More Web Proxy on the site http://driver.im/

research-article

Inferring Hidden IoT Devices and User Interactions via Spatial-Temporal Traffic Fingerprinting

Authors:

John C. S. Lui,

Xiaohong GuanAuthors Info & Claims

IEEE/ACM Transactions on Networking, Volume 30, Issue 1

Pages 394 - 408

https://doi.org/10.1109/TNET.2021.3112480

Published: 27 September 2021 Publication History

Abstract

With the popularization of Internet of Things (IoT) devices in smart home and industry fields, a huge number of IoT devices are connected to the Internet. However, what devices are connected to a network may not be known by the Internet Service Provider (ISP), since many IoT devices are placed within small networks (e.g., home networks) and are hidden behind network address translation (NAT). Without pinpointing IoT devices in a network, it is unlikely for the ISP to appropriately configure security policies and effectively manage the network. Additionally, inferring fine-grained user interactions of IoT devices is also an interesting yet unresolved problem. In this paper, we design an efficient and scalable system via spatial-temporal traffic fingerprinting from an ISP’s perspective in consideration of practical issues like learning-testing asymmetry. Our system can accurately identify typical IoT devices in a network, with the additional capability of identifying what devices are hidden behind NAT and the number of each type of device that share the same IP address. Our system can also detect user interactions and meanwhile identify their (concurrent) number through a multi-output regression model. Through extensive evaluation, we demonstrate that the system can generally identify IoT devices with an F1-Score above 0.999, and estimate the number of the same type of IoT device behind NAT with an average error below 5%. By studying 29 user interactions of 7 devices, we show that our system is promising in detecting user interactions.

References

[1]

(2019). Internet of Things (IoT) Connected Devices Installed Base Worldwide From 2015 to 2025 (in Billions). [Online]. Available: https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/

[2]

C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, 2017.

[3]

A. O. Prokofiev and Y. S. Smirnova, “Counteraction against Internet of Things botnets in private networks,” in Proc. IEEE Conf. Russian Young Researchers Electr. Electron. Eng. (EIConRus), Jan. 2019, pp. 301–305.

[4]

S. Soltan, P. Mittal, and H. V. Poor, “BlackIoT: IoT botnet of high wattage devices can disrupt the power grid,” in Proc. USENIX Secur., 2018, pp. 15–32.

[5]

Z.-K. Zhang, M. C. Y. Cho, C.-W. Wang, C.-W. Hsu, C.-K. Chen, and S. Shieh, “IoT security: Ongoing challenges and research opportunities,” in Proc. IEEE 7th Int. Conf. Service-Oriented Comput. Appl., Nov. 2014, pp. 230–234.

[6]

L. Xiao, X. Wan, X. Lu, Y. Zhang, and D. Wu, “IoT security techniques based on machine learning: How do IoT devices use AI to enhance security?,” IEEE Signal Process. Mag., vol. 35, no. 5, pp. 41–49, Sep. 2018.

[7]

V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, “A survey on IoT security: Application areas, security threats, and solution architectures,” IEEE Access, vol. 7, pp. 82721–82743, 2019.

[8]

F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, “Machine learning in IoT security: Current solutions and future challenges,” IEEE Commun. Surveys Tuts., vol. 22, no. 3, pp. 1686–1721, 3rd Quart., 2020.

[9]

(2021). CVE-2021-23853 Detail. [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2021-23853

[10]

A. Sivanathanet al., “Classifying IoT devices in smart environments using network traffic characteristics,” IEEE Trans. Mobile Comput., vol. 18, no. 8, pp. 1745–1759, Aug. 2019.

[11]

J. W. Hunt and T. G. Szymanski, “A fast algorithm for computing longest common subsequences,” Commun. ACM, vol. 20, no. 5, pp. 350–353, May 1977.

[12]

C. Bepery, S. Abdullah-Al-Mamun, and M. S. Rahman, “Computing a longest common subsequence for multiple sequences,” in Proc. 2nd Int. Conf. Electr. Inf. Commun. Technol. (EICT), Dec. 2015, pp. 118–129.

