Identifying IoT devices and events based on packet length from encrypted traffic

Published on Aug 15, 2019in Computer Communications3.167
· DOI :10.1016/J.COMCOM.2019.05.012
Antonio J. Pinheiro4
Estimated H-index: 4
(UFPE: Federal University of Pernambuco),
Jeandro de M. Bezerra4
Estimated H-index: 4
(UFPE: Federal University of Pernambuco)
+ 1 AuthorsDivanilson R. Campelo11
Estimated H-index: 11
(UFPE: Federal University of Pernambuco)
Sources
Abstract
Abstract Recently, machine learning algorithms have been used to identify Internet of Things (IoT) devices and events. However, existing proposals may inspect the packet payload, what creates risks to IoT users’ privacy, and may use several features, increasing the computational complexity for traffic classification. In addition, existing techniques may also use complex mechanisms for extracting traffic characteristics, including the creation of vectors containing data from the Transmission Control Protocol (TCP) sessions. This paper proposes a solution that uses packet length statistics from encrypted traffic to characterize the behavior of IoT devices and events in a smart home scenario. The solution uses only the statistical mean, the standard deviation and the number of bytes transmitted over a one-second window, which can be extracted from the encrypted traffic, making the use of TCP vectors unnecessary. The solution identifies IoT devices and events, such as voice commands to smart assistants, and also distinguishes between IoT and non-IoT devices. The solution to characterize IoT devices and events is evaluated with traffic from two real-world testbeds and five classifiers. The evaluation included the algorithms k-Nearest Neighbors (k-NN), Decision Tree, Random Forest, Support Vector Machine (SVM) and Majority Voting, some of the most popular algorithms for traffic classification. The results show that the Random Forest algorithm can achieve up to 96% of accuracy in the identification of devices, 99% of precision in distinguishing between IoT and non-IoT devices and 99% of accuracy in the identification of IoT device events. Hypothesis testing is used to validate the obtained results. Also, the results show that the Decision Tree presented the lowest latency among the five classifiers evaluated in the identification of the devices, followed by k-NN, Random Forest, SVM and Majority Voting.
📖 Papers frequently viewed together
2019
2020
2019
5 Authors (Alexander Hsu, ..., Ali R. Butt)
References33
Newest
#1Arunan Sivanathan (UNSW: University of New South Wales)H-Index: 9
#2Hassan Habibi Gharakheili (UNSW: University of New South Wales)H-Index: 17
Last. Vijay Sivaraman (UNSW: University of New South Wales)H-Index: 35
view all 7 authors...
The Internet of Things (IoT) is being hailed as the next wave revolutionizing our society, and smart homes, enterprises, and cities are increasingly being equipped with a plethora of IoT devices. Yet, operators of such smart environments may not even be fully aware of their IoT assets, let alone whether each IoT device is functioning properly safe from cyber-attacks. In this paper, we address this challenge by developing a robust framework for IoT device classification using traffic characterist...
Source
#1Vijayanand Thangavelu (NUS: National University of Singapore)H-Index: 2
#2Dinil Mon DivakaranH-Index: 14
Last. Mohan Gurusamy (NUS: National University of Singapore)H-Index: 20
view all 5 authors...
Identifying IoT devices connected to a network has multiple security benefits, such as deployment of behavior-based anomaly detectors, automated vulnerability patching of specific device types, dynamic attack mitigation, etc. In this paper, we look into the problem of IoT device identification at network level, in particular from an ISP’s perspective. The simple solution of deploying a supervised machine learning algorithm at a centralized location in the network neither scales well nor can iden...
Source
#1Martin Serror (RWTH Aachen University)H-Index: 9
#2Martin Henze (RWTH Aachen University)H-Index: 19
Last. Klaus Wehrle (RWTH Aachen University)H-Index: 37
view all 5 authors...
The proliferation of the Internet of Things (IoT) in the context of smart homes entails new security risks threatening the privacy and safety of end users. In this paper, we explore the design space of in-network security for smart home networks, which automatically complements existing security mechanisms with a rule-based approach, i. e., every IoT device provides a specification of the required communication to fulfill the desired services. In our approach, the home router as the central netw...
Source
#1Farooq Shaikh (USF: University of South Florida)H-Index: 3
#2Elias Bou-Harb (FAU: Florida Atlantic University)H-Index: 20
Last. Nasir Ghani (USF: University of South Florida)H-Index: 25
view all 4 authors...
The Internet of Things [IoT] promises to revolutionize the way we interact with our surroundings. Smart cars, smart cities, smart homes are now being realized with the help of various embedded devices that operate with little to no human interaction. However these embedded devices bring forth a plethora of security challenges as most manufacturers still assign higher importance to the three Ps (prototyping, production and performance) than security. This inherent flaw has manifested itself in th...
