC.2024.3466854
Show More Cited By

Recommendations

Contemporary Issues in Handheld Computing Research

Mobile phones have become ubiquitous in today's society. However, mobile users are no longer satisfied with simple phones but instead expect ever more powerful functions to be available from their mobile devices. Advanced phones known as smartphones ...
A model of the relationship between psychological characteristics, mobile phone addiction and use of mobile phones by Taiwanese university female students

While many researches have analyzed the psychological antecedents of mobile phone addiction and mobile phone usage behavior, their relationship with psychological characteristics remains mixed. We investigated the relationship between psychological ...
Secure mobile device structure for trust IoT

In the IoT environment, all devices are connected to each other, and mobile device is considered as key device. But hacking into mobile devices is increasing rapidly with the increase in mobile device users. As the market share of Android OS increases, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IoTDI '19: Proceedings of the International Conference on Internet of Things Design and Implementation

April 2019

299 pages

ISBN:9781450362832

DOI:10.1145/3302505

General Chairs:
Olaf Landsiedel
Univ. of Kiel,Germany,Chalmers Univ. of Technology, Sweden
,
Klara Nahrstedt
University of Illinois Urbana-Champaign

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGBED: ACM Special Interest Group on Embedded Systems

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 April 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

IoTDI '19

Sponsor:

SIGBED

IoTDI '19: International Conference on Internet-of-Things Design and Implementation

April 15 - 18, 2019

Quebec, Montreal, Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

84
Total Citations
View Citations
1,445
Total Downloads

Downloads (Last 12 months)141
Downloads (Last 6 weeks)11

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yu KLi QChen DHu L(2024)Safeguarding User-Centric Privacy in Smart HomesACM Transactions on Internet Technology10.1145/370172624:4(1-33)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3701726
Gu YChen JWu CHe KZhao ZDu R(2024)LocCamsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36314327:4(1-24)Online publication date: 12-Jan-2024
https://dl.acm.org/doi/10.1145/3631432
Yin YXie KHe SLi YWen JDiao ZZhang DXie G(2024)GraphIoT: Lightweight IoT Device Detection based on Graph Classifiers and Incremental LearningIEEE Transactions on Services Computing10.1109/TSC.2024.3466854(1-14)Online publication date: 2024
https://doi.org/10.1109/TSC.2024.3466854
Dong SShu LXia QKamruzzaman JXia YPeng T(2024)Device Identification Method for Internet of Things Based on Spatial-Temporal Feature ResidualsIEEE Transactions on Services Computing10.1109/TSC.2024.3440013(1-16)Online publication date: 2024
https://doi.org/10.1109/TSC.2024.3440013
Swarnkar MKumar R(2024)BitIoT: A Bit Level Deep Packet Inspection Method for Identification of MQTT-Based IoT Devices in the WildIEEE Transactions on Network and Service Management10.1109/TNSM.2024.337388721:3(2866-2875)Online publication date: Jun-2024
https://doi.org/10.1109/TNSM.2024.3373887
Zhong YWang ZShi XYang JLi K(2024)RFG-HELAD: A Robust Fine-Grained Network Traffic Anomaly Detection Model Based on Heterogeneous Ensemble LearningIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.340243919(5895-5910)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3402439
Medury LKandah F(2024)GoNP: Graph of Network Patterns for Device Identification using UDP Application Layer Protocols2024 IEEE 49th Conference on Local Computer Networks (LCN)10.1109/LCN60385.2024.10639659(1-8)Online publication date: 8-Oct-2024
https://doi.org/10.1109/LCN60385.2024.10639659
Gvozdenovic SBecker JMikulskis JStarobinski D(2024)IoT-Scan: Network Reconnaissance for Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2023.332729311:8(13091-13107)Online publication date: 15-Apr-2024
https://doi.org/10.1109/JIOT.2023.3327293
Mir MTan WAwrangjeb MZia A(2024)A Comparative Analysis of IoT Device Fingerprinting Methods2024 34th International Telecommunication Networks and Applications Conference (ITNAC)10.1109/ITNAC62915.2024.10815418(1-7)Online publication date: 27-Nov-2024
https://doi.org/10.1109/ITNAC62915.2024.10815418
Du RLi SZhao P(2024)A Behavioral Recognition-Based Federated Learning Framework for IoT Environments2024 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN60899.2024.10651433(1-9)Online publication date: 30-Jun-2024
https://doi.org/10.1109/IJCNN60899.2024.10651433
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents