Abstract
The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers due to the less secure nature of the devices. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization’s network also increases the risk of attacks. In order to address this threat, organizations often implement security policies in which only the connection of white-listed IoT devices is permitted. To monitor adherence to such policies and protect their networks, organizations must be able to identify the IoT devices connected to their networks and, more specifically, to identify connected IoT devices that are not on the white-list (unknown devices). In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network. In contrast to previous work, our approach does not require that complex feature engineering be applied on the network traffic, since we represent the “communication behavior” of IoT devices using small images built from the IoT devices’ network traffic payloads. In our experiments, we trained a multiclass classifier on a publicly available dataset, successfully identifying 10 different IoT devices and the traffic of smartphones and computers, with over 99% accuracy. We also trained multiclass classifiers to detect unauthorized IoT devices connected to the network, achieving over 99% overall average detection accuracy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025. https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/. Accessed 26 Jan 2020
Interpol warns IoT devices at risk. https://www.scmagazineuk.com/interpol-warns-iot-devices-risk/article/1473202. Accessed 26 Jan 2020
Shodan. https://www.shodan.io/. Accessed 26 Jan 2020
Security Researchers Find Vulnerable IoT Devices and MongoDB Databases Exposing Corporate Data. https://blog.shodan.io/security-researchers-find-vulnerable-iot-devices-and-mongodb-databases-exposing-corporate-data/. Accessed 26 Jan 2020
Anthraper, J.J., Kotak, J.: Security, privacy and forensic concern of MQTT protocol. In: International Conference on Sustainable Computing in Science, Technology and Management (SUSCOM), pp. 876–886. Jaipur, India (2019)
Olalere, M., Abdullah, M.T., Mahmod, R., Abdullah, A.: A review of bring your own device on security issues. In: SAGE Open (2015). https://doi.org/10.1177/2158244015580372
Abomhara, M.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J. Cyber Secur. Mobil. 4(1), 65–88 (2015)
Andrea, I., Chrysostomou, C., Hadjichristofi, G.: Internet of things: security vulnerabilities and challenges. In: IEEE Symposium on Computers and Communication (ISCC), pp. 180–187 (2015)
Kotak, J., Shah, A., Rajdev, P.: A comparative analysis on security of MQTT brokers. In: IET Conference Proceedings, p. 7 (2019)
Shah, A., Rajdev, P., Kotak, J.: Memory Forensic Analysis of MQTT Devices. arXiv preprint arXiv:1908.07835 (2019)
Xiao, L., Wan, X., Lu, X., Zhang, Y., Wu, D.: IoT security techniques based on machine learning: how do IoT devices use AI to enhance security? IEEE Signal Process. Mag. 35(5), 41–49 (2018)
Ling, Z., Luo, J., Xu, Y., Gao, C., Wu, K., Fu, X.: Security vulnerabilities of internet of things: a case study of the smart plug system. IEEE Internet of Things J. 4(6), 1899–1909 (2017)
Meidan, Y., Bohadana, M., Shabtai, A., Guarnizo, J.D., Ochoa, M., Tippenhauer, N.O., Elovici, Y.: ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis. In: Proceedings of the Symposium on Applied Computing, pp. 506–509 (2017)
Meidan, Y., Bohadana, M., Shabtai, A., Ochoa, M., Tippenhauer, N.O., Guarnizo, J.D., Elovici, Y.: Detection of unauthorized IoT devices using machine learning techniques. arXiv preprint arXiv:1709.04647 (2017)
Sivanathan, A., Gharakheili, H.H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., Sivaraman, V.: Classifying IoT devices in smart environments using network traffic characteristics. IEEE Trans. Mob. Comput. 18(8), 1745–1759 (2018)
Wang, Z.: The applications of deep learning on traffic identification. BlackHat USA 24(11), 1–10 (2015)
Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A., Lloret, J.: Network traffic classifier with convolutional and recurrent neural networks for Internet of Things. IEEE Access 5, 18042–18050 (2017)
Sun, G., Liang, L., Chen, T., Xiao, F., Lang, F.: Network traffic classification based on transfer learning. Comput. Electric. Eng. 69, 920–927 (2018)
Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: International Conference on Information Networking (ICOIN), pp. 712–717 (2017)
Celik, Z.B., Walls, R.J., McDaniel, P., Swami, A.: Malware traffic detection using tamper resistant features. In: MILCOM - IEEE Military Communications Conference, pp. 330–335 (2015)
Acar, A., Fereidooni, H., Abera, T., Sikder, A.K., Miettinen, M., Aksu, H., Uluagac, A.S.: Peek-a-Boo: I see your smart home activities, even encrypted! arXiv preprint arXiv:1808.02741(2018)
Alexa top sites. http://www.alexa.com/topsites. Accessed 26 Jan 2020
Geoip lookup service. http://geoip.com/. Accessed 26 Jan 2020
Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutorials 10(4), 56–76 (2008)
Zhang, J., Chen, X., Xiang, Y., Zhou, W., Wu, J.: Robust network traffic classification. IEEE/ACM Trans. Networking 23(4), 1257–1270 (2014)
SplitCap. https://www.netresec.com/?page=SplitCap. Accessed 26 Jan 2020
THE MNIST DATABASE of handwritten digits. http://yann.lecun.com/exdb/mnist/. Accessed 26 Jan 2020
Usage of initializers. https://keras.io/initializers/. Accessed 26 Jan 2020
Usage of activations. https://keras.io/activations/. Accessed 26 Jan 2020
Usage of optimizers. https://keras.io/optimizers/. Accessed 26 Jan 2020
Usage of loss functions. https://keras.io/losses/. Accessed 26 Jan 2020
Usage of metrics. https://keras.io/metrics/. Accessed 26 Jan 2020
Sokolova, M., Lapalme, G.: A systematic analysis of performance measures for classification tasks. Inf. Process. Manage. 45, 427–437 (2009)
Lipton, Z.C., Elkan, C., Narayanaswamy, B.: Thresholding classifiers to maximize F1 score. Mach. Learn. Knowl. Disc. Databases 8725, 225–239 (2014)
Acknowledgment
This project was partially funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement No 830927.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kotak, J., Elovici, Y. (2021). IoT Device Identification Using Deep Learning. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-57805-3_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57804-6
Online ISBN: 978-3-030-57805-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)