[13]

K. Chen, Z. Zhang, J. Long, and H. Zhang, “Turning from TF-IDF to TF-IGM for term weighting in text classification,” Expert Syst. Appl., vol. 66, pp. 245–260, Dec. 2016.

[14]

S. Kiranyaz, T. Ince, and M. Gabbouj, “Real-time patient-specific ECG classification by 1-D convolutional neural networks,” IEEE Trans. Biomed. Eng., vol. 63, no. 3, pp. 664–675, Mar. 2016.

[15]

T. Ince, S. Kiranyaz, L. Eren, M. Askar, and M. Gabbouj, “Real-time motor fault detection by 1-D convolutional neural networks,” IEEE Trans. Ind. Electron., vol. 63, no. 11, pp. 7067–7075, Nov. 2016.

[16]

O. Abdel-Hamid, A.-R. Mohamed, H. Jiang, L. Deng, G. Penn, and D. Yu, “Convolutional neural networks for speech recognition,” IEEE/ACM Trans. Audio, Speech, Lang. Process., vol. 22, no. 10, pp. 1533–1545, Jul. 2014.

[17]

G. E. Hinton, N. Srivastava, A. Krizhevsky, I. Sutskever, and R. R. Salakhutdinov, “Improving neural networks by preventing co-adaptation of feature detectors,” 2012, arXiv:1207.0580. [Online]. Available: https://arxiv.org/abs/1207.0580

[18]

N. Srivastava, G. Hinton, A. Krizhevsky, I. Sutskever, and R. Salakhutdinov, “Dropout: A simple way to prevent neural networks from overfitting,” J. Mach. Learn. Res., vol. 15, pp. 1929–1958, Jan. 2014.

[19]

J. Ren, D. J. Dubois, D. Choffnes, A. M. Mandalari, R. Kolcun, and H. Haddadi, “Information exposure from consumer IoT devices: A multidimensional, network-informed measurement approach,” in Proc. IMC, 2019, pp. 267–279.

[20]

J. M. Sotoca, J. Sanchez, and R. A. Mollineda, “A review of data complexity measures and their applicability to pattern classification problems,” Actas III Taller Nacional Mineria Datos Aprendizaje, vol. 2005, pp. 77–83, Jan. 2005.

[21]

S. Sundaresan, S. Burnett, N. Feamster, and W. de Donato, “Bismark: A testbed for deploying measurements and applications in broadband access networks,” in Proc. USENIX ATC, 2014, pp. 383–394.

[22]

P. Schmitt, F. Bronzino, R. Teixeira, T. Chattopadhyay, and N. Feamster, “Enhancing transparency: Internet video quality inference from network traffic,” in Proc. Res. Conf. Commun., Inf. Internet Policy, 2018, pp. 1–12.

[23]

D. Y. Huang, N. Apthorpe, F. Li, G. Acar, and N. Feamster, “IoT inspector: Crowdsourcing labeled network traffic from smart home devices at scale,” in Proc. ACM IMWUT, 2020, pp. 1–21.

[24]

N. Apthorpe, D. Y. Huang, D. Reisman, A. Narayanan, and N. Feamster, “Keeping the smart home private with smart(er) IoT traffic shaping,” Proc. Privacy Enhancing Technol., vol. 2019, no. 3, pp. 128–148, Jul. 2019.

[25]

(2021). NAT-PT for IPv6. [Online]. Available: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/ip6-natpt.html

[26]

(2021). RFC 8504: IPv6 Node Requirements. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc8504

[27]

Y. Amar, H. Haddadi, R. Mortier, A. Brown, J. Colley, and A. Crabtree, “An analysis of home IoT network traffic and behaviour,” 2018, arXiv:1803.05368. [Online]. Available: https://arxiv.org/abs/1803.05368

[28]

K. Yang, Q. Li, and L. Sun, “Towards automatic fingerprinting of IoT devices in the cyberspace,” Comput. Netw., vol. 148, pp. 318–327, Jan. 2019.

