Automated Identification of Vulnerable Devices in Networks using Traffic Data and Deep Learning

TL;DR

This paper presents two deep learning methods for accurately identifying IoT device types in networks, outperforming traditional fingerprinting with high accuracy and fast runtime, aiding in vulnerability detection.

Contribution

The paper introduces and evaluates recurrent and convolutional deep learning models for IoT device identification, achieving higher accuracy and efficiency than existing methods.

Findings

Deep learning models achieve 97-98% accuracy.

Outperform hand-crafted fingerprinting by three orders of magnitude in runtime.

Importance metrics explain model decision-making based on traffic data.

Abstract

Many IoT devices are vulnerable to attacks due to flawed security designs and lacking mechanisms for firmware updates or patches to eliminate the security vulnerabilities. Device-type identification combined with data from vulnerability databases can pinpoint vulnerable IoT devices in a network and can be used to constrain the communications of vulnerable devices for preventing damage. In this contribution, we present and evaluate two deep learning approaches to the reliable IoT device-type identification, namely a recurrent and a convolutional network architecture. Both deep learning approaches show accuracies of 97% and 98%, respectively, and thereby outperform an up-to-date IoT device-type identification approach using hand-crafted fingerprint features obtaining an accuracy of 82%. The runtime performance for the IoT identification of both deep learning approaches outperforms the hand-crafted approach by three magnitudes. Finally, importance metrics explain the results of both deep learning approaches in terms of the utilization of the analyzed traffic data flow.