research-article

IoTHound: environment-agnostic device identification and monitoring

Authors:

Prashant Anantharaman,

Ioannis Agadakos,

Gabriela Ciocarlie,

Michael E. LocastoAuthors Info & Claims

IoT '20: Proceedings of the 10th International Conference on the Internet of Things

Article No.: 7, Pages 1 - 9

https://doi.org/10.1145/3410992.3410993

Published: 06 October 2020 Publication History

Abstract

As the Internet of Things (IoT) becomes more ingrained in our daily lives and environments, asset enumeration, characterization, and monitoring become crucial, yet challenging tasks. A vast number of gadgets in the market have a smartphone-based companion-app, making monitoring a variety of devices an overwhelming task for users. We propose IoTHound, an automated method to identify and monitor IoT devices in smart-homes.

Our novel prototype leverages capabilities in current commercial off-the-shelf equipment such as routers with multiple antennas that provide insight into the activity of IoT devices in smart homes. We exploit two critical characteristics of IoT networks: device traffic patterns rarely change since devices perform specific tasks, and physical signal properties such as received signal strength indicator (RSSI) are useful since devices can move in closed spaces.

IoTHound works without any prior knowledge of the devices. It uses an unsupervised learning method to analyze properties of the network traffic to: (i) identify IoT device types based on extracted network data, and (ii) detect deviations from normal network behavior by monitoring over time.

Our evaluation of IoTHound on three distinct datasets comprising Wi-Fi, Bluetooth, Zigbee, and Ethernet devices, indicate that: (i) IoTHound can characterize devices with over 95% accuracy, (ii) IoTHound successfully detects all anomalous behavior in our test scenarios, and (iii) IoTHound can leverage physical characteristics of course device location to enhance its monitoring capabilities.

References

[1]

Omar Alrawi, Chaz Lever, Manos Antonakakis, and Fabian Monrose. 2019. SoK: Security Evaluation of Home-Based IoT Deployments. In Proceedings of the IEEE Symposium on Security and Privacy (S&P). IEEE, San Jose, CA, USA, 19.

[2]

Carlos Bacquet, Nur A Zincir-Heywood, and Malcolm I Heywood. 2010. An Analysis of Clustering Objectives for Feature Selection Applied to Encrypted Traffic Identification. In Congress on Evolutionary Computation. IEEE, Barcelona, Spain, 1--8.

[3]

Bruhadeshwar Bezawada, Maalvika Bachani, Jordan Peterson, Hossein Shirazi, Indrakshi Ray, and Indrajit Ray. 2018. Behavioral Fingerprinting of IoT Devices. In Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security (ASHES '18). Association for Computing Machinery, New York, NY, USA, 41--50.

Digital Library

[4]

Shuaike Dong, Zhou Li, Di Tang, Jiongyi Chen, Menghan Sun, and Kehuan Zhang. 2019. Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks. arXiv preprint 1909, 00104 (2019), 1--12.

[5]

Jeffrey Erman, Martin Arlitt, and Anirban Mahanti. 2006. Traffic Classification using Clustering Algorithms. In Proceedings of SIGCOMM Workshop on Mining Network Data. ACM, New York, NY, USA, 281--286.

Digital Library

[6]

Elike Hodo, Xavier Bellekens, Andrew Hamilton, Pierre-Louis Dubouilh, Ephraim Iorkyase, Christos Tachtatzis, and Robert Atkinson. 2016. Threat Analysis of IoT Networks using Artificial Neural Network Intrusion Detection System. In International Symposium on Networks, Computers and Communications (ISNCC). IEEE, Yasmine Hammamet, Tunisia, 1--6.

[7]

AKM Mahtab Hossain, Hien Nguyen Van, Yunye Jin, and Wee-Seng Soh. 2007. Indoor Localization using Multiple Wireless Technologies. In 2007 IEEE International Conference on Mobile Adhoc and Sensor Systems. IEEE, Pisa, Italy, 1--8.

[8]

Laurens van der Maaten and Geoffrey Hinton. 2008. Visualizing Data using t-SNE. Journal of Machine Learning Research 9, Nov (2008), 2579--2605.

[9]

Jeremy Martin, Travis Mayberry, Collin Donahue, Lucas Foppe, Lamont Brown, Chadwick Riggins, Erik C Rye, and Dane Brown. 2017. A Study of MAC Address Randomization in Mobile Devices and When It Fails. Proceedings on Privacy Enhancing Technologies 2017, 4 (2017), 365--383.

[10]

Leland McInnes, John Healy, and Steve Astels. 2017. HDBSCAN: Hierarchical Density Based Clustering. The Journal of Open Source Software 2, 11 (2017), 205.