Source
#1Matias R. P. Santos (UFC: Federal University of Ceará)H-Index: 1
#2Rossana M. C. Andrade (UFC: Federal University of Ceará)H-Index: 11
Last. Arthur Callado (UFC: Federal University of Ceará)H-Index: 5
view all 4 authors...
Internet of Things arises as a computational paradigm that promotes the interconnection of objects to the Internet and enables interaction, operational efficiency, and communication. With the increasing inclusion in the network of intelligent objects that have characteristics such as diversity, heterogeneity, mobility and low computational power, it is fundamental to develop mechanisms that allow management and control. In addition, it is important to identify whether the assets are working prop...
Source
#1Ragav Sridharan (SUTD: Singapore University of Technology and Design)H-Index: 3
#2Rajib Ranjan Maiti (SUTD: Singapore University of Technology and Design)H-Index: 4
Last. Nils Ole Tippenhauer (SUTD: Singapore University of Technology and Design)H-Index: 23
view all 3 authors...
In this work, we address the problem of detecting application-layer attacks on nearby wireless devices. In particular, we assume that the detection scheme is limited to link-layer traffic (either because schemes such as WPA2 are used, and the key is unknown, or to preserve user privacy). Such a setting allows us to detect attacks in nearby third party networks that we are not associated with, unlike related work that relies on wireline taps to observe traffic. We propose and implement a framewor...
Source
#1Zeineb Fki (University of Sfax)H-Index: 1
#2Boudour Ammar (University of Sfax)H-Index: 11
Last. Mounir Ben Ayed (University of Sfax)H-Index: 12
view all 3 authors...
Connected objects are the key for many intelligent systems for instance, direct access to physical and physiological values and collecting information about the human body. Our research works aim to develop non-invasive methods that predict risk for dialysis patient in End-Stage Renal Disease (ESRD) at a smart home care system based on Internet of Things (IoT). However, the IoT components pose many new challenges in collecting more fine grained information called biomarkers. In this paper, we de...
Source
#1Steven M. Beyer (USAFA: United States Air Force Academy)H-Index: 1
#2Barry E. Mullins (AFIT: Air Force Institute of Technology)H-Index: 15
Last. Jason M. Bindewald (AFIT: Air Force Institute of Technology)H-Index: 5
view all 4 authors...
Smart home devices are relatively inexpensive, readily available, and easily integrated into homes. However, retailers provide smart home devices with little scrutiny in regards to device security or known vulnerabilities. This paper presents a smart home architecture designed with commercially available devices used to investigate Internet of Things data leakage in the wild. Additionally, a pattern-of-life analysis tool was developed to exhibit how an eavesdropper can use traffic from a smart h...
Source
#1Santiago Egea Gómez (University of Valladolid)H-Index: 2
#2Belén Carro Martínez (University of Valladolid)H-Index: 3
Last. Luis Hernandez Callejo (University of Valladolid)H-Index: 3
view all 4 authors...
Abstract Network Traffic Classification (NTC) is a key piece for network monitoring, Quality-of-Service management and network security. Machine Learning algorithms have drawn the attention of many researchers during the last few years as a promising solution for network traffic classification. In Machine Learning, ensemble algorithms are classifiers formed by a set of base estimators that cooperate to build more complex models according to given training and classification strategies. Resulting...
Source
Sep 11, 2017 in ESORICS (European Symposium on Research in Computer Security)
#1Rajib Ranjan Maiti (SUTD: Singapore University of Technology and Design)H-Index: 4
#2Sandra Siby (SUTD: Singapore University of Technology and Design)H-Index: 9
Last. Nils Ole Tippenhauer (SUTD: Singapore University of Technology and Design)H-Index: 23
view all 4 authors...
In this work, we design and implement a framework, PrEDeC, which enables an attacker to violate user privacy by using the encrypted link-layer radio traffic to detect device types in a targeted environment. We focus on 802.11 traffic using WPA2 as security protocol. Data is collected by passive eavesdropping using COTS radios. PrEDeC (a) extracts features using temporal properties, size of encrypted payload, type and direction of wireless traffic (b) filters features to improve overall performan...
Source
Cited By23
Newest
It is well known that when IoT traffic is unencrypted it is possible to identify the active devices based on their TCP/IP headers. And when traffic is encrypted, packet-sizes and timings can still be used to do so. To defend against such fingerprinting, traffic padding and shaping were introduced. In this paper we demonstrate that the packet-sizes distribution can still be used to successfully fingerprint the active IoT devices when shaping and padding are used, as long as the adversary is aware...
#1Faiz Ul Islam (Nanjing University of Science and Technology)H-Index: 2
#2Guangjie Liu (NUIST: Nanjing University of Information Science and Technology)H-Index: 15
Last. Weiwei Liu (Nanjing University of Science and Technology)H-Index: 14
view all 4 authors...
Network management is facing a great challenge to analyze and identify encrypted network traffic with specific applications and protocols. A significant number of network users applying different encryption techniques to network applications and services to hide the true nature of the network communication. These challenges attract the network community to improve network security and enhance network service quality. Network managers need novel techniques to cope with the failure and shortcoming...
Source
#1Wenjing Yue (ECNU: East China Normal University)
#2Xianzhong Liu (ECNU: East China Normal University)
The heterogeneity of the underlying devices introduced significant technical challenges for interoperability in the Internet of Things (IoT), as a rapidly increasing landscape of IoT devices. A unified form of device registration is an important method to shield the heterogeneity. However, most solutions were to focus on the abstraction of device data. Notably, device description information is also necessary. For example, we can deploy the operation temperature of the device in its range to ens...
Source
#1Jaykumar Sheth (Santa Clara University)H-Index: 2
#2Behnam Dezfouli (Santa Clara University)H-Index: 16
The 802.11 standard, known as WiFi, is currently being used for a wide variety of applications. The increasing number of WiFi devices, their stringent communication requirements, and the need for higher energy-efficiency mandate the adoption of novel methods that rely on monitoring the WiFi communication stack to analyze, enhance communication efficiency, and secure these networks. In this paper, we propose MonFi, a publicly-available, open-source tool for high-rate, efficient, and programmable ...
Source
#2Paulo Freitas de Araujo-Filho (UFPE: Federal University of Pernambuco)
Last. Divanilson R. CampeloH-Index: 11
view all 4 authors...
The presence of connected devices in homes introduces numerous threats to privacy via the analysis of the encrypted traffic these devices generate. Prior works have shown that traffic attributes such as packet size combined with machine learning techniques enable the inference of private information from Internet of Things users. One of the commonly used techniques to mitigate those privacy threats is traffic obfuscation, such as packet padding. Most padding mechanisms that were previously propo...
Source
#1Andrea RanieriH-Index: 2
#2Davide CaputoH-Index: 4
Last. Luca CaviglioneH-Index: 17
view all 5 authors...
Smart speakers and voice-based virtual assistants are core components for the success of the IoT paradigm. Unfortunately, they are vulnerable to various privacy threats exploiting machine learning to analyze the generated encrypted traffic. To cope with that, deep adversarial learning approaches can be used to build black-box countermeasures altering the network traffic (e.g., via packet padding) and its statistical information. This letter showcases the inadequacy of such countermeasures agains...
#1Batyr CharyyevH-Index: 5
#2Mehmet Hadi Gunes (Stevens Institute of Technology)H-Index: 1
Engineered systems get smarter with computing capabilities, particularly through a multitude of Internet of Things (IoT) devices. IoT devices, however, are prone to be compromised as they are often resource-limited and optimized for a certain task. They lack computing power for security software hence, they have become a major target of malicious activities. In order to secure a network, administrators may isolate vulnerable devices and limit traffic to a device based on its communication needs....
Source
#1Priyanka Rushikesh Chaudhary (BITS: Birla Institute of Technology and Science)
#2Rajib Ranjan Maiti (BITS: Birla Institute of Technology and Science)H-Index: 1
Integration of orthogonal services in a single IoT device makes it difficult to apply traditional mechanism of device identification vis-a-vis reconnaissance of a smart home environment. Rule based white listing of IoT devices becomes difficult when IP camera is integrated with a smart bulb for example. In this paper, we aim to build a graph of (private or public) IP addresses used by IoT devices within a specific time window and check if the graph is consistent across other time windows. We pla...
Source
#1Jinyang Li (CAS: Chinese Academy of Sciences)H-Index: 1
#2Zhenyu LiH-Index: 93
Last. Gaogang XieH-Index: 25
view all 4 authors...
Source
#1Roman Kolcun (Imperial College London)H-Index: 6
#2Diana Andreea Popescu (University of Cambridge)H-Index: 7
Last. Hamed Haddadi (Imperial College London)H-Index: 35
view all 8 authors...
Internet-of-Things (IoT) devices are known to be the source of many security problems, and as such they would greatly benefit from automated management. This requires robustly identifying devices so that appropriate network security policies can be applied. We address this challenge by exploring how to accurately identify IoT devices based on their network behavior, using resources available at the edge of the network. In this paper, we compare the accuracy of five different machine learning mod...
This website uses cookies.
We use cookies to improve your online experience. By continuing to use our website we assume you agree to the placement of these cookies.
To learn more, you can find in our Privacy Policy.