Machine Learning for the Detection and Identification of Internet of Things (IoT) Devices: A Survey

TL;DR

This survey reviews machine learning techniques for identifying legitimate IoT devices and detecting rogue or compromised ones, emphasizing non-cryptographic methods suitable for passive surveillance and network security.

Contribution

It categorizes ML-based IoT device identification and detection methods, and discusses enabling technologies, highlighting gaps in non-cryptographic approaches.

Findings

Classifies IoT device identification into four categories.

Highlights ML techniques like deep learning and unsupervised methods.

Discusses features and algorithms for passive device detection.

Abstract

The Internet of Things (IoT) is becoming an indispensable part of everyday life, enabling a variety of emerging services and applications. However, the presence of rogue IoT devices has exposed the IoT to untold risks with severe consequences. The first step in securing the IoT is detecting rogue IoT devices and identifying legitimate ones. Conventional approaches use cryptographic mechanisms to authenticate and verify legitimate devices' identities. However, cryptographic protocols are not available in many systems. Meanwhile, these methods are less effective when legitimate devices can be exploited or encryption keys are disclosed. Therefore, non-cryptographic IoT device identification and rogue device detection become efficient solutions to secure existing systems and will provide additional protection to systems with cryptographic protocols. Non-cryptographic approaches require more effort and are not yet adequately investigated. In this paper, we provide a comprehensive survey on machine learning technologies for the identification of IoT devices along with the detection of compromised or falsified ones from the viewpoint of passive surveillance agents or network operators. We classify the IoT device identification and detection into four categories: device-specific pattern recognition, Deep Learning enabled device identification, unsupervised device identification, and abnormal device detection. Meanwhile, we discuss various ML-related enabling technologies for this purpose. These enabling technologies include learning algorithms, feature engineering on network traffic traces and wireless signals, continual learning, and abnormality detection.