[29]

G. Acar, D. Y. Huang, F. Li, A. Narayanan, and N. Feamster, “Web-based attacks to discover and control local IoT devices,” in Proc. Workshop IoT Secur. Privacy, Aug. 2018, pp. 29–35.

[30]

M. R. Shahid, G. Blanc, Z. Zhang, and H. Debar, “IoT devices recognition through network traffic analysis,” in Proc. IEEE Int. Conf. Big Data (Big Data), Dec. 2018, pp. 5187–5192.

[31]

L. Bai, L. Yao, S. S. Kanhere, X. Wang, and Z. Yang, “Automatic device classification from network traffic streams of Internet of Things,” in Proc. IEEE 43rd Conf. Local Comput. Netw. (LCN), Oct. 2018, pp. 1–9.

[32]

J. Franklin, D. McCoy, P. Tabriz, V. Neagoe, J. V. Randwyk, and D. Sicker, “Passive data link layer 802.11 wireless device driver fingerprinting,” in Proc. UNISEX Secur., 2006, pp. 16–89.

[33]

B. Bezawada, M. Bachani, J. Peterson, H. Shirazi, I. Ray, and I. Ray, “IoTSense: Behavioral fingerprinting of IoT devices,” 2018, arXiv:1804.03852. [Online]. Available: https://arxiv.org/abs/1804.03852

[34]

Y. Meidanet al., “ProfilIoT: A machine learning approach for IoT device identification based on network traffic analysis,” in Proc. ACM SAC, 2017, pp. 506–509.

[35]

M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi, and S. Tarkoma, “IoT SENTINEL: Automated device-type identification for security enforcement in IoT,” in Proc. IEEE 37th Int. Conf. Distrib. Comput. Syst. (ICDCS), Jun. 2017, pp. 2177–2184.

[36]

H. Jafari, O. Omotere, D. Adesina, H.-H. Wu, and L. Qian, “IoT devices fingerprinting using deep learning,” in Proc. IEEE Mil. Commun. Conf. (MILCOM), Oct. 2018, pp. 1–9.

[37]

S. Aneja, N. Aneja, and M. S. Islam, “IoT device fingerprint using deep learning,” in Proc. IEEE Int. Conf. Internet Things Intell. Syst. (IOTAIS), Nov. 2018, pp. 174–179.

[38]

M. Lopez-Martin, B. Carro, A. Sanchez-Esguevillas, and J. Lloret, “Network traffic classifier with convolutional and recurrent neural networks for Internet of Things,” IEEE Access, vol. 5, pp. 18042–18050, 2017.

[39]

L. Babun, H. Aksu, L. Ryan, K. Akkaya, E. S. Bentley, and A. S. Uluagac, “Z-IoT: Passive device-class fingerprinting of ZigBee and Z-wave IoT devices,” in Proc. IEEE Int. Conf. Commun. (ICC), Jun. 2020, pp. 1–7.

[40]

A. M. Ali, E. Uzundurukan, and A. Kara, “Assessment of features and classifiers for Bluetooth RF fingerprinting,” IEEE Access, vol. 7, pp. 50524–50535, 2019.

[41]

P. Robyns, E. Marin, W. Lamotte, P. Quax, D. Singelée, and B. Preneel, “Physical-layer fingerprinting of LoRa devices using supervised and zero-shot learning,” in Proc. 10th ACM Conf. Secur. Privacy Wireless Mobile Netw., Jul. 2017, pp. 58–63.

[42]

N. J. Apthorpe, D. Reisman, S. Sundaresan, A. Narayanan, and N. Feamster, “Spying on the smart home: Privacy attacks and defenses on encrypted IoT traffic,” 2017, arXiv:1708.05044. [Online]. Available: https://arxiv.org/abs/1708.05044

[43]

N. J. Apthorpe, D. Reisman, and N. Feamster, “A smart home is no castle: Privacy vulnerabilities of encrypted IoT traffic,” 2017, arXiv:1705.06805. [Online]. Available: https://arxiv.org/abs/1705.06805

[44]

R. Trimananda, J. Varmarken, A. Markopoulou, and B. Demsky, “PingPong: Packet-level signatures for smart home device events,” 2019, arXiv:1907.11797. [Online]. Available: https://arxiv.org/abs/1907.11797

[45]

T. OConnor, R. Mohamed, M. Miettinen, W. Enck, B. Reaves, and A.-R. Sadeghi, “HomeSnitch: Behavior transparency and control for smart home IoT devices,” in Proc. 12th Conf. Secur. Privacy Wireless Mobile Netw., May 2019, pp. 128–138.

[46]

V. Thangavelu, D. M. Divakaran, R. Sairam, S. S. Bhunia, and M. Gurusamy, “DEFT: A distributed IoT fingerprinting technique,” IEEE Internet Things J., vol. 6, no. 1, pp. 940–952, Feb. 2019.

Cited By

Alyahya TAniello LSassone V(2024)ScaNeF-IoT: Scalable Network Fingerprinting for IoT DeviceProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670892(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670892
Li BChen YZhang LWang LCheng Y(2024)HomeSentinel: Intelligent Anti-Fingerprinting for IoT Traffic in Smart HomesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.338258919(4780-4793)Online publication date: 28-Mar-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3382589
Tan SYu SLiu WHe DChan S(2023)You Can Glimpse but You Cannot Identify: Protect IoT Devices From Being FingerprintedIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.327585021:3(1210-1223)Online publication date: 12-May-2023
https://dl.acm.org/doi/10.1109/TDSC.2023.3275850

Index Terms

Inferring Hidden IoT Devices and User Interactions via Spatial-Temporal Traffic Fingerprinting
1. Networks
  1. Network services
    1. Network monitoring
  2. Network types
2. Security and privacy
  1. Network security
    1. Mobile and wireless security

Index terms have been assigned to the content through auto-classification.

Recommendations

Fingerprinting IoT Devices Using Latent Physical Side-Channels

The proliferation of low-end low-power internet-of-things (IoT) devices in "smart" environments necessitates secure identification and authentication of these devices via low-overhead fingerprinting methods. Previous work typically utilizes ...
Network Traffic Analysis based IoT Device Identification
BDIOT '20: Proceedings of the 2020 4th International Conference on Big Data and Internet of Things

Device identification is the process of identifying a device on Internet without using its assigned network or other credentials. The sharp rise of usage in Internet of Things (IoT) devices has imposed new challenges in device identification due to a ...
A Survey on IoT Profiling, Fingerprinting, and Identification
The proliferation of heterogeneous Internet of things (IoT) devices connected to the Internet produces several operational and security challenges, such as monitoring, detecting, and recognizing millions of interconnected IoT devices. Network and system ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking

IEEE/ACM Transactions on Networking Volume 30, Issue 1

Feb. 2022

473 pages

ISSN:1063-6692

Issue’s Table of Contents

1558-2566 © 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.

Publisher

IEEE Press

Publication History

Published: 27 September 2021

Published in TON Volume 30, Issue 1

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
78
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)1

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Alyahya TAniello LSassone V(2024)ScaNeF-IoT: Scalable Network Fingerprinting for IoT DeviceProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670892(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670892
Li BChen YZhang LWang LCheng Y(2024)HomeSentinel: Intelligent Anti-Fingerprinting for IoT Traffic in Smart HomesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.338258919(4780-4793)Online publication date: 28-Mar-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3382589
Tan SYu SLiu WHe DChan S(2023)You Can Glimpse but You Cannot Identify: Protect IoT Devices From Being FingerprintedIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.327585021:3(1210-1223)Online publication date: 12-May-2023
https://dl.acm.org/doi/10.1109/TDSC.2023.3275850

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents