IoT or NoT: Identifying IoT Devices in a ShortTime Scale

TL;DR

This paper presents machine learning classifiers that rapidly and accurately distinguish IoT devices from non-IoT devices in home networks, aiding quick security management.

Contribution

It introduces three classifiers, including a unified model, that identify IoT devices within minutes with over 95% accuracy, applicable to home and enterprise networks.

Findings

Achieved over 95% accuracy in classifying unseen devices.

Developed classifiers based on traffic and DHCP features.

Unified classifier leverages strengths of individual models.

Abstract

In recent years the number of IoT devices in home networks has increased dramatically. Whenever a new device connects to the network, it must be quickly managed and secured using the relevant security mechanism or QoS policy. Thus a key challenge is to distinguish between IoT and NoT devices in a matter of minutes. Unfortunately, there is no clear indication of whether a device in a network is an IoT. In this paper, we propose different classifiers that identify a device as IoT or non-IoT, in a short time scale, and with high accuracy. Our classifiers were constructed using machine learning techniques on a seen (training) dataset and were tested on an unseen (test) dataset. They successfully classified devices that were not in the seen dataset with accuracy above 95%. The first classifier is a logistic regression classifier based on traffic features. The second classifier is based on features we retrieve from DHCP packets. Finally, we present a unified classifier that leverages the advantages of the other two classifiers. We focus on the home-network environment, but our classifiers are also applicable to enterprise networks.