[11]

Yair Meidan, Michael Bohadana, Asaf Shabtai, Juan David Guarnizo, Martín Ochoa, Nils Ole Tippenhauer, and Yuval Elovici. 2017. ProfilIoT: A Machine Learning Approach for IoT Device Identification based on Network Traffic Analysis. In Proceedings of the Symposium on Applied Computing. ACM, Marrakech, Morocco, 506--509.

Digital Library

[12]

Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. 2017. IoT Sentinel: Automated Device-type Identification for Security Enforcement in IoT. In IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, Atlanta, GA, USA, 2177--2184.

[13]

Colin O'Flynn. 2016. Getting Root on Philips Hue Bridge 2.0. http://colinoflynn.com/2016/07/getting-root-on-philips-hue-bridge-2-0/.

[14]

V. Paxson. 1994. Empirically Derived Analytic Models of Wide-Area TCP Connections. IEEE/ACM Transactions on Networking 2, 4 (Aug 1994), 316--336.

Digital Library

[15]

Farooq Shaikh, Elias Bou-Harb, Jorge Crichigno, and Nasir Ghani. 2018. A Machine Learning Model for Classifying Unsolicited IoT Devices by Observing Network Telescopes. In 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC). IEEE, Limassol, Cyprus, 938--943.

[16]

Sandra Siby, Rajib Ranjan Maiti, and Nils Tippenhauer. 2017. IoTScanner: Detecting and Classifying Privacy Threats in IoT Neighborhoods. arXiv:cs.CR/1701.05007

[17]

Gang Zhou, Tian He, Sudha Krishnamurthy, and John A Stankovic. 2004. Impact of Radio Irregularity on Wireless Sensor Networks. In Proceedings of the 2nd International Conference on Mobile Systems, Applications, and Services. ACM, Boston, MA, 125--138.

Digital Library

Cited By

De Coninck QKalantari SSion LHughes DEskicioglu RHuang PPatwari N(2023)URLink: Using Names As Sole Internet Addresses to Tackle Scanning Attacks in IoTProceedings of the First International Workshop on Security and Privacy of Sensing Systems10.1145/3628356.3630115(15-21)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3628356.3630115
Morales GBienek-Parrish AJenkins PSlavin R(2023)Protocol-agnostic IoT Device Classification on Encrypted Traffic Using Link-Level FlowsProceedings of Cyber-Physical Systems and Internet of Things Week 202310.1145/3576914.3587487(19-24)Online publication date: 9-May-2023
https://dl.acm.org/doi/10.1145/3576914.3587487

Index Terms

IoTHound: environment-agnostic device identification and monitoring
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
  2. Network security
    1. Mobile and wireless security

Recommendations

Network Traffic Analysis based IoT Device Identification
BDIOT '20: Proceedings of the 2020 4th International Conference on Big Data and Internet of Things

Device identification is the process of identifying a device on Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a ...
ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis
SAC '17: Proceedings of the Symposium on Applied Computing

In this work we apply machine learning algorithms on network traffic data for accurate identification of IoT devices connected to a network. To train and evaluate the classifier, we collected and labeled network traffic data from nine distinct IoT ...
Automatic IoT device identification: a deep learning based approach using graphic traffic characteristics
Abstract
IoT device identification is an effective security measure to track different devices, helping analyze and defend against potential vulnerabilities of various IoT devices. However, existing IoT device identification works mainly use hand-designed ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

IoT '20: Proceedings of the 10th International Conference on the Internet of Things

October 2020

204 pages

ISBN:9781450387583

DOI:10.1145/3410992

General Chairs:
Paul Davidsson
Malmö University, Sweden
,
Marc Langheinrich
Università della Svizzera italiana, Lugano, Switzerland

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

US Department of Homeland Security (DHS) Science and Technology (S&T)

Conference

IoT '20

IoT '20: 10th International Conference on the Internet of Things

October 6 - 9, 2020

Malmö, Sweden

Acceptance Rates

Overall Acceptance Rate 28 of 84 submissions, 33%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
346
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)1

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

De Coninck QKalantari SSion LHughes DEskicioglu RHuang PPatwari N(2023)URLink: Using Names As Sole Internet Addresses to Tackle Scanning Attacks in IoTProceedings of the First International Workshop on Security and Privacy of Sensing Systems10.1145/3628356.3630115(15-21)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3628356.3630115
Morales GBienek-Parrish AJenkins PSlavin R(2023)Protocol-agnostic IoT Device Classification on Encrypted Traffic Using Link-Level FlowsProceedings of Cyber-Physical Systems and Internet of Things Week 202310.1145/3576914.3587487(19-24)Online publication date: 9-May-2023
https://dl.acm.org/doi/10.1145/3576914.3587487

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents