Macroscopic Behavioral Fingerprinting of IoT Devices via Network Services
This paper proposes a lightweight and explainable approach to identifying IoT devices within a network by analyzing their use of network services over time, rather than relying on fine-grained traffic features.
Why it matters
This research provides a novel and practical approach to IoT device identification, which is crucial for managing the cyber risks introduced by IoT devices on a network.
Key Points
- 1Demonstrates that IoT devices exhibit stable and distinguishable patterns in their use of network services
- 2Formalizes the notion of service-level fingerprints and a method to represent network behaviors
- 3Develops a procedure to extract service-level fingerprints and evaluates their convergence and recurrence properties
- 4Validates the efficacy of service-level fingerprints for device identification in closed-set and open-set scenarios
Details
The paper presents a novel approach to IoT device identification that focuses on the network services (e.g., TCP/80, UDP/53) used by devices over extended periods, rather than relying on fine-grained traffic features. The authors demonstrate that IoT devices exhibit stable and distinguishable patterns in their use of network services, which can be formalized as 'service-level fingerprints'. They develop a method to extract and represent these fingerprints, and evaluate their convergence and recurrence properties using a large dataset of 10 million IPFIX flow records. The proposed approach is shown to be effective for device identification in both closed-set and open-set scenarios, offering a lightweight and explainable alternative to existing machine learning-based techniques.
No comments yet
Be the first